CN114124477B - Business service system and method - Google Patents
Business service system and method Download PDFInfo
- Publication number
- CN114124477B CN114124477B CN202111308712.6A CN202111308712A CN114124477B CN 114124477 B CN114124477 B CN 114124477B CN 202111308712 A CN202111308712 A CN 202111308712A CN 114124477 B CN114124477 B CN 114124477B
- Authority
- CN
- China
- Prior art keywords
- service
- data
- network
- layer packet
- mirror image
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000004088 simulation Methods 0.000 claims abstract description 16
- 238000010276 construction Methods 0.000 claims abstract description 5
- 230000000977 initiatory effect Effects 0.000 claims abstract description 5
- 238000004891 communication Methods 0.000 claims description 21
- 230000005856 abnormality Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000010076 replication Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a business service system and a method, wherein the system comprises: the simulation subsystem: a first network device including a plurality of IP addresses configured with a first network, the first network devices being connected through the first network; the simulation subsystem realizes the initiation of a service access request, the mirror image processing of the service access request and the return of a service data link layer packet through the first network equipment; the real subsystem: a second network device including an IP address not configured with the first network, the second network device being connected to the analog subsystem by a link; and the real subsystem realizes construction and return of the service data link layer packet through the second network equipment. The business service system can better help enterprises solve the problems faced when the existing intranet business system is opened to the Internet to provide remote office, normal business access of terminal users is not affected, and the security of the business system is improved.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a business service system and a business service method.
Background
The remote office is a product of the communication industry and the IT industry which are developed at high speed at present, and the communication industry is convenient and fast to communicate and has a large scale on users, and the IT industry is mature in software application and rich in business content, so that the communication industry is perfectly combined together, and the communication industry becomes a new generation office mode after paperless office and Internet remote office of computers. The latest office mode enables the mobile phone to have the office function same as that of a computer by installing enterprise informatization software on the mobile phone, and gets rid of the limitation that the mobile phone has to conduct office on fixed equipment in a fixed place, thereby providing great convenience for enterprise managers and business persons and providing brand new thinking and direction for informatization construction of enterprises and governments. The system not only enables office work to be random and relaxed, but also enables a user to carry out work efficiently and rapidly no matter what emergency the user is in, and has great significance for handling emergent events and disposing emergent events.
Because the remote office needs to access the internal network of the enterprise and public institution through an open public network, the primary problems of the use and popularization of the remote office are the security of the business and the security of the business server introduced by the remote office. There is therefore a need to provide an extremely secure solution for tele-office applications.
The existing solutions are mainly implemented by firewall technology. The firewall protects the security of network information inside enterprises and institutions, such as preventing leakage of important information such as account information of banking servers, confidential information of government departments, combat plans and strategies in troops and the like. In a narrow sense, a firewall protects the security of each server in an enterprise's internal network from all malicious access or attack from an external non-secure network of the enterprise. The firewall realizes the protection function of the internal network by logically isolating the internal network and the external network, and then controls the access behavior through the firewall according to the pre-customized security policy, thereby achieving the effective control of the access of the internal network of the enterprise. However, the firewall technology is used for service security protection, the internet and the intranet are actually connected, the service system still needs to indirectly expose the server to the internet, and when a vulnerability exists in the service system, the security of the service system can be directly threatened, and even the security of the server where the service system is located and the security of the network where the server is located are influenced.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a business service system and a business service method, which improve the safety of the business system.
In a first aspect, a business service system includes:
the simulation subsystem: a first network device including a plurality of IP addresses configured with a first network, the first network devices being connected through the first network; the simulation subsystem realizes the initiation of the service access request, the mirror image processing of the service access request and the return of the service data link layer packet through the first network equipment;
the real subsystem: the second network equipment is connected with the simulation subsystem through a link; the real subsystem realizes construction and return of the service data link layer packet through the second network device.
Preferably, the first network device comprises:
user terminal: configuring an IP address of a first network; the user terminal is used for a user to initiate a service access request;
the switch: configuring an IP address of a first network, and connecting the IP address with a user terminal through the first network; the switch is used for receiving the service access request and carrying out mirror image processing on the service access request to obtain mirror image data; the exchanger is also used for returning the business data link layer packet to the corresponding user terminal;
a first service server: configuring an IP address of a first network, and connecting the IP address with a switch through the first network; the first service server is used for receiving a service access request.
