TWI572180B - The physical location corresponds to the display network terminal equipment management system - Google Patents

The physical location corresponds to the display network terminal equipment management system Download PDF

Info

Publication number
TWI572180B
TWI572180B TW104118096A TW104118096A TWI572180B TW I572180 B TWI572180 B TW I572180B TW 104118096 A TW104118096 A TW 104118096A TW 104118096 A TW104118096 A TW 104118096A TW I572180 B TWI572180 B TW I572180B
Authority
TW
Taiwan
Prior art keywords
network terminal
terminal device
network
management
information
Prior art date
Application number
TW104118096A
Other languages
Chinese (zh)
Other versions
TW201644254A (en
Inventor
wei-peng Zheng
Wei-Min Wang
sheng-xiang Huang
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed filed Critical
Priority to TW104118096A priority Critical patent/TWI572180B/en
Publication of TW201644254A publication Critical patent/TW201644254A/en
Application granted granted Critical
Publication of TWI572180B publication Critical patent/TWI572180B/en

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Description

實體地理位置對應顯示網路終端設備管理系統 Physical location corresponding display network terminal device management system

本發明係有關一種實體地理位置對應顯示網路終端設備管理系統,尤指將所屬管理的網路終端設備對應成實體地理位置顯示;或以全球性地域圖示呈現,藉以提供真實對照記錄,方便建檔查詢更新維護者。 The present invention relates to a physical location corresponding display network terminal device management system, in particular, the network terminal device to which the management belongs is correspondingly displayed as a physical geographical position; or is presented in a global geographical representation, thereby providing a real control record, which is convenient The archive query updates the maintainer.

隨著科技進步工商發展迅速,網絡的規模不斷增長擴大,已成為現代生活中不可或缺的一部分。IT信息化系統的建設日益複雜,用戶對網絡管理和運營的要求也日愈提高。 With the rapid development of science and technology, the scale of the network has grown and expanded, and it has become an indispensable part of modern life. The construction of IT information systems is becoming more and more complex, and users' requirements for network management and operation are also increasing.

網路的運行是否安全、穩定、高效率會直接影響關係到企業核心業務能否順利拓展?當企業網路發生資安或故障問題時,管理者要如何能盡快找出上述錯誤發生的相關網路終端設備的實體地理位置,在企業級的IP管理工具內實扮演一重要角色。 Is the operation of the network safe, stable, and highly efficient directly affecting whether the core business of the enterprise can be smoothly expanded? When the enterprise network has a problem of security or failure, how can the administrator quickly find out the physical location of the relevant network terminal equipment of the above error, and play an important role in the enterprise-level IP management tool.

但目前市面上具備IP管理的相關功能性習知產品,針對被管理的網路終端設備其相關網路位置資訊,大多係以網段裝備列表搭配如第9圖所示之網路拓樸圖方式來呈現,其所提供列表或圖示內容中缺乏設備間的連接關係,完全無法由列表或其圖示查看有關電腦設備實體位置供作參考資訊。故障檢修不易費力費時,造成資安管理上的困難,為其主要缺點。 However, there are related functional familiar products with IP management on the market. For the network location information of the managed network terminal devices, most of the network location information is matched with the network topology shown in Figure 9. In the manner of presentation, there is a lack of connection between devices in the provided list or illustration content, and it is completely impossible to view the location of the computer device entity for reference information by the list or its icon. Trouble shooting is not easy and laborious, which causes difficulties in the management of security and is its main shortcoming.

有鑑於此,本發明之主要目的,在提供一種實體地理位置對應顯示網路終端設備管理系統,主要包括:設定管理網路終端設備所屬的IP管理網段,透過一探測器主動查詢/嗅探網路流數據包,以SNMP的方式由交換機/路由器取得來源資料,係選自包括交換機/路由器的網路流數據包、接口表、ARP表及MAC地址表;自動分析篩選取得管理的網路終端設備其相關網路位置資料;使每一網路終端設備對應單一之網路位置資料;再與網路分佈環境平面圖資訊對應整合,而將所屬管理的網路終端設備對應成實體地理位置顯示;或更進一步跨區域以全球性地域圖示(如Google Map)呈現; 藉以提供真實對照記錄,方便建檔查詢更新維護;並當發生違反資安政策的事件時,系統會以自動彈跳式視窗的方式,立即標識出發生問題的網路終端設備所在的實體地理位置,使資安管理更為直接完善一目了然。 In view of the above, the main purpose of the present invention is to provide a physical location corresponding display network terminal device management system, which mainly includes: setting an IP management network segment to which a management network terminal device belongs, and actively querying/sniffing through a probe. The network stream data packet is obtained by the switch/router in the form of SNMP, and is selected from the network flow data packet including the switch/router, the interface table, the ARP table and the MAC address table; and the automatic analysis and screening management network The terminal device has relevant network location data; each network terminal device is corresponding to a single network location data; and then integrated with the network distribution environment floor plan information, and the managed network terminal device is correspondingly displayed as a physical geographical location. Or further across regions to present in a global geographic representation (such as Google Map); In order to provide real-time comparison records, it is convenient to file the query update and maintenance; and when an event that violates the security policy occurs, the system will automatically identify the geographical location of the entity where the problematic network terminal device is located by means of an automatic bounce window. It makes it easier to make the security management more direct and complete.

10‧‧‧網路終端設備 10‧‧‧Network terminal equipment

100‧‧‧實體地理位置 100‧‧‧ entity location

20‧‧‧探測器 20‧‧‧ detector

200‧‧‧實體地理位置 200‧‧‧ entity location

30‧‧‧網路分佈環境平面圖 30‧‧‧Network distribution environment plan

300‧‧‧全球性地域圖示 300‧‧‧Global Geographical Icon

40‧‧‧自動彈跳式視窗 40‧‧‧Automatic bounce window

90‧‧‧大型企業 90‧‧‧ Large enterprises

900‧‧‧分支機構 900‧‧‧ branches

101、102、103、104、105、106、107、108‧‧‧框 101, 102, 103, 104, 105, 106, 107, 108‧‧‧ box

1031、1032、1033‧‧‧框 1031, 1032, 1033‧‧‧ box

第1圖 係為本發明對應顯示實體地理位置之示意圖。 Figure 1 is a schematic diagram of the geographic location of the corresponding display entity of the present invention.

第2圖 係為本發明探測器的配置示意圖。 Figure 2 is a schematic view showing the configuration of the detector of the present invention.

第3圖 係為本發明的方塊圖。 Figure 3 is a block diagram of the present invention.

第4-1圖 係為本發明網段管理列表圖。 Figure 4-1 is a diagram of the management list of the network segment of the present invention.

第4-2圖 係為本發明交換機管理列表圖。 Figure 4-2 shows the switch management list of the present invention.

第5圖 係為本發明自動彈跳式視窗之應用例圖。 Fig. 5 is a view showing an application example of the automatic bounce window of the present invention.

第6圖 係為本發明以全球性地域圖示資訊整合之示意圖。 Figure 6 is a schematic diagram of the integration of information in a global geographical representation of the present invention.

第7圖 係為本發明取得網路終端設備單一網路位置資料的方塊圖。 Figure 7 is a block diagram of the present invention for obtaining a single network location data of a network terminal device.

第8圖 係為本發明全球性地域圖示自動彈跳式視窗之應用例圖。 Figure 8 is a diagram showing an application example of the global area illustrated automatic bounce window of the present invention.

第9圖 係為習知網路終端設備的拓樸圖。 Figure 9 is a topographical diagram of a conventional network terminal device.

以下藉由特定的具體實例詳細揭露本發明之實施方式,熟悉此技藝之人士可由本說明書所揭示之內容輕易地瞭解本發明的優點與功效。請參第1~5圖所示,其中第1圖為本發明對應顯示實體地理位置之示意圖。第2圖為本發明探測器的配置示意圖。第3圖為本發明的方塊圖。本發明所設之實體地理位置對應顯示網路終端設備管理系統,主要包括:框101,設定管理網路終端設備10所屬的IP管理網段(同參第4-1、4-2圖);框102,透過一探測器20主動查詢/嗅探網路流數據包Active Query/Sniffer Network Stream Packets,其中可以SNMP的方式由交換機/路由器取得來源資料,係選自包括交換機/路由器的網路流數據包、接口表、ARP表及MAC地址表;框103,自動分析篩選取得管理的網路終端設備10其相關網路位置資料;框104,使每一網路終端設備10對應單一之網路位置資料;框105,再與網路分佈環境平面圖30資訊對應整合; 框106,對應呈現網路終端設備10的實體地理位置100,以及;框107,建檔查詢事件自動彈跳式視窗40呈現,如第5圖所示;實施時,該框102中所用之該探測器20可係一硬體設備,以側接方式接連設在交換機/路由器的一般埠口,並依環境管理需求視情況將該連接埠調整為主幹埠口Trunk Port。而且該框106將所屬管理的網路終端設備10對應成實體地理位置100顯示呈現時;也可更進一步收集成框108跨區域以全球性地域圖示300(如Google Map)資訊整合呈現如第3、6圖所示。 The embodiments of the present invention are disclosed in detail below by way of specific examples, and those skilled in the art can readily understand the advantages and functions of the present invention from the disclosure herein. Please refer to the figures 1 to 5, wherein the first figure is a schematic diagram of the geographical position of the corresponding display entity of the present invention. Figure 2 is a schematic view showing the configuration of the detector of the present invention. Figure 3 is a block diagram of the present invention. The physical location corresponding to the display network terminal device management system of the present invention mainly includes: a block 101, which sets an IP management network segment to which the management network terminal device 10 belongs (see the same figure 4-1, 4-2); Block 102, actively querying/sniffering the network stream packet Active Query/Sniffer Network Stream Packets through a detector 20, wherein the source data can be obtained by the switch/router in an SNMP manner, and is selected from a network stream including a switch/router. a data packet, an interface table, an ARP table, and a MAC address table; block 103, automatically analyzing and filtering the managed network terminal device 10 for its associated network location data; and block 104, each network terminal device 10 corresponding to a single network Location data; block 105, and then integrated with the network distribution environment plan 30 information; Block 106, corresponding to presenting the physical location 100 of the network terminal device 10, and; block 107, the archive query event is automatically bouncing window 40, as shown in FIG. 5; in implementation, the probe used in the block 102 The device 20 can be a hardware device, and is connected to the general port of the switch/router in a side-by-side manner, and the port is adjusted to the trunk port of the trunk port according to the environment management requirements. Moreover, the frame 106 displays the network terminal device 10 to which the management belongs to the physical location 100 for display. The frame 108 can be further collected into a global area map 300 (eg, Google Map) information integration. 3, 6 shows.

藉此,如第1、2、5圖所示,使本發明可有效提供每一網路終端設備10的實體地理位置100對照記錄,方便建檔查詢更新維護;並當發生違反資安政策的事件時,系統會以自動彈跳式視窗40的方式,立即標識出發生問題的網路終端設備10所在的實體地理位置100,使資安管理更為方便,直接完善一目了然。 Thereby, as shown in the first, second, and fifth figures, the present invention can effectively provide the physical location of each network terminal device 10 with a comparison record of the physical location of the network, thereby facilitating the filing of the query update and maintenance; and when a violation of the security policy occurs. In the event of an event, the system immediately identifies the geographic location 100 of the entity in which the problematic network terminal device 10 is located in the manner of an automatic bounce window 40, which makes the security management more convenient and straightforward to improve at a glance.

較佳之實施,請參第1~3、7圖所示,本發明之所以能有效取得每一網路終端設備10對應單一之網路位置資料,主要係藉由:框1031,針對前述框102透過一探測器20主動查詢/嗅探網路流數據包,而採用a.透過網路流數據包與ARP表所取得的資料,可整理並獲得被管理網路終端設備10的『IP』地址、『MAC』地址、及『Host Name』主機名稱等資料;框1032,b.透過『Interface Table』接口表與『MAC Address Table』MAC地址表取得的資料,可整理並獲得被管理網路終端設備10的『MAC』地址、『Switch/Router』交換機/路由器、『Port』接口等資料,以及; 框1033,前述框103自動分析篩選取得管理的網路終端設備10其相關網路位置資料,及框104使每一網路終端設備10對應單一之網路位置資料;而綜合比對上述a、b兩點的來源資料,以『MAC』為基鍵值,系統可以整理得出被管理網路終端設備10的IP、MAC、主機名稱、交換機/路由器、及接口資料,即『IP--MAC--Host Name--Switch/Router--Port』網路相關位置資料。 For a preferred implementation, as shown in the first to third and seventh embodiments, the present invention can effectively obtain a single network location data corresponding to each network terminal device 10, mainly by using: block 1031, for the foregoing block 102. Actively querying/sniffering the network stream data packet through a detector 20, and using the data obtained by the network stream data packet and the ARP table, the "IP" address of the managed network terminal device 10 can be collated and obtained. , "MAC" address, and "Host Name" host name and other information; Box 1032, b. Through the "Interface Table" interface table and the "MAC Address Table" MAC address table data can be collated and obtained the managed network terminal "MAC" address of the device 10, "Switch/Router" switch/router, "Port" interface, etc., and; In block 1033, the foregoing block 103 automatically analyzes and selects the network location information of the managed network terminal device 10, and block 104 causes each network terminal device 10 to correspond to a single network location data; and comprehensively compares the above a, b The source data of the two points, with the "MAC" as the base key value, the system can sort out the IP, MAC, host name, switch/router, and interface data of the managed network terminal device 10, that is, "IP--MAC" --Host Name--Switch/Router--Port" network related location data.

據此,本發明系統之較佳實施例,可更進一步包括:以下(1)~(9)圖未示請同參前述說明及第1~8圖所示。 Accordingly, the preferred embodiment of the system of the present invention may further include the following (1) to (9) drawings not shown in the above description and the first to eighth figures.

(1).系統設定管理網路終端設備10所屬的IP管理網段,要求探測器20“Probe”根據此資訊於該IP管理網段,透過主動查詢/嗅探網路流數據包的方式,取得所需的『IP』、『MAC』、『Host Name』。 (1) The system is configured to manage the IP management network segment to which the network terminal device 10 belongs, and the probe 20 "Probe" is required to actively query/sniff the network stream data packet according to the information on the IP management network segment. Obtain the required "IP", "MAC", and "Host Name".

(2).系統根據設定的管理網路終端設備10所屬的交換機/路由器Switch/Router透過SNMP Query(簡單網路管理協定查詢)所需的參數設定資訊,透過SNMP Protocol(SNMP協議)取得所需的『Interface Table』接口表與『MAC Address Table』MAC地址表。 (2) The system obtains the required parameter setting information through SNMP Query (Simple Network Management Protocol Query) according to the switch/router Switch/Router to which the management network terminal device 10 belongs, and obtains the required information through the SNMP Protocol (SNMP protocol). The "Interface Table" interface table and the "MAC Address Table" MAC address table.

(3).將管理網路終端設備10內部所屬的網路分佈環境平面圖30,包含但不限於樓層平面圖,載入系統的管理介面。 (3) The network distribution environment plan 30 to which the management network terminal device 10 belongs, including but not limited to the floor plan, is loaded into the management interface of the system.

(4).將已納入管理的『Switch/Router--Port』交換機/路由器接口資訊,對照(3)內部所屬的網路分佈環境平面圖30,一一標註成相對應的實體地理位置100。 (4) The information of the "Switch/Router--Port" switch/router interface that has been included in the management is compared with the network distribution environment plan 30 of the internal (3), which is labeled as the corresponding physical location 100.

(5).系統將對應於內部網路分佈環境平面圖30的『(x,y)座標位置』紀錄於資料庫內;再搭配前述取得之『IP--MAC--Host Name--Swi tch/Router--Port』資訊,其網路終端設備10的『IP--MAC--Host Name』資訊建檔,使網路終端設備10對應成實體地理位置100提供查詢。 (5) The system records the "(x, y) coordinate position corresponding to the internal network distribution environment plan 30 in the database; and then matches the "IP--MAC--Host Name--Swi" obtained above. The tch/Router--Port information, the IP--MAC--Host Name information of the network terminal device 10, enables the network terminal device 10 to provide a query corresponding to the physical location 100.

(6),平時可透過一鍵查詢的方式快速得知相關資訊,當發生違反資安政策的事件時,系統會以自動彈跳式視窗40的方式,立即標識出發生問題的網路終端設備10所在的實體地理位置100(同參第5圖)。 (6) In the past, the information can be quickly learned through a one-click query. When an event that violates the security policy occurs, the system will immediately identify the problematic network terminal device 10 by means of the automatic bounce window 40. The physical location of the entity is 100 (see Figure 5).

另外,本發明系統網路終端設備10的實體地理位置100與全球性地域圖示300(ex:Google Map)資訊整合呈現之較佳實施例,可更進一步包括: In addition, a preferred embodiment of the integrated geographic location 100 of the system network terminal device 10 of the present invention and the global geographic representation 300 (ex: Google Map) information may further include:

(7).系統以探測器20為參考基準,對照全球性地域圖示300,包括但不限於Google Map,將分佈於不同區但已納入管理的複數探測器20所隸屬網路終端設備10資訊,對應標註成實體地理位置200。 (7). The system uses the detector 20 as a reference, and compares the global geographical map 300, including but not limited to Google Map, and the plurality of detectors 20 that are distributed in different areas but have been managed belong to the network terminal device 10 information. Corresponding to the physical location of the entity 200.

(8).系統將對應於全球性地域圖示300的『(x,y)座標位置』和『(經度,緯度)座標位置』紀錄於資料庫內;再搭配前述取得每一探測器20底下管理網路終端設備10的『IP--MAC--Host Name--Switch/Router--Port』資訊建檔提供查詢。 (8). The system records the "(x, y) coordinate position" and "(longitude, latitude) coordinate position corresponding to the global geographic icon 300 in the database; and then obtains each detector 20 under the above-mentioned The IP--MAC--Host Name--Switch/Router--Port information file of the management network terminal device 10 provides an inquiry.

(9).平時可透過一鍵查詢的方式快速得知相關資訊,當發生違反資安政策的事件時,系統會以自動彈跳式視窗40的方式,立即標識出發生問題的網路終端設備10的所屬的探測器20所在實體地理位置200(同參第8圖)。 (9). The information can be quickly learned through one-click inquiry. When an event that violates the security policy occurs, the system will immediately identify the problematic network terminal device 10 by means of the automatic bounce window 40. The location of the entity to which the detector 20 belongs is 200 (see Figure 8 for the same reference).

請參第圖1、2所示,本發明系統有效的設計,確實能幫助管理者輕鬆面對大量網路資安信息的嚴峻挑戰,因為系統中每一網路終端設備10均以實體地理位置100直接呈現,所以讓網路管理故障診斷排除變得非 常容易達成。譬如,一個大型企業90通常具有散佈各地之若干個分支機構900,其每一分支機構900若採用本發明實體地理位置對應顯示網路終端設備管理系統來建檔記錄,則平時不只每個分支機構900可很方便針對內部網路終端設備10的異動進行更新及相關資安管理維護。一旦某分支機構900發生資安問題,亦可快速經由彈跳式視窗40,而直接由全球地域圖示300找到該分支機構900所在的實體地理位置200(同參第8圖),點進後並能逐層深入依網路分佈環境平面圖30對照顯示的實體地理位置100,簡單就能找到發生問題的網路終端設備10其相對所在的建築物平面位置,直接對應顯示以供有效處理排除故障,使網路暢通迅速恢復正常。 Referring to Figures 1 and 2, the effective design of the system of the present invention can indeed help the administrator to face the severe challenge of a large amount of network security information, because each network terminal device 10 in the system is in a physical geographical location. 100 is directly presented, so the network management troubleshooting is eliminated. It is often easy to achieve. For example, a large enterprise 90 usually has a plurality of branches 900 distributed throughout the country, and each branch office 900 uses the physical location corresponding to the display network terminal device management system of the present invention to record records, and usually not only each branch office 900 can be easily updated for the internal network terminal device 10 changes and related security management and maintenance. Once a branch office 900 has a security problem, the physical location 200 of the physical location of the branch 900 can be found directly through the global window icon 300 (see Figure 8). The network location plan 30 can be layer by layer according to the displayed physical location 100 of the entity, and the network terminal device 10 of the problem can be easily found to be directly positioned correspondingly for effective troubleshooting. Keep your network back to normal quickly.

綜上所述,本發明系統新穎與習知相較又具有明顯進步,同時也具可供產業利用性,完全符合專利要件,爰提出發明專利申請。唯以上所述者,僅為本發明之較佳實施例而已,當不能以此限定本發明實施之範圍;故,凡依本發明申請專利範圍及創作說明書內容所作之簡單的等效變化與修飾,皆應仍屬本發明專利涵蓋之範圍內。 In summary, the novel system of the present invention has significant progress compared with the conventional ones, and also has industrial availability, fully conforms to the patent requirements, and proposes an invention patent application. The above is only the preferred embodiment of the present invention, and the scope of the present invention is not limited thereto; therefore, the simple equivalent changes and modifications made by the scope of the patent application and the content of the invention are All should remain within the scope of the invention patent.

10‧‧‧網路終端設備 10‧‧‧Network terminal equipment

100‧‧‧實體地理位置 100‧‧‧ entity location

30‧‧‧網路分佈環境平面圖 30‧‧‧Network distribution environment plan

Claims (5)

一種實體地理位置對應顯示網路終端設備管理系統,主要包括:設定管理網路終端設備所屬的IP管理網段;透過一探測器主動查詢/嗅探網路流數據包,以SNMP的方式由交換機/路由器取得來源資料,係選自包括交換機/路由器的網路流數據包、接口表、ARP表及MAC地址表;自動分析篩選取得管理的網路終端設備其相關網路位置資料;使每一網路終端設備對應單一之網路位置資料,其特徵在於:該探測器主動查詢/嗅探網路流數據包,係採用a.透過網路流數據包與ARP表所取得的資料,整理並獲得被管理網路終端設備的IP地址、MAC地址、及主機名稱資料;b.透過接口表與MAC地址表取得資料,整理並獲得被管理網路終端設備的MAC地址、交換機/路由器、接口資料,以及;c.綜合比對前述a、b兩點的來源資料,以MAC為基鍵值,整理得出被管理網路終端設備的IP、MAC、主機名稱、交換機/路由器、及接口資料,使每一網路終端設備對應單一之網路位置資料;再與網路分佈環境平面圖資訊對應整合;而將所屬管理的網路終端設備對應成實體地理位置顯示呈現;藉此,使資安管理更直接完善,方便建檔查詢更新維護。 An entity geographical location correspondingly displays a network terminal device management system, which mainly comprises: setting an IP management network segment to which the management network terminal device belongs; actively querying/sniffering the network flow data packet through a probe, and adopting an SNMP manner by the switch The router obtains the source data, which is selected from the network flow data packet including the switch/router, the interface table, the ARP table, and the MAC address table; automatically analyzes and filters the network terminal equipment of the managed network terminal device; The network terminal device corresponds to a single network location data, and is characterized in that: the probe actively queries/snoops the network stream data packet, and uses a data obtained by the network stream data packet and the ARP table, and Obtain the IP address, MAC address, and host name data of the managed network terminal device; b. Obtain data through the interface table and the MAC address table, and sort and obtain the MAC address, switch/router, and interface data of the managed network terminal device. And c. comprehensively compare the source data of the above two points a and b, and use the MAC as the base key to sort out the IP, MAC, and master of the managed network terminal equipment. Name, switch/router, and interface data, so that each network terminal device corresponds to a single network location data; and then integrates with the network distribution environment floor plan information; and the managed network terminal device corresponds to the physical location Display presentation; thereby, the security management is more directly improved, and it is convenient to file the query update maintenance. 如申請專利範圍第1項所述之實體地理位置對應顯示網路終端設備管理系統,其中該探測器可係一硬體設備,以側接方式接連設在交換機/路由器的一般埠口或主幹埠口。 For example, the physical location of the entity described in claim 1 corresponds to the display network terminal device management system, wherein the detector can be a hardware device, and is connected to the general port or trunk of the switch/router in a side-by-side manner. mouth. 如申請專利範圍第1或2項所述之實體地理位置對應顯示網路終端設備管理系統,其中進一步包括:(1)系統設定管理網路終端設備所屬的IP管理網段,要求探測器根據 此資訊於該IP管理網段,透過主動查詢/嗅探網路流數據包的方式,取得所需的IP、MAC、主機名稱;(2)系統根據設定的管理網路終端設備所屬的交換機/路由器透過SNMP簡單網路管理協定查詢所需的參數設定資訊,透過SNMP協議取得所需的接口表與MAC地址表;(3)將管理網路終端設備內部所屬的網路分佈環境平面圖,包含但不限於樓層平面圖,載入系統的管理介面;(4)將已納入管理的交換機/路由器接口資訊,對照內部所屬的網路分佈環境平面圖,一一標註成相對應的實體地理位置;(5)系統將對應於內部網路分佈環境平面圖的(x,y)座標位置紀錄於資料庫內;再搭配前述取得之IP、MAC、主機名稱、交換機/路由器、及接口資料,其網路終端設備的IP、MAC、主機名稱資訊建檔,使網路終端設備對應成實體地理位置提供查詢,以及;(6)透過一鍵查詢的方式快速得知相關資訊,當發生違反資安政策的事件時,系統會以自動彈跳式視窗的方式,立即標識出發生問題的網路終端設備所在的實體地理位置。 The physical location corresponding to the physical network terminal device management system as described in claim 1 or 2, further comprising: (1) setting an IP management network segment to which the network terminal device belongs, requiring the detector to be based on This information is obtained on the IP management network segment by actively querying/sniffering the network flow data packet to obtain the required IP, MAC, and host name; (2) the system according to the configured management network terminal device belongs to the switch/ The router queries the required parameter setting information through the SNMP simple network management protocol, obtains the required interface table and MAC address table through the SNMP protocol, and (3) manages the network distribution environment plan to which the network terminal device belongs, including It is not limited to the floor plan, and is loaded into the management interface of the system; (4) the information of the switch/router interface that has been included in the management is compared with the plan of the network distribution environment to which it belongs, and is marked as the corresponding physical location; (5) The system records the (x,y) coordinate position corresponding to the internal network distribution environment plan in the database; and then matches the IP, MAC, host name, switch/router, and interface data obtained by the network terminal device. IP, MAC, and host name information are filed, so that the network terminal device provides a query corresponding to the physical location, and (6) quickly learns the phase through a one-click query. Information, when the information security policy violations occur, the system will automatically pop-up window of the way, immediately identify the geographical entity network terminal device where the problem occurred. 如申請專利範圍第3項所述之實體地理位置對應顯示網路終端設備管理系統,其中該網路終端設備對應成實體地理位置,進一步與全球性地域圖示資訊整合呈現。 The physical location of the entity as described in claim 3 is corresponding to the display network terminal device management system, wherein the network terminal device corresponds to a physical geographic location, and is further integrated with the global geographic graphic information. 如申請專利範圍第4項所述之實體地理位置對應顯示網路終端設備管理系統,其中該網路終端設備的實體地理位置與全球性地域圖示資訊整合呈現,進一步包括: (7)系統以探測器為參考基準,對照全球性地域圖示,包含但不限於Google Map,將分佈於不同區但已納入管理的複數探測器所隸屬網路終端設備資訊,對應標註成實體地理位置;(8)系統將對應於全球性地域圖示的(x,y)座標位置和(經度,緯度)座標位置紀錄於資料庫內;再搭配前述取得每一探測器底下管理網路終端設備的IP、MAC、主機名稱、交換機/路由器、及接口資料建檔提供查詢,以及;(9)透過一鍵查詢的方式快速得知相關資訊,當發生違反資安政策的事件時,系統會以自動彈跳式視窗的方式,立即標識出發生問題的網路終端設備的所屬探測器所在的實體地理位置。 The physical location of the physical location corresponding to the network terminal device management system as described in claim 4, wherein the physical location of the network terminal device is integrated with the global geographic graphic information, and further includes: (7) The system uses the detector as a reference, and the global geographical map, including but not limited to Google Map, will be distributed in different areas but has been included in the management of the complex detectors belonging to the network terminal equipment information, corresponding to the entity Geographical location; (8) The system records the (x, y) coordinate position and the (longitude, latitude) coordinate position corresponding to the global geographical map in the database; and then obtains the management network terminal under each detector with the foregoing The device's IP, MAC, host name, switch/router, and interface data files provide query, and (9) quick access to relevant information through a one-click query. When an event that violates the security policy occurs, the system will In the form of an automatic bounce window, the geographic location of the entity to which the detector of the network terminal device in question is located is immediately identified.
TW104118096A 2015-06-04 2015-06-04 The physical location corresponds to the display network terminal equipment management system TWI572180B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW104118096A TWI572180B (en) 2015-06-04 2015-06-04 The physical location corresponds to the display network terminal equipment management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW104118096A TWI572180B (en) 2015-06-04 2015-06-04 The physical location corresponds to the display network terminal equipment management system

Publications (2)

Publication Number Publication Date
TW201644254A TW201644254A (en) 2016-12-16
TWI572180B true TWI572180B (en) 2017-02-21

Family

ID=58056036

Family Applications (1)

Application Number Title Priority Date Filing Date
TW104118096A TWI572180B (en) 2015-06-04 2015-06-04 The physical location corresponds to the display network terminal equipment management system

Country Status (1)

Country Link
TW (1) TWI572180B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103118383A (en) * 2013-02-01 2013-05-22 中国科学技术大学 System and method for comprehensively supervising wireless access point state

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103118383A (en) * 2013-02-01 2013-05-22 中国科学技术大学 System and method for comprehensively supervising wireless access point state

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
張倫豪,"利用網路延遲時間來預測地理位置",大同大學資訊工程研究所碩士論文,2009年 *

Also Published As

Publication number Publication date
TW201644254A (en) 2016-12-16

Similar Documents

Publication Publication Date Title
US20230261943A1 (en) System and method for managing virtual local area networks
CN110855473B (en) Monitoring method, device, server and storage medium
US10469320B2 (en) Versioning system for network states in a software-defined network
CN104901838B (en) Enterprise network security event management system and its method
CN111711616B (en) Network zone boundary safety protection system, method and equipment
US8935612B2 (en) Data replication tracing
US8725859B2 (en) Service network discovery
US20220182279A1 (en) Context-Aware Automated Root Cause Analysis in Managed Networks
JP2002330177A (en) Security management server and host sever operating in linkage with the security management server
WO2016070762A1 (en) Cloud platform monitoring method and cloud platform monitoring system
US20200236006A1 (en) Guided interface for configuring key performance indicators
US10095790B2 (en) Control center system for searching and managing objects across data centers
US11604772B2 (en) Self-healing infrastructure for a dual-database system
US20210081195A1 (en) Efficient automatic population of downgrade rights of licensed software
CN112636985A (en) Network asset detection device based on automatic discovery algorithm
EP4193287A1 (en) Systems and methods for application placement in a network based on host security posture
CN107360271B (en) Method, system and equipment for acquiring network equipment information and automatically segmenting IP address
Marik et al. Comparative analysis of monitoring system for data networks
WO2015039468A1 (en) Operation and maintenance monitoring method based on site status, device, equipment and system
TWI572180B (en) The physical location corresponds to the display network terminal equipment management system
CN101662388B (en) Network fault analyzing method and equipment thereof
CN106533727B (en) The corresponding display network-termination device management system in entity geographical location
CN113364631A (en) Network topology management method, device, equipment and computer storage medium
WO2023108832A1 (en) Network space map generation method and apparatus, and device and storage medium
US8677184B2 (en) System, method, and computer program product for gathering device information to enable identification of potential risks in a network environment