CN1309208C - Network safety system of computer network and controlling method thereof - Google Patents
Network safety system of computer network and controlling method thereof Download PDFInfo
- Publication number
- CN1309208C CN1309208C CNB031285260A CN03128526A CN1309208C CN 1309208 C CN1309208 C CN 1309208C CN B031285260 A CNB031285260 A CN B031285260A CN 03128526 A CN03128526 A CN 03128526A CN 1309208 C CN1309208 C CN 1309208C
- Authority
- CN
- China
- Prior art keywords
- module
- network security
- network
- management
- adapter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a novel network safety system which is used for the field of computer network safety. The present invention comprises a network safety management center, a network safety device and an adapter, wherein the adapter is positioned between the network safety management centre and the network safety device, the network safety management centre is communicated with the adapter by adopting a network protocol, and the adapter is communicated with the network safety device by adopting a network protocol of the network safety device and a corresponding port; the network protocol communicated with the network safety device is realized by the adapter and is switched into a data format, the configuration management information and the safety information of the network safety device are treated primarily, the adapter is intensively managed by the network safety management center, and the safety information from the network safety device is further processed and stored. The present invention solves the problem of management feasibility and complexity because a plurality of network safety devices have a plurality of functions and a plurality of network protocols and a plurality of data interchange formats are used, and the performance problem of the network safety system.
Description
Technical field
The present invention relates to the computer network security technology field, specifically, relate to the system and method that a plurality of Network Security Devices are managed concentratedly.
Background technology
In order to ensure the safe operation of computer network, generally in computer network, all can be deployed with many safety means and fail-safe software, because along with the network security that strengthens day by day needs, rely on single fire compartment wall to be difficult to solve existing network security problem, network security need lean on a security system that comprises that multinomial technology such as fire compartment wall, Virtual Private Network (Virtual Private Networks is called for short VPN), intrusion detection, anti-virus, vulnerability scanners and safety means are formed to realize.
But above-mentioned Network Security Device is independently according to producing multi-form security information for information about mostly, can not provide safety guarantee for user's network as an organic whole.The user can upgrade, add and strengthen on original safety means, also can select according to the characteristic of different safety means, the situation that multiple technologies and Network Security Device stage construction, distributed earth coexist in computer network can appear like this, different technology and Network Security Device can produce a large amount of multi-form security information, make the mutual cooperation of whole security system and the difficult point that centralized management becomes safety management.
Therefore, computer network needs a whole network safety system, comprising being distributed in the network, can controlling and the diverse network safety means of collection network security information to network security, and the network security management center that these Network Security Devices are managed, make Network Security Device can reach its effect to network security, in addition when surpassing Network Security Device and working independently to the effect of network security.
Centralized way to manage is adopted at the network security management center, can overall arrangement, regulate and control all Network Security Devices, realization makes network security management work succinctly effective to centralized monitor, unified management and the interaction between the multiple network safety means of diverse network safety means.
The technical problem that present network safety system faces mainly contains 2 points: the one, and the structure of computer network is diversified, many networks also have the subnet of more complicated and divide, between these subnets and the major network, between subnet and the subnet, between subnet and the external network (as Internet), generally can use various gateway devices or Network Security Device to carry out the restrict access of procotol, for example the subnet use fire compartment wall at server place, critical data storehouse is carried out the access control of strictness in whole network internal, only allow to open transmission control protocol several private ports of (being called for short TCP), and common Simple Network Management Protocol (being called for short SNMP) is based on User Datagram Protoco (UDP) (being called for short UDP), can not the computer system in this subnet be managed.
In addition, because the diverse network safety means adopt different network communication protocol and data interchange format, and various network safe content arranged, if discern diverse network communication protocol and data format by the network security management center fully, and to the understanding of diverse network secure content, the software configuration of administrative center will be very complicated, the workload of handling is also very big, administrative center may become the bottleneck of whole network safety system so, and can not make full use of on the network the not full computer system of other load and share processing.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of network safety system and control method of computer network, can solve that network safety system can't manage the Network Security Device in the subnet that restrict access is arranged and network security management division center complicated problems in the prior art.
Network safety system of the present invention increases adapter between network security management center and Network Security Device, realize the procotol communicate by letter with Network Security Device by adapter, the translation data form, configuration management information and security information to Network Security Device are carried out preliminary treatment, adapter is then managed at the network security management center concentratedly, and the security information from Network Security Device is further processed and stores.
Network safety system of the present invention, at least comprise the network security management center, Network Security Device and adapter, described adapter is between described network security management center and described Network Security Device, described network security management center respectively with described adapter, the external control platform communicates, adopt the procotol and the corresponding port of described Network Security Device to communicate between described adapter and the described Network Security Device, the procotol that described adapter realization is communicated by letter with described Network Security Device, the translation data form, configuration management information and security information to described Network Security Device are carried out preliminary treatment, described adapter is then managed at described network security management center concentratedly, and the security information from described Network Security Device is further processed and stores.
Adopt transmission control protocol/security socket layer agreement to communicate between described network security management center and the described adapter.
Described network security management center further comprises the control desk management services module, authentication module, first device management module, the equipment molded tissue block, the system strategy module, system management module, monitoring module, adapter management module, the security information analysis module, the secure information storage module, cascade administration module and alarm module, wherein said first device management module, the equipment molded tissue block, the system strategy module, monitoring module and system management module are referred to as system function module, configuration and control and management to described Network Security Device are provided, the function of user management and system configuration is provided, and realizes monitoring in real time;
Described control desk management services module is used to manage being connected of external control platform and described network security management center, and initiates authentication request to described authentication module, realizes transmission of Information between external control platform and the described system function module; If there are a plurality of control desks simultaneously, then described control desk management services module also be responsible for to be coordinated revising request in the system same data object the time.
Described authentication module, effective tabulation of keeper, control desk and described adapter that responsible maintenance can be communicated by letter with the network security management center, and provide replying that whether authentication pass through to described control desk management services module;
Described adapter management module, what be used to manage described adapter and described network security management center is connected the information interaction of responsible described adapter and described security information analysis module, described system function module;
Described security information analysis module is used to analyze the security information that described adapter management module is sent, and the security information after will analyzing is transmitted to described secure information storage module, and warning then sends alarm signal to described alarm module simultaneously if desired;
Described secure information storage module is used for the security information sequential storage that described security information analysis module is sent;
Described cascade administration module, the local form that the full detail that is used for being collected by described adapter constitutes regularly is sent to the network security management center of upper level;
Described alarm module is used for the alarm signal according to described security information analysis module generation, and order is carried out alarm operation.
Described adapter comprises second device management module and equipment card module, described second device management module and described network security management center communicate, and described Network Security Device is monitored, will to the configuration management information distribution of certain Network Security Device to this Network Security Device corresponding equipment card module in; Multiplexing common network communication protocol of described equipment card module and port set, communicate with described second device management module, and it is corresponding one by one with described Network Security Device, receive the security information of described Network Security Device, and change the configuration management information format and the security information form of described Network Security Device, realize content understanding and normalized to configuration management information and security information.
Described second device management module comprises communication module, information routing management module, equipment break-make monitoring module and device discovery module; Wherein said communication module, be responsible for and described network security management center between information interaction; Described information routing management module, the information of being responsible for is transmitted between other modules in described communication module and described adapter; Described equipment break-make monitoring module is used for the on off operating mode that described Network Security Device is monitored in timing, and state variation is sent to described information routing management module; Described device discovery module is used to carry out the discovering device order at described network security management center, finds corresponding Network Security Device, and the facility information of finding is returned to described network security management center.
Described equipment card module comprises security information collection module, security information processing module and equipment configuration module; Wherein said security information collection module is used to collect daily record and the incident that described Network Security Device is sent, and is forwarded in the described security information processing module; Described security information processing module is used to receive daily record and the incident that described security information collection module is sent, and according to the filtering rule that configures, carries out the preliminary treatment of incident, sends to described information routing management module then; Described equipment configuration module, be used to handle the configuration information of described Network Security Device,, be sent in the described Network Security Device the equipment disposition order that described second device management module is sent, receive replying of described Network Security Device simultaneously, return to described second device management module.
A network safety system includes only a network security management center, but for the management that the superior and the subordinate can be arranged between the network security management center, the network security management center of the superior and the subordinate need import the other side's certificate separately, to guarantee authentication and access control.Subordinate can pass form to the higher level, the report security situation.
A network security management center can connect one or more adapters; An adapter can connect one or more Network Security Devices; Network Security Device can be the equipment that has multiple function, uses multiple network agreement and several data DIF.
Adapter and network security management center are network software subsystems independently, can be arranged in different computer systems, also can be arranged in different subnets.
Adapter and Network Security Device can be arranged in same subnet.
The control method of network safety system of the present invention comprises that external control platform and network security management center connect; Adapter and network security management center connect; Control to the configuration management control of Network Security Device with to the security information of Network Security Device.
Described external control platform and network security management center connect and specifically comprise: after the external control platform started, it is corresponding with it that the control desk management services module starts a new user interface service, initiates authentication request to described authentication module simultaneously; After authentication is passed through, receive the order of external control platform, and the response signal of returning is sent to the external control platform.
Described adapter and network security management center connect and specifically comprise: when new adapter access network security management center, it is corresponding with described new adapter that adapter management module starts an adapter controller, and write down the information that described new adapter is connected with Network Security Device.
Described configuration management control to Network Security Device may further comprise the steps:
Step 1, the control desk subsystem is to the device management command of network security management center transmission to certain Network Security Device;
Step 2, network security management center judge this Network Security Device with which adapter is connected, and device management command is interpreted as order to this adapter;
Step 3, the network security management center is with in the adapter that device management command sends to this Network Security Device links to each other;
Step 4, the order that second device management module in the adapter will receive are issued equipment card module that should Network Security Device, are handled by this equipment card module;
Step 5, the processing mode that this equipment card module adopts the map network safety means to be adopted the order that above-mentioned second device management module is sent sends in the Network Security Device;
Step 6, Network Security Device sends response signal to the equipment card module of its connection, returns second device management module by this equipment card module;
The security information control procedure of described Network Security Device may further comprise the steps:
Step 1 ', Network Security Device sends to security information the adapter that is attached thereto;
Step 2 ', the equipment card module in the adapter carries out preliminary treatment to above-mentioned security information;
Step 3 ', the equipment card module becomes the reference format of network security management center definition with the information translation of step 2 gained, and sends to the network security management center by second device management module;
Step 4 ', analyze, monitor, report to the police the information that receives and operation such as storage in the network security management center.
Described step 2 ' further may further comprise the steps: the security information collection module in the equipment card module receives daily record and the incident that Network Security Device is sent, and is forwarded in the security information processing module; The Log Types that the security information processing module is set according to the network security management center is collected filtering rule, carries out the preliminary treatment of incident, sends to the information routing management module then.
Described step 4 ' further may further comprise the steps: the security information analysis module at network security management center is received through after the pretreated security information, with its with rule list in corresponding security information processing rule contrast, if coupling then starts the rule response; Report to the police if desired, then send alarm signal to alarm module, carry out alarm operation in order by alarm module; Security information after the security information analysis module will be analyzed is transmitted to the secure information storage module and stores.
The present invention adopts a network security management center to move continuously, the pattern of a plurality of Network Security Devices of supervising the network, between network security management center and Network Security Device, increase adapter, solve the multiple network safety means and had multiple function, use the management feasibility that multiple network agreement and several data DIF bring and the problem of complexity, solved the performance issue of network safety system.
Description of drawings
Fig. 1 is an embodiment schematic diagram of network safety system of the present invention;
Fig. 2 is the schematic internal view at network security management center 110 among Fig. 1;
Fig. 3 is the schematic internal view of adapter among Fig. 1;
Fig. 4 is the flow chart to the configuration management control method of Network Security Device;
Fig. 5 is the flow chart to the security information control method of Network Security Device.
Embodiment
Below in conjunction with drawings and Examples, the present invention is described in further detail.
Network safety system shown in Figure 1 comprises network security management center 110, adapter 111 and 112, Network Security Device 211,212,221 and 222.Network security management center 110 links to each other with each control desk of control desk subsystem, when starting different control desks, can enter the interfaces such as system management, monitoring and equipment control of network safety system respectively.Network security management center 110 monitors by 111,112 pairs of Network Security Devices 211,212,221,222 of adapter and manages that wherein Network Security Device 211 and 212 is two kinds of different Network Security Devices.Network security management center 110 is based upon on the TCP/SSL procotol with adapter 111, communicating to connect of adapter 112, also can adopt ipsec protocol, IPSec (IPSecurity) agreement is made up of one group of RFC document, having defined a system provides selection security protocol, security algorithm, determines service services such as the key that uses, thereby provides safety guarantee at the IP layer.Network security management center 110 and adapter 111 are in same subnet, and adapter 112 and network security management center 110 are in different subnets, and there is network access restrictions between these two subnets, the udp protocol difference of these two subnets for example, therefore the control of the access to netwoks between network security management center 110 and the adapter 112 allows the part port of open TCP, comprises the tcp port between network security management center 110 and the adapter 112.Adapter 111 connects with Network Security Device 211,212, adopts Simple Network Management Protocol (Simple NetworkManagement Protocol is called for short SNMP) and unix syslog Syslog to communicate; Adapter 112 connects with Network Security Device 221,222, also adopts Simple Network Management Protocol SNMP (Simple Network Management Protocol) and unix syslog Syslog to communicate.Network Security Device 211,212 and adapter 111 are in same subnet; Network Security Device 221,222 and adapter 112 are in same subnet.
In the present invention, the major function at network security management center 110 is to realize the control of each Network Security Device in the network and the centralized management of configuration, and to from the focusing on and storing of the security information of Network Security Device, all transfer to adapter for the network communication protocol between concrete and Network Security Device and information data format and finish.As shown in Figure 2, network security management center 110 comprises the control desk management services module, authentication module, first device management module, the equipment molded tissue block, the system strategy module, system management module, monitoring module, adapter management module, the security information analysis module, the secure information storage module, cascade administration module and alarm module, first device management module wherein, the equipment molded tissue block, the system strategy module, monitoring module and system management module are referred to as system function module, configuration and control and management to Network Security Device are provided, the function of user management and system configuration is provided, and monitors in real time.
After an external control platform starts, set up with the network security management center and to be connected, it is corresponding with it that the control desk management services module just starts a new user interface service, initiate authentication request to described authentication module simultaneously, after authentication is passed through, receive the order of external control platform, and be transmitted to corresponding system function module; After the response of receiving system function module, send simultaneously to outside control desk.First device management module is responsible for the request of equipment and Group Policy Management Console, and content is the operation to equipment, as assigns configuration order, equipment start-stop control etc.; The device list management module is responsible for the request of equipment and Group Policy Management Console, but content is the list of devices of maintenance system pipe, interpolation or sweep equipment or the like in the slave unit table; The system strategy administration module is responsible for the request of equipment and Group Policy Management Console, content is the maintenance to the system strategy rule list, rule is meant a certain the incident of sending at some equipment, and which kind of response mode will be system will adopt, as mail warning or control desk display alarm etc.; Monitoring module is responsible for the request that security information detects control desk, and content is to detect the ruuning situation that shows certain equipment on the control desk interface in real time in security information, as cpu busy percentage or the like; System management module is responsible for the request of system management control desk, and content is that the maintenance customer shows, adapter table, the superior and the subordinate's setting etc.When having a plurality of control desks to be connected simultaneously with the network security management center, revise intrasystem same data object resource if desired simultaneously, as equipment list, Policy Table, adapter table, subscriber's meter etc., then above-mentioned request is coordinated by the control desk management services module.
Adapter management module is connection, the administration module of adapter access network security management center, when having new adapter to insert, it is corresponding with it that adapter management module just starts an adapter controller, and write down the information that this adapter is connected with Network Security Device.The security information of the Network Security Device that adapter is sent is issued the security information analysis module through adapter management module; Also receive simultaneously the order at network security management center, send to adapter.After the security information analysis module is received security information, with its with the system strategy administration module in rule list in corresponding security information processing rule contrast, if coupling then starts the rule response.Security information after the analysis is forwarded to the secure information storage module and stores, and reports to the police if desired, then sends alarm signal to alarm module simultaneously, carries out alarm operation in order by alarm module.
The internal module of adapter as shown in Figure 3, comprise second device management module and equipment card module, communicating by letter between second device management module and the equipment card module adopted same port set and network communication protocol, preserve information such as talk various network protocols that its corresponding Network Security Device externally provides and port numbers in the equipment card module, can use identical procotol and corresponding ports to communicate with Network Security Device according to the concrete function of equipment control.Wherein, second device management module comprises communication module, information routing management module, equipment break-make monitoring module and device discovery module; The equipment card module comprises security information collection module, security information processing module and equipment configuration module.
Information interaction between adapter and the network security management center is all transmitted by communication module.Information routing management module, the distribution of information that communication module is sent and receive the information that each module is returned in each corresponding module, upload to the network security management center by communication module.On off operating mode for timely awareness network safety means also is provided with equipment break-make monitoring module and regularly monitors, and state change information is sent in the information routing management module in second device management module.When the order of finding Network Security Device is sent at the network security management center, carry out this order by the device discovery module, find this Network Security Device, and the facility information of finding is returned to the network security management center.
Receive the equipment disposition order of communication module forwarding when equipment configuration module after, it is transmitted to corresponding Network Security Device, receives the response signal of this Network Security Device then, issue second device management module; The configuration information that also Network Security Device is reported is handled in addition.The security information collection module then receives daily record and the incident that Network Security Device is sent, and be forwarded in the security information processing module and handle, the security information processing module is collected filtering rule according to the Log Types that the network security management center issues in advance, the rule i.e. which class log collection of sending about certain Network Security Device, which class daily record do not collected, the preliminary treatment of the incident of carrying out sends to the information routing management module then.In the present embodiment, comprise 2 equipment card modules in the adapter 111, respectively map network safety means 211 and 212; Comprise 2 equipment card modules in the adapter 112, respectively map network safety means 221 and 222.
When network security management center 110 receive that control desk sends one during at Network Security Device 211 device management commands, at first carry out logic determines, judge this Network Security Device with which adapter is connected, in the present embodiment, Network Security Device 211 is connected with adapter 111.Then this device management command is explained the order of paired adapters 111, this order is the generic command of network safety system cognition, does not rely on concrete equipment, and sends in the adapter 111.After adapter 111 receives this order, forward the command to by second device management module in the equipment card module of map network safety means 211, handle by the equipment configuration module in this equipment card module, and the concrete processing mode that adopts this Network Security Device to adopt of the order after will handling, comprise order control, information analysis and processing etc., different Network Security Devices adopts different processing modes, can adopt the HTTP mode to carry out Remote configuration as device A, SYSLOG mode collector journal, and equipment B adopts SNMP SET mode to be configured, SNMP TRAP mode collector journal etc., send to Network Security Device 211, and receive the response of this equipment, send back to second device management module.Equally, the administration order at Network Security Device 212 is to be handled by the equipment card module of map network safety means 212 in the adapter 111.
The diverse network security information that Network Security Device 211 produces, comprise status information of equipment and network safety event, the capital sends to earlier in the adapter 111 with it in the corresponding equipment card module, equipment configuration module in the equipment card module and security information collection module are forwarded to above-mentioned security information and carry out preliminary treatment in the security information processing module, the security information processing module is carried out preliminary treatment according to the filtering rule of setting to security information, and convert thereof into the reference format of network security management center definition, issue network security management center 110, carry out the analysis of information by network security management center 110, monitoring, operations such as warning and storage.Equally, network safety information from Network Security Device 212 is also at first handled by the equipment card module of map network safety means 212 in the adapter 111, issue network security management center 110 then, the form of the network safety information after the processing also is to adopt reference format.
Can realize that by aforesaid operations the 110 pairs of different Network Security Devices in network security management center adopt identical way to manage to manage.
For network security management center 110 that is positioned at different sub-network and Network Security Device 221,222, because the restriction of access to netwoks, can not directly use the NMP of Network Security Device 221 and 222 and the network port to manage, therefore in the subnet of Network Security Device 221 and 222, be provided with adapter 112, adapter 112 can use the network communication protocol of Network Security Device 221,222, as udp protocol, stride the problem of the network service difficulty that subnet brings with solution.
The TCP/SSL agreement is passed through in various device administration order from network security management center 110, stride across the access control apparatus of subnet, order is sent to adapter 112, and adapter 112 carries out equipment control by the concrete supervising the network protocol port of Network Security Device 221 and 222.Simultaneously Network Security Device 221 and 222 security information also send to adapter 112, by the TCP/SSL agreement, stride across the access control apparatus of subnet, and information is sent to administrative center 110.
If the security information amount of some Network Security Device is big especially, and be sent to an adapter simultaneously, and this adapter can not satisfy real-time processing, then can increase an adapter again, share the processing of subnetwork security device information, network safety information is carried out distributed processing, to satisfy system to performance demands.
The control method of network safety system of the present invention comprises to the configuration management control of Network Security Device with to the security information of Network Security Device controls two processes.
As shown in Figure 4.Flow process to the configuration management control procedure of Network Security Device is: the control desk subsystem sends device management command to certain Network Security Device to the network security management center; The network security management center judges this Network Security Device with which adapter is connected, and device management command is interpreted as order to this adapter, sends in this adapter; The order that second device management module in the adapter will receive is issued equipment card module that should Network Security Device; This equipment card module sends to the concrete processing mode that mentioned order adopts the map network safety means to be adopted in the Network Security Device; Network Security Device sends response signal to the corresponding equipment card module, returns second device management module by this equipment card module.
As shown in Figure 5, the flow process to the security information control procedure of Network Security Device is: Network Security Device sends to security information in the equipment card module of the adapter that is attached thereto; The equipment card module carries out preliminary treatment according to the filtering rule that configures to security information, and the security information after will handling converts the reference format of network security management center definition to, send to the network security management center, the information that receives is finished operations such as further analysis, monitoring, warning and storage by the network security management center.
It should be noted last that, above embodiment is only unrestricted in order to technical scheme of the present invention to be described, although the present invention is had been described in detail with reference to preferred embodiment, those of ordinary skill in the art is to be understood that, can make amendment or be equal to replacement technical scheme of the present invention, and not breaking away from the spirit and scope of technical solution of the present invention, it all should be encompassed in the middle of the claim scope of the present invention.
Claims (16)
1, a kind of network safety system of computer network, it is characterized in that, at least comprise the network security management center, Network Security Device and adapter, described adapter is between described network security management center and described Network Security Device, described network security management center respectively with described adapter, the external control platform links to each other, adopt the procotol and the corresponding port of described Network Security Device to communicate between described adapter and the described Network Security Device, the procotol that described adapter realization is communicated by letter with described Network Security Device, the translation data form, configuration management information and security information to described Network Security Device are carried out preliminary treatment, described adapter is then managed at described network security management center concentratedly, and the security information from described Network Security Device is further processed and stores.
2, network safety system according to claim 1 is characterized in that, described network security management center can be connected with a plurality of described adapters; Adopt transmission control protocol or security socket layer protocol communication between described network security management center and the described adapter.
3, network safety system according to claim 2 is characterized in that, described adapter and described network security management are centered close in the same subnet or in the different subnets; When being positioned at different subnets, the access control apparatus between described subnet allows to open the tcp port that uses between described adapter and the described network security management center.
4, network safety system according to claim 1 is characterized in that, described adapter is connected with one or more Network Security Devices.
5, network safety system according to claim 1 is characterized in that, described adapter and described Network Security Device are arranged in same subnet.
According to claim 1,4 or 5 described network safety systems, it is characterized in that 6, described Network Security Device is the equipment that has multiple function, uses multiple network agreement and several data DIF.
7, according to the arbitrary described network safety system of claim 1 to 5, it is characterized in that described network security management center further comprises control desk management services module, authentication module, first device management module, equipment molded tissue block, system strategy module, system management module, monitoring module, adapter management module, security information analysis module, secure information storage module, cascade administration module and alarm module;
Wherein said first device management module, equipment molded tissue block, system strategy module, monitoring module and system management module are referred to as system function module, configuration and control and management to described Network Security Device are provided, the function of user management and system configuration is provided, and realizes monitoring in real time;
Described control desk management services module is used to manage being connected of external control platform and described network security management center, and initiates authentication request to described authentication module, realizes transmission of Information between external control platform and the described system function module;
Described authentication module is responsible for effective tabulation of keeper, control desk and the described adapter of the communication of maintenance and management center, and provides replying that whether authentication pass through to described control desk management services module;
Described adapter management module, what be used to manage described adapter and described network security management center is connected the information interaction of responsible described adapter and described security information analysis module, described system function module;
Described security information analysis module is used to analyze the security information that described adapter management module is sent, and the security information after will analyzing is transmitted to described secure information storage module, and warning then sends alarm signal to described alarm module simultaneously if desired;
Described secure information storage module is used for the security information sequential storage that described security information analysis module is sent;
The local form that described cascade administration module, the full detail that is used for being reported by described adapter constitute regularly sends the network security management center of upper level to;
Described alarm module is used for the alarm signal according to described security information analysis module generation, and order is carried out alarm operation.
8, network safety system according to claim 7, it is characterized in that, when existing a plurality of external control platforms to insert described network security management center simultaneously, described control desk management services module also be responsible for to be coordinated revising request in the system same data object resource the time.
According to the arbitrary described network safety system of claim 1 to 5, it is characterized in that 9, described adapter comprises second device management module and equipment card module;
Described second device management module and described network security management center communicate, and described Network Security Device is monitored, will to the configuration management information distribution of certain Network Security Device to this Network Security Device corresponding equipment card module in;
Multiplexing common network communication protocol of described equipment card module and port set, communicate with described second device management module, and it is corresponding one by one with described Network Security Device, receive the security information of described Network Security Device, and change the configuration management information format and the security information form of described Network Security Device, realize content understanding and normalized to configuration management information and security information.
10, network safety system according to claim 9 is characterized in that, described second device management module comprises communication module, information routing management module, equipment break-make monitoring module and device discovery module;
Described communication module, be responsible for and described network security management center between information interaction;
Described information routing management module, the information of being responsible for is transmitted between other modules in described communication module and described adapter;
Described equipment break-make monitoring module is used for the on off operating mode that described Network Security Device is monitored in timing, and state variation is sent to described information routing management module;
Described device discovery module is used to carry out the discovering device order at described network security management center, finds corresponding Network Security Device, and the facility information of finding is returned to described network security management center.
11, network safety system according to claim 9 is characterized in that, described equipment card module comprises security information collection module, security information processing module and equipment configuration module;
Described security information collection module is used to collect daily record and the incident that described Network Security Device is sent, and is forwarded in the described security information processing module;
Described security information processing module is used to receive daily record and the incident that described security information collection module is sent, and according to the filtering rule that configures, carries out the preliminary treatment of incident, sends to described information routing management module then;
Described equipment configuration module, be used to handle the configuration information of described Network Security Device,, be sent in the described Network Security Device the equipment disposition order that described second device management module is sent, receive replying of described Network Security Device simultaneously, return to described second device management module.