Preferably, the second network device comprises:
and a second service server: the IP address of the first network is not configured, and the IP address is connected with a switch in the analog subsystem through a link; the second service server is used for receiving the mirror image data, processing the effective mirror image data, constructing a service data link layer packet, and returning the service data link layer packet to the switch.
Preferably, the link between the second service server and the switch includes a mirror link and a communication link;
the mirror image link is used for the exchanger to transmit mirror image data to the second service server;
the communication link is used for the second service server to return the service data link layer packet to the switch.
Preferably, the second service server is specifically configured to determine that the mirror data is valid when the mirror data is detected to be legal or on a preset white list.
Preferably, the second service server is specifically configured to process the valid mirrored data to obtain processed data, and simulate the first service server to construct a service data link layer packet according to the processed data.
In a second aspect, a business service method operates on the business service system of the first aspect; the business service method comprises the following steps:
the user terminal is used for a user to initiate a service access request;
the switch receives the service access request and mirrors the service access request to obtain mirror image data;
the first service server receives a service access request;
the second service server receives the mirror image data, processes the effective mirror image data, constructs a service data link layer packet, and returns the service data link layer packet to the switch;
and the switch returns the service data link layer packet to the corresponding user terminal.
Preferably, after the second service server receives the mirror data, before processing the valid mirror data, the method further includes:
and when the second service server detects that the mirror image data is legal or on a preset white list, the second service server judges that the mirror image data is valid.
Preferably, after the second service server processes the valid mirror image data, constructing a service data link layer packet specifically includes:
and the second service server processes the effective mirror image data to obtain processed data, and the first service server is simulated to construct a service data link layer packet according to the processed data.
According to the technical scheme, the business service system and the business service method provided by the invention can not carry out IP communication on the network level between the simulation subsystem and the real subsystem, and even if the first network equipment in the simulation subsystem is broken, the second network equipment in the real subsystem can not be accessed. The business service system can better help enterprises solve the problems faced when the existing intranet business system is opened to the Internet to provide remote office, normal business access of terminal users is not affected, and the security of the business system is improved. And the security analysis can be carried out on the business data, so that the business service system is ensured not to attack, the abnormality can be found, and the abnormality can be blocked or not processed in time.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. Like elements or portions are generally identified by like reference numerals throughout the several figures. In the drawings, elements or portions thereof are not necessarily drawn to scale.
Fig. 1 is a schematic block diagram of a business service system according to a first embodiment.
Fig. 2 is a specific architecture diagram of a business service system according to a first embodiment.
Fig. 3 is a flowchart of a business service method provided in the second embodiment.
Detailed Description
Embodiments of the technical scheme of the present invention will be described in detail below with reference to the accompanying drawings. The following examples are only for more clearly illustrating the technical aspects of the present invention, and thus are merely examples, and are not intended to limit the scope of the present invention. It is noted that unless otherwise indicated, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this invention pertains.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
As used in this specification and the appended claims, the term "if" may be interpreted as "when..once" or "in response to a determination" or "in response to detection" depending on the context. Similarly, the phrase "if a determination" or "if a [ described condition or event ] is detected" may be interpreted in the context of meaning "upon determination" or "in response to determination" or "upon detection of a [ described condition or event ]" or "in response to detection of a [ described condition or event ]".
Embodiment one:
a business service system, see fig. 1, comprising:
simulation subsystem 1: a first network device including a plurality of IP addresses configured with a first network, the first network devices being connected through the first network; the simulation subsystem 1 realizes the initiation of a service access request, the mirror image processing of the service access request and the return of a service data link layer packet through first network equipment;
the real subsystem 2: a second network device including an IP address not configured with the first network, the second network device being connected to the analog subsystem 1 through a link; the real subsystem 2 implements construction and return of the service data link layer packet through the second network device.
In this embodiment, the simulation subsystem 1 is configured to meet a normal service requirement, where the simulation subsystem 1 implements initiation of a normal service access request of a user, and returns a service data link layer packet obtained by processing the service access request to the user. From the user's sense of view, the user can still normally initiate a service access request and normally read the service data link layer packet. The first network devices in the analog subsystem 1 are configured with IP addresses of the application and the first network, which may be some common network communication protocol, so that the first network devices support the common network communication protocol (e.g., TCP/IP, etc.). The simulation subsystem 1 provides a virtual service port for services outside, supports the user to access through the first network, but does not perform service data processing and responds to service access requests.
In this embodiment, the real subsystem 2 is not configured with the IP address of the first network, so that the real subsystem 2 and the analog subsystem 1 can only be connected through a link, but can not be connected through the first network, thereby realizing network logic isolation between the real subsystem 2 and the analog subsystem 1, and no direct TCP/IP data exchange exists between the real subsystem 2 and the analog subsystem 1. The real subsystem 2 is used for providing a real service access request processing flow. The real subsystem 2 only provides link ports (e.g. binds traffic service ports at 127.0.0.1) to the analog subsystem 1. The service system can also be added with hardware firewall and other devices to further ensure one-way communication of data.
In the business service system, the simulation subsystem 1 and the real subsystem 2 cannot perform IP communication on the network level, and even if the first network equipment in the simulation subsystem 1 is broken, the second network equipment in the real subsystem 2 cannot be accessed. The business service system can better help enterprises solve the problems faced when the existing intranet business system is opened to the Internet to provide remote office work, and normal business access of terminal users is not affected.
Further, in some embodiments, referring to fig. 2, the first network device comprises:
user terminal 12: configuring an IP address of a first network; the user terminal 12 is used for a user of the first service server 11 to initiate a service access request;
switch 13: configuring an IP address of a first network, and connecting with the user terminal 12 through the first network; the switch 13 is configured to receive a service access request, and mirror the service access request to obtain mirror data; the switch 13 is further configured to return the service data link layer packet to the corresponding user terminal 12;
the first service server 11: configuring an IP address of a first network, and connecting with the switch 13 through the first network; the first service server 11 is configured to receive a service access request.
In the present embodiment, the user terminal 12 is provided for the user, and the user terminal 12 provides normal network communication and service system access functions. The user terminal 12 may be a mobile terminal (e.g., a cell phone, tablet, etc.) or a stationary computer (e.g., a desktop computer, etc.). The service access request may include an IP address to be accessed, data to be accessed, and the like.
In this embodiment, the switch 13 receives the service access request of the user terminal 12, and performs mirror processing on the service access request to obtain mirror data. The mirroring process essentially enables replication of service access requests. The mirrored data is substantially identical to the content of the service access request, e.g. provided that the service access request may include the IP address to be accessed and the data to be accessed, the resulting mirrored data also includes the IP address to be accessed and the data to be accessed. The service data link layer packet is data obtained after the service access request is truly processed. The switch 13 returns the service data link layer packet to the corresponding user terminal 12, so that the user can read the service data link layer packet through the user terminal 12, and normal service access and reading operation in the service system is realized.
In this embodiment, the first service server 11 only receives the service access request, does not substantially process the service access request, and the first service server 11 mainly establishes a TCP link with the user terminal 12 for use, or may be made into a honeypot to play a role in trapping. The first service server 11 does not store any substantial data, and if the service system is broken, no substantial data is read when the intrusion device accesses the first service server 11.
Further, in some embodiments, referring to fig. 2, the second network device comprises:
the second service server 21: the IP address of the first network is not configured, and the IP address is connected with the switch 13 in the analog subsystem 1 through a link; the second service server 21 is configured to receive the mirror image data, process the valid mirror image data, and then construct a service data link layer packet, and return the service data link layer packet to the switch 13.
In this embodiment, a plurality of second service servers 21 may form a server group, and an IP address of the second network may be configured on the second service server when the second service server is connected to the second service server or the second service server and other devices through the second network. The second service server 21 does not configure the IP address of the first network, and performs a non-network link connection with the switch 13. The second service server 21 constructs a service data link layer packet according to the effective mirror image data, processes the service access request, and returns the service access request to the switch 13.
Further, in some embodiments, referring to fig. 2, the link between the second service server 21 and the switch 13 includes a mirror link and a communication link;
the mirror link is used for the switch 13 to transmit mirror data to the second service server 21;
the communication link is used for the second service server 21 to return the service data link layer packets to the switch 13.
In the present embodiment, two links are provided between the second service server 21 and the switch 13: mirror links and communication links. For example, a port is provided on the second service server 21 as a mirror port, and a mirror link is provided, so that unidirectional data flow from the switch 13 to the second service server 21 is realized. The second service server 21 is further provided with another port to provide a communication link, so that the unidirectional data flow from the second service server 21 to the switch 13 is realized.
Further, in some embodiments, the second service server 21 is specifically configured to determine that the mirror data is valid when the mirror data is detected to be legal or on a preset whitelist.
In this embodiment, when the second service server 21 receives the mirror image data, it checks the rationality of the mirror image data, and if the mirror image data is illegal or not on the white list, it determines that the mirror image data is invalid, the second service server 21 may discard the mirror image data and not process the mirror image data. If the mirror image data is legal or on the white list, the mirror image data is judged to be valid, and the second service server 21 processes the mirror image data. Therefore, the business service system can carry out rationality analysis on the business access request, and can timely block if abnormality is found. The service system may determine whether the mirror image data is reasonable or not in the second service server 21, or may determine a service access request in the switch 13. The judging method of the switch 13 may be identical to the judging method of the second service server 21 or may be set by itself according to the characteristics of the own device. Therefore, the business service system can realize double check of the request data and timely block abnormal data.
Further, in some embodiments, the second service server 21 is specifically configured to process the valid mirrored data to obtain processed data, and simulate the first service server 11 to construct a service data link layer packet according to the processed data.
In this embodiment, since the user initiates the service access request according to the preset network communication protocol when using, the user terminal 12 also needs to analyze and read the service data according to the network communication protocol. Therefore, after the second service server 21 performs service processing on the effective mirror image data, the processing data cannot be directly returned, otherwise, the user terminal 12 cannot recognize and analyze the processing data, so that the second service server 21 needs to simulate the first service server 11, and the processing data is configured into a service data link layer packet according to the network communication protocol and then returned to the switch 13. For example, the second service server 21 constructs the processing data according to the TCP/IP protocol, and then obtains the service data link layer packet.
Embodiment two:
a business service method is operated on the business service system; referring to fig. 3, the business service method includes the steps of:
s1: the user terminal 12 is used for a user to initiate a service access request;
s2: the switch 13 receives the service access request and mirrors the service access request to obtain mirror image data;
s3: the first service server 11 receives a service access request;
s4: the second service server 21 receives the mirror image data, processes the effective mirror image data, constructs a service data link layer packet, and returns the service data link layer packet to the switch 13;
s5: the switch 13 returns the traffic data link layer packets to the corresponding user terminal 12.
Preferably, after the second service server 21 receives the mirror data, before processing the valid mirror data, it further includes:
the second service server 21 determines that the mirror data is valid when it detects that the mirror data is legal or on a preset whitelist.
Preferably, after the second service server 21 processes the valid mirror image data, constructing the service data link layer packet specifically includes:
the second service server 21 processes the valid mirrored data to obtain processed data, and the first service server 11 is simulated to construct a service data link layer packet according to the processed data.
For a brief description of the method provided by the embodiments of the present invention, reference may be made to the corresponding content in the foregoing embodiments where the description of the embodiments is not mentioned.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention, and are intended to be included within the scope of the appended claims and description.
Claims (6)
1. A business service system, comprising:
the simulation subsystem: a first network device including a plurality of IP addresses configured with a first network, the first network devices being connected through the first network; the simulation subsystem realizes the initiation of a service access request, the mirror image processing of the service access request and the return of a service data link layer packet through the first network equipment;
the real subsystem: a second network device including an IP address not configured with the first network, the second network device being connected to the analog subsystem by a link; the real subsystem realizes construction and return of a service data link layer packet through the second network equipment;
the first network device includes:
user terminal: configuring an IP address of the first network; the user terminal is used for a user to initiate the service access request;
the switch: configuring an IP address of the first network, and connecting the IP address with the user terminal through the first network; the switch is used for receiving the service access request and carrying out mirror image processing on the service access request to obtain mirror image data; the switch is also used for returning the business data link layer packet to the corresponding user terminal;
a first service server: configuring an IP address of the first network, and connecting the IP address with the switch through the first network; the first service server is configured to receive the service access request;
the second network device includes:
and a second service server: the IP address of the first network is not configured, and the IP address is connected with the switch in the analog subsystem through the link; the second service server is used for receiving the mirror image data, processing the effective mirror image data, constructing the service data link layer packet, and returning the service data link layer packet to the switch;
the link between the second service server and the switch comprises a mirror image link and a communication link;
the mirror link is used for the switch to transmit the mirror data to the second service server;
the communication link is used for the second service server to return the service data link layer packet to the switch.
2. The business service system of claim 1, wherein,
the second service server is specifically configured to determine that the mirror data is valid when the mirror data is detected to be legal or on a preset whitelist.
3. The business service system of claim 1, wherein,
the second service server is specifically configured to process the effective mirror image data to obtain processed data, and simulate the first service server to construct the service data link layer packet according to the processed data.
4. A business service method, characterized by running on the business service system of any one of claims 1-3; the business service method comprises the following steps:
the user terminal is used for a user to initiate a service access request;
the switch receives the service access request and mirrors the service access request to obtain mirror image data;
the first service server receives the service access request;
the second service server receives the mirror image data, processes the effective mirror image data, constructs a service data link layer packet, and returns the service data link layer packet to the switch;
and the switch returns the service data link layer packet to the corresponding user terminal.
5. The business service method of claim 4, wherein after the second business server receives the mirror data, before the processing the valid mirror data, further comprising:
and when the second service server detects that the mirror image data is legal or on a preset white list, judging that the mirror image data is valid.
6. The method for service according to claim 4, wherein after the second service server processes the valid mirror data, constructing the service data link layer packet specifically includes:
and the second service server processes the effective mirror image data to obtain processing data, and simulates the first service server to construct the service data link layer packet according to the processing data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111308712.6A CN114124477B (en) | 2021-11-05 | 2021-11-05 | Business service system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111308712.6A CN114124477B (en) | 2021-11-05 | 2021-11-05 | Business service system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114124477A CN114124477A (en) | 2022-03-01 |
| CN114124477B true CN114124477B (en) | 2024-04-05 |
Family
ID=80381262
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111308712.6A Active CN114124477B (en) | 2021-11-05 | 2021-11-05 | Business service system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114124477B (en) |
Citations (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101754407A (en) * | 2008-12-16 | 2010-06-23 | 联想(北京)有限公司 | Method, server and system for processing service access request |
| CN102752303A (en) * | 2012-07-05 | 2012-10-24 | 北京锐安科技有限公司 | Bypass-based data acquisition method and system |
| CN102859934A (en) * | 2009-03-31 | 2013-01-02 | 考持·维 | System and method for access management and security protection for network accessible computer services |
| CN103336798A (en) * | 2013-06-17 | 2013-10-02 | 华南理工大学 | Virtualized data access system and method of embedded network device |
| CN104113519A (en) * | 2013-04-16 | 2014-10-22 | 阿里巴巴集团控股有限公司 | Network attack detection method and device thereof |
| CN104301445A (en) * | 2013-07-15 | 2015-01-21 | 北京邮电大学 | Mobile Internet data transmission method and system |
| CN105471866A (en) * | 2015-11-23 | 2016-04-06 | 深圳市联软科技有限公司 | Protection method and apparatus for mobile application |
| CN106789952A (en) * | 2016-11-30 | 2017-05-31 | 用友优普信息技术有限公司 | A kind of LAN services interconnect the method and system of networking |
| CN107819727A (en) * | 2016-09-13 | 2018-03-20 | 腾讯科技(深圳)有限公司 | A kind of network safety protection method and system based on the safe credit worthiness of IP address |
| CN108616490A (en) * | 2016-12-13 | 2018-10-02 | 腾讯科技(深圳)有限公司 | A kind of method for network access control, apparatus and system |
| CN110493192A (en) * | 2019-07-17 | 2019-11-22 | 北京泰立鑫科技有限公司 | A kind of data safe transmission system and method based on data gateway |
| CN110519404A (en) * | 2019-08-02 | 2019-11-29 | 锐捷网络股份有限公司 | A kind of policy management method based on SDN, device and electronic equipment |
| CN110769462A (en) * | 2019-10-24 | 2020-02-07 | 杭州迪普科技股份有限公司 | Network access control method and device |
| CN111294798A (en) * | 2018-12-07 | 2020-06-16 | 中国移动通信集团陕西有限公司 | Data interaction method, device, terminal equipment and medium |
| CN111490993A (en) * | 2020-04-13 | 2020-08-04 | 江苏易安联网络技术有限公司 | Application access control security system and method |
| CN111752959A (en) * | 2020-05-29 | 2020-10-09 | 南京南瑞继保电气有限公司 | Real-time database cross-database SQL interaction method and system |
| CN111988314A (en) * | 2020-08-19 | 2020-11-24 | 杭州铂钰信息科技有限公司 | System architecture and method for dynamically deploying network security service |
| CN112073419A (en) * | 2020-09-11 | 2020-12-11 | 深圳市吉祥腾达科技有限公司 | Attack defense reliability test system for network solution |
| CN112383546A (en) * | 2020-11-13 | 2021-02-19 | 腾讯科技(深圳)有限公司 | Method for processing network attack behavior, related device and storage medium |
| CN112995151A (en) * | 2021-02-08 | 2021-06-18 | 腾讯科技(深圳)有限公司 | Access behavior processing method and device, storage medium and electronic equipment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9015301B2 (en) * | 2007-01-05 | 2015-04-21 | Digital Doors, Inc. | Information infrastructure management tools with extractor, secure storage, content analysis and classification and method therefor |
| US20110252001A1 (en) * | 2010-04-08 | 2011-10-13 | Dssdr, Llc | Mirroring High Availability System and Method |
| EP2939401B1 (en) * | 2012-12-27 | 2017-05-24 | Telecom Italia S.p.A. | Method for guaranteeing service continuity in a telecommunication network and system thereof |
-
2021
- 2021-11-05 CN CN202111308712.6A patent/CN114124477B/en active Active
Patent Citations (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101754407A (en) * | 2008-12-16 | 2010-06-23 | 联想(北京)有限公司 | Method, server and system for processing service access request |
| CN102859934A (en) * | 2009-03-31 | 2013-01-02 | 考持·维 | System and method for access management and security protection for network accessible computer services |
| CN102752303A (en) * | 2012-07-05 | 2012-10-24 | 北京锐安科技有限公司 | Bypass-based data acquisition method and system |
| CN104113519A (en) * | 2013-04-16 | 2014-10-22 | 阿里巴巴集团控股有限公司 | Network attack detection method and device thereof |
| CN103336798A (en) * | 2013-06-17 | 2013-10-02 | 华南理工大学 | Virtualized data access system and method of embedded network device |
| CN104301445A (en) * | 2013-07-15 | 2015-01-21 | 北京邮电大学 | Mobile Internet data transmission method and system |
| CN105471866A (en) * | 2015-11-23 | 2016-04-06 | 深圳市联软科技有限公司 | Protection method and apparatus for mobile application |
| CN107819727A (en) * | 2016-09-13 | 2018-03-20 | 腾讯科技(深圳)有限公司 | A kind of network safety protection method and system based on the safe credit worthiness of IP address |
| CN106789952A (en) * | 2016-11-30 | 2017-05-31 | 用友优普信息技术有限公司 | A kind of LAN services interconnect the method and system of networking |
| CN108616490A (en) * | 2016-12-13 | 2018-10-02 | 腾讯科技(深圳)有限公司 | A kind of method for network access control, apparatus and system |
| CN111294798A (en) * | 2018-12-07 | 2020-06-16 | 中国移动通信集团陕西有限公司 | Data interaction method, device, terminal equipment and medium |
| CN110493192A (en) * | 2019-07-17 | 2019-11-22 | 北京泰立鑫科技有限公司 | A kind of data safe transmission system and method based on data gateway |
| CN110519404A (en) * | 2019-08-02 | 2019-11-29 | 锐捷网络股份有限公司 | A kind of policy management method based on SDN, device and electronic equipment |
| CN110769462A (en) * | 2019-10-24 | 2020-02-07 | 杭州迪普科技股份有限公司 | Network access control method and device |
| CN111490993A (en) * | 2020-04-13 | 2020-08-04 | 江苏易安联网络技术有限公司 | Application access control security system and method |
| CN111752959A (en) * | 2020-05-29 | 2020-10-09 | 南京南瑞继保电气有限公司 | Real-time database cross-database SQL interaction method and system |
| CN111988314A (en) * | 2020-08-19 | 2020-11-24 | 杭州铂钰信息科技有限公司 | System architecture and method for dynamically deploying network security service |
| CN112073419A (en) * | 2020-09-11 | 2020-12-11 | 深圳市吉祥腾达科技有限公司 | Attack defense reliability test system for network solution |
| CN112383546A (en) * | 2020-11-13 | 2021-02-19 | 腾讯科技(深圳)有限公司 | Method for processing network attack behavior, related device and storage medium |
| CN112995151A (en) * | 2021-02-08 | 2021-06-18 | 腾讯科技(深圳)有限公司 | Access behavior processing method and device, storage medium and electronic equipment |
Non-Patent Citations (2)
| Title |
|---|
| "Identifying Application-Layer DDoS Attacks Based on Request Rhythm Matrices";Huan Lin等;《 IEEE Access ( Volume: 7)》 * |
| "Windows中的网络连接和数据传输管理研究";卿斯汉;《信息网络安全》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114124477A (en) | 2022-03-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10904293B2 (en) | System and method for providing network and computer firewall protection with dynamic address isolation to a device | |
| US10313368B2 (en) | System and method for providing data and device security between external and host devices | |
| CN1086086C (en) | Security system for interconnected computer networks | |
| US7975024B2 (en) | Virtual personal computer access over multiple network sites | |
| CN1305271C (en) | Network safety isolating and information exchanging system and method based on proxy mapping | |
| CN106713365A (en) | Cloud environment-based network security system | |
| EP2132643A1 (en) | System and method for providing data and device security between external and host devices | |
| WO2022257226A1 (en) | Cyberspace mapping-based honeypot recognition method and apparatus, device, and medium | |
| CN114124477B (en) | Business service system and method | |
| CN111526124B (en) | Isolated communication system and method based on internal and external networks | |
| CN116318868A (en) | Cross-browser bill roaming method | |
| Susilo et al. | Personal firewall for Pocket PC 2003: design & implementation | |
| Yina | Discussion on computer network security technology and firewall technology | |
| WO2021181391A1 (en) | System and method for finding, tracking, and capturing a cyber-attacker | |
| US10757078B2 (en) | Systems and methods for providing multi-level network security | |
| Masuya et al. | An experience of monitoring university network security using a commercial service and diy monitoring | |
| Yoon et al. | Implementation of the automated network vulnerability assessment framework | |
| CN115883479B (en) | Message processing method and device of load balancing equipment | |
| CN111586034B (en) | Data processing system and method | |
| Bang et al. | Research on financial institutional network partition design for anti-hacking | |
| Morthala | Building Firewall Application To Enhance The Cyber Security | |
| Al-Mwald et al. | Detection and Prevention of ARP Cache Poisoning in Advanced Persistent Threats Using Multiphase Validation and Firewall | |
| Dimitriadis | Security for Mobile Operators in Practice. | |
| TW202203059A (en) | Information security blind spot detection system for normal network behavior and method thereof capable of further discovering malicious traffic within internal network to allow information security persons to revise firewall rules as soon as possible so as to enhance information security | |
| CN118842610A (en) | Service protection method for dynamic network isolation based on identity implantation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |