CN103067355A - Network guard method and system based on domain name - Google Patents
Network guard method and system based on domain name Download PDFInfo
- Publication number
- CN103067355A CN103067355A CN2012105281799A CN201210528179A CN103067355A CN 103067355 A CN103067355 A CN 103067355A CN 2012105281799 A CN2012105281799 A CN 2012105281799A CN 201210528179 A CN201210528179 A CN 201210528179A CN 103067355 A CN103067355 A CN 103067355A
- Authority
- CN
- China
- Prior art keywords
- security
- gateway
- domain name
- safe
- generally recognized
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a network guard method and a system based on a domain name. The method includes the following steps: a core security gateway sends security policies to an edge security gateway, and the edge security gateway obtains access data, matches the security policies, guards information safety of a user with specified domain name, records safeguarding information, and reports the safeguarding information to the core gateway. According to the network guard method based on the domain name, the core security gateway sends the security policies to the edge security gateway, and the edge security gateway obtains the access data, matches the security policies, guards the information safety of the user with the specified domain name, records the safeguarding information and reports the safeguarding information to the core gateway. The method has the advantages that the network guard can be conducted with accuracy to the domain name.
Description
Technical field
The present invention relates to technical field of the computer network, relate in particular to a kind of network protection method and system based on domain name.
Background technology
Along with making constant progress of social informatization, the user also payes attention to unusually to the fail safe of the network information.The conventional security product can't satisfy the network protection requirement based on domain name.The conventional security product strategy all is with IP(Internet Protocol, Internet protocol) or the network port be that object is formulated, when a main frame carries a plurality of domain name, adopt traditional safety protecting method just can't accurately use domain name that attack is positioned, more can't take pointedly corresponding safeguard procedures; And the strategy according to IP protects all domain names that also can have influence on the whole main frame.In addition, traditional safety product also can't satisfy CDN(Content Delivery Network, content distributing network) network information requirement of shelter under this distributed deployment environment, because traditional safety product mostly is the method that adopts the single-point protection, this need to configure one by one to each node, and the configuration effort amount is large and layoutprocedure is very loaded down with trivial details; And the protection each other of each node also is independently, and the unification that is unfavorable for information gathers and integrates.
Summary of the invention
Main purpose of the present invention provides a kind of network protection method and system based on domain name, is intended to reach the purpose according to domain name real-time protection network security.
The invention discloses a kind of network protection method based on domain name, may further comprise the steps:
Step S01, core security gateway issue security strategy to the gras generally recognized as safe gateway;
Step S02, described gras generally recognized as safe gateway obtain visit data, mate described security strategy, protection designated domain name user's information security, and record security protection information also reports to described core security gateway.
Preferably, also comprise step after the described step S02:
Step S03, described core security gateway receive the described security protection information of also preserving, and described security protection information is classified and showed.
Preferably, described step S01 comprises:
Described core security gateway is according to the renewal of inherently safe strategy, the security strategy of the described gras generally recognized as safe gateway of real-time update.
Preferably, the described step S03 center full gateway of feeling at ease is classified and is showed described security protection information based on domain name and comprises:
Based on domain name, the described security protection information under the same domain name is divided into same class;
According to domain name, show sorted described security protection information.
Preferably, the visit data that the gras generally recognized as safe gateway obtains described in the described step S01 is, the user accesses the data that the node resource of the content node server nearest apart from self geographical position produces.
The present invention also discloses a kind of network-safeguard system based on domain name, comprises core security gateway and gras generally recognized as safe gateway;
Described core security gateway is used for, and issues security strategy to the gras generally recognized as safe gateway;
Described gras generally recognized as safe gateway is used for, and obtains visit data, mates described security strategy, protection designated domain name user's information security, and record security protection information also reports to described core security gateway.
Preferably, described core security gateway also is used for, and receives and preserve described security protection information, and described security protection information is classified and showed.
Preferably, described core security gateway also is used for, according to the renewal of inherently safe strategy, and the security strategy of the described gras generally recognized as safe gateway of real-time update.
Preferably, described core security gateway also is used