12, a kind of control method of network safety system is characterized in that, comprises that external control platform and network security management center connect; Adapter and network security management center connect; Control to the configuration management control of Network Security Device with to the security information of Network Security Device;
Described configuration management control to Network Security Device may further comprise the steps:
Step 1, the control desk subsystem is to the device management command of network security management center transmission to certain Network Security Device;
Step 2, network security management center judge this Network Security Device with which adapter is connected, and device management command is interpreted as order to this adapter;
Step 3, the network security management center is with in the adapter that order sends to this Network Security Device links to each other;
Step 4, the order that second device management module in the adapter will receive are issued equipment card module that should Network Security Device, are handled by this equipment card module;
Step 5, the processing mode that this equipment card module adopts the map network safety means to be adopted the order that above-mentioned second device management module is sent sends in the Network Security Device;
Step 6, Network Security Device sends response signal to the equipment card module of its connection, returns second device management module by this equipment card module;
The security information control procedure of described Network Security Device may further comprise the steps:
Step 1 ', Network Security Device sends to security information the adapter that is attached thereto;
Step 2 ', the equipment card module in the adapter carries out preliminary treatment to above-mentioned security information;
Step 3 ', the equipment card module becomes the reference format of network security management center definition with the information translation of step 2 gained, and sends to the network security management center by second device management module;
Step 4 ', analyze, monitor, report to the police the information that receives and operation such as storage in the network security management center.
13, network safety system control method according to claim 12, it is characterized in that, described external control platform and network security management center connect and specifically comprise: after the external control platform starts, it is corresponding with it that the control desk management services module starts a new user interface service, initiates authentication request to described authentication module simultaneously; After authentication is passed through, receive the order of external control platform, and the response signal of returning is sent to the external control platform.
14, according to claim 12 or 13 described network safety system control methods, it is characterized in that, described adapter and network security management center connect and specifically comprise: when new adapter access network security management center, it is corresponding with described new adapter that adapter management module starts an adapter controller, and write down the information that described new adapter is connected with Network Security Device.
15, network safety system control method according to claim 14, it is characterized in that, step 2 in the security information control procedure of described Network Security Device ' further may further comprise the steps: the security information collection module in the equipment card module receives daily record and the incident that Network Security Device is sent, and is forwarded in the security information processing module; The Log Types that the security information processing module is set according to the network security management center is collected filtering rule, carries out the preliminary treatment of incident, sends to the information routing management module then.
16, according to claim 12,13 or 15 described network safety system control methods, it is characterized in that, step 4 in the security information control procedure of described Network Security Device ' further may further comprise the steps: the security information analysis module at network security management center is received through after the pretreated security information, with its with rule list in corresponding security information processing rule contrast, if coupling then starts the rule response; Report to the police if desired, then send alarm signal to alarm module, carry out alarm operation in order by alarm module; Security information after the security information analysis module will be analyzed is transmitted to the secure information storage module and stores.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB031285260A CN1309208C (en) | 2003-05-23 | 2003-05-23 | Network safety system of computer network and controlling method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB031285260A CN1309208C (en) | 2003-05-23 | 2003-05-23 | Network safety system of computer network and controlling method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1549493A CN1549493A (en) | 2004-11-24 |
CN1309208C true CN1309208C (en) | 2007-04-04 |
Family
ID=34322172
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB031285260A Expired - Lifetime CN1309208C (en) | 2003-05-23 | 2003-05-23 | Network safety system of computer network and controlling method thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN1309208C (en) |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100461690C (en) * | 2005-07-21 | 2009-02-11 | 华为技术有限公司 | Common network management safety control system and method thereof |
US8042147B2 (en) * | 2005-10-05 | 2011-10-18 | Bryes Security | Network security appliance |
CN101843033B (en) * | 2007-08-28 | 2013-11-13 | Abb研究有限公司 | Real-time communication security for automation networks |
CN101141467B (en) * | 2007-10-31 | 2010-09-22 | 杭州华三通信技术有限公司 | Configuring method and system |
CN101567888B (en) * | 2008-12-29 | 2011-12-21 | 郭世泽 | Safety protection method of network feedback host computer |
CN102123110B (en) * | 2010-01-07 | 2014-09-10 | 北京广利核系统工程有限公司 | Data transmission method for gateway system, and gateway system |
CN102571701B (en) * | 2010-12-16 | 2015-12-16 | 中国移动通信集团安徽有限公司 | The access method of security certification site, Apparatus and system |
CN103023700A (en) * | 2012-12-03 | 2013-04-03 | 陕西维德科技股份有限公司 | Management operating system and method of information centre hardware equipment |
CN105100013B (en) * | 2014-05-15 | 2018-10-12 | 华为技术有限公司 | A kind of method, Network Security Device and the controller of sensing network safety equipment |
CN104283893B (en) * | 2014-10-28 | 2017-09-22 | 中国建设银行股份有限公司 | Receiving method and server in a kind of security information |
CN107729096A (en) * | 2017-09-20 | 2018-02-23 | 中国银行股份有限公司 | Shunting information method and system |
CN112769814B (en) * | 2021-01-04 | 2022-02-11 | 中国科学院信息工程研究所 | Method and system for comprehensively coordinating network security equipment in linkage manner |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4802220A (en) * | 1985-03-20 | 1989-01-31 | American Telephone And Telegraph Company, At&T Bell Laboratories | Method and apparatus for multi-channel communication security |
CN1178951A (en) * | 1997-07-23 | 1998-04-15 | 北京天融信技贸有限责任公司 | Special grouped filter fire-proof wall |
CN1310526A (en) * | 2001-04-06 | 2001-08-29 | 北京网警创新信息安全技术有限公司 | Illegal network activity intercepting, monitoring, tracing, evidence collecting and emergency reacting system and method |
CN1441365A (en) * | 2002-02-28 | 2003-09-10 | 北京中电网安科技有限公司 | Safeguard system and method for large and medium-sized inner network |
-
2003
- 2003-05-23 CN CNB031285260A patent/CN1309208C/en not_active Expired - Lifetime
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4802220A (en) * | 1985-03-20 | 1989-01-31 | American Telephone And Telegraph Company, At&T Bell Laboratories | Method and apparatus for multi-channel communication security |
CN1178951A (en) * | 1997-07-23 | 1998-04-15 | 北京天融信技贸有限责任公司 | Special grouped filter fire-proof wall |
CN1310526A (en) * | 2001-04-06 | 2001-08-29 | 北京网警创新信息安全技术有限公司 | Illegal network activity intercepting, monitoring, tracing, evidence collecting and emergency reacting system and method |
CN1441365A (en) * | 2002-02-28 | 2003-09-10 | 北京中电网安科技有限公司 | Safeguard system and method for large and medium-sized inner network |
Non-Patent Citations (1)
Title |
---|
网络安全监测系统 李亚恒,等,计算机工程,第27卷第4期 2001 * |
Also Published As
Publication number | Publication date |
---|---|
CN1549493A (en) | 2004-11-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1266882C (en) | A management method of network device | |
CN1309208C (en) | Network safety system of computer network and controlling method thereof | |
CN1213567C (en) | Concentrated network equipment managing method | |
US9930018B2 (en) | System and method for providing source ID spoof protection in an infiniband (IB) network | |
US6385197B1 (en) | Virtual port trunking method and apparatus | |
CN1558606A (en) | Network terminal automatic configuration method | |
CN1838592A (en) | Firewall method and system based on high-speed network data processing platform | |
US20150215416A1 (en) | Computer network system and a method for monitoring and controlling a network | |
CN1190042C (en) | Network equipment management method based on ethernet technology | |
CN1083193C (en) | Data storage device | |
CN1849787A (en) | Provision of services by reserving resources in a communication network with resource management | |
CN100499502C (en) | Trap analyzing and preprocessing system and method thereof | |
CN1859187A (en) | Method and system for centrally configurating terminal equipment | |
CN1299471C (en) | Broadband insertion server testing gating and testing method | |
CN1946031A (en) | Central managing system and method for multiple protocol data and transmission network device | |
CN101447896B (en) | TCP connection managing method for internet bypass monitoring system | |
CN101076028A (en) | Method for interacting telecommunication system and message by SNMP protocol | |
CN1581795A (en) | Network management safety authentication method | |
CN114268457A (en) | Multi-protocol multi-service public network security access method | |
CN1305259C (en) | Method for realizing network management and gateway | |
CN1561033A (en) | System and method for implementing out band network management based on virtual special network | |
CN1223155C (en) | Method for realizing 802.1 X communication based on group management | |
CN103023722A (en) | Cross-safe-area forward communication method, device and system | |
CN1426169A (en) | Method for improving route repeat liability of access server | |
CN1917436A (en) | Method for realizing concentrating type management for network devices based on Web |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CX01 | Expiry of patent term | ||
CX01 | Expiry of patent term |
Granted publication date: 20070404 |