[go: up one dir, main page]

CN109120599A - A kind of external connection managing and control system - Google Patents

A kind of external connection managing and control system Download PDF

Info

Publication number
CN109120599A
CN109120599A CN201810809479.1A CN201810809479A CN109120599A CN 109120599 A CN109120599 A CN 109120599A CN 201810809479 A CN201810809479 A CN 201810809479A CN 109120599 A CN109120599 A CN 109120599A
Authority
CN
China
Prior art keywords
terminal
client
software client
illegal
external connection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810809479.1A
Other languages
Chinese (zh)
Inventor
徐光亮
马锋
王健
刘松林
张涛
徐静
李悦
吴建辉
曹海军
刘伟
匡琮
孔祥晨
姬晓明
刘亚
刘会强
李旭辉
冯河玮
韩源
周世昂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Huisen Information Co Ltd
Shangqiu Power Supply Co of State Grid Henan Electric Power Co Ltd
Original Assignee
Zhengzhou Huisen Information Co Ltd
Shangqiu Power Supply Co of State Grid Henan Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Huisen Information Co Ltd, Shangqiu Power Supply Co of State Grid Henan Electric Power Co Ltd filed Critical Zhengzhou Huisen Information Co Ltd
Priority to CN201810809479.1A priority Critical patent/CN109120599A/en
Publication of CN109120599A publication Critical patent/CN109120599A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

本发明提供了一种基于Linux操作系统的外联管控系统,包括服务器管理端和软件客户端,其中服务器管理端能够扫描内网中的所有终端,并向内网中的非法终端推送软件客户端;所述的软件客户端能够在内核驱动生效,实时监控网络连接和USB口连接状态,对终端的访问行为、访问信息特征进行监管,并生成详细的终端外联日志,建立终端网络与软件客户端防护的紧密联系,采取“实时监测,及时阻断”的思路,阻断“非法外联”终端对内部网络对威胁,拦截违规外联的发生,从而避免外联事件发生,造成信息泄密,满足了涉密网络的信息安全保障需求。

The invention provides an external link management and control system based on a Linux operating system, including a server management terminal and a software client, wherein the server management terminal can scan all terminals in the intranet and push the software client to illegal terminals in the intranet The software client can take effect in the kernel driver, monitor the network connection and USB port connection status in real time, supervise the access behavior and access information characteristics of the terminal, generate detailed terminal outreach logs, and establish the terminal network and software client The close connection of terminal protection adopts the idea of "real-time monitoring and timely blocking" to block the threat of "illegal outreach" terminals to the internal network, and block the occurrence of illegal outreach, so as to avoid outreach incidents and information leakage. It meets the information security requirements of classified networks.

Description

A kind of external connection managing and control system
Technical field
The invention belongs to field of computer technology, and in particular to it is a kind of based on (SuSE) Linux OS can be in driving The external connection managing and control system of generation movement and blocking equipment connection.
Background technique
With the continuous development of Chinese government's project of surfing the net, computer techno-stress case of divulging a secret just increases year by year, information peace Full status is very severe.All the time, Prevention-Security theory is limited to conventional gateway rank (firewall etc.), network boundary The defence of (vulnerability scanning, security audit, anti-virus, IDS) etc., important safety devices largely concentrate on computer room, network Inlet.For the safe operation for guaranteeing concerning security matters network, implements physical isolation between concerning security matters network and public information network, be to work as The main security secrecy provision that preceding concerning security matters network is taken, physical isolation can provide between concerning security matters network and public information network One security boundary, to establish a credible controllable internal security network, to reduce the security threat from network-external; However network internal equally exists serious security threat, this threat is increasingly becoming most of network management personnels and currently leads It faces and urgent problem.
Summary of the invention
The managing and control system that the present invention provides a kind of on kernel-driven carries out network communication blocking, is intercepted outside in violation of rules and regulations Join the new way occurred, so that Intranet terminal device external connection event be avoided to occur, prevents from causing information-leakage, meet concerning security matters The security assurance information demand of network.
The technical solution adopted by the present invention are as follows: a kind of external connection managing and control system is based on (SuSE) Linux OS, and this system includes Server admin end and software client.
The server admin end possesses strict Admission control, and communicates with Intranet all clients, service Device management end can scan all terminal machines of local area network and server communication, scan all online terminals in local area network and Non- online terminal;Server admin end can check whether terminal installs software client, for installing the terminal of client Think to meet server Admission control, it being capable of normal use;Terminal for not installing client thinks not meeting service Device Admission control cannot communicate in local area network;Server admin end can issue the terminal of installation software client Strategy, and collect and check the log information of terminal;Push client installation is forced to the terminal for being fitted without software client Program, until detecting terminal, there are client service processes, meet the Admission control at server admin end.
The software client needs to be mounted in local area network on every terminal machine;Software client uses two process Protected mode, user can not directly unload or terminate process, and administrator can be used dedicated tool of unloading and carry out client unloading; The network connection state and USB port connection status of client real-time monitoring terminal;To being inserted directly into outer cable, double netcard, hot spot WIFI, smart machine shared internet connection are monitored and block, and USB access illegal to terminal is monitored and blocks, and generates detailed Thin terminal external connection log, log recording terminal user name, the address Mac, IP address and illegal external connection event type and time.
Software client monitoring mechanism judges illegal external connection thing by " three-way handshake " before detection TCP data connection Part.When terminal has illegal external connection intention, software client can act on kernel-driven and carry out network interface card disabling or USB driving taboo With blocking data transmission guarantees terminal security.
The beneficial effect comprise that: software client can come into force in kernel-driven, to the access behavior of terminal, Access information feature is supervised, and is established terminal network and is closely connected with what client was protected, and " real-time monitoring, in time resistance are taken It is disconnected " thinking, block " illegal external connection " terminal, to threat, the generation of illegal external connection to be intercepted, to avoid external connection to internal network Event occurs, and causes information-leakage, meets the security assurance information demand of concerning security matters network.
Detailed description of the invention
Fig. 1 is the whole composition schematic diagram of system;
Fig. 2 is software client monitoring function schematic diagram;
Fig. 3 is server admin end functional schematic.
Specific embodiment
The present invention will be further described below with reference to the drawings.
The present invention is a kind of external connection managing and control system, is novel C/S architecture technology suitable for (SuSE) Linux OS, to meter Calculation machine connects outer net and USB device carries out security management and control, using the multimachine tubulation control technology on kernel-driven, realizes illegal outer The blocking and alarm of blocking and alarm, the illegal USB access of connection;Server admin end and software client are affixed one's name in interior wet end, Middle software client needs to be deployed on every interior network termination." region 1 " and " region 2 " expression of the terminal of different segment, such as Shown in Fig. 1, " region 1 " be install client terminal machine, be legal terminal, can in Intranet normal communication and receive plan Slightly;" region 2 " is the terminal machine for not installing client, is illegal terminal, cannot be at Intranet normal communication, server admin end Installation program of client can be pushed to illegal terminal, until it becomes legal terminal.
Software client can monitor the access behavior of legal terminal in real time, and supervise to access information feature, establish Terminal network is closely connected with what client was protected.Terminal can take two process protected mode after installing software at once, prevent Improper means hinders software work.Server admin end can establish connection with all terminals of Intranet, form legal Intranet, energy Enough uploads, distributing policy, and security status can be grasped.
As shown in Fig. 2, software client can be judged outside illegal by " three-way handshake " before detection TCP data connection Connection event, the network connection state and USB port connection status of real-time monitoring terminal ensure that legal terminal can normally lead in Intranet Letter prevents legal terminal from connecting outer net.Client can prevent other portable equipments, intelligent USB device etc. from accessing interior Network Communication.It is right The end host for being inserted into the illegal connections outer nets such as outer cable, wireless network or hot spot sharing carries out network interface card disabling, to smart phone Etc. shared internet connections carry out Microsoft Loopback Adapter disabling, USB driving disabling is carried out to unauthorized USB device access terminal, and generates correspondence The illegal external connection log of type.
As shown in figure 3, server admin end, which can scan Intranet, can obtain all terminals of communication, and list comes out, List information includes the IP address of terminal, MAC Address, user name, network link state, software client monitor state and soft The machine code and version number that part client generates, and can identify whether interior network termination installed software client, to being fitted without The terminal of client pushes installation program of client, the machine code until that can scan client generation.Server admin end The illegal external connection log of network termination in collecting, and manage log concentratedly, show record information: terminal user in detail in log Name, the address Mac, IP address and illegal external connection event type and time of origin.Server end inwardly can issue peace by network termination Full strategy can carry out remote-control to the terminal of installation client, including restart and shut down, and can carry out to client long-range Unloading and upgrading.
The present invention is using the multimachine tubulation control technology on kernel-driven: Liunx kernel is provided at the interruption of device drives bottom Function is managed, each hardware device has corresponding device driver, and device drives journey is made of many levels, respectively It is that the top layer communicated with upper level applications a driving, one or more intermediate drivers and the bottom are set with specific physics The bottom layer driving of standby communication.
Kernel-driven Interception Technology of the invention is then to be intercepted by analyzing data information in bottom layer driving.It is logical All illegal operations in monitoring driving program are crossed, in monitoring process, the access control information that kernel-driven is issued first, By the access control information of sending, transmission data packet is positioned, is tracked, specific data information is analyzed, such as discovery is intended to Illegal act is generated, can be blocked in bottom layer driving, prevents from driving to top layer and continues to transmit.Therefore the present invention is based on kernel Driving intercepts and monitoring technology, blocks from bottom layer driving, safeguards system information security.

Claims (2)

1. a kind of external connection managing and control system is based on (SuSE) Linux OS, including server admin end and software client, feature It is:
The server admin end can be communicated with Intranet all clients, and server admin end can scan local area network and clothes All terminal machines of business device communication, scan all online terminals and non-online terminal in local area network;Server admin end energy Enough check whether terminal installs software client, the terminal for installing client thinks to meet server admission control plan It slightly, being capable of normal use;Terminal for not installing client thinks not being inconsistent hop server Admission control, cannot be in local Communication in net;Server admin end can be to the terminal distributing policy of installation software client, and collects and check the day of terminal Will information;To be fitted without software client terminal force push installation program of client, until detect terminal there are Client service process meets the Admission control at server admin end;
The software client needs to be mounted in local area network on every terminal machine;Software client is protected using two process Mode, user can not directly unload or terminate process, and administrator can be used dedicated tool of unloading and carry out client unloading;Client Hold the network connection state and USB port connection status of real-time monitoring terminal;To be inserted directly into outer cable, double netcard, hot spot WIFI, Smart machine shared internet connection is monitored and blocks, and USB access illegal to terminal is monitored and blocks, and generates detailed end Hold external connection log, log recording terminal user name, the address Mac, IP address and illegal external connection event type and time.
2. a kind of external connection managing and control system according to claim 1, it is characterised in that: the software client monitoring mechanism Illegal external connection event is judged by " three-way handshake " before detection TCP data connection, it is soft when terminal has illegal external connection intention The access control information that part client first issues kernel-driven, by the access control information of sending to transmission data packet into Row positioning, tracking, analyze specific data information, and such as discovery is intended to generate illegal act, can be blocked, be prevented in bottom layer driving Continue to transmit to top layer driving.
CN201810809479.1A 2018-07-23 2018-07-23 A kind of external connection managing and control system Pending CN109120599A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810809479.1A CN109120599A (en) 2018-07-23 2018-07-23 A kind of external connection managing and control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810809479.1A CN109120599A (en) 2018-07-23 2018-07-23 A kind of external connection managing and control system

Publications (1)

Publication Number Publication Date
CN109120599A true CN109120599A (en) 2019-01-01

Family

ID=64863334

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810809479.1A Pending CN109120599A (en) 2018-07-23 2018-07-23 A kind of external connection managing and control system

Country Status (1)

Country Link
CN (1) CN109120599A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109587175A (en) * 2019-01-11 2019-04-05 杭州迪普科技股份有限公司 A kind of illegal external connection processing method and system
CN111385285A (en) * 2019-12-30 2020-07-07 杭州迪普科技股份有限公司 Method and device for preventing illegal external connection
CN111510431A (en) * 2020-03-16 2020-08-07 国网辽宁省电力有限公司信息通信分公司 Universal terminal access control platform, client and control method
CN111857778A (en) * 2020-07-17 2020-10-30 北京北信源软件股份有限公司 Automatic installation method and system for Windows 7 extended security update
CN113285929A (en) * 2021-05-10 2021-08-20 新华三技术有限公司 Terminal validity detection method and device
CN113821411A (en) * 2021-09-24 2021-12-21 北京鼎普科技股份有限公司 Method and system for protecting secret-involved intranet by preventing illegal external connection of terminal computer
CN114499924A (en) * 2021-12-02 2022-05-13 厦门市美亚柏科信息股份有限公司 Data leakage prevention method based on network interface controller and storage medium
CN114845303A (en) * 2022-04-14 2022-08-02 湖南匡安网络技术有限公司 Industrial control network external connection equipment detection method and system based on API
US11477195B2 (en) * 2020-06-01 2022-10-18 Upas Corporation Network connection managing system
CN116112208A (en) * 2022-11-30 2023-05-12 中国农业银行股份有限公司湖南省分行 Method and device for handling illegal software use by adopting network disconnection technology

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090241188A1 (en) * 2008-03-21 2009-09-24 Fujitsu Limited Communication monitoring apparatus and communication monitoring method
US20100269175A1 (en) * 2008-12-02 2010-10-21 Stolfo Salvatore J Methods, systems, and media for masquerade attack detection by monitoring computer user behavior
CN102664890A (en) * 2012-04-23 2012-09-12 沈阳通用软件有限公司 Method for recognizing legality of terminal computer by network security control server
CN103166960A (en) * 2013-03-01 2013-06-19 北京神州绿盟信息安全科技股份有限公司 Access control method and access control device
CN103391216A (en) * 2013-07-15 2013-11-13 中国科学院信息工程研究所 Alarm and blocking method for illegal external connections
CN103400073A (en) * 2013-07-09 2013-11-20 东莞天意电子有限公司 Method for monitoring and identifying USB input device of video lottery betting terminal

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090241188A1 (en) * 2008-03-21 2009-09-24 Fujitsu Limited Communication monitoring apparatus and communication monitoring method
US20100269175A1 (en) * 2008-12-02 2010-10-21 Stolfo Salvatore J Methods, systems, and media for masquerade attack detection by monitoring computer user behavior
CN102664890A (en) * 2012-04-23 2012-09-12 沈阳通用软件有限公司 Method for recognizing legality of terminal computer by network security control server
CN103166960A (en) * 2013-03-01 2013-06-19 北京神州绿盟信息安全科技股份有限公司 Access control method and access control device
CN103400073A (en) * 2013-07-09 2013-11-20 东莞天意电子有限公司 Method for monitoring and identifying USB input device of video lottery betting terminal
CN103391216A (en) * 2013-07-15 2013-11-13 中国科学院信息工程研究所 Alarm and blocking method for illegal external connections

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109587175A (en) * 2019-01-11 2019-04-05 杭州迪普科技股份有限公司 A kind of illegal external connection processing method and system
CN111385285A (en) * 2019-12-30 2020-07-07 杭州迪普科技股份有限公司 Method and device for preventing illegal external connection
CN111385285B (en) * 2019-12-30 2022-11-01 杭州迪普科技股份有限公司 Method and device for preventing illegal external connection
CN111510431B (en) * 2020-03-16 2022-04-15 国网辽宁省电力有限公司信息通信分公司 A pan-terminal access management and control platform, client and management and control method
CN111510431A (en) * 2020-03-16 2020-08-07 国网辽宁省电力有限公司信息通信分公司 Universal terminal access control platform, client and control method
US11477195B2 (en) * 2020-06-01 2022-10-18 Upas Corporation Network connection managing system
CN111857778A (en) * 2020-07-17 2020-10-30 北京北信源软件股份有限公司 Automatic installation method and system for Windows 7 extended security update
CN113285929A (en) * 2021-05-10 2021-08-20 新华三技术有限公司 Terminal validity detection method and device
CN113821411A (en) * 2021-09-24 2021-12-21 北京鼎普科技股份有限公司 Method and system for protecting secret-involved intranet by preventing illegal external connection of terminal computer
CN114499924A (en) * 2021-12-02 2022-05-13 厦门市美亚柏科信息股份有限公司 Data leakage prevention method based on network interface controller and storage medium
CN114845303A (en) * 2022-04-14 2022-08-02 湖南匡安网络技术有限公司 Industrial control network external connection equipment detection method and system based on API
CN114845303B (en) * 2022-04-14 2024-10-11 湖南匡安网络技术有限公司 API-based industrial control network external equipment detection method and system
CN116112208A (en) * 2022-11-30 2023-05-12 中国农业银行股份有限公司湖南省分行 Method and device for handling illegal software use by adopting network disconnection technology

Similar Documents

Publication Publication Date Title
CN109120599A (en) A kind of external connection managing and control system
US7788366B2 (en) Centralized network control
US10686823B2 (en) Systems and methods for detecting computer vulnerabilities that are triggered by events
US20240054234A1 (en) Methods and systems for hardware and firmware security monitoring
Radoglou-Grammatikis et al. Attacking iec-60870-5-104 scada systems
US11240260B2 (en) System and method for detecting computer network intrusions
US12045345B2 (en) Method to prevent root level access attack and measurable SLA security and compliance platform
CN106059087B (en) A kind of intelligent substation vulnerability analysis assessment system
CN113660224B (en) Situation awareness defense method, device and system based on network vulnerability scanning
KR102433928B1 (en) System for Managing Cyber Security of Autonomous Ship
CN111212077B (en) Host access system and method
CN101018119A (en) Hardware-based server network security centralized management system without relevance to the operation system
US20140259171A1 (en) Tunable intrusion prevention with forensic analysis
Rekik et al. A cyber-physical threat analysis for microgrids
CN102469098B (en) Information safety protection host machine
CN118200016A (en) Asset monitoring method based on equipment fingerprint
CN102752289A (en) Master station for power utilization information collecting system
CN111400720A (en) Terminal information processing method, system and device and readable storage medium
KR20200098181A (en) Network security system by integrated security network card
KR20130033161A (en) Intrusion detection system for cloud computing service
CN110401621A (en) A protection method, device and storage medium for sensitive instructions
CN115883216A (en) Communication system safety protection method, device and electronic equipment
CN107819787B (en) A system and method for preventing illegal external connection of local area network computers
US20210266240A1 (en) Embedded intrusion detection system on a chipset or device for use in connected hardware
CN111988333B (en) Proxy software work abnormality detection method, device and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190101

RJ01 Rejection of invention patent application after publication