[go: up one dir, main page]

CN112398789A - Remote login control method and device, system, storage medium, and electronic device - Google Patents

Remote login control method and device, system, storage medium, and electronic device Download PDF

Info

Publication number
CN112398789A
CN112398789A CN201910755481.XA CN201910755481A CN112398789A CN 112398789 A CN112398789 A CN 112398789A CN 201910755481 A CN201910755481 A CN 201910755481A CN 112398789 A CN112398789 A CN 112398789A
Authority
CN
China
Prior art keywords
equipment
behavior
remote login
server
telnet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910755481.XA
Other languages
Chinese (zh)
Inventor
付旻
李博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qianxin Safety Technology Zhuhai Co Ltd
Qax Technology Group Inc
Original Assignee
Qianxin Safety Technology Zhuhai Co Ltd
Qax Technology Group Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qianxin Safety Technology Zhuhai Co Ltd, Qax Technology Group Inc filed Critical Qianxin Safety Technology Zhuhai Co Ltd
Priority to CN201910755481.XA priority Critical patent/CN112398789A/en
Publication of CN112398789A publication Critical patent/CN112398789A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/08Protocols specially adapted for terminal emulation, e.g. Telnet
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Telephonic Communication Services (AREA)

Abstract

本发明提供了一种远程登录的控制方法及装置、系统、存储介质、电子装置,其中,该方法包括:监测所述第一设备发起的远程登录行为;判断所述远程登录行为是否为所述第一设备的主动操作行为;在所述远程登录行为为所述第一设备的主动操作行为时,向服务器发送凭证信息,其中,所述凭证信息携带所述第一设备的设备标识,所述凭证信息用于第二设备对所述第一设备的远程登录行为进行准入判别。通过本发明,解决了相关技术中只能通过账号口令校验远程登录行为的技术问题,可以避免利用弱口令、口令泄露或口令被爆破等创建的非法登录。

Figure 201910755481

The present invention provides a remote login control method and device, a system, a storage medium, and an electronic device, wherein the method includes: monitoring a remote login behavior initiated by the first device; determining whether the remote login behavior is the The active operation behavior of the first device; when the remote login behavior is the active operation behavior of the first device, send credential information to the server, wherein the credential information carries the device identifier of the first device, and the The credential information is used by the second device to perform an admission determination on the remote login behavior of the first device. The present invention solves the technical problem in the related art that remote login behavior can only be verified through account passwords, and can avoid illegal logins created by using weak passwords, password leakage or password blasting.

Figure 201910755481

Description

Remote login control method, device, system, storage medium and electronic device
Technical Field
The invention relates to the field of network security, in particular to a method, a device, a system, a storage medium and an electronic device for controlling remote login.
Background
In the related art, when a service system manager manages a server or a remote device, a remote login management mode is usually adopted, and different remote management methods are adopted according to different services. Such as: for the management of the Windows operating system of the server, a C/S mode is usually adopted, and a terminal is connected to a Telnet server program of a managed server through a Telnet (remote terminal protocol) client program to perform management. When Web service systems such as websites, mails, forums, OA (Office Automation) systems, etc. are managed, a B/S mode is usually adopted, and a browser is used at a terminal to perform login management through a management page provided by a corresponding Web service.
So far, a large number of overseas hackers outside the leisure law crack the password of the server system through tools, use a remote assistance attack means to carry out manual virus throwing, and damage the safety of the server system of the netizen. In contrast to explicit attacks, precision attacks against enterprise servers are implicit. Remote attacks by hackers are the most common two reasons, due to the weak password used by the server and the presence of severe system vulnerabilities.
Therefore, the protection means in the related art, including the first login from strange IP and the multiple login password error conditions, cannot effectively prevent the login from strange IP and cannot fundamentally defend the remote login control server, and the login mode in the related art has serious security defects.
In view of the above problems in the related art, no effective solution has been found at present.
Disclosure of Invention
The embodiment of the invention provides a method, a device, a system, a storage medium and an electronic device for controlling remote login.
According to an embodiment of the present invention, there is provided a method for controlling telnet, applied to a first device, including: monitoring a telnet action initiated by the first device; judging whether the remote login behavior is an active operation behavior of the first device; and when the remote login behavior is the active operation behavior of the first equipment, sending credential information to a server, wherein the credential information carries an equipment identifier of the first equipment, and the credential information is used for the second equipment to perform admission judgment on the remote login behavior of the first equipment.
Optionally, determining whether the telnet behavior is an active operation behavior of the first device includes at least one of: determining whether the triggering event of the telnet activity includes one of the following specified events: clicking a mouse, touching a screen and pressing keys of a keyboard; determining that the telnet behavior is the active operation behavior of the first device when the triggering event of the telnet behavior comprises at least one of the specified events, and determining that the telnet behavior is not the active operation behavior of the first device when the triggering event of the telnet behavior does not comprise at least one of the specified events; judging whether a login frame corresponding to the remote login behavior is hidden on the first equipment or not; when the login frame is not hidden on the first device, determining that the remote login behavior is the active operation behavior of the first device, and when the login frame is hidden on the first device, determining that the remote login behavior is not the active operation behavior of the first device.
Optionally, the monitoring the telnet activity initiated by the first device includes one of: monitoring a first remote login behavior initiated by the first device through a Remote Desktop Protocol (RDP); monitoring a second remote login behavior initiated by the first device through a secure Shell protocol (SSH); and monitoring a third remote login behavior initiated by the first equipment through a remote terminal protocol TELNET.
According to an embodiment of the present invention, there is provided another remote login control method applied to a second device, including: monitoring telnet activity from a first device; judging whether the remote login behavior is legal or not according to dotting equipment information stored in a server; and when the remote login behavior is legal, allowing the first equipment to remotely log in to the second equipment.
Optionally, the determining whether the telnet behavior is legal according to the dotting device information stored in the server includes: sending query request information of a dotting equipment list to the server; receiving the dotting equipment list returned by the server, wherein the dotting equipment list comprises equipment identifications of a plurality of dotting equipment; matching the equipment identification by using a preset credit granting terminal list; when the preset credit granting terminal list has the table entry identical to the equipment identifier, determining that the remote login behavior is legal; and when the preset credit granting terminal list does not have the table entry identical to the equipment identifier, determining that the remote login behavior is illegal.
Optionally, before determining whether the telnet behavior is legal according to dotting device information stored in the server, the method further includes: acquiring the preset credit granting terminal list from the server in real time; and storing the preset credit granting terminal list in local.
According to an embodiment of the present invention, there is provided a method for controlling telnet, applied to a server, including: receiving credential information sent by a first device, wherein the credential information carries a device identifier of the first device; when the first equipment initiates a remote login behavior to second equipment, dotting equipment information is sent to the second equipment, wherein the dotting equipment information comprises the equipment identification, and the dotting equipment information is used for the second equipment to carry out admission judgment on the remote login behavior of the first equipment.
Optionally, before sending dotting device information to the second device, the method further includes: and sending a preset credit granting terminal list to the second equipment, wherein the preset credit granting terminal list is used for the second equipment to judge whether the first equipment is legal or not.
According to another embodiment of the present invention, there is provided a remote login control device, applied to a first device, including: the monitoring module is used for monitoring the remote login behavior initiated by the first equipment; the judging module is used for judging whether the remote login behavior is the active operation behavior of the first equipment; and the sending module is used for sending credential information to a server when the remote login behavior is the active operation behavior of the first device, wherein the credential information carries the device identifier of the first device, and the credential information is used for the second device to perform admission judgment on the remote login behavior of the first device.
Optionally, the determining module includes at least one of: a first determining unit, configured to determine whether the triggering event of the telnet behavior includes one of the following specified events: clicking a mouse, touching a screen and pressing keys of a keyboard; determining that the telnet behavior is the active operation behavior of the first device when the triggering event of the telnet behavior comprises at least one of the specified events, and determining that the telnet behavior is not the active operation behavior of the first device when the triggering event of the telnet behavior does not comprise at least one of the specified events; a second determination unit, configured to determine whether a login frame corresponding to the remote login behavior is hidden on the first device; when the login frame is not hidden on the first device, determining that the remote login behavior is the active operation behavior of the first device, and when the login frame is hidden on the first device, determining that the remote login behavior is not the active operation behavior of the first device.
Optionally, the monitoring module includes one of: the first monitoring unit is used for monitoring a first remote login behavior initiated by the first equipment through a Remote Desktop Protocol (RDP); the second monitoring unit is used for monitoring a second remote login behavior initiated by the first equipment through a secure Shell protocol (SSH); and the third monitoring unit is used for monitoring a third remote login behavior initiated by the first equipment through a remote terminal protocol TELNET.
According to another embodiment of the present invention, there is provided another remote login control device, applied to a second device, including: a monitoring module for monitoring telnet activity from a first device; the judging module is used for judging whether the remote login behavior is legal or not according to dotting equipment information stored in the server; and the control module is used for allowing the first equipment to remotely log in the second equipment when the remote login behavior is legal.
Optionally, the determining module includes: a sending unit, configured to send query request information of a dotting device list to the server; the receiving unit is used for receiving the dotting equipment list returned by the server, wherein the dotting equipment list comprises equipment identifications of a plurality of dotting equipment; the matching unit is used for matching the equipment identification by using a preset credit granting terminal list; the determining unit is used for determining that the remote login behavior is legal when the preset credit granting terminal list has the table entry which is the same as the equipment identifier; and when the preset credit granting terminal list does not have the table entry identical to the equipment identifier, determining that the remote login behavior is illegal.
Optionally, the apparatus further comprises: the acquisition module is used for acquiring the preset credit granting terminal list from the server in real time before the judgment module judges whether the remote login behavior is legal or not according to the dotting equipment information stored in the server; and the storage module is used for locally storing the preset credit granting terminal list.
According to another embodiment of the present invention, there is provided a remote login control device, applied to a server, including: the device comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving credential information sent by first equipment, and the credential information carries an equipment identifier of the first equipment; the system comprises a first sending module and a second sending module, wherein the first sending module is used for sending dotting equipment information to second equipment when the first equipment initiates a remote login behavior to the second equipment, the dotting equipment information comprises an equipment identifier, and the dotting equipment information is used for the second equipment to carry out admission judgment on the remote login behavior of the first equipment.
Optionally, the apparatus further comprises: and the second sending module is used for sending a preset credit granting terminal list to the second equipment before the first sending module sends dotting equipment information to the second equipment, wherein the preset credit granting terminal list is used for the second equipment to judge whether the first equipment is legal or not.
According to still another embodiment of the present invention, there is provided a remote login control system including: the device comprises a first device, a second device and a server connected with the first device and the second device, wherein the first device comprises the device described in the embodiment; the second device, comprising the apparatus as described in the above embodiments; the server comprises the device described in the above embodiment.
According to a further embodiment of the present invention, there is also provided a storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the above method embodiments when executed.
According to yet another embodiment of the present invention, there is also provided an electronic device, including a memory in which a computer program is stored and a processor configured to execute the computer program to perform the steps in any of the above method embodiments.
According to the invention, the remote login behavior initiated by the first equipment is monitored, then whether the remote login behavior is the active operation behavior of the first equipment is judged, finally, when the remote login behavior is the active operation behavior of the first equipment, the certificate information is sent to the server, and the certificate information can be obtained from the server by the second equipment when the second equipment performs access verification on the first equipment, so that the legal equipment can be further identified, and the technical problem that the remote login behavior can only be verified through an account password in the related technology is solved. Illegal login created by weak passwords, password leakage or password blasting and the like can be avoided, and the security of remote login is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a block diagram of the hardware architecture of a telnet control computer, according to an embodiment of the present invention;
fig. 2 is a flowchart of a control method of telnet according to an embodiment of the present invention;
FIG. 3 is a flow chart of another method of controlling telnet according to an embodiment of the present invention;
fig. 4 is a flowchart of still another control method of telnet according to an embodiment of the present invention;
FIG. 5 is a flow chart of client dotting according to an embodiment of the present invention;
FIG. 6 is a flow chart of a server query dotting according to an embodiment of the present invention;
FIG. 7 is a block diagram of a telnet control device according to an embodiment of the present invention;
FIG. 8 is a block diagram of another configuration of a telnet control device according to an embodiment of the present invention;
FIG. 9 is a block diagram of a further embodiment of a remote entry control device according to the invention;
fig. 10 is a block diagram of a remote login control system according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
The method provided by the first embodiment of the present application may be executed in a server, a computer, a terminal, or a similar computing device. Taking the example of running on a computer, fig. 1 is a block diagram of a hardware structure of a remote login control computer according to an embodiment of the present invention. As shown in fig. 1, computer 10 may include one or more (only one shown in fig. 1) processors 102 (processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA) and a memory 104 for storing data, and optionally may also include a transmission device 106 for communication functions and an input-output device 108. It will be appreciated by those of ordinary skill in the art that the configuration shown in FIG. 1 is illustrative only and is not intended to limit the configuration of the computer described above. For example, computer 10 may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
The memory 104 may be used to store computer programs, for example, software programs and modules of application software, such as a computer program corresponding to a remote login control method in the embodiment of the present invention, and the processor 102 executes various functional applications and data processing by running the computer programs stored in the memory 104, so as to implement the above-mentioned method. The memory 104 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, memory 104 may further include memory located remotely from processor 102, which may be connected to computer 10 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 106 is used for receiving or transmitting data via a network. Specific examples of such networks may include wireless networks provided by the communications provider of computer 10. In one example, the transmission device 106 includes a Network adapter (NIC), which can be connected to other Network devices through a base station so as to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
The remote login system applied in the embodiment comprises a first device, a second device and a server, wherein during remote login, a local device (the first device) initiates a remote login request to log in to the remote device (the second device), and after login is successful, the local device can control the remote device within the authority range. The server is used for information transfer and interaction between the first device and the second device.
In this embodiment, a method for controlling remote login is provided, and fig. 2 is a flowchart of a method for controlling remote login according to an embodiment of the present invention, as shown in fig. 2, the flowchart includes the following steps:
step S202, monitoring a remote login behavior initiated by first equipment;
step S204, judging whether the remote login behavior is the active operation behavior of the first equipment;
and step S206, when the remote login behavior is the active operation behavior of the first device, sending credential information to the server, wherein the credential information carries the device identifier of the first device, and the credential information is used for the second device to perform admission judgment on the remote login behavior of the first device.
And when the remote login behavior is the active operation behavior of the first equipment, the first equipment is considered as legal login equipment, the certificate information is sent to the server, and the server considers the first equipment as the dotting equipment which has been dotted after storage. The credential information is dotting information sent by the first device to the server.
And when the remote login behavior is not the active operation behavior of the first device, forbidding sending the credential information to the server.
Through the steps, the remote login behavior initiated by the first equipment is monitored, whether the remote login behavior is the active operation behavior of the first equipment is judged, finally, when the remote login behavior is the active operation behavior of the first equipment, the certificate information is sent to the server, and the certificate information can be obtained from the server by the second equipment when the second equipment performs access verification on the first equipment, so that the legal equipment can be further identified, and the technical problem that the remote login behavior can only be verified through an account password in the related technology is solved. Illegal login created by weak passwords, password leakage or password blasting and the like can be avoided, and the security of remote login is improved.
The scheme of this embodiment may be applied to various login modes, such as a C/S mode, a B/S mode, and the like, where a communication manner between the first device and the second device may also be a relay or direct connection communication manner, and may be any information transmission and data exchange manner such as a C direct connection S or a S direct connection C (similar to B/S), and fig. 3 is a schematic diagram of a remote login process of the C/S mode and the B/S mode in the embodiment of the present invention. The following is illustrated by way of example:
in the login scene of the C/S mode, when the Windows operating system of the server is managed, the C/S mode may be adopted, and the terminal is connected to the Telnet server program of the managed server through a Telnet (remote login protocol) client program for management.
In the B/S mode login scenario, when Web service systems such as websites, mails, forums, and OAs are managed, the B/S mode is usually adopted, and a browser is used at a terminal to perform login management through a management page provided by a corresponding Web service.
In this embodiment, the active operation behavior refers to an operation actively performed by a user through an interactive device such as a keyboard, a mouse, or a touch screen, for example: double-clicking a certain program icon on the desktop by the mouse, executing the program, and opening a certain file through the process sequence menu. The behavior under the active operation of the user has different behavior authority grants compared with the behavior automatically implemented by the program, such as: exe (Office suite of microsoft), under the active operation of a user, any document file at any position can be read and written, but under the condition of non-active selection of the user, the file can only operate a file (temporary file) created by the user.
Optionally, the determining whether the telnet behavior is the active operation behavior of the first device may be, but is not limited to, the following:
the first method is as follows: determining whether the triggering event of the telnet activity includes one of the following specified events: clicking a mouse, touching a screen and pressing keys of a keyboard; determining that the remote login behavior is the active operation behavior of the first device when the triggering event of the remote login behavior comprises at least one of the designated events, and determining that the remote login behavior is not the active operation behavior of the first device when the triggering event of the remote login behavior does not comprise at least one of the designated events;
the second method comprises the following steps: judging whether a login frame corresponding to the remote login behavior is hidden on the first equipment or not; when the login frame is not hidden on the first device, the remote login behavior is determined to be the active operation behavior of the first device, and when the login frame is hidden on the first device, the remote login behavior is determined not to be the active operation behavior of the first device.
In this embodiment, the remote login behavior initiated by various protocols, processes, services, and the like between the devices may be monitored, and the monitoring of the remote login behavior initiated by the first device may be, but is not limited to:
monitoring a first Remote login behavior initiated by a first device through a Remote Desktop Protocol (RDP); RDP is a multi-channel protocol that allows a user (client or "local computer") to connect to a computer (server or "remote computer") that provides microsoft terminal services. Most Windows has software (e.g., ms tsc. exe) required by the client. Other operating systems also have such client software, such as Linux, FreeBSD, Mac OS X. On the side of the server computer, the server computer listens for data sent to the TCP3389 port.
Monitoring a second remote login behavior initiated by the first device through a Secure Shell (SSH); (ii) a SSH is a security protocol built on an application layer basis. SSH is currently a relatively reliable protocol that provides security for telnet sessions and other web services. The SSH protocol can effectively prevent the problem of information leakage in the remote management process. SSH was initially a program on UNIX systems and was subsequently rapidly expanding to other operating platforms. SSH, when used correctly, can remedy vulnerabilities in the network. SSH clients are applicable to a variety of platforms. Almost all UNIX platforms-including HP-UX, Linux, AIX, Solaris, Digital UNIX, Irix, and others-can run SSH.
And monitoring a third remote login behavior initiated by the first equipment through a remote terminal protocol TELNET. The Telnet protocol is a member of the TCP/IP suite of protocols, and is the standard protocol and the main mode for Internet Telnet services. It provides the user with the ability to do remote host work on the local computer. The telnet program is used on the end user's computer and is used to connect to the server. The end user can enter commands in the telnet program that will run on the server as if entered directly on the server's console. The server can be controlled locally. To start a telnet session, a username and password must be entered to log in to the server. Telnet is a commonly used method of remotely controlling a Web server.
In this embodiment, another method for controlling telnet is provided, and fig. 3 is a flowchart of another method for controlling telnet according to an embodiment of the present invention, which is applied to a second device, as shown in fig. 3, and the flowchart includes the following steps:
step S302, monitoring a remote login behavior from a first device;
step S304, judging whether the remote login behavior is legal or not according to the dotting equipment information stored in the server;
step S306, when the remote login behavior is legal, allowing the first device to remotely log in to the second device.
When the telnet behavior is illegal, the telnet behavior of the first device is alerted or blocked.
Optionally, the determining whether the telnet behavior is legal according to the dotting device information stored in the server includes: sending query request information of a dotting equipment list to a server; receiving a dotting equipment list returned by a server, wherein the dotting equipment list comprises equipment identifications of a plurality of dotting equipment; matching the device identification by using a preset credit granting terminal list; when the preset credit granting terminal list has the table entry identical to the equipment identifier, determining that the remote login behavior is legal; and when the preset credit granting terminal list does not have the table entry identical to the equipment identifier, determining that the remote login behavior is illegal.
The server stores the equipment identifier of the first equipment in a dotting equipment list, and issues the dotting equipment list to the second equipment when the second equipment requests the dotting equipment list.
Or the second device obtains a query result (dotting or non-dotting), if the dotting is performed, the first device is considered to be legal, and the server queries whether the first device has been dotted or not according to the identification information sent by the second device.
The trust terminal list comprises a plurality of devices which are considered to be legal by the second device, such as administrator devices, devices for specifying IP addresses and the like.
In this embodiment, besides matching the device identifier, the device identifier may also be determined by time, including: the method comprises the steps that when the initiated remote login behavior is judged to be the active operation behavior of the first device, the first device sends operation time to a server, the server sends the operation time of the first device to the second device under the request of the second device, and whether the interval between the operation time of the first device and the response time of the second device (the time of the second device responding to the remote login behavior) is smaller than a certain value or not is calculated, and when the interval is smaller than the certain value, the remote login behavior of the first device is considered to be legal.
In this embodiment, before determining whether the telnet behavior is legal according to the dotting device information stored in the server, the method further includes: acquiring a preset credit granting terminal list from a server in real time; and storing the preset credit granting terminal list in local.
In this embodiment, a further remote login control method is provided, and fig. 4 is a flowchart of a further remote login control method according to an embodiment of the present invention, which is applied to a server, as shown in fig. 4, the flowchart includes the following steps:
step S402, receiving credential information sent by a first device, wherein the credential information carries a device identifier of the first device;
step S404, when the first device initiates the remote login behavior to the second device, the dotting device information is sent to the second device, wherein the dotting device information includes a device identifier, and the dotting device information is used for the second device to perform admission judgment on the remote login behavior of the first device.
Optionally, before sending dotting device information to the second device, the method further includes: and sending a preset credit granting terminal list to the second equipment, wherein the preset credit granting terminal list is used for the second equipment to judge whether the first equipment is legal or not.
In one embodiment of this embodiment, the server only holds locally for a period of time after receiving the credential information sent by the first device.
In an application example of this embodiment, a central control (server) performs management configuration, and a remote tool list to be managed and a trusted terminal list of a corresponding server are configured in the central control in advance.
After the terminal driver detects that the login behavior of the user active operation exists, the MID (machine unique identifier, a device identifier) of the terminal is uploaded to the central control in an encrypted form and stored for a certain time, so that the controlled end of the remote login can inquire and use the MID.
Firstly, after the server is started, the server receives a policy issued by the central control, and the policy contains a credit granting terminal list of the server. Then, after detecting that the terminal needs to log in the self behavior remotely, the server side requests for inquiry from the central control, the central control returns the MID list with the clicked point to the server side in an encrypted form, after decrypting the MID list, the server side matches whether the MID list with the clicked point is in the credit granting terminal list, remote login is allowed if the MID list is in the credit granting terminal list, and remote login is refused if the MID list is not in the credit granting terminal list.
After the software runs, the remote login end can acquire a remote tool management list from the central control in real time and send the rule to the R0(Ring0) process, and when the R0 process detects the process creation behavior in the rule, the R3(Ring3) process is informed to process. The R3 process will first determine if telnet activity is normal user activity and if not, will not proceed. Because the dotting operation is not performed, the server rejects login. If the user actively operates, the remote login end takes the MID of the remote login end as data, sends the central control after encryption and stores the central control for a certain time, and fig. 5 is a client-side dotting flow chart of the embodiment of the invention.
Correspondingly, after the server-side software runs, the server-side software can acquire and store the credit granting terminal list from the central control in real time. And when the server detects that the login behavior exists, the server requests the central control to inquire the dotting behavior, and the central control encrypts and returns the current dotted terminal MID list. After the server decrypts the returned data, the server checks the MID list by using the trust terminal MID list matching terminal, if the returned data is matched with the MID list, the server is allowed to log in, and if the returned data is not matched with the MID list, the server is refused to log in, and FIG. 6 is a flow chart of the server inquiry and check in the embodiment of the invention.
The remote login behavior is managed and controlled through the central control, so that extremely effective remote login protection is fundamentally performed, and the safety of related resources of the server is protected. If a hacker successfully attacks a certain terminal in the local area network, the hacker acquires an account and a password of the remote login server to acquire key information on the server. In this case, if the terminal is an untrusted terminal, that is, if the central control policy is not configured to allow the terminal to access the server, the server goes to the telnet server at this time, and since the dotting operation is not performed, the server rejects telnet. If the terminal is a credit granting terminal, the patent checks whether the remote login is operated by the user, for example, whether a normal login box exists, so that only the user operation can be used for central control dotting, and hackers generally operate in a secret manner without triggering the dotting operation, so that the hackers cannot log in the server, and the expected protection effect is achieved.
According to the embodiment, the remote login behavior is managed through the central control server, only the set specific authorization terminal is allowed to remotely log in the server, and all other improper remote logins are rejected, so that the remote login protection capability is greatly improved.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
Example 2
In this embodiment, a remote login control device and system are further provided, which are used to implement the foregoing embodiments and preferred embodiments, and are not described again after being described. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 7 is a block diagram of a remote login control device according to an embodiment of the present invention, applied to a first device, as shown in fig. 7, the device including: a monitoring module 70, a decision module 72, a transmission module 74, wherein,
a monitoring module 70, configured to monitor a telnet activity initiated by the first device;
a determining module 72, configured to determine whether the telnet behavior is an active operation behavior of the first device;
a sending module 74, configured to send credential information to a server when the telnet behavior is the active operation behavior of the first device, where the credential information carries a device identifier of the first device, and the credential information is used for a second device to perform admission judgment on the telnet behavior of the first device.
Optionally, the determining module includes at least one of: a first determining unit, configured to determine whether the triggering event of the telnet behavior includes one of the following specified events: clicking a mouse, touching a screen and pressing keys of a keyboard; determining that the telnet behavior is the active operation behavior of the first device when the triggering event of the telnet behavior comprises at least one of the specified events, and determining that the telnet behavior is not the active operation behavior of the first device when the triggering event of the telnet behavior does not comprise at least one of the specified events; a second determination unit, configured to determine whether a login frame corresponding to the remote login behavior is hidden on the first device; when the login frame is not hidden on the first device, determining that the remote login behavior is the active operation behavior of the first device, and when the login frame is hidden on the first device, determining that the remote login behavior is not the active operation behavior of the first device.
Optionally, the monitoring module includes one of: the first monitoring unit is used for monitoring a first remote login behavior initiated by the first equipment through a Remote Desktop Protocol (RDP); the second monitoring unit is used for monitoring a second remote login behavior initiated by the first equipment through a secure Shell protocol (SSH); and the third monitoring unit is used for monitoring a third remote login behavior initiated by the first equipment through a remote terminal protocol TELNET.
Fig. 8 is a block diagram of another remote login control device according to an embodiment of the present invention, which is applied to a second device, as shown in fig. 8, and includes: a monitoring module 80, a decision module 82, a control module 84, wherein,
a monitoring module 80 for monitoring telnet activity from the first device;
the judging module 82 is used for judging whether the remote login behavior is legal or not according to the dotting equipment information stored in the server;
a control module 84, configured to allow the first device to log in to the second device remotely when the telnet behavior is legal.
Optionally, the determining module includes: a sending unit, configured to send query request information of a dotting device list to the server; the receiving unit is used for receiving the dotting equipment list returned by the server, wherein the dotting equipment list comprises equipment identifications of a plurality of dotting equipment; the matching unit is used for matching the equipment identification by using a preset credit granting terminal list; the determining unit is used for determining that the remote login behavior is legal when the preset credit granting terminal list has the table entry which is the same as the equipment identifier; and when the preset credit granting terminal list does not have the table entry identical to the equipment identifier, determining that the remote login behavior is illegal.
Optionally, the apparatus further comprises: the acquisition module is used for acquiring the preset credit granting terminal list from the server in real time before the judgment module judges whether the remote login behavior is legal or not according to the dotting equipment information stored in the server; and the storage module is used for locally storing the preset credit granting terminal list.
Fig. 9 is a block diagram of a remote login control device according to an embodiment of the present invention, which is applied to a server, and as shown in fig. 9, the remote login control device includes: a receiving module 90, a first transmitting module 92, wherein,
a receiving module 90, configured to receive credential information sent by a first device, where the credential information carries a device identifier of the first device;
a first sending module 92, configured to send dotting device information to a second device when the first device initiates a telnet behavior to the second device, where the dotting device information includes the device identifier, and the dotting device information is used for the second device to perform admission judgment on the telnet behavior of the first device.
Optionally, the apparatus further comprises: and the second sending module is used for sending a preset credit granting terminal list to the second equipment before the first sending module sends dotting equipment information to the second equipment, wherein the preset credit granting terminal list is used for the second equipment to judge whether the first equipment is legal or not.
Fig. 10 is a block diagram of a remote login control system according to an embodiment of the present invention, as shown in fig. 10, the system includes: a first device 100, a second device 102, and a server 104 connected to the first device and the second device, wherein the first device 100 includes the apparatus according to the above embodiment; the second device 102, comprising the apparatus according to the above embodiment; the server 104 includes the apparatus according to the above embodiment.
It should be noted that, the above modules may be implemented by software or hardware, and for the latter, the following may be implemented, but not limited to: the modules are all positioned in the same processor; alternatively, the modules are respectively located in different processors in any combination.
Example 3
Embodiments of the present invention also provide a storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the above method embodiments when executed.
Alternatively, in the present embodiment, the storage medium may be configured to store a computer program for executing the steps of:
s1, monitoring the remote login behavior initiated by the first equipment;
s2, judging whether the remote login behavior is the active operation behavior of the first device;
and S3, when the remote login behavior is the active operation behavior of the first device, sending credential information to a server, wherein the credential information carries a device identifier of the first device, and the credential information is used for the second device to perform admission judgment on the remote login behavior of the first device.
Optionally, in this embodiment, the storage medium may include, but is not limited to: various media capable of storing computer programs, such as a usb disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk.
Embodiments of the present invention also provide an electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the steps of any of the above method embodiments.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, monitoring the remote login behavior initiated by the first equipment;
s2, judging whether the remote login behavior is the active operation behavior of the first device;
and S3, when the remote login behavior is the active operation behavior of the first device, sending credential information to a server, wherein the credential information carries a device identifier of the first device, and the credential information is used for the second device to perform admission judgment on the remote login behavior of the first device.
Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments and optional implementation manners, and this embodiment is not described herein again.
The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present application, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present application and it should be noted that those skilled in the art can make several improvements and modifications without departing from the principle of the present application, and these improvements and modifications should also be considered as the protection scope of the present application.

Claims (10)

1. A control method for remote login is applied to a first device, and is characterized by comprising the following steps:
monitoring a telnet action initiated by the first device;
judging whether the remote login behavior is an active operation behavior of the first device;
and when the remote login behavior is the active operation behavior of the first equipment, sending credential information to a server, wherein the credential information carries an equipment identifier of the first equipment, and the credential information is used for the second equipment to perform admission judgment on the remote login behavior of the first equipment.
2. The method of claim 1, wherein determining whether the telnet activity is an active operation activity of the first device comprises at least one of:
determining whether the triggering event of the telnet activity includes one of the following specified events: clicking a mouse, touching a screen and pressing keys of a keyboard; determining that the telnet behavior is the active operation behavior of the first device when the triggering event of the telnet behavior comprises at least one of the specified events, and determining that the telnet behavior is not the active operation behavior of the first device when the triggering event of the telnet behavior does not comprise at least one of the specified events;
judging whether a login frame corresponding to the remote login behavior is hidden on the first equipment or not; when the login frame is not hidden on the first device, determining that the remote login behavior is the active operation behavior of the first device, and when the login frame is hidden on the first device, determining that the remote login behavior is not the active operation behavior of the first device.
3. A control method of remote login is applied to a second device, and is characterized by comprising the following steps:
monitoring telnet activity from a first device;
judging whether the remote login behavior is legal or not according to dotting equipment information stored in a server;
and when the remote login behavior is legal, allowing the first equipment to remotely log in to the second equipment.
4. A control method for remote login is applied to a server, and is characterized by comprising the following steps:
receiving credential information sent by a first device, wherein the credential information carries a device identifier of the first device;
when the first equipment initiates a remote login behavior to second equipment, dotting equipment information is sent to the second equipment, wherein the dotting equipment information comprises the equipment identification, and the dotting equipment information is used for the second equipment to carry out admission judgment on the remote login behavior of the first equipment.
5. A remote login control device applied to a first device, comprising:
the monitoring module is used for monitoring the remote login behavior initiated by the first equipment;
the judging module is used for judging whether the remote login behavior is the active operation behavior of the first equipment;
and the sending module is used for sending credential information to a server when the remote login behavior is the active operation behavior of the first device, wherein the credential information carries the device identifier of the first device, and the credential information is used for the second device to perform admission judgment on the remote login behavior of the first device.
6. A remote login control device applied to a second device, comprising:
a monitoring module for monitoring telnet activity from a first device;
the judging module is used for judging whether the remote login behavior is legal or not according to dotting equipment information stored in the server;
and the control module is used for allowing the first equipment to remotely log in the second equipment when the remote login behavior is legal.
7. A remote login control device applied to a server is characterized by comprising:
the device comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving credential information sent by first equipment, and the credential information carries an equipment identifier of the first equipment;
the system comprises a first sending module and a second sending module, wherein the first sending module is used for sending dotting equipment information to second equipment when the first equipment initiates a remote login behavior to the second equipment, the dotting equipment information comprises an equipment identifier, and the dotting equipment information is used for the second equipment to carry out admission judgment on the remote login behavior of the first equipment.
8. A remote login control system, comprising: a first device, a second device, a server connected to the first device and the second device, wherein,
the first device comprising the apparatus of claim 5;
the second device comprising the apparatus of claim 6;
the server comprising the apparatus of claim 7.
9. A storage medium, in which a computer program is stored, wherein the computer program is arranged to perform the method of any of claims 1 to 4 when executed.
10. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, and wherein the processor is arranged to execute the computer program to perform the method of any of claims 1 to 4.
CN201910755481.XA 2019-08-15 2019-08-15 Remote login control method and device, system, storage medium, and electronic device Pending CN112398789A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910755481.XA CN112398789A (en) 2019-08-15 2019-08-15 Remote login control method and device, system, storage medium, and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910755481.XA CN112398789A (en) 2019-08-15 2019-08-15 Remote login control method and device, system, storage medium, and electronic device

Publications (1)

Publication Number Publication Date
CN112398789A true CN112398789A (en) 2021-02-23

Family

ID=74601868

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910755481.XA Pending CN112398789A (en) 2019-08-15 2019-08-15 Remote login control method and device, system, storage medium, and electronic device

Country Status (1)

Country Link
CN (1) CN112398789A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100146611A1 (en) * 2008-12-09 2010-06-10 Microsoft Corporation Credential Sharing Between Multiple Client Applications
CN105593866A (en) * 2013-10-03 2016-05-18 日本电气方案创新株式会社 Terminal authentication and registration system, method for authenticating and registering terminal, and storage medium
CN109815656A (en) * 2018-12-11 2019-05-28 平安科技(深圳)有限公司 Login authentication method, device, equipment and computer readable storage medium
CN109829307A (en) * 2018-06-26 2019-05-31 360企业安全技术(珠海)有限公司 Process behavior recognition methods and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100146611A1 (en) * 2008-12-09 2010-06-10 Microsoft Corporation Credential Sharing Between Multiple Client Applications
CN105593866A (en) * 2013-10-03 2016-05-18 日本电气方案创新株式会社 Terminal authentication and registration system, method for authenticating and registering terminal, and storage medium
CN109829307A (en) * 2018-06-26 2019-05-31 360企业安全技术(珠海)有限公司 Process behavior recognition methods and device
CN109815656A (en) * 2018-12-11 2019-05-28 平安科技(深圳)有限公司 Login authentication method, device, equipment and computer readable storage medium

Similar Documents

Publication Publication Date Title
US11245687B2 (en) Hardware-based device authentication
US10757094B2 (en) Trusted container
US10083290B2 (en) Hardware-based device authentication
US9729514B2 (en) Method and system of a secure access gateway
EP2021938B1 (en) Policy driven, credential delegation for single sign on and secure access to network resources
CN109167802B (en) Method, server and terminal for preventing session hijacking
CN106921663B (en) Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal
CN113347072B (en) VPN resource access method, device, electronic equipment and medium
WO2005020041A1 (en) System and method for secure remote access
EP2706717A1 (en) Method and devices for registering a client to a server
US20140237627A1 (en) Protecting data in a mobile environment
CN112395586A (en) File access control method, device, system, storage medium and electronic device
WO2018051236A1 (en) Protection of authentication tokens
CN106576050B (en) Three-tier security and computing architecture
KR20060101800A (en) Communication service system and method for managing security of service server and communication equipment
CN113812125A (en) Verification method and device, system, storage medium, and electronic device for login behavior
CN112398789A (en) Remote login control method and device, system, storage medium, and electronic device
CN114726576A (en) An edge IoT agent basic service security management system
CN117579402B (en) Platform secondary authentication login system and method
CN116781761B (en) An application calling method and device
KR101448711B1 (en) security system and security method through communication encryption
CN117061140A (en) Penetration defense method and related device
CN112398785A (en) Control method and device, system, storage medium, and electronic device for resource sharing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210223