CN114039738B - Firewall rule configuration method and system, medium and electronic equipment thereof - Google Patents
Firewall rule configuration method and system, medium and electronic equipment thereof Download PDFInfo
- Publication number
- CN114039738B CN114039738B CN202010706846.2A CN202010706846A CN114039738B CN 114039738 B CN114039738 B CN 114039738B CN 202010706846 A CN202010706846 A CN 202010706846A CN 114039738 B CN114039738 B CN 114039738B
- Authority
- CN
- China
- Prior art keywords
- firewall
- equipment
- electronic equipment
- firewall rule
- television
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 230000006854 communication Effects 0.000 claims abstract description 132
- 238000004891 communication Methods 0.000 claims abstract description 131
- 230000006399 behavior Effects 0.000 claims description 71
- 238000013507 mapping Methods 0.000 claims description 16
- 230000006870 function Effects 0.000 description 18
- 238000012545 processing Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 6
- 238000005406 washing Methods 0.000 description 5
- 241000700605 Viruses Species 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 2
- 238000005265 energy consumption Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 239000000779 smoke Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The application relates to the field of Internet of things, and discloses a firewall rule configuration method and system, a firewall rule configuration medium and electronic equipment. The method comprises the following steps: the firewall equipment receives a network communication request sent by electronic equipment in the Internet of things; the firewall equipment judges whether the network communication behavior of the electronic equipment meets a firewall rule of the electronic equipment, wherein the firewall rule is acquired by the firewall equipment from a server; the firewall equipment forbids the network communication behavior of the electronic equipment under the condition that the firewall equipment judges that the firewall rule is not satisfied; the firewall device allows the network communication behavior of the electronic device if it is determined that the firewall rules are satisfied. When the firewall device is in communication connection with the electronic device, the firewall device controls the network communication behavior of the electronic device based on the firewall rules, the safety capability of the electronic device is enhanced to a certain extent, and the intelligent experience of the electronic device and the firewall device is improved.
Description
Technical Field
The invention relates to the field of Internet of things, in particular to a firewall rule configuration method and a system, a medium and electronic equipment thereof.
Background
The Internet of Things (Internet of Things, ioT) refers to connecting any object with a network through information sensing equipment according to an agreed protocol, and the object performs information exchange and communication through an information propagation medium to realize functions such as intelligent identification, positioning, tracking, supervision and the like. The number of IoT devices currently used in a home is increasing day by day, but most IoT devices are resource-limited devices, and the IoT devices themselves have low security capabilities and are vulnerable to attacks. One solution to solve this problem is that the IoT device accesses the home network, and the user does not make any security configuration, but the security of the IoT device itself is weak, and the IoT device is vulnerable. Another scheme is that after an IoT device accesses a home network, a user configures a network firewall and defines a firewall rule for each IoT device, but this scheme is highly demanding for the user, the user must have network security knowledge and know the network security settings of the IoT device, and the user experience is poor.
Disclosure of Invention
The embodiment of the application provides a firewall rule configuration method.
In a first aspect, an embodiment of the present application provides a firewall rule configuration method, where the method includes:
the firewall equipment receives a network communication request sent by electronic equipment in the Internet of things;
the firewall equipment judges whether the network communication behavior of the electronic equipment meets a firewall rule of the electronic equipment, wherein the firewall rule is acquired by the firewall equipment from a server;
the firewall equipment forbids the network communication behavior of the electronic equipment under the condition that the firewall equipment judges that the firewall rule is not met;
and the firewall equipment allows the network communication behavior of the electronic equipment under the condition of judging that the firewall rule is met.
The firewall device allows network communication behavior of the electronic device that is beneficial; disabling harmful network communication behavior of the electronic device. The network communication safety of the electronic equipment in the Internet of things can be guaranteed.
In a possible implementation of the first aspect, the method further includes: the firewall equipment acquires equipment information of the electronic equipment from the electronic equipment;
the firewall equipment sends a firewall rule acquisition request to a server, wherein the firewall rule acquisition request comprises the equipment information and is used for requesting to acquire the firewall rule of the electronic equipment from the server;
the firewall device receives firewall rules for the electronic device from the server.
In the embodiment of the application, when the internet of things equipment such as a television is connected to a local area network, the firewall equipment can sense the connection of the television, and automatically obtains the firewall rules corresponding to the equipment information of the television from the server according to the obtained equipment information of the television, and the firewall equipment controls the network communication behavior of the electronic equipment based on the firewall rules, so that the safety capability of the electronic equipment is enhanced, and the intelligent experience of the electronic equipment and the firewall equipment is improved.
In a possible implementation of the first aspect, the method further includes: the firewall equipment receives a firewall rule updating notice, wherein the firewall rule updating notice comprises the updated firewall rule of the electronic equipment;
the firewall equipment updates the existing firewall rules according to the received firewall rule updating notice;
and the firewall equipment controls the network communication behavior of the electronic equipment based on the updated firewall rule of the electronic equipment.
In the application, by receiving the firewall rule updating notification sent by the firewall equipment, the firewall equipment can obtain the updated firewall rule of the electronic equipment in time.
In a possible implementation of the first aspect, the method further includes: the device information includes at least one of identification information of the electronic device and attribute information of the electronic device.
In a possible implementation of the first aspect, the method further includes: the identification information of the electronic equipment comprises the MAC address of the electronic equipment, and the attribute information of the electronic equipment comprises at least one of merchant attribute of the electronic equipment, model of the electronic equipment and type of the electronic equipment.
In this embodiment of the present application, in the embodiment of the present application, the device information includes at least one of identification information of the device and attribute information of the device, where the identification information of the device may be MAC address information of the device and IP address information of the device, and the attribute information of the device may be a merchant attribute of the device, a model of the device, a type of the device, a functional attribute of the device, an update algebraic attribute of the device, and the like, but is not limited thereto. Functional attributes of the device, such as washing machine, television, refrigerator, etc. Update algebraic properties of the device, say: a first generation model of washing machine, a second generation model of washing machine, a third generation model of washing machine, a first generation model of television, a second generation model of television, a third generation model of television, etc., or, for example, a first generation model of medium-sized device-television, etc. Therefore, the preset firewall rules can be accurately matched through the equipment information, and the safety of the network communication behavior of the electronic equipment of the Internet of things is improved.
In a possible implementation of the first aspect, the method further includes: the firewall rules include at least one of:
a network address that the electronic device allows and/or disallows passage; a network port that the electronic device enables and/or disables; communication frequencies allowed to be used by the electronic device; a maximum amount of communication data allowed to be used by the electronic device.
In the embodiment of the present application, an electronic device is taken as an example of a computer, and the communication between the computer and an external computer is performed through a port, for example, when a user a accesses a website, windows opens a port (e.g., 1025 port) on the local computer and then connects to a port of a remote website server, and the same is true when a user B accesses the user a. In a default state, windows can open a plurality of service ports on a computer, and hackers often use the ports to carry out intrusion, so that the firewall rule configuration method in the application is used for allowing access and forbidding access to some ports, and the safe internet access performance of the electronic equipment can be improved.
The electronic device is taken as a mobile phone as an example for explanation, and a threshold value of data volume accessed by the mobile phone is set, so that whether the traffic volume used by the mobile phone exceeds the threshold value or not can be regulated, and a large amount of traffic charges caused by exceeding the threshold value can be prevented.
In a second aspect, an embodiment of the present application provides a firewall rule configuration method, where the method includes:
the method comprises the steps that a server receives a firewall rule obtaining request sent by firewall equipment, wherein the firewall rule obtaining request comprises equipment information and is used for requesting to obtain a firewall rule of the electronic equipment from the server;
the server determines a firewall rule of the electronic equipment according to the equipment information;
and the server sends the determined firewall rules of the electronic equipment to firewall equipment.
In the embodiment of the application, the firewall rules in the server can be provided by SDK platform manufacturers and also by electronic device developers, because the hardware storage resources of the router are limited and many firewall rules cannot be stored, a certain amount of firewall rules are stored in the server, the electronic device can call the firewall rules in the server at any time according to requirements, and the security of the work of the electronic device can be ensured based on the firewall rules on the premise of reducing the storage burden of the router.
When the firewall rules are needed to control the electronic equipment, the firewall rules needed by the electronic equipment are obtained, the space for storing the firewall rules by the firewall equipment is saved, and the storage cost of the firewall equipment is further saved. And under the condition that resources such as the storage of the electronic equipment of the Internet of things are limited, the safety capability of the electronic equipment is enhanced.
In one possible implementation of the second aspect, the method further includes: and the server stores a mapping relation table of the equipment information and the firewall rules.
In a possible implementation of the second aspect, the method further includes: and the server inquires a mapping relation table of the equipment information and the firewall rules based on the equipment information so as to acquire the firewall rules of the electronic equipment.
In a possible implementation of the second aspect, the method further includes: the server determines that the firewall rules of the electronic equipment are updated;
and the server sends firewall rule updating notification to the firewall equipment, wherein the firewall rule updating notification comprises the updated firewall rule of the electronic equipment.
In a third aspect, an embodiment of the present application provides a firewall rule configuration method, where the method includes:
electronic equipment in the Internet of things generates network communication behaviors based on firewall equipment;
the firewall device detects the network communication behavior of the electronic device in the Internet of things and judges whether the network communication behavior of the electronic device meets a firewall rule of the electronic device, wherein the firewall rule is acquired by the firewall device from a server;
the firewall equipment forbids the network communication behavior of the electronic equipment under the condition that the network communication behavior of the electronic equipment is judged not to meet the firewall rule; and under the condition that the network communication behavior of the electronic equipment is judged to meet the firewall rule, allowing the network communication behavior of the electronic equipment.
In a possible implementation of the third aspect, the method further includes: the electronic equipment sends equipment information of the electronic equipment to the firewall equipment;
the firewall equipment sends a firewall rule acquisition request to the server, wherein the firewall rule acquisition request comprises the equipment information;
the server determines a firewall rule of the electronic equipment according to the received equipment information;
and the server sends the determined firewall rules of the electronic equipment to firewall equipment.
In a fourth aspect, an embodiment of the present application further provides a firewall rule configuration system, where the firewall rule configuration system includes an electronic device and a firewall device;
the electronic device is capable of generating network communication behavior based on the firewall device;
the firewall device can detect the network communication behavior of the electronic device in the Internet of things and judge whether the network communication behavior of the electronic device meets a firewall rule of the electronic device, wherein the firewall rule is acquired by the firewall device from a server; under the condition that the network communication behavior of the electronic equipment is judged not to meet the firewall rule, the network communication behavior of the electronic equipment is forbidden; and under the condition that the network communication behavior of the electronic equipment is judged to meet the firewall rule, allowing the network communication behavior of the electronic equipment.
In one possible implementation of the fourth aspect, the system further comprises a server;
the firewall equipment is used for acquiring equipment information of the electronic equipment from the electronic equipment; sending a firewall rule acquisition request to the server, wherein the firewall rule acquisition request comprises the equipment information;
the server can acquire the equipment information in the request according to the received firewall rules and determine the firewall rules of the electronic equipment; and sending the determined firewall rules of the electronic equipment to the firewall equipment.
In a fifth aspect, an embodiment of the present application further provides a readable medium, where the readable medium has instructions stored thereon, and the instructions, when executed on an electronic device, cause the electronic device to perform the foregoing firewall rule configuration method for the electronic device.
In a sixth aspect, an embodiment of the present application further provides an electronic device, where the electronic device includes:
a memory for storing instructions for execution by one or more processors of the electronic device, an
The processor is one of the processors of the electronic equipment and is used for executing the firewall rule configuration method of the electronic equipment.
Drawings
Fig. 1 is an application scenario diagram of a firewall rule configuration method according to an embodiment of the present application.
Fig. 2 is a schematic flowchart illustrating a firewall rule configuration method according to an embodiment of the present application.
Fig. 3 is a schematic flowchart illustrating a firewall rule configuration method according to an embodiment of the present application.
Fig. 4 is a schematic structural diagram of a router 200 according to an embodiment of the present application.
Fig. 5 is a schematic structural diagram of an electronic device capable of implementing the function of the firewall rule configuration method of the server 300 or the electronic device 100 according to the embodiment of the present application.
Detailed Description
The technical solutions of the embodiments of the present application are further described in detail below with reference to the accompanying drawings and embodiments.
Fig. 1 is an application scenario diagram of a firewall rule configuration method according to an embodiment of the present application. As shown in fig. 1, the application scenario includes an electronic device 100 including a television 101 and a printer 102, a firewall device 200, and a server 300.
It is to be understood that although the television 101 and the printer 102 are illustrated in fig. 1, the electronic device 100 suitable for the present application may be various devices of the internet of things, such as, but not limited to, a television 101, a printer 102, an intelligent motorized window treatment, an intelligent security device, an intelligent lighting device, an intelligent door lock, an intelligent smoke machine kitchen, an intelligent electric cooker, an intelligent washing machine, an intelligent refrigerator, an intelligent motorized window treatment, an intelligent security device, an intelligent lighting device, an intelligent printer, an intelligent projector, and the like. In the case where the firewall apparatus 200 is communicatively connected to the electronic apparatus 100, the electronic apparatus 100 is configured to transmit apparatus information and/or an authentication request to the firewall apparatus 200.
The firewall device 200 may be various devices capable of implementing network access control, such as a router, a gateway, and the like. The firewall device 200 is configured to obtain device information of the electronic device 100 and send a firewall rule obtaining request to the server 300, where the firewall rule obtaining request includes the device information; to receive the determined firewall rules of the television 101 and printer 102 sent by the server 300; and controls the network communication behavior of the television 101 and the printer 102 based on the determined firewall rules of the television 101 and the printer 102.
The server 300 may be a variety of devices that store firewall rules, such as a cloud server, a cluster of servers, and so forth. The server 300 may be configured to determine firewall rules of the television 101 and the printer 102 according to the device information of the television 101 and the printer 102 and send the determined firewall rules of the television 101 and the printer 102 to the firewall device 200 after receiving the firewall rule acquisition request sent by the firewall device 200; the server 300 may be a cloud server. The determined firewall rules of the television 101 and the printer 102 may include at least one of web sites that the television 101 and the printer 102 allow access to, ports that the television 101 and the printer 102 allow access to, frequency of external access by the television 101 and the printer 102, data volume of the external access by the television 101 and the printer 102, web sites that the television 101 and the printer 102 do not allow access to, and ports that the television 101 and the printer 102 do not allow access to, but are not limited thereto.
The following description will take the electronic device 100 as the television 101, the firewall device 200 as the router 200, and the server 300 as the cloud server 300 as an example.
Specifically, in the embodiment of the present application, when an internet of things device such as the television 101 accesses a local area network, a firewall device such as the router 200 performs network access authentication, and in the authentication process, the router 200 may obtain a firewall rule of the television 101 from the server 300, so as to control network access of the television 101 based on the obtained firewall rule in a subsequent communication process.
It is understood that there may be an initial communication connection between the tv 101 and the router 200, and in order to ensure that the tv 101 accurately identifies the router 200 capable of configuring the firewall rule for itself, the memory of the tv 101 stores an authentication program, where the authentication program is used for the tv 101 to automatically authenticate with the router 200 after the router 200 and the tv 101 are initially connected in communication, and after the authentication is successful, the tv 101 may automatically send the device information of the tv 101 to the router 200. The following specifically describes a firewall rule configuration flow when the television 101 and the router 200 are initially connected in communication.
Fig. 2 is a schematic flowchart illustrating a firewall rule configuration method according to some embodiments of the present application. As shown in fig. 2, the method includes:
s201: the router 200 is communicatively connected to the television 101.
Specifically, the television 101 is in initial communication connection with the router 200, and when the television 101 accesses a certain local area network through the router 200, the television 101 needs to authenticate with the router 200, so that the television 101 can accurately determine that the router 200 is the device to transmit the device information of the television 101.
S202: the television 101 sends an authentication request to the router 200, the authentication request including an authentication credential.
It is understood that the authentication process can ensure the communication security between the tv 101 and the router 200 to some extent, and specifically, the authentication credential may include an authentication name and an authentication password. For example: the authentication name may be a MAC address, an IP address, or the like of the television 101 of the company name of the platform developer. The authentication password may be an initial password set by a platform developer or an updated password.
S203: the router 200 determines the authentication feedback information sent to the television 101 according to the authentication credential. It can be understood that after the router 200 receives the authentication request sent by the television 101, the router 200 may respectively send authentication success information to the television 101 if matching succeeds by matching the authentication name and the authentication password in the authentication credential with the preset authentication name and the preset authentication password stored in its memory. If the matching is unsuccessful, authentication failure information is respectively sent to the television 101. If the router 200 does not match the authentication name of the television 101 and the authentication password of the television 101 in the authentication credential of the television 101 with the preset authentication name and the preset authentication password stored in the memory of the router, authentication failure information is sent to the television 101.
S204: the router 200 transmits authentication feedback information to the television 101.
It is understood that the authentication feedback information may be authentication success or authentication failure.
After the television 101 receives the authentication feedback information sent by the router 200, the step S205 is continuously executed;
s205: the router 200 determines whether the authentication feedback information indicates that the authentication is successful, if so, goes to S404; it is understood that in some embodiments of the present application, if the authentication feedback information indicates that the authentication has failed, the television 101 does not send the device information of the television 101 to the router 200.
In some embodiments, when the initial communication connection between the television 101 and the router 200 is successful and the authentication is successful, the router 200 stores the mapping relationship table between the authentication name in the authentication credential and the firewall rule and the MAC address, the IP address, or the access flag of the television when the initial communication connection is established, so that when the communication connection between the television 101 and the router 200 is performed again, as long as it is determined that the MAC address, the IP address, or the access flag of the television 101 matches any data in the mapping relationship table stored in the router 200, the network communication behavior of the television 101 is controlled directly based on the determined firewall rule.
It is understood that in some other embodiments, the authentication credential may include device information, and if the authentication is successful, the router 200 may directly send the authentication credential to the cloud server 300 to obtain the determined firewall rule of the television 101.
S206: the television 101 transmits the device information of the television 101 to the router 200.
After receiving the device information of the television 101 sent by the television 101, the router 200 continues to execute S303;
it is to be understood that, in order to facilitate the router 200 to timely identify whether the current television 101 is a television that needs to be configured with the firewall rule, in some embodiments of the present application, the device information includes at least one of identification information of a device and attribute information of the device, for example: the identification information of the television 101 may be a MAC address, an IP address, or the like of the television 101. The attribute information of the television 101 may be a merchant attribute of the television 101, a model of the television 101, an update algebraic attribute of the television 101, and the like, for example: the model of the third generation of the A commercial television 101, the model of the fourth generation of the A commercial television 101, the model of the fifth generation of the A commercial television 101, the model of the second generation of the A commercial television, the model of the third generation of the A commercial television, the model of the fourth generation of the A commercial television and the like; the functional attribute of the television 101, such as the television 101 is used for playing television broadcasts, but is not limited thereto.
It is understood that, in other embodiments, an SDK (Software Development Kit, software Development Kit platform) vendor writes an authentication name and an authentication password in the secure session protocol and stores the authentication name and the authentication password in the television 101 and the router 200 when using the function of developing the SDK Development device, since the developed SDK of the television 101 and the developed SDK of the router 200 are both provided by the SDK platform vendor, the television 101 can automatically report the device information to the router 200 through the secure session protocol, and the router 200 automatically obtains the firewall rule corresponding to the electronic device from the cloud service 300 and applies the firewall rule, so as to protect the communication security of the television 101.
It may be understood that, in some other embodiments, when the television 101 and the router 200 directly establish the communication connection relationship, the device information of the television 101 is directly sent to the router 200, and if the router 200 stores the device information of the television 101, the router 200 directly sends a firewall rule obtaining request to the cloud server 300, where the firewall rule obtaining request carries the device information of the television 101.
In some embodiments, the router 200 continues to execute S207 after receiving the device information of the television 101.
S207: the router 200 transmits a firewall rule acquisition request including the device information of the television 101 to the cloud server 300.
It is understood that the memory of the cloud server 300 stores a mapping table of the device information of the television 101 and the firewall rules. Since the security levels of the televisions 101 may be different, the router 200 may obtain the firewall rules respectively corresponding to the televisions 101 through the cloud server 300. Therefore, the problems that the number of IoT devices (such as the television 101) is increased day by day, most of the IoT devices cannot store intelligent security protection programs due to limited storage resources of the IoT devices, the IoT devices have low security capability and are easy to attack are solved, and the security performance of the IoT devices (such as the television 101) can be improved under the condition that the storage space of the IoT devices (such as the television 101) for storing firewall rules is saved.
In an optional real-time manner, the message format of the firewall rule obtaining request may be as shown in the following table:
the message of the firewall rule obtaining request at least comprises an equipment information ID and a firewall rule obtaining request ID, wherein the equipment information ID is an instruction code consisting of letters, numbers and/or special characters representing equipment information, and the firewall rule obtaining request ID is an instruction code consisting of the letters, the numbers and/or the special characters representing the firewall rule obtaining request instruction. But is not limited thereto.
| Firewall rule acquisition request ID | Device information ID |
For example, the message format of a firewall rule acquisition request at the service layer may be: GET/firewall/{ device information ID }.
Taking the device type in the attribute information of the device as the device information as an example, for example, two types of a/B televisions manufactured by M corporation correspond to two firewall rules. Then a code consisting of two letters and/or numbers. The A/B type TV manufactured by C company corresponds to two separate firewall rules. Then a code consisting of two letters and/or numbers. Two same M company A televisions correspond to the same rule, although the numbers are different, the same equipment type can correspond to the codes consisting of the same letters and/or numbers.
S208: the cloud server 300 determines the firewall rule of the television 101 according to the device information of the television 101.
It is understood that, after the cloud server 300 receives the firewall rule obtaining request sent by the router 200, the router 200 may obtain the firewall rule of the television 101 from the mapping relationship table between the preset device information and the preset firewall rule stored in the memory of the router according to the device information of the television 101. Specifically, the method comprises the following steps:
and the server inquires a mapping relation table of the equipment information and the firewall rules based on the equipment information so as to acquire the firewall rules of the electronic equipment.
It is to be understood that, in the embodiment of the present application, the firewall rule may include at least one of the following: a network address that the electronic device allows and/or disallows passage; a network port that the electronic device allows and/or disallows from use; communication frequencies allowed to be used by the electronic device; the maximum amount of communication data that the electronic device is allowed to use is not limited thereto.
For example, the communication address identification rule of the television 101 may include a website that the television 101 allows access to, a port that the television 101 allows access to, a website that the television 101 does not allow access to, a port that the television 101 does not allow access to, and the like; the communication frequency rule of the television 101 may include the frequency of external access of the television 101 and the access frequency of the external television 101 or the server and the like to the television 101; the communication volume of the tv 101 may include a data volume accessed by the tv 101, a data volume accessed by the external tv 101 or the server to the tv 101, and the like.
It is understood that the communication between the tv 101 or the printer 102 and other electronic devices is performed through ports, for example, when the user a accesses a website, the printer 102 will open a port (e.g., 1025 port) locally and then connect to a port of a remote website server, and by default, the printer 102 will open many service ports, which are often used by hackers to perform intrusion, so that the firewall rule configuration method in the present application can be used to allow and prohibit access to some ports, thereby improving the internet access security of the tv 101 or the printer 102.
For example, the following mapping table is established for the MAC address of the television 101 by using the device information, as shown in the following table:
if the MAC address of the tv 101 is 38:6e: a2: d3:24: b2, the cloud server 300 queries the list to obtain the firewall rule corresponding to the second row and the second column, that the television 101 does not allow access to the class a and class B websites, and other websites can be accessed by default.
The following list is established with the device information as the MAC address of the television 101, and as shown in the following table, the list is provided in the embodiment of the present application, where the device information corresponds to the firewall rule:
for example, if the device attribute information of the television 101 is the fourth generation model of the a-merchant television, the cloud server 300 scans the list to obtain the firewall rule corresponding to the second row and the second column, that is, the television 101 does not allow access to the a-type and B-type websites, and other websites can be accessed by default.
It is understood that in some other embodiments, although a plurality of devices belonging to one device attribute information correspond to different device identification information, a mapping relationship table may exist between the devices belonging to one firewall rule, that is, the device attribute information, the device identification information, and the firewall rule.
In addition, in some embodiments of the present application, the mapping relationship table between the device information of the television 101 and the firewall rule stored in the cloud server 300 may be updated, and the cloud server 300 may periodically or periodically reset the mapping relationship table between the device information of the television 101 and the firewall rule, so that a manufacturer may adjust the device information of the television 101 and the firewall rule at any time according to an actual situation, and flexibility of firewall rule configuration is improved.
S209: the cloud server 300 sends the determined firewall rule of the television 101 to the router 200.
For example, the firewall rule includes information such as a destination address allowed to be accessed by the television 101, a receiving port number of the destination address allowed to be accessed by the television 101, a protocol, a type, and an action, specifically, the destination address allowed to be accessed by the television 101 is 10.10.10.10/www.baidu.com, the receiving port number of the destination address allowed to be accessed by the television 101 is 443, the protocol is ipv4, the type is tcp, and the action is allowed. But is not limited thereto.
S210: the router 200 controls the network communication behavior of the television 101 based on the determined firewall rule of the television 101.
It is to be understood that, after receiving the determined firewall rule of the television 101 fed back by the cloud server 300, the router 200 controls the network communication behavior of the television 101 based on the firewall rule of the television 101. Thereby improving the communication security of the television 101. Specifically, the method comprises the following steps:
the router 200 detects the network communication behavior of the television 101.
The router 200 determines whether the network communication behavior of the television 101 complies with the determined firewall rule of the television 101.
And executing the network communication behavior under the condition that the router 200 judges that the network communication behavior of the television 101 conforms to the determined firewall rule of the television 101.
And if the router 200 judges that the network communication behavior of the television 101 does not conform to the determined firewall rule of the television 101, prohibiting the network communication behavior.
For example, if the determined firewall rule of the television 101 is that the television does not allow the access to the class a website, other websites can be accessed by default, and the data volume of the external access of the television does not exceed 50G, when the router 200 detects the class a website, the access to the television 101 by the class a website is blocked, so that the television 101 cannot receive the information of the class a and class B websites, and when the data volume of the external access of the television exceeds 50G, the external access to the website by the television 101 is prohibited, or some websites are prohibited from accessing the television 101.
For another example, if the determined firewall rule of the television 101 is that the television 101 does not allow access to the class a and class B websites, other websites may be accessible by default. When the router 200 detects the a-type and B-type websites, the a-type and B-type websites are blocked from accessing the television 101, so that the television 101 cannot receive the information of the a-type and B-type websites.
It is understood that the router 200 controls the communication behavior of the television 101 with the external network, such as: the router 20 scans the network flowing through it to filter out some attacks of network viruses, so as to avoid the situation that the television 101 cannot normally play video or the television 101 is not controlled by a remote controller, etc. caused by being executed on the television 101. Router 20 may also prohibit access from particular sites, thereby preventing all communications from unknown intruders from attacking television 101.
It is understood that in some other embodiments, the mapping relationship table of the device information of the television 101 and the firewall rule stored in the cloud server 300 may be updated, and the updated firewall rule is also sent to the router 200 when the mapping relationship is updated or at a preset time after the updating.
Specifically, the method comprises the following steps:
the cloud server 300 determines that the firewall rule of the television 101 is updated.
The cloud server 300 transmits a firewall rule update notification including the updated firewall rule of the television 101 to the router 200.
The router 200 receives a firewall rule update notification, which includes the updated firewall rule of the electronic device.
The router 200 updates the existing firewall rule according to the received firewall rule update notification.
The router 200 controls the network communication behavior of the television 101 based on the updated firewall rule of the television 101.
In this embodiment of the application, after the cloud server 300 initially sends the determined firewall rule of the television 101 to the router 200, the router 200 controls the network communication behavior of the television 101 based on the determined firewall rule of the television 101. When the firewall rule of the television 101 determined in the cloud server 300 is reset periodically or periodically, the cloud server 300 sends an update message and the updated firewall rule of the determined television 101 to the router 200 at the time of update or at the preset time after update, after receiving the update message and the updated firewall rule of the television 101, the router 200 controls the network communication behavior of the television 101 based on the received update message and the updated firewall rule of the television 101, and the speed of updating the firewall rule of the determined television 101, which is configured for the first time, by the router 200 is consistent with the updating speed of the firewall rule of the determined television 101 in the cloud server 300, so that the router 200 can timely and accurately configure the firewall rule of the determined television 101, and the communication security of the television 101 is improved.
In other embodiments, different from the above embodiments, the following describes the firewall rule configuration flow when the television 101 and the router 200 are communicatively connected again.
Fig. 3 is a flowchart illustrating a firewall rule configuration method according to some embodiments of the present application, and as shown in fig. 3, the method includes:
s301, the router 200 is in communication connection with the television 101;
it will be appreciated that in some embodiments, the television 101 is not initially communicatively coupled to the router 200, but is again communicatively coupled. When the first communication connection between the television 101 and the router 200 is successful and the authentication is successful, the router 200 stores firewall rule configuration success information of the television 101 after the first communication connection with the television 101 is established, the firewall rule configuration success information of the television 101 may include information such as device information, a MAC address, an IP address, an access flag for establishing a communication connection with the router 200, an authentication name in the authentication credential, and a determined firewall rule of the television 101, so that when the second communication connection between the television 101 and the router 200 is established, if the device information, the MAC address, the IP address, the access flag for establishing a communication connection with the router 200, or the authentication name in the authentication credential matches with the firewall rule configuration success information of the television 101 stored in the router 200, the network communication behavior of the television 101 is controlled directly based on the determined firewall rule of the television 101, the step of sending a request again to the cloud server 300 by the router 200 is omitted, and the step of determining the firewall rule configuration success information of the television 101 again according to reduce the energy consumption of the router 200 and the cloud server 300, and the energy consumption of the router 200 is reduced.
S302 the router 200 detects the network communication behavior of the television 101.
S303, the router 200 judges whether the network communication behavior of the television 101 conforms to the determined firewall rule of the television 101.
S304, executing the network communication behavior under the condition that the router 200 judges that the network communication behavior of the television 101 conforms to the determined firewall rule of the television 101.
S305, prohibiting the network communication behavior of the television 101 under the condition that the router 200 judges that the network communication behavior does not conform to the determined firewall rule of the television 101.
Steps S302, S303, S304, and S305 are the same as step S201, for example, if the determined firewall rule of the television 101 is that the television does not allow the access to the class a website, other websites can be accessed by default, and the data volume accessed by the television from outside does not exceed 50G, when the router 200 detects the class a website, the class a website is blocked from accessing the television 101, so that the television 101 cannot receive the information of the class a and class B websites, and when the data volume accessed by the television from outside exceeds 50G, the television 101 is prohibited from accessing the website from outside, or some websites are prohibited from accessing the television 101.
For another example, if the determined firewall rule of the television 101 is that the television 101 does not allow access to the class a and class B websites, other websites may be accessible by default. When the router 200 detects the a-type and B-type websites, the a-type and B-type websites are blocked from accessing the television 101, so that the television 101 cannot receive the information of the a-type and B-type websites.
It is understood that the router 200 controls the communication behavior of the television 101 with the external network, such as: the router 20 scans the network flowing through it to filter out some attacks of network viruses, so as to avoid the situation that the television 101 cannot normally play video or the television 101 is not controlled by a remote controller, etc. caused by being executed on the television 101. Router 20 may also prohibit access from particular sites, thereby preventing all communications from unknown intruders from attacking television 101.
Taking the firewall apparatus 200 as the router 200 as an example, a hardware structure of a router capable of implementing the functions of the router 200 is described, and fig. 4 is a block diagram of the hardware structure of the router 200. As shown in fig. 4, the router 200 includes a communication module 401, a processor 402, a controller 403, a memory 404, a power management system 405, a power supply 406, and the like.
The communication module 401 includes a wireless communication module, which can provide a solution for wireless communication applied to the electronic device 100, including Wireless Local Area Networks (WLANs) (e.g., wireless fidelity (Wi-Fi) networks), bluetooth (BT), global Navigation Satellite System (GNSS), frequency Modulation (FM), short-range wireless communication technology (NFC), infrared technology (infrared, IR), and the like. The wireless communication module may be one or more devices integrating at least one communication processing module.
Processor 402 may include one or more processing units, such as: the processor 402 may include an Application Processor (AP), a modem processor, a Graphics Processing Unit (GPU), an Image Signal Processor (ISP), a controller, a video codec, a Digital Signal Processor (DSP), a baseband processor, and/or a neural-Network Processing Unit (NPU), among others. The different processing units may be separate devices or may be integrated into one or more processors. For example, the processor 402 is configured to determine whether the network to access the television 101 complies with the determined firewall rules of the television 101. If the determined firewall rule of the television 101 is that the television 101 does not allow the access to the class a website, the processor 402 determines that the class a website to be accessed to the television 101 does not conform to the determined firewall rule of the television 101.
A memory may also be provided in the processor 402 for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. The memory may hold instructions or data that have just been used or recycled by the processor 110. If the processor 402 needs to reuse the instruction or data, it can be called directly from the memory. Avoiding repeated accesses reduces the latency of the processor 110, thereby increasing the efficiency of the system.
In some embodiments, processor 402 may include one or more interfaces. The interface may include an integrated circuit (I2C) interface, an integrated circuit built-in audio (I2S) interface, a Pulse Code Modulation (PCM) interface, a universal asynchronous receiver/transmitter (UART) interface, a Mobile Industry Processor Interface (MIPI), a general-purpose input/output (GPIO) interface, a Subscriber Identity Module (SIM) interface, and/or a Universal Serial Bus (USB) interface, etc.
The controller 403 may generate operation control signals according to the instruction operation code and the timing signal, so as to complete the control of instruction fetching and instruction execution. For example, if the determined firewall rule of the television 101 is that the data volume accessed by the television 101 to the outside does not exceed 50G, and the data volume accessed by the television to the outside exceeds 50G, an instruction for prohibiting the television 101 from accessing the website to the outside is sent to the television 101, so that the television 101 turns off the network communication function. If the determined firewall rule of the television 101 is that the television does not allow the access to the class a website, when the router 200 detects the class a website, an instruction for prohibiting the television from accessing the class a website is sent to the television, so that the television 101 can close the communication interface of the class a website.
The memory 404 is used for storing the device information of the television 101 and the determined firewall rule of the television 101.
The power management system 405 is used to connect the communication module 401, the processor 402, the controller 403, and the memory 404. The power management system 405 receives input from a power source 406 to power the communication module 401, the processor 402, the controller 403, and the memory 404. In other embodiments, the power management system 405 may also be disposed in the processor 402.
It is understood that the hardware architecture of the router 200 shown in the embodiment of the present application does not constitute a specific limitation to the router 200. In other embodiments of the present application, router 200 may include more or fewer components than shown, or combine certain components, or split certain components, or a different arrangement of components.
It is understood that the structure shown in fig. 4 is only one specific structure for implementing the function of the router 200 in the technical solution of the present application, and the router 200 having other structures and capable of implementing similar functions is also applicable to the technical solution of the present application, and is not limited herein.
Fig. 5 shows a schematic structural diagram of an electronic device. The electronic device is capable of implementing the functions of the server 300 and the electronic device 100 in the above embodiments. As shown in fig. 5, the electronic device includes a communication module 501, a processor 502, a memory 503, and the like.
The communication module 501 includes a wireless communication module, which can provide a solution for wireless communication applied to the electronic device 100, including Wireless Local Area Networks (WLANs) (e.g., wireless fidelity (Wi-Fi) networks), bluetooth (BT), global Navigation Satellite System (GNSS), frequency Modulation (FM), near Field Communication (NFC), infrared (IR), and the like. The wireless communication module may be one or more devices integrating at least one communication processing module.
Processor 502 may include one or more processing units, such as: the processor 502 may include an Application Processor (AP), a modem processor, a Graphics Processing Unit (GPU), an Image Signal Processor (ISP), a controller, a video codec, a Digital Signal Processor (DSP), a baseband processor, and/or a neural-Network Processing Unit (NPU), among others. The different processing units may be separate devices or may be integrated into one or more processors. If the functions of the electronic device 100 in the above embodiments are implemented, for example, the processor 502 is configured to determine whether the network to access the television 101 meets the determined firewall rules of the television 101. If the determined firewall rule of the television 101 is that the television 101 does not allow the access to the class a website, the processor 502 determines that the class a website to be accessed to the television 101 does not conform to the determined firewall rule of the television 101. If the function of the server 300 in the above embodiment is implemented, the processor 502 determines the firewall rule of the television 101 according to the device information of the television 101 and sends the determined firewall rule of the television 101 to the firewall device 200;
a memory may also be provided in the processor 502 for storing instructions and data. In some embodiments, the memory in the processor 502 is a cache memory. The memory may hold instructions or data that have just been used or recycled by the processor 502. If the processor 502 needs to reuse the instruction or data, it can be called directly from the memory. Avoiding repeated accesses reduces the latency of the processor 502, thereby increasing the efficiency of the system.
In some embodiments, processor 502 may include one or more interfaces. The interface may include an integrated circuit (I2C) interface, an integrated circuit built-in audio (I2S) interface, a Pulse Code Modulation (PCM) interface, a universal asynchronous receiver/transmitter (UART) interface, a Mobile Industry Processor Interface (MIPI), a general-purpose input/output (GPIO) interface, a Subscriber Identity Module (SIM) interface, and/or a Universal Serial Bus (USB) interface, etc.
The memory 503 is used for storing device information if the functions of the electronic device 100 in the above embodiments are implemented. If the functions of the server 300 in the above embodiments are implemented, the memory 603 is used to store a mapping relationship table between the device information and the firewall rules.
The power management system 504 is used to connect the communication module 501, the processor 502 and the memory 503. The power management system 504 receives input from a power supply 505 to power the communication module 501, the processor 502, and the memory 503. In other embodiments, the power management system 504 may also be disposed in the processor 502.
It is to be understood that the structure shown in fig. 5 is only one specific structure for implementing the functions of the server 300 or the electronic device 100 in the technical solution of the present application, and the server 300 or the electronic device 100 having other structures and capable of implementing similar functions is also applicable to the technical solution of the present application, and is not limited herein.
The embodiment of the application also provides a firewall rule configuration system of the electronic equipment, and the system comprises the electronic equipment and the firewall equipment.
The firewall device is used for detecting the network communication behavior of the electronic device in the Internet of things and judging whether the network communication behavior of the electronic device meets a firewall rule of the electronic device, wherein the firewall rule is acquired by the firewall device from a server; under the condition that the network communication behavior of the electronic equipment is judged not to meet the firewall rule, the network communication behavior of the electronic equipment is forbidden; and under the condition that the network communication behavior of the electronic equipment is judged to meet the firewall rule, allowing the network communication behavior of the electronic equipment. In some embodiments, the system further comprises a server.
The firewall equipment is used for acquiring equipment information of the electronic equipment from the electronic equipment; sending a firewall rule acquisition request to the server, wherein the firewall rule acquisition request comprises the equipment information and is used for requesting to acquire the firewall rule of the electronic equipment from the server; receiving firewall rules for the electronic device from the server.
The server is used for receiving a firewall rule obtaining request sent by the firewall equipment, wherein the firewall rule obtaining request comprises the equipment information and is used for requesting to obtain the firewall rule of the electronic equipment from the server; determining a firewall rule of the electronic equipment according to the equipment information; and sending the determined firewall rules of the electronic equipment to firewall equipment.
Embodiments of the present application further provide a readable medium, where instructions are stored on the readable medium, and when executed on an electronic device, the instructions cause the electronic device to execute the firewall rule configuration method described above.
Alternatively, in this embodiment, the storage medium may be located in at least one network server of a plurality of network servers of a computer network. Optionally, in this embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
An embodiment of the present application further provides an electronic device, including:
a memory for storing instructions for execution by one or more processors of the electronic device, an
The processor is one of the processors of the electronic equipment and is used for executing the firewall rule configuration method. The electronic equipment has the function of realizing the GPS cycle turning method of the electronic equipment. The functions can be realized by hardware, and the functions can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the above-described functions.
While the present application has been shown and described with reference to certain preferred embodiments thereof, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present application.
Claims (16)
1. A method for configuring firewall rules, the method comprising:
the firewall equipment detects the network communication behavior of the electronic equipment in the Internet of things;
the firewall equipment judges whether the network communication behavior of the electronic equipment meets a firewall rule of the electronic equipment, wherein the firewall rule is acquired by the firewall equipment from a server;
the firewall equipment forbids the network communication behavior of the electronic equipment under the condition that the network communication behavior of the electronic equipment is judged not to meet the firewall rule;
and the firewall equipment allows the network communication behavior of the electronic equipment under the condition that the network communication behavior of the electronic equipment is judged to meet the firewall rule.
2. The method of claim 1, further comprising:
the firewall equipment acquires equipment information of the electronic equipment from the electronic equipment;
the firewall equipment sends a firewall rule obtaining request to the server, wherein the firewall rule obtaining request comprises the equipment information and is used for requesting to obtain the firewall rule of the electronic equipment from the server;
the firewall device receives firewall rules for the electronic device from the server.
3. The method of claim 1, further comprising:
the firewall equipment receives a firewall rule updating notice, wherein the firewall rule updating notice comprises the updated firewall rule of the electronic equipment;
the firewall equipment updates the existing firewall rules according to the received firewall rule updating notice;
and the firewall equipment controls the network communication behavior of the electronic equipment based on the updated firewall rule of the electronic equipment.
4. The method according to claim 2, wherein the device information includes at least one of identification information of the electronic device and attribute information of the electronic device.
5. The method of claim 4, wherein the identification information of the electronic device comprises a MAC address of the electronic device, and the attribute information of the electronic device comprises at least one of a merchant attribute of the electronic device, a model of the device, and a category of the device.
6. The method of claim 1, wherein the firewall rules comprise at least one of:
a network address that the electronic device allows and/or disallows passage;
a network port that the electronic device enables and/or disables;
communication frequencies allowed to be used by the electronic device;
a maximum amount of communication data allowed to be used by the electronic device.
7. A method for configuring firewall rules, the method comprising:
the method comprises the steps that a server receives a firewall rule obtaining request sent by firewall equipment, wherein the firewall rule obtaining request comprises equipment information of electronic equipment and is used for requesting to obtain a firewall rule of the electronic equipment from the server;
the server determines a firewall rule of the electronic equipment according to the equipment information;
and the server sends the determined firewall rule of the electronic equipment to the firewall equipment.
8. The method of claim 7, wherein the server stores a mapping table of the device information and firewall rules.
9. The method of claim 8, wherein the server determining the firewall rule for the electronic device according to the device information comprises:
and the server inquires a mapping relation table of the equipment information and the firewall rules based on the equipment information so as to acquire the firewall rules of the electronic equipment.
10. The method of claim 7, further comprising:
the server determines that the firewall rules of the electronic equipment are updated;
and the server sends firewall rule updating notification to the firewall equipment, wherein the firewall rule updating notification comprises the updated firewall rule of the electronic equipment.
11. A firewall rule configuration method is characterized by comprising the following steps:
electronic equipment in the Internet of things generates network communication behaviors based on firewall equipment;
the firewall device detects the network communication behavior of electronic equipment in the Internet of things and judges whether the network communication behavior of the electronic equipment meets the firewall rule of the electronic equipment, wherein the firewall rule is obtained by the firewall device from a server;
the firewall equipment forbids the network communication behavior of the electronic equipment under the condition that the firewall equipment judges that the network communication behavior of the electronic equipment does not meet the firewall rule; and under the condition that the network communication behavior of the electronic equipment is judged to meet the firewall rule, allowing the network communication behavior of the electronic equipment.
12. The method of claim 11, further comprising:
the electronic equipment sends equipment information of the electronic equipment to the firewall equipment;
the firewall equipment sends a firewall rule acquisition request to the server, wherein the firewall rule acquisition request comprises the equipment information;
the server determines a firewall rule of the electronic equipment according to the received equipment information;
and the server sends the determined firewall rules of the electronic equipment to firewall equipment.
13. A firewall rule configuration system is characterized in that the system comprises an electronic device and a firewall device;
the electronic device is capable of generating network communication behavior based on the firewall device;
the firewall device can detect the network communication behavior of the electronic device in the Internet of things and judge whether the network communication behavior of the electronic device meets a firewall rule of the electronic device, wherein the firewall rule is acquired by the firewall device from a server; under the condition that the network communication behavior of the electronic equipment is judged not to meet the firewall rule, the network communication behavior of the electronic equipment is forbidden; and under the condition that the network communication behavior of the electronic equipment is judged to meet the firewall rule, allowing the network communication behavior of the electronic equipment.
14. The system of claim 13, further comprising a server;
the firewall device can acquire device information of the electronic device from the electronic device; sending a firewall rule acquisition request to the server, wherein the firewall rule acquisition request comprises the equipment information;
the server can acquire the equipment information in the request according to the received firewall rules and determine the firewall rules of the electronic equipment; and sending the determined firewall rule of the electronic equipment to the firewall equipment.
15. A readable medium having stored thereon instructions that, when executed on an electronic device, cause the electronic device to perform the firewall rule configuring method of any one of claims 1 to 12.
16. An electronic device, comprising:
a memory for storing instructions for execution by one or more processors of the electronic device, an
A processor, which is one of processors of an electronic device, for executing the firewall rule configuring method of any one of claims 1 to 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010706846.2A CN114039738B (en) | 2020-07-21 | 2020-07-21 | Firewall rule configuration method and system, medium and electronic equipment thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010706846.2A CN114039738B (en) | 2020-07-21 | 2020-07-21 | Firewall rule configuration method and system, medium and electronic equipment thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114039738A CN114039738A (en) | 2022-02-11 |
| CN114039738B true CN114039738B (en) | 2023-02-03 |
Family
ID=80134061
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010706846.2A Active CN114039738B (en) | 2020-07-21 | 2020-07-21 | Firewall rule configuration method and system, medium and electronic equipment thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114039738B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108076051A (en) * | 2017-11-16 | 2018-05-25 | 北京润信恒达科技有限公司 | A kind of internet of things equipment means of defence and device |
| CN109151950A (en) * | 2017-06-16 | 2019-01-04 | 华为技术有限公司 | A kind of method, the network equipment and the terminal device of access control |
| CN109327469A (en) * | 2018-11-26 | 2019-02-12 | 杨凌汇方农业有限公司 | For managing the method and intelligent gateway of Internet of Things |
| CN109547486A (en) * | 2018-12-29 | 2019-03-29 | 浙江汇安网络科技有限公司 | A kind of monitoring analysis method of Internet of Things network layer communication |
| CN110022301A (en) * | 2019-03-07 | 2019-07-16 | 北京华安普特网络科技有限公司 | Firewall is used in internet of things equipment protection |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9860213B2 (en) * | 2015-12-30 | 2018-01-02 | Iomaxis, Llc | Method and system for securing and protecting smart devices within the internet of things ecosystem |
-
2020
- 2020-07-21 CN CN202010706846.2A patent/CN114039738B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109151950A (en) * | 2017-06-16 | 2019-01-04 | 华为技术有限公司 | A kind of method, the network equipment and the terminal device of access control |
| CN108076051A (en) * | 2017-11-16 | 2018-05-25 | 北京润信恒达科技有限公司 | A kind of internet of things equipment means of defence and device |
| CN109327469A (en) * | 2018-11-26 | 2019-02-12 | 杨凌汇方农业有限公司 | For managing the method and intelligent gateway of Internet of Things |
| CN109547486A (en) * | 2018-12-29 | 2019-03-29 | 浙江汇安网络科技有限公司 | A kind of monitoring analysis method of Internet of Things network layer communication |
| CN110022301A (en) * | 2019-03-07 | 2019-07-16 | 北京华安普特网络科技有限公司 | Firewall is used in internet of things equipment protection |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114039738A (en) | 2022-02-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20180368058A1 (en) | Method for controlling device access, and related device and system | |
| RU2622876C2 (en) | Method, device and electronic device for connection control | |
| US9220007B2 (en) | Wireless access point MAC address privacy | |
| US9152195B2 (en) | Wake on cloud | |
| US11722458B2 (en) | Method and system for restricting transmission of data traffic for devices with networking capabilities | |
| US11399026B2 (en) | Permission management method and system, and related device | |
| WO2017107550A1 (en) | Network connection method and apparatus | |
| US20110153879A1 (en) | Method for accessing usb device attached to home gateway, home gateway and terminal | |
| EP3849152A1 (en) | Methods and systems for connecting a wireless device to a wireless network | |
| US10104537B2 (en) | Terminal peripheral control method, M2M gateway, and communications system | |
| US20170171496A1 (en) | Method and Electronic Device for Screen Projection | |
| RU2670789C2 (en) | System and method for limitation of number of public network connected users with cpe equipment based on linux | |
| US20230185910A1 (en) | Communication method, apparatus, and system | |
| CN106792694B (en) | An access authentication method and access device | |
| US20150016281A1 (en) | Beacon frame data transmission rate adjustment | |
| US11178145B2 (en) | Network apparatus and control method thereof | |
| CN106102066A (en) | A kind of wireless network secure certification devices and methods therefor, a kind of router | |
| CN114039738B (en) | Firewall rule configuration method and system, medium and electronic equipment thereof | |
| CN111066374B (en) | System and method for device management | |
| CN111726429A (en) | Communication method, device, equipment and medium | |
| CN114173336B (en) | Authentication failure processing method and device, terminal and network equipment | |
| WO2023143411A1 (en) | Device authentication methods, apparatus and communication device | |
| CN106656581A (en) | Router configuration method and device | |
| WO2018086304A1 (en) | Wireless network access method, and terminal device | |
| EP4319230A1 (en) | Key material processing method, acquisition method, information transmission method, and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |