[go: up one dir, main page]

CN116566654A - Protection system for block chain management server - Google Patents

Protection system for block chain management server Download PDF

Info

Publication number
CN116566654A
CN116566654A CN202310384813.4A CN202310384813A CN116566654A CN 116566654 A CN116566654 A CN 116566654A CN 202310384813 A CN202310384813 A CN 202310384813A CN 116566654 A CN116566654 A CN 116566654A
Authority
CN
China
Prior art keywords
protection
server
security
blockchain
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310384813.4A
Other languages
Chinese (zh)
Other versions
CN116566654B (en
Inventor
王文娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Guangtong Technology Co ltd
Original Assignee
Nanjing Jiushi Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Jiushi Technology Co ltd filed Critical Nanjing Jiushi Technology Co ltd
Priority to CN202411027782.8A priority Critical patent/CN119232423A/en
Priority to CN202310384813.4A priority patent/CN116566654B/en
Publication of CN116566654A publication Critical patent/CN116566654A/en
Application granted granted Critical
Publication of CN116566654B publication Critical patent/CN116566654B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a protection system for a blockchain management server, which comprises gateway deployment, a security agent, application deployment, a security center and a management center, wherein the gateway deployment is deployed on a protection wall and used for protecting the edge security of a virtual platform, providing DHCP, NAT, a unified firewall, being responsible for balancing, VPN and port isolation functions, and the security agent is deployed in the blockchain server. According to the invention, through the blockchain server safety protection system, comprehensive protection is realized in aspects of virus protection, patch protection, malicious software protection, intrusion detection and protection, access control and integrity monitoring, and the problems of mutual attack, inconsistent safety states, inconsistent running environments and storm safety risks occupied by resources among servers in the blockchain server are solved, so that the safety threat of the system is reduced, the capability of resisting the latest safety threat is provided, the safety of the server is improved, and the high availability of the blockchain service application is ensured.

Description

一种区块链管理服务器用的防护系统A protection system for blockchain management server

技术领域technical field

本发明涉及防护系统技术领域,特别涉及一种区块链管理服务器用的防护系统。The invention relates to the technical field of protection systems, in particular to a protection system for a blockchain management server.

背景技术Background technique

随着区块链技术的迅猛发展,区块链的服务器安全也越来越受到人们的关注,区块链的服务器在区块链系统中被称为节点,它们为整个区块链系统提供存储空间和算力支持。With the rapid development of blockchain technology, the security of blockchain servers has attracted more and more attention. Blockchain servers are called nodes in the blockchain system, and they provide storage for the entire blockchain system. Space and computing power support.

但是目前的区块链服务器在进行作业的过程中,没有安全防护措施,区块链服务器之间容易出现相互攻击的现象,同时在区块链服务器之间还存在安全状态不一致、运行环境不一致、资源占用风暴安全风险的技术问题,给区块链服务器使用带来了安全隐患。However, the current blockchain servers do not have security protection measures in the process of operation, and the blockchain servers are prone to mutual attacks. At the same time, there are inconsistent security states, inconsistent operating environments, and The technical problem of resource occupation storm security risk has brought security risks to the use of blockchain servers.

发明内容Contents of the invention

本发明的目的在于提供一种区块链管理服务器用的防护系统,以解决上述背景技术中提出的问题。The purpose of the present invention is to provide a protection system for a block chain management server to solve the problems raised in the above-mentioned background technology.

为实现上述目的,本发明提供如下技术方案:一种区块链管理服务器用的防护系统,防护系统包括网关部署、安全代理、应用部署、安全中心和管理中心,网关部署部署在防护墙,用于保护虚拟平台边缘安全,提供DHCP、NAT、统一防火墙、负责均衡、VPN、端口隔离功能,安全代理部署于区块链服务器中,为整个区块链服务器提供反病毒引擎和反病毒数据库,应用部署在区块链服务器中,提供无代理病毒查杀、IDS/IPS、程序保护、程序控管、完整性监控及日志审计,安全中心负责统一更新病毒库、提供可信数据访问,通过建立并维护一个扫描文件的全局缓存,保存已经经过安全扫描的文件,管理中心使管理员能够进行安全策略管理并将安全策略应用于服务器,以及安全更新和生成报告,可用于管理、部署、报告、记录和集成第三方安全服务,实现基于角色的访问控制以及职责分离;In order to achieve the above object, the present invention provides the following technical solutions: a protection system for a blockchain management server, the protection system includes gateway deployment, security agent, application deployment, security center and management center, the gateway is deployed on the protection wall, with To protect the edge security of the virtual platform, it provides DHCP, NAT, unified firewall, responsible for balancing, VPN, and port isolation functions. The security agent is deployed in the blockchain server to provide anti-virus engines and anti-virus databases for the entire blockchain server. Deployed in the blockchain server, it provides agentless virus killing, IDS/IPS, program protection, program control, integrity monitoring and log auditing. The security center is responsible for updating the virus database and providing trusted data access. Maintain a global cache of scanned files, save files that have been security scanned, and the management center enables administrators to manage security policies and apply security policies to servers, as well as security updates and generate reports, which can be used for management, deployment, reporting, and recording And integrate third-party security services to achieve role-based access control and separation of duties;

防护系统还包括:病毒防护模块、补丁防护模块、恶意软件防护模块、Web应用防护模块、入侵防护模块、访问控制模块、入侵检测模块、完整性检测模块、应用隔离模块和状态防火墙。The protection system also includes: a virus protection module, a patch protection module, a malware protection module, a Web application protection module, an intrusion prevention module, an access control module, an intrusion detection module, an integrity detection module, an application isolation module and a stateful firewall.

优选的,所述病毒防护模块:针对区块链服务器服务环境中存在的安全状态不一致和资源占用风暴问题,通过实现病毒防护模块提供无代理病毒防护,采用启发式扫描,及时查杀病毒;Preferably, the virus protection module: aiming at the problems of inconsistency of security status and resource occupation storms existing in the blockchain server service environment, the virus protection module provides agentless virus protection, adopts heuristic scanning, and promptly checks and kills viruses;

补丁防护模块:通过补丁技术对区块链服务器进行评估,并自动为每个区块链服务器提供全面的漏洞修补,在没有安装补丁程序之前,提供针对漏洞攻击的拦截;Patch protection module: evaluate the blockchain server through patch technology, and automatically provide comprehensive vulnerability patching for each blockchain server, and provide interception against vulnerability attacks before the patch is installed;

优选的,所述恶意软件防护模块:集成VMware vShield Endpoint API,可防止区块链服务器受到病毒、木马恶意软件的侵害,从而为区块链服务器环境中的复杂攻击干扰安全提供防护;Preferably, the malicious software protection module: integrates VMware vShield Endpoint API, which can prevent the block chain server from being infringed by viruses and Trojan horse malware, thereby providing protection for complex attack interference in the block chain server environment;

Web应用防护模块:防止跨站脚本攻击和其他Web应用程序漏洞,提供包含攻击者、攻击时间等概要信息的自动通知。Web application protection module: prevents cross-site scripting attacks and other web application vulnerabilities, and provides automatic notifications including summary information such as attackers and attack time.

优选的,所述入侵防护模块:通过阻断SQL注入攻击、拒绝服务攻击、蠕虫病毒侵入攻击等行为,为区块链服务器提供了高安全度的保护,检查所有传入和传出数据包,不允许协议修改、违反安全策略导致攻击的内容有可乘之机;Preferably, the intrusion prevention module: by blocking SQL injection attacks, denial of service attacks, worm intrusion attacks, etc., provides high security protection for the blockchain server, checks all incoming and outgoing data packets, It is not allowed to modify the protocol, and the content that violates the security policy and causes the attack can take advantage of it;

访问控制模块:提供基于状态检测的访问控制功能,实现基于区块链服务器网口的访问控制,实现区块链服务器之间的逻辑隔离,同时对各种泛洪攻击进行识别和拦截,根据流量管理协议阻断非法流量、优化流量分布;Access control module: Provides access control functions based on state detection, realizes access control based on blockchain server network ports, realizes logical isolation between blockchain servers, and at the same time identifies and intercepts various flooding attacks, according to traffic Management protocol blocks illegal traffic and optimizes traffic distribution;

入侵检测模块:以协议为基础,提供基于策略的监控和分析工具,更精确地对流量进行监控、分析和访问控制,同时进行网络行为分析,为在无人值守的环境下快速准确地检测入侵行为,将攻击特征与特征库进行匹配,记录新的攻击特征,不断完善特征库。Intrusion detection module: Based on the protocol, it provides policy-based monitoring and analysis tools to more accurately monitor, analyze and access control traffic, and at the same time conduct network behavior analysis to quickly and accurately detect intrusions in an unattended environment behaviors, matching attack signatures with signature databases, recording new attack signatures, and continuously improving signature databases.

优选的,所述完整性检测模块:支持基于基线的文件、目录、注册表等关键文件监控功能,这些关键位置被恶意篡改或感染病毒,系统自动向管理员发出警报,并记录问题;Preferably, the integrity detection module: supports baseline-based key file monitoring functions such as files, directories, and registry records. If these key locations are maliciously tampered with or infected with viruses, the system will automatically send an alarm to the administrator and record the problem;

应用隔离模块:支持分离虚拟应用,从而避免区块链服务器应用之间的相互感染,利用基于签名的入侵防御功能,来保护HTTP、FTP业务;Application isolation module: supports separation of virtual applications, thereby avoiding mutual infection between blockchain server applications, and uses signature-based intrusion prevention functions to protect HTTP and FTP services;

状态防火墙:进行细粒度过滤,针对网络的设计策略以及基于IP协议的位置感知功能,缩小服务器的受攻击范围,集中管理服务器防火墙策略,防止拒绝服务攻击并检测侦察扫描。Stateful firewall: carry out fine-grained filtering, design policies for the network and location-aware functions based on IP protocols, reduce the attack range of servers, centrally manage server firewall policies, prevent denial of service attacks and detect reconnaissance scans.

优选的,所述完整性检测模块还包括可疑文件分析,具体为:选定参数,对所选定的客服端系统参数进行分析,在分析中利用对指令序列的反汇编技术,来获得感兴趣的数据,得到最后结果。Preferably, the integrity detection module also includes suspicious file analysis, specifically: select parameters, analyze the selected customer service end system parameters, and use the disassembly technology of the instruction sequence in the analysis to obtain the information of interest. data to get the final result.

优选的,所述管理中心还包括与区块链夫妻之间建立DNS通信。Preferably, the management center also includes establishing DNS communication with the blockchain couple.

优选的,所述Web应用防护模块还包括:设置IP访问限制,对用户进行筛选,检查客户是否具有合法的访问权限,在web服务器过滤模块当中设置此功能,通过匹配HTTP请求中的IP地址与黑名单中的IP地址方式,当用户请求页面和运行JSP程序时,Web服务器会读取访问控制文件,并且会从这个过程中获得访问控制信息,同时要求客户提供用户名和口令,然后浏览器将用户名和口令传给服务器,进行验证之后,服务器才会满足用户请求的内容,诸如发回请求页面或者执行JSP程序。Preferably, the Web application protection module also includes: setting IP access restrictions, screening users, checking whether the client has legal access rights, setting this function in the web server filtering module, and matching the IP address in the HTTP request with the With the IP address method in the blacklist, when a user requests a page and runs a JSP program, the Web server will read the access control file, and will obtain access control information from this process, and at the same time require the client to provide a user name and password, and then the browser will The user name and password are passed to the server, and after verification, the server will satisfy the content requested by the user, such as sending back the requested page or executing a JSP program.

本发明的技术效果和优点:通过区块链服务器安全防护系统,在病毒防护、补丁防护、恶意软件防护、入侵检测及防护、访问控制、完整性监控方面实现了全面防护,解决了区块链服务器中存在的服务器之间互相攻击、安全状态不一致、运行环境不一致、资源占用风暴安全风险,使系统降低了安全威胁,具备了抵抗最新安全威胁的能力,提高了服务器的安全性,从而保障了区块链业务应用的高可用性。Technical effects and advantages of the present invention: Through the blockchain server security protection system, comprehensive protection is realized in virus protection, patch protection, malware protection, intrusion detection and protection, access control, and integrity monitoring, and solves the problem of blockchain security. In the server, the servers attack each other, the security status is inconsistent, the operating environment is inconsistent, and the security risk of resource occupation storm reduces the security threat of the system, has the ability to resist the latest security threat, improves the security of the server, and thus guarantees High availability of blockchain business applications.

附图说明Description of drawings

图1为本发明一种区块链管理服务器用的防护系统的系统框图。Fig. 1 is a system block diagram of a protection system for a block chain management server of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

本发明提供了一种区块链管理服务器用的防护系统,防护系统包括网关部署、安全代理、应用部署、安全中心和管理中心,网关部署部署在防护墙,用于保护虚拟平台边缘安全,提供DHCP、NAT、统一防火墙、负责均衡、VPN、端口隔离功能,安全代理部署于区块链服务器中,为整个区块链服务器提供反病毒引擎和反病毒数据库,应用部署在区块链服务器中,提供无代理病毒查杀、IDS/IPS、程序保护、程序控管、完整性监控及日志审计,安全中心负责统一更新病毒库、提供可信数据访问,通过建立并维护一个扫描文件的全局缓存,保存已经经过安全扫描的文件,管理中心使管理员能够进行安全策略管理并将安全策略应用于服务器,以及安全更新和生成报告,可用于管理、部署、报告、记录和集成第三方安全服务,实现基于角色的访问控制以及职责分离;The invention provides a protection system for a blockchain management server. The protection system includes gateway deployment, security agent, application deployment, security center and management center. The gateway is deployed on the protection wall to protect the edge security of the virtual platform, providing DHCP, NAT, unified firewall, responsible for balancing, VPN, and port isolation functions, security agents are deployed in the blockchain server, providing anti-virus engines and anti-virus databases for the entire blockchain server, applications are deployed in the blockchain server, Provide agentless virus killing, IDS/IPS, program protection, program control, integrity monitoring, and log auditing. The security center is responsible for uniformly updating the virus database and providing trusted data access. By establishing and maintaining a global cache of scanned files, Save the files that have been security scanned, and the management center enables administrators to manage security policies and apply security policies to servers, as well as security updates and generate reports, which can be used to manage, deploy, report, record and integrate third-party security services to achieve Role-based access control and separation of duties;

区块链管理服务器存在的风险具体包括:区块链服务之间的相互攻击、安全状态不一致、运行环境不一致、资源占用风暴、工具漏洞风险、数据安全风险和系统复制风险。The risks of the blockchain management server specifically include: mutual attacks between blockchain services, inconsistent security status, inconsistent operating environment, resource occupation storms, tool vulnerability risks, data security risks, and system replication risks.

防护系统还包括:病毒防护模块、补丁防护模块、恶意软件防护模块、Web应用防护模块、入侵防护模块、访问控制模块、入侵检测模块、完整性检测模块、应用隔离模块和状态防火墙。The protection system also includes: a virus protection module, a patch protection module, a malware protection module, a Web application protection module, an intrusion prevention module, an access control module, an intrusion detection module, an integrity detection module, an application isolation module and a stateful firewall.

病毒防护模块:针对区块链服务器服务环境中存在的安全状态不一致和资源占用风暴问题,通过实现病毒防护模块提供无代理病毒防护,采用启发式扫描,及时查杀病毒;Virus protection module: Aiming at the problems of inconsistent security status and resource occupation storms in the blockchain server service environment, the virus protection module provides agentless virus protection, and uses heuristic scanning to detect and kill viruses in a timely manner;

补丁防护模块:通过补丁技术对区块链服务器进行评估,并自动为每个区块链服务器提供全面的漏洞修补,在没有安装补丁程序之前,提供针对漏洞攻击的拦截;Patch protection module: evaluate the blockchain server through patch technology, and automatically provide comprehensive vulnerability patching for each blockchain server, and provide interception against vulnerability attacks before the patch is installed;

恶意软件防护模块:集成VMware vShield Endpoint API,可防止区块链服务器受到病毒、木马恶意软件的侵害,从而为区块链服务器环境中的复杂攻击干扰安全提供防护;Malware protection module: integrates VMware vShield Endpoint API, which can prevent the blockchain server from being attacked by viruses and Trojan malware, thereby providing protection for complex attacks in the blockchain server environment and interfering with security;

Web应用防护模块:防止跨站脚本攻击和其他Web应用程序漏洞,提供包含攻击者、攻击时间等概要信息的自动通知。Web application protection module: prevents cross-site scripting attacks and other web application vulnerabilities, and provides automatic notifications including summary information such as attackers and attack time.

入侵防护模块:通过阻断SQL注入攻击、拒绝服务攻击、蠕虫病毒侵入攻击等行为,为区块链服务器提供了高安全度的保护,检查所有传入和传出数据包,不允许协议修改、违反安全策略导致攻击的内容有可乘之机;Intrusion prevention module: By blocking SQL injection attacks, denial of service attacks, worm intrusion attacks, etc., it provides high security protection for blockchain servers, checks all incoming and outgoing data packets, and does not allow protocol modification, Content that violates security policies and leads to attacks has opportunities;

访问控制模块:提供基于状态检测的访问控制功能,实现基于区块链服务器网口的访问控制,实现区块链服务器之间的逻辑隔离,同时对各种泛洪攻击进行识别和拦截,根据流量管理协议阻断非法流量、优化流量分布;Access control module: Provides access control functions based on state detection, realizes access control based on blockchain server network ports, realizes logical isolation between blockchain servers, and at the same time identifies and intercepts various flooding attacks, according to traffic Management protocol blocks illegal traffic and optimizes traffic distribution;

入侵检测模块:以协议为基础,提供基于策略的监控和分析工具,更精确地对流量进行监控、分析和访问控制,同时进行网络行为分析,为在无人值守的环境下快速准确地检测入侵行为,将攻击特征与特征库进行匹配,记录新的攻击特征,不断完善特征库。Intrusion detection module: Based on the protocol, it provides policy-based monitoring and analysis tools to more accurately monitor, analyze and access control traffic, and at the same time conduct network behavior analysis to quickly and accurately detect intrusions in an unattended environment behaviors, matching attack signatures with signature databases, recording new attack signatures, and continuously improving signature databases.

完整性检测模块:支持基于基线的文件、目录、注册表等关键文件监控功能,这些关键位置被恶意篡改或感染病毒,系统自动向管理员发出警报,并记录问题;Integrity detection module: supports baseline-based monitoring of key files such as files, directories, and registry. If these key locations are maliciously tampered with or infected with viruses, the system will automatically send an alarm to the administrator and record the problem;

应用隔离模块:支持分离虚拟应用,从而避免区块链服务器应用之间的相互感染,利用基于签名的入侵防御功能,来保护HTTP、FTP业务;Application isolation module: supports separation of virtual applications, thereby avoiding mutual infection between blockchain server applications, and uses signature-based intrusion prevention functions to protect HTTP and FTP services;

状态防火墙:进行细粒度过滤,针对网络的设计策略以及基于IP协议的位置感知功能,缩小服务器的受攻击范围,集中管理服务器防火墙策略,防止拒绝服务攻击并检测侦察扫描。Stateful firewall: carry out fine-grained filtering, design policies for the network and location-aware functions based on IP protocols, reduce the attack range of servers, centrally manage server firewall policies, prevent denial of service attacks and detect reconnaissance scans.

完整性检测模块还包括可疑文件分析,具体为:选定参数,对所选定的客服端系统参数进行分析,在分析中利用对指令序列的反汇编技术,来获得感兴趣的数据,得到最后结果。The integrity detection module also includes suspicious file analysis, specifically: select parameters, analyze the selected customer service system parameters, use the disassembly technology of the command sequence in the analysis to obtain the data of interest, and obtain the final result.

管理中心还包括与区块链夫妻之间建立DNS通信,具体包括以下步骤:The management center also includes establishing DNS communication with the blockchain couple, which specifically includes the following steps:

步骤S1:客户端向服务器发送城名查询请求,提出具体查询内容,当客户端所查询内容属于服务器所在域名之内的主机名称的时候,DNS服务器会直接对客户端做出回答,告知IP地址,当客户端所查询内容属于其它域名的话,会首先查询服务器的自身缓存内容,看看有没有相关信息,如有发现,则对客户端做出回答,告知IP地址;Step S1: The client sends a city name query request to the server and proposes specific query content. When the query content of the client belongs to the host name within the domain name of the server, the DNS server will directly answer the client and inform the IP address , when the content inquired by the client belongs to other domain names, it will first query the server's own cache content to see if there is any relevant information. If found, it will reply to the client and inform the IP address;

步骤S2:如果没有在服务器自身缓存内容中发现相关信息,则服务器会转向根服务器查询,收到服务器的查询信息,根服务器会将该城名之下一,层授权服务器的位置即IP地址告知服务器,可能包含多个下一层授权服务器地址,本地服务器然后会向其中的一台授权服务器查询,并将下一层授权服务器地址名单存到缓存中,之后又客户端请求类似内容时,可直接答复客户端;Step S2: If no relevant information is found in the server's own cache content, the server will turn to the root server for query. After receiving the server's query information, the root server will notify the location of the authorized server at the next layer under the city name, that is, the IP address The server may contain multiple lower-level authorization server addresses. The local server will then query one of the authorization servers and store the list of lower-level authorization server addresses in the cache. Later, when the client requests similar content, it can Reply directly to the client;

步骤S3:远方授权服务器回应本地服务器查询,若远方授权服务器回应并非最后一层的答案,则继续向下查询,直到获得客户端所需的结果为止,本地服务器将查询结果回应给客户端,并同时将查询结果储存在服务器的缓存里面,如果在本地服务器存放时间尚未过时之前再接到客户端相同的查询,则以存放于服务器缓存里的资料来做回应。Step S3: The remote authorization server responds to the query of the local server. If the response from the remote authorization server is not the answer of the last layer, the query continues until the result required by the client is obtained. The local server responds to the client with the query result, and At the same time, the query results are stored in the cache of the server. If the same query from the client is received before the storage time of the local server has expired, the data stored in the cache of the server will be used as a response.

Web应用防护模块还包括:设置IP访问限制,对用户进行筛选,检查客户是否具有合法的访问权限,在web服务器过滤模块当中设置此功能,通过匹配HTTP请求中的IP地址与黑名单中的IP地址方式,当用户请求页面和运行JSP程序时,Web服务器会读取访问控制文件,并且会从这个过程中获得访问控制信息,同时要求客户提供用户名和口令,然后浏览器将用户名和口令传给服务器,进行验证之后,服务器才会满足用户请求的内容,诸如发回请求页面或者执行JSP程序。The web application protection module also includes: setting IP access restrictions, screening users, checking whether customers have legal access rights, setting this function in the web server filtering module, and matching the IP address in the HTTP request with the IP in the blacklist Address mode, when a user requests a page and runs a JSP program, the Web server will read the access control file, and will obtain access control information from this process, and at the same time ask the client to provide a user name and password, and then the browser will pass the user name and password to The server, after verification, the server will satisfy the content requested by the user, such as sending back the requested page or executing the JSP program.

本说明书中未作详细描述的内容属于本领域专业技术人员公知的现有技术。本文中所描述的具体实施例仅仅是对本发明精神作举例说明。本发明所属技术领域的技术人员可以对所描述的具体实施例做各种各样的修改或补充或采用类似的方式替代,但并不会偏离本发明的精神或者超越所附权利要求书所定义的范围。The content not described in detail in this specification belongs to the prior art known to those skilled in the art. The specific embodiments described herein are merely illustrative of the spirit of the invention. Those skilled in the art to which the present invention belongs can make various modifications or supplements to the described specific embodiments or adopt similar methods to replace them, but they will not deviate from the spirit of the present invention or go beyond the definition of the appended claims range.

Claims (8)

1.一种区块链管理服务器用的防护系统,其特征在于,防护系统包括网关部署、安全代理、应用部署、安全中心和管理中心,网关部署部署在防护墙,用于保护虚拟平台边缘安全,提供DHCP、NAT、统一防火墙、负责均衡、VPN、端口隔离功能,安全代理部署于区块链服务器中,为整个区块链服务器提供反病毒引擎和反病毒数据库,应用部署在区块链服务器中,提供无代理病毒查杀、IDS/IPS、程序保护、程序控管、完整性监控及日志审计,安全中心负责统一更新病毒库、提供可信数据访问,通过建立并维护一个扫描文件的全局缓存,保存已经经过安全扫描的文件,管理中心使管理员能够进行安全策略管理并将安全策略应用于服务器,以及安全更新和生成报告,可用于管理、部署、报告、记录和集成第三方安全服务,实现基于角色的访问控制以及职责分离;1. A protection system for a block chain management server, characterized in that the protection system includes gateway deployment, security agent, application deployment, security center and management center, and the gateway deployment is deployed on the protective wall to protect the edge security of the virtual platform , providing DHCP, NAT, unified firewall, responsible for balancing, VPN, port isolation functions, security agents are deployed in the blockchain server, providing anti-virus engines and anti-virus databases for the entire blockchain server, and applications are deployed in the blockchain server Among them, agentless virus killing, IDS/IPS, program protection, program control, integrity monitoring and log auditing are provided. The security center is responsible for uniformly updating the virus database and providing credible data access. By establishing and maintaining a global database of scanned files Cache, save files that have been security scanned, and the management center enables administrators to perform security policy management and apply security policies to servers, as well as security updates and generate reports, which can be used to manage, deploy, report, record and integrate third-party security services , to achieve role-based access control and separation of duties; 防护系统还包括:病毒防护模块、补丁防护模块、恶意软件防护模块、Web应用防护模块、入侵防护模块、访问控制模块、入侵检测模块、完整性检测模块、应用隔离模块和状态防火墙。The protection system also includes: a virus protection module, a patch protection module, a malware protection module, a Web application protection module, an intrusion prevention module, an access control module, an intrusion detection module, an integrity detection module, an application isolation module and a stateful firewall. 2.根据权利要求1所述的一种区块链管理服务器用的防护系统,其特征在于,所述病毒防护模块:针对区块链服务器服务环境中存在的安全状态不一致和资源占用风暴问题,通过实现病毒防护模块提供无代理病毒防护,采用启发式扫描,及时查杀病毒;2. The protection system for a block chain management server according to claim 1, wherein the virus protection module: for the inconsistency of the security state and the resource occupation storm problem existing in the block chain server service environment, Provide agent-free virus protection by implementing the virus protection module, and use heuristic scanning to detect and kill viruses in time; 补丁防护模块:通过补丁技术对区块链服务器进行评估,并自动为每个区块链服务器提供全面的漏洞修补,在没有安装补丁程序之前,提供针对漏洞攻击的拦截。Patch protection module: Evaluate the blockchain server through patch technology, and automatically provide comprehensive vulnerability patching for each blockchain server, and provide interception against vulnerability attacks before the patch is installed. 3.根据权利要求1所述的一种区块链管理服务器用的防护系统,其特征在于,所述恶意软件防护模块:集成VMware vShield Endpoint API,可防止区块链服务器受到病毒、木马恶意软件的侵害,从而为区块链服务器环境中的复杂攻击干扰安全提供防护;3. The protection system for a block chain management server according to claim 1, wherein the malware protection module: integrates VMware vShield Endpoint API, which can prevent the block chain server from being subjected to viruses, Trojan horses and malware Infringement, thus providing protection for complex attacks in the blockchain server environment to interfere with security; Web应用防护模块:防止跨站脚本攻击和其他Web应用程序漏洞,提供包含攻击者、攻击时间等概要信息的自动通知。Web application protection module: prevents cross-site scripting attacks and other web application vulnerabilities, and provides automatic notifications including summary information such as attackers and attack time. 4.根据权利要求1所述的一种区块链管理服务器用的防护系统,其特征在于,所述入侵防护模块:通过阻断SQL注入攻击、拒绝服务攻击、蠕虫病毒侵入攻击等行为,为区块链服务器提供了高安全度的保护,检查所有传入和传出数据包,不允许协议修改、违反安全策略导致攻击的内容有可乘之机;4. The protection system for a block chain management server according to claim 1, wherein the intrusion protection module: by blocking SQL injection attacks, denial of service attacks, worm intrusion attacks, etc., for The blockchain server provides a high degree of security protection, checks all incoming and outgoing data packets, does not allow protocol modifications, and violates security policies to cause attacks; 访问控制模块:提供基于状态检测的访问控制功能,实现基于区块链服务器网口的访问控制,实现区块链服务器之间的逻辑隔离,同时对各种泛洪攻击进行识别和拦截,根据流量管理协议阻断非法流量、优化流量分布;Access control module: Provides access control functions based on state detection, realizes access control based on blockchain server network ports, realizes logical isolation between blockchain servers, and at the same time identifies and intercepts various flooding attacks, according to traffic Management protocol blocks illegal traffic and optimizes traffic distribution; 入侵检测模块:以协议为基础,提供基于策略的监控和分析工具,更精确地对流量进行监控、分析和访问控制,同时进行网络行为分析,为在无人值守的环境下快速准确地检测入侵行为,将攻击特征与特征库进行匹配,记录新的攻击特征,不断完善特征库。Intrusion detection module: Based on the protocol, it provides policy-based monitoring and analysis tools to more accurately monitor, analyze and access control traffic, and at the same time conduct network behavior analysis to quickly and accurately detect intrusions in an unattended environment behaviors, matching attack signatures with signature databases, recording new attack signatures, and continuously improving signature databases. 5.根据权利要求1所述的一种区块链管理服务器用的防护系统,其特征在于,所述完整性检测模块:支持基于基线的文件、目录、注册表等关键文件监控功能,这些关键位置被恶意篡改或感染病毒,系统自动向管理员发出警报,并记录问题;5. The protection system for a block chain management server according to claim 1, wherein the integrity detection module: supports key file monitoring functions such as baseline-based files, directories, and registration tables, and these key If the location is maliciously tampered with or infected with viruses, the system will automatically send an alert to the administrator and record the problem; 应用隔离模块:支持分离虚拟应用,从而避免区块链服务器应用之间的相互感染,利用基于签名的入侵防御功能,来保护HTTP、FTP业务;Application isolation module: supports separation of virtual applications, thereby avoiding mutual infection between blockchain server applications, and uses signature-based intrusion prevention functions to protect HTTP and FTP services; 状态防火墙:进行细粒度过滤,针对网络的设计策略以及基于IP协议的位置感知功能,缩小服务器的受攻击范围,集中管理服务器防火墙策略,防止拒绝服务攻击并检测侦察扫描。Stateful firewall: carry out fine-grained filtering, design policies for the network and location-aware functions based on IP protocols, reduce the attack range of servers, centrally manage server firewall policies, prevent denial of service attacks and detect reconnaissance scans. 6.根据权利要求1所述的一种区块链管理服务器用的防护系统,其特征在于,所述完整性检测模块还包括可疑文件分析,具体为:选定参数,对所选定的客服端系统参数进行分析,在分析中利用对指令序列的反汇编技术,来获得感兴趣的数据,得到最后结果。6. The protection system for a block chain management server according to claim 1, wherein the integrity detection module also includes suspicious file analysis, specifically: selected parameters, for the selected customer service Analyze the parameters of the end system, and use the disassembly technology of the instruction sequence in the analysis to obtain the data of interest and get the final result. 7.根据权利要求1所述的一种区块链管理服务器用的防护系统,其特征在于,所述管理中心还包括与区块链夫妻之间建立DNS通信。7. The protection system for a blockchain management server according to claim 1, wherein the management center further includes establishing DNS communication with the blockchain couple. 8.根据权利要求1所述的一种区块链管理服务器用的防护系统,其特征在于,所述Web应用防护模块还包括:设置IP访问限制,对用户进行筛选,检查客户是否具有合法的访问权限,在web服务器过滤模块当中设置此功能,通过匹配HTTP请求中的IP地址与黑名单中的IP地址方式,当用户请求页面和运行JSP程序时,Web服务器会读取访问控制文件,并且会从这个过程中获得访问控制信息,同时要求客户提供用户名和口令,然后浏览器将用户名和口令传给服务器,进行验证之后,服务器才会满足用户请求的内容,诸如发回请求页面或者执行JSP程序。8. The protection system for a block chain management server according to claim 1, wherein the Web application protection module also includes: setting IP access restrictions, screening users, and checking whether customers have legal Access rights, set this function in the web server filtering module, by matching the IP address in the HTTP request and the IP address in the blacklist, when the user requests a page and runs a JSP program, the web server will read the access control file, and Access control information will be obtained from this process, and the client will be required to provide a user name and password, and then the browser will pass the user name and password to the server. After verification, the server will satisfy the content requested by the user, such as sending back the requested page or executing JSP program.
CN202310384813.4A 2023-04-12 2023-04-12 A protection system for blockchain management server Active CN116566654B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202411027782.8A CN119232423A (en) 2023-04-12 2023-04-12 Protection system for blockchain management servers
CN202310384813.4A CN116566654B (en) 2023-04-12 2023-04-12 A protection system for blockchain management server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310384813.4A CN116566654B (en) 2023-04-12 2023-04-12 A protection system for blockchain management server

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202411027782.8A Division CN119232423A (en) 2023-04-12 2023-04-12 Protection system for blockchain management servers

Publications (2)

Publication Number Publication Date
CN116566654A true CN116566654A (en) 2023-08-08
CN116566654B CN116566654B (en) 2024-11-12

Family

ID=87492302

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202411027782.8A Pending CN119232423A (en) 2023-04-12 2023-04-12 Protection system for blockchain management servers
CN202310384813.4A Active CN116566654B (en) 2023-04-12 2023-04-12 A protection system for blockchain management server

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202411027782.8A Pending CN119232423A (en) 2023-04-12 2023-04-12 Protection system for blockchain management servers

Country Status (1)

Country Link
CN (2) CN119232423A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117725631A (en) * 2023-12-18 2024-03-19 四川和恩泰半导体有限公司 Secure memory bank and method for starting secure memory bank
CN118965410A (en) * 2024-10-15 2024-11-15 石家庄学院 Student information security management system and method based on blockchain

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108512661A (en) * 2018-04-02 2018-09-07 成都零光量子科技有限公司 A kind of safety protecting method of block chain private key for user
CN111752139A (en) * 2019-03-29 2020-10-09 霍尼韦尔国际公司 Redundant controllers or input-output gateways without dedicated hardware
US20200366717A1 (en) * 2019-05-17 2020-11-19 Juniper Networks, Inc. Classification of unknown network traffic
CN112016094A (en) * 2020-08-14 2020-12-01 深圳市迈科龙电子有限公司 Block chain service safety protection strategy management and control system and method
CN112039858A (en) * 2020-08-14 2020-12-04 深圳市迈科龙电子有限公司 Block chain service security reinforcement system and method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104660610A (en) * 2015-03-13 2015-05-27 华存数据信息技术有限公司 Cloud computing environment based intelligent security defending system and defending method thereof
US10542046B2 (en) * 2018-06-07 2020-01-21 Unifyvault LLC Systems and methods for blockchain security data intelligence
CN111193719A (en) * 2019-12-14 2020-05-22 贵州电网有限责任公司 Network intrusion protection system
CN114978584B (en) * 2022-04-12 2024-10-29 深圳市蔚壹科技有限公司 Network security protection security method and system based on unit units

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108512661A (en) * 2018-04-02 2018-09-07 成都零光量子科技有限公司 A kind of safety protecting method of block chain private key for user
CN111752139A (en) * 2019-03-29 2020-10-09 霍尼韦尔国际公司 Redundant controllers or input-output gateways without dedicated hardware
US20200366717A1 (en) * 2019-05-17 2020-11-19 Juniper Networks, Inc. Classification of unknown network traffic
CN112016094A (en) * 2020-08-14 2020-12-01 深圳市迈科龙电子有限公司 Block chain service safety protection strategy management and control system and method
CN112039858A (en) * 2020-08-14 2020-12-04 深圳市迈科龙电子有限公司 Block chain service security reinforcement system and method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117725631A (en) * 2023-12-18 2024-03-19 四川和恩泰半导体有限公司 Secure memory bank and method for starting secure memory bank
CN118965410A (en) * 2024-10-15 2024-11-15 石家庄学院 Student information security management system and method based on blockchain

Also Published As

Publication number Publication date
CN119232423A (en) 2024-12-31
CN116566654B (en) 2024-11-12

Similar Documents

Publication Publication Date Title
JP6080910B2 (en) System and method for network level protection against malicious software
JP6086968B2 (en) System and method for local protection against malicious software
Schnackengerg et al. Cooperative intrusion traceback and response architecture (CITRA)
US8230505B1 (en) Method for cooperative intrusion prevention through collaborative inference
US7984493B2 (en) DNS based enforcement for confinement and detection of network malicious activities
EP2715522B1 (en) Using dns communications to filter domain names
US7398389B2 (en) Kernel-based network security infrastructure
US7653941B2 (en) System and method for detecting an infective element in a network environment
US8146137B2 (en) Dynamic internet address assignment based on user identity and policy compliance
US20060259967A1 (en) Proactively protecting computers in a networking environment from malware
US20060282893A1 (en) Network information security zone joint defense system
US20060026683A1 (en) Intrusion protection system and method
US8548998B2 (en) Methods and systems for securing and protecting repositories and directories
US7707620B2 (en) Method to control and secure setuid/gid executables and processes
KR20050026624A (en) Integration security system and method of pc using secure policy network
CN116566654B (en) A protection system for blockchain management server
Kumar et al. Implementation of firewall & intrusion detection system using pfSense to enhance network security
Alsaqour et al. A systematic study of network firewall and its implementation
KR102512622B1 (en) METHOD FOR DETECTING DRDoS ATTACK, AND APPARATUSES PERFORMING THE SAME
CN116566747B (en) Security protection methods and devices based on industrial Internet
Singh Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) For Network Security: A Critical Analysis
Khari et al. Meticulous study of firewall using security detection tools
Kfouri et al. Design of a Distributed HIDS for IoT Backbone Components.
Deng et al. TNC-UTM: A holistic solution to secure enterprise networks
Patel Survey on Various Types of Cyber Attacks and its Detection and Prevention

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20241015

Address after: Room 501-83, Building 6, No. 1158 Jiuting Center Road, Jiuting Town, Songjiang District, Shanghai, 201615

Applicant after: Shanghai Guangtong Technology Co.,Ltd.

Country or region after: China

Address before: Room 22-480, Building 2, Phase II, Jingang Science Park, No. 1, Kechuang Road, Yaohua Street, Qixia District, Nanjing City, Jiangsu Province, 210000

Applicant before: Nanjing Jiushi Technology Co.,Ltd.

Country or region before: China

GR01 Patent grant
GR01 Patent grant