CN102271051B - Computer access network anomaly judgment method, device and computer - Google Patents
Computer access network anomaly judgment method, device and computer Download PDFInfo
- Publication number
- CN102271051B CN102271051B CN201010199139.5A CN201010199139A CN102271051B CN 102271051 B CN102271051 B CN 102271051B CN 201010199139 A CN201010199139 A CN 201010199139A CN 102271051 B CN102271051 B CN 102271051B
- Authority
- CN
- China
- Prior art keywords
- network
- access network
- computer
- mark
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 230000002159 abnormal effect Effects 0.000 claims description 47
- 238000002955 isolation Methods 0.000 claims description 18
- 238000001514 detection method Methods 0.000 claims description 4
- 238000003780 insertion Methods 0.000 description 5
- 230000037431 insertion Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 239000000725 suspension Substances 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The embodiment of the invention discloses a computer access network anomaly judgment method, a computer access network anomaly judgment device and a computer. The method comprises the following steps of: acquiring a first network identifier of an access network; judging whether the first network identifier of the access network is matched with a second network identifier predefined by a network type configured by a user or not; and if the first network identifier of the access network is mismatched with the predefined second network identifier, generating network anomaly prompting information. The technical scheme provided by the invention is used for generating the prompting information to prompt the user when a user access network error occurs, thereby preventing data leakage caused by the network access error.
Description
Technical field
The present invention relates generally to computer network field, refers to especially a kind of the judge abnormal method of computer access network, device and computer.
Background technology
Along with scientific and technical development, cyber-net is being brought into play more and more important effect in daily life, and in enterprises and institutions, office worker's work be unable to do without cyber-net more.In enterprises and institutions; with better protected data and UNICOM the Internet; computer has all been equipped with internal network and two networks of external network conventionally; by the configuration of internal network and two networks of external network; staff can only use internal network in the time not needing to use external network; thereby can better protect the data of our unit not leaked, this is very important for the high unit of security requirements.
Inventor finds in the process that realizes the embodiment of the present invention, in prior art, at least there is following shortcoming: in the prior art, the isolation of computer external network and internal network realizes by corresponding fixing socket (network interface) in isolation card, that is to say, while realizing external network connection, in the time of computer starting, select external network configuration, and the netting twine of external network is inserted to the fixing socket of respective external network in isolation card; While realizing internal network connection, in the time of computer starting, select internal network configuration, and the netting twine of internal network is inserted to the fixing socket of respective inner network in isolation card.But in actual use, user is likely by netting twine wrong plug, as user selected internal network configuration originally, but the netting twine of external network is inserted to the fixing socket of internal network in isolation card, thereby may cause computer significant data to leak, and user also can't find relevant mistake, therefore in the urgent need to a kind of new technical scheme.
Summary of the invention
The embodiment of the present invention proposes a kind ofly to judge the abnormal method of computer access network, device and computer, points out user, thereby can prevent because the data that network insertion mistake causes leak for producing information when the user access network mistake.
The technical scheme of the embodiment of the present invention is achieved in that
Judge the method that computer access network is abnormal, comprising:
Obtain the first network mark of access network;
Whether the described first network mark that judges described access network is marking matched with a user configured network type predefined second network;
If the described first network mark of described access network is not mated with predefined described second network mark, generate a Network Abnormal information.
Preferably, described first network is designated procotol IP address;
The described first network mark of obtaining access network is specially:
Obtain the IP address of described access network by the firmware in isolation card.
Preferably, predefined second network is marking matched specifically comprises with user configured network type institute for the described described first network mark that judges described access network:
Basic input output system reads the IP address of the described access network that described firmware obtains;
Described basic input output system judges whether the IP address of described access network mates with the predefined network address of user configured network type.
Preferably, described network type comprises internal network type and external network type.
Judge the device that computer access network is abnormal, comprising:
Acquiring unit, for obtaining the first network mark of access network;
Judging unit, whether marking matched with a user configured network type predefined second network for judging the described first network mark of described access network;
Generation unit, in the time that the described first network mark of described access network is not mated with predefined described second network mark, generates a Network Abnormal information.
Preferably, described first network is designated procotol IP address;
Described acquiring unit is specially the firmware FW in isolation card.
Preferably, described judging unit is specially basic input output system;
Preferably, described generation unit is specially basic input output system.
A kind of computer, described computer comprises first network interface and second network interface, described computer also comprises the abnormal device of judgement computer access network being connected with described first network interface and described second network interface respectively, and the abnormal device of described judgement computer access network comprises:
Acquiring unit, for obtaining the first network mark of access network;
Judging unit, whether marking matched with a user configured network type predefined second network for judging the described first network mark of described access network;
Generation unit, in the time that the described first network mark of described access network is not mated with predefined described second network mark, generates a Network Abnormal information.
Preferably, also comprise:
Checkout gear, whether be communicated with described access network for detection of described first network interface or described second network interface, and after detecting that described first network interface or described second network interface are communicated with described access network, generate the trigger message of the abnormal device work of the described judgement computer access network of a triggering.
Technical solution of the present invention compares the first network mark of user access network and a user configured network type predefined second network mark, in the time that the first network mark of access network is not mated with predefined second network mark, produce an information, tell user access network to select mistake, thereby can prevent because the data that network insertion mistake causes leak.
Brief description of the drawings
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is a kind of schematic flow sheet that judges the abnormal method of computer access network the first embodiment of the present invention;
Fig. 2 is a kind of schematic flow sheet that judges the abnormal method of computer access network the second embodiment of the present invention;
Fig. 3 is a kind of structural representation that judges the abnormal device of computer access network the first embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiment.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
Need to illustrate, the described first network mark of access network of the present invention can be IP (the Internet Protocol of described access network, procotol) address, it can also be other network identity of described access network, as network title, the gateway address of access network etc. of access network, the present invention does not carry out any restriction to this.Second network mark is corresponding with first network mark, in the time that first network is designated IP address (as 192.168.0.1), second network is designated corresponding IP address field (as 192.168........), in the time that first network is designated network title, second network mark also should be mutually network name and claims.In following embodiment, the IP address, the second network that are all preferably designated access network taking the first network of access network are designated the predefined network address as example explanation, but can not therefore the scope of application of technical solution of the present invention be defined in to IP address.In addition, technical scheme of the present invention is not only applicable to cable network, and for wireless network, technical solution of the present invention is also same being suitable for.
With reference to Fig. 1, a kind of schematic flow sheet that judges the abnormal method of computer access network the first embodiment of the present invention is shown.The abnormal method of described judgement computer access network comprises:
Step S110, IP (Internet Protocol, the procotol) address that obtains access network.
The netting twine of internal network or the netting twine of external network insert after the fixing socket in isolation card, the IP address that can obtain access network.
Step S120, judge whether the IP address of described access network mates with the predefined network address of user configured network type.
User enters before operating system at startup computer, and computer can point out user to configure corresponding network type, as internal network type or external network type.
If does not mate with the described predefined network address IP address of the described access network of step S130, generate a Network Abnormal information.
Under normal conditions, if when the network type that user configures in the time of computer starting is consistent with the network type of access network, as user configures internal network type, and the netting twine of internal network is inserted to the fixing socket of internal network in isolation card, and now mate with the predefined network address of internal network the IP address of access network.
If when the network type that user configures in the time of computer starting and the network type of access network are inconsistent, as user configures internal network type, but have a mind to or be not intended to the netting twine of external network is inserted to the fixing socket of internal network in isolation card, now the IP address of access network (external network IP address) can not mate with the predefined network address of internal network, if now continue again to use computer, likely the relevant data on computer leaked in external network and gone.
Described internal network and external network can be distinguished by different network segment address etc., and user also can pre-define the corresponding network address of different network type.
Generate after a Network Abnormal information, user can carry out error correction according to described information, and as the netting twine of correct internal network is inserted in the fixing socket of the internal network in isolation card, computer also can automatically perform the operation such as suspension or shutdown.
The above method flow of the present embodiment can be realized by corresponding program after computer starting operating system.
Technical solution of the present invention compares the IP address of user access network and the predefined network address of user configured network type, in the time that does not mate with the predefined network address IP address of access network, produce an information, tell user access network to select mistake, thereby can prevent because the data that network insertion mistake causes leak.
With reference to Fig. 2, show a kind of schematic flow sheet that judges the abnormal method of computer access network the second embodiment of the present invention.
The abnormal method of described judgement computer access network comprises:
Step S210, the IP address that obtains access network by the firmware (firmware, FW) in isolation card.
Step S220, basic input output system (BIOS, Basic Input Output System) read the IP address of the described access network that described firmware FW obtains.
Step S230, described basic input-output system BIOS judge whether the IP address of described access network mates with the predefined network address of user configured network type.
When step S240, described basic input output system are not mated with the described predefined network address in the IP address of described access network, generate a Network Abnormal information.
Under normal conditions, if when the network type that user configures in the time of computer starting is consistent with the network type of access network, as user configures internal network type, and the netting twine of internal network is inserted to the fixing socket of internal network in isolation card, and now mate with the predefined network address of internal network the IP address of access network.
If when the network type that user configures in the time of computer starting and the network type of access network are inconsistent, as user configures internal network type, but have a mind to or be not intended to the netting twine of external network is inserted to the fixing socket of internal network in isolation card, now the IP address of access network (external network IP address) can not mate with the predefined network address of internal network, if now continue again to use computer, likely the relevant data on computer leaked in external network and gone.
Described internal network and external network can be distinguished by different network segment address etc., and user also can pre-define the corresponding network address of different network type.
The difference of the present embodiment and the first embodiment is, the first embodiment enters the process step after operating system at computer starting, and the present embodiment is the process step before computer starting enters operating system, described step S220, S230, S240 are realized by basic input-output system BIOS, instead of are realized by the corresponding program in operating system.
Technical solution of the present invention compares the IP address of user access network and the predefined network address of user configured network type, in the time that does not mate with the predefined network address IP address of access network, produce an information, tell user access network to select mistake, thereby can prevent because the data that network insertion mistake causes leak.
With reference to Fig. 3, show a kind of structural representation that judges the abnormal device of computer access network the first embodiment of the present invention.The abnormal device 300 of described judgement computer access network comprises:
Acquiring unit 310, for obtaining the first network mark of access network.
Judging unit 320, whether marking matched with a user configured network type predefined second network for judging the described first network mark of described access network.
Generation unit 330, in the time that the described first network mark of described access network is not mated with predefined described second network mark, generates a Network Abnormal information.
Described in the present embodiment, device is applied in operating system by application program.In another embodiment of the present invention,, before computer starting enters operating system, described acquiring unit 310 is specially the firmware FW in isolation card; The function of described judging unit 320, generation unit 330 is all realized by basic input-output system BIOS, and described judging unit 320 is specially basic input output system; Described generation unit 330 is also specially basic input output system.
Need to illustrate, the described first network mark of access network of the present invention can be IP (the Internet Protocol of described access network, procotol) address, it can also be other network identity of described access network, as network title, the gateway address of access network etc. of access network, the present invention does not carry out any restriction to this.Second network mark is corresponding with first network mark, in the time that first network is designated IP address (as 192.168.0.1), second network is designated corresponding IP address field (as 192.168........), in the time that first network is designated network title, second network mark also should be mutually network name and claims.
Technical solution of the present invention compares the first network mark of user access network and a user configured network type predefined second network mark, in the time that the first network mark of access network is not mated with predefined second network mark, produce an information, tell user access network to select mistake, thereby can prevent because the data that network insertion mistake causes leak.
In addition, the invention also discloses a kind of computer, described computer comprises first network interface and second network interface, and described first network interface is respectively used to be connected dissimilar access network (as external network type and internal network type) with described second network interface.Described computer also comprises the abnormal device 300 of judgement computer access network being connected with described first network interface and described second network interface respectively.
The abnormal device 300 of described judgement computer access network comprises:
Acquiring unit 310, for obtaining the first network mark of access network.
Judging unit 320, whether marking matched with a user configured network type predefined second network for judging the described first network mark of described access network.
Generation unit 330, in the time that the described first network mark of described access network is not mated with predefined described second network mark, generates a Network Abnormal information.
In another embodiment of the present invention, described computer also comprises:
Checkout gear, whether be communicated with described access network for detection of described first network interface or described second network interface, and after detecting that described first network interface or described second network interface are communicated with described access network, generate the trigger message of the abnormal device work of the described judgement computer access network of a triggering.
After the access network of different types is communicated with described first network interface or described second network interface, described detecting unit produces a trigger message, and described trigger message is worked for triggering the abnormal device 300 of described judgement computer access network.
In another embodiment, for better protected data, at the acquiring unit 310 of the abnormal device 300 of described judgement computer access network, judging unit 320, when generation unit 330 is worked, described computer does not allow other routine access access network, that is to say, now access network is only open to the abnormal device 300 of described judgement computer access network, other function to computer is forbidden, only have after described first network mark that described judging unit 320 judges described access network and user configured network type institute predefined second network are marking matched, just allow computer can access access network completely, otherwise generate a Network Abnormal information, and total ban computer access access network.
Concrete, described computer comprises first network interface and second network interface, described first network interface is respectively used to be connected dissimilar access network with described second network interface.
Described computer comprises checkout gear, for detection of described first network interface or described second network interface whether with network-in-dialing, and after detecting that described first network interface or described second network interface are communicated with described access network, generate one and trigger the first trigger message of the abnormal device work of described judgement computer access network, and generate a triggering computer simultaneously and enter the second trigger message of limited network access module.
Described computer also comprises the abnormal device of judgement computer access network being connected with described first network interface and described second network interface respectively.The abnormal device of described judgement computer access network is identical with previous embodiment, does not repeat them here.
Wherein, described limited network access module refers to that computer installation is except the abnormal device of described judgement computer access network, forbids that other any modules are by the pattern of the network interface access network of described connection.
One of ordinary skill in the art will appreciate that, the all or part of step realizing in above-described embodiment method is can carry out the hardware that instruction is relevant by program to complete, described program can be stored in a computer read/write memory medium, this program is in the time carrying out, comprise the step as above-mentioned embodiment of the method, described storage medium, as: magnetic disc, CD, read-only store-memory body (Read-Only Memory, or random store-memory body (Random Access Memory, RAM) etc. ROM).In the each embodiment of the method for the present invention; the sequence number of described each step can not be used for limiting the sequencing of each step; for those of ordinary skill in the art, do not paying under the prerequisite of creative work, the priority of each step is changed also within protection scope of the present invention.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any amendment of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (7)
1. judge the method that computer access network is abnormal, it is characterized in that, comprising:
Obtain the first network mark of access network, described first network mark is the IP address of the access network that obtains by the firmware in isolation card;
Whether the described first network mark that judges described access network is marking matched with a user configured network type predefined second network, and described network type comprises internal network type and external network type;
If the described first network mark of described access network is not mated with predefined described second network mark, generate a Network Abnormal information.
2. the abnormal method of judgement computer access network according to claim 1, is characterized in that, predefined second network is marking matched specifically comprises with user configured network type institute for the described described first network mark that judges described access network:
Basic input output system reads the IP address of the described access network that described firmware obtains;
Described basic input output system judges whether the IP address of described access network mates with the predefined network address of user configured network type.
3. judge the device that computer access network is abnormal, it is characterized in that, comprising:
Acquiring unit, for obtaining the first network mark of access network, described first network mark is the IP address of the access network that obtains by the firmware in isolation card;
Judging unit, whether marking matched with a user configured network type predefined second network for judging the described first network mark of described access network, described network type comprises internal network type and external network type;
Generation unit, in the time that the described first network mark of described access network is not mated with predefined described second network mark, generates a Network Abnormal information.
4. the abnormal device of judgement computer access network according to claim 3, is characterized in that, described judging unit is specially basic input output system.
5. the abnormal device of judgement computer access network according to claim 4, is characterized in that, described generation unit is specially basic input output system.
6. a computer, described computer comprises first network interface and second network interface, it is characterized in that, described computer also comprises the abnormal device of judgement computer access network being connected with described first network interface and described second network interface respectively, and the abnormal device of described judgement computer access network comprises:
Acquiring unit, for obtaining the first network mark of access network, described first network mark is the IP address of the access network that obtains by the firmware in isolation card;
Judging unit, whether marking matched with a user configured network type predefined second network for judging the described first network mark of described access network, described network type comprises internal network type and external network type;
Generation unit, in the time that the described first network mark of described access network is not mated with predefined described second network mark, generates a Network Abnormal information.
7. computer according to claim 6, is characterized in that, also comprises:
Checkout gear, whether be communicated with described access network for detection of described first network interface or described second network interface, and after detecting that described first network interface or described second network interface are communicated with described access network, generate the trigger message of the abnormal device work of the described judgement computer access network of a triggering.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010199139.5A CN102271051B (en) | 2010-06-07 | 2010-06-07 | Computer access network anomaly judgment method, device and computer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010199139.5A CN102271051B (en) | 2010-06-07 | 2010-06-07 | Computer access network anomaly judgment method, device and computer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102271051A CN102271051A (en) | 2011-12-07 |
| CN102271051B true CN102271051B (en) | 2014-07-30 |
Family
ID=45053222
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010199139.5A Active CN102271051B (en) | 2010-06-07 | 2010-06-07 | Computer access network anomaly judgment method, device and computer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102271051B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107682176A (en) * | 2017-08-26 | 2018-02-09 | 上海曼斐电器贸易有限公司 | The failure detector that a kind of broadband networks |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1822593A (en) * | 2006-03-20 | 2006-08-23 | 赵洪宇 | Network safety protective method for preventing reject service attack event |
| CN1832617A (en) * | 2005-03-09 | 2006-09-13 | 华为技术有限公司 | The method of locking the home area of the terminal |
| EP1853035A1 (en) * | 2006-05-05 | 2007-11-07 | Broadcom Corporation | Switching network employing server quarantine functionality |
| CN101707535A (en) * | 2009-09-27 | 2010-05-12 | 北京星网锐捷网络技术有限公司 | Method and device for detecting counterfeit network equipment |
| CN101577645B (en) * | 2009-06-12 | 2011-06-22 | 北京星网锐捷网络技术有限公司 | Method and device for detecting counterfeit network equipment |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2774023Y (en) * | 2004-07-05 | 2006-04-19 | 上海申贝科技发展有限公司 | Network safety separator |
| CN101483676B (en) * | 2006-02-17 | 2011-04-13 | 华为技术有限公司 | Network for securing special line user to access to network |
| CN101383719B (en) * | 2007-09-05 | 2011-04-06 | 中兴通讯股份有限公司 | Communication device access management method |
| CN101674232A (en) * | 2008-09-10 | 2010-03-17 | 北京艾科网信科技有限公司 | Server, method and system of access control |
-
2010
- 2010-06-07 CN CN201010199139.5A patent/CN102271051B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1832617A (en) * | 2005-03-09 | 2006-09-13 | 华为技术有限公司 | The method of locking the home area of the terminal |
| CN1822593A (en) * | 2006-03-20 | 2006-08-23 | 赵洪宇 | Network safety protective method for preventing reject service attack event |
| EP1853035A1 (en) * | 2006-05-05 | 2007-11-07 | Broadcom Corporation | Switching network employing server quarantine functionality |
| CN101577645B (en) * | 2009-06-12 | 2011-06-22 | 北京星网锐捷网络技术有限公司 | Method and device for detecting counterfeit network equipment |
| CN101707535A (en) * | 2009-09-27 | 2010-05-12 | 北京星网锐捷网络技术有限公司 | Method and device for detecting counterfeit network equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102271051A (en) | 2011-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7008100B2 (en) | Fraud handling methods, fraud detection electronic control units and network communication systems | |
| CN110719199B (en) | Network automatic testing and fault positioning method and device | |
| CN103401726A (en) | Network path detecting method, device and system | |
| CN109656767A (en) | A kind of acquisition methods, system and the associated component of CPLD status information | |
| CN104914815A (en) | Processor monitoring method, device and system | |
| JP2015098312A (en) | In-vehicle network system | |
| TW201029410A (en) | Data communication device, communication control method, and program | |
| CN113014587A (en) | API detection method and device, electronic equipment and storage medium | |
| CN111263377B (en) | Network configuration method, device, equipment and system and distribution network testing method and system | |
| CN110209529A (en) | The guard method of radio frequency parameter and electronic equipment | |
| CN102271051B (en) | Computer access network anomaly judgment method, device and computer | |
| CN105278931B (en) | A kind of method and terminal that Android system forbids application program backstage to open certainly | |
| CN103096167A (en) | Starting method and starting system of intelligent television | |
| CN106708688B (en) | Module test method and terminal | |
| CN104598214A (en) | Timed task management method and device for application service of oil and gas pipeline system | |
| CN113014640B (en) | Request processing method, request processing device, electronic equipment and storage medium | |
| CN104750537A (en) | Test case execution method and device | |
| CN101349994B (en) | Method, system and apparatus for positioning program error | |
| CN113055501B (en) | A method and device for configuring an IP address in series through a network port | |
| CN112954723A (en) | Network diagnosis method and device | |
| CN103383719A (en) | Method and equipment for uninstalling program | |
| US11663338B2 (en) | Automated security analysis of baseband firmware | |
| CN109922055A (en) | A kind of detection method, system and the associated component of risk terminal | |
| EP3078167A1 (en) | Method, secure element and system for monitoring controller area network devices | |
| Zhang et al. | Defensing the malicious attacks of vehicular network in runtime verification perspective |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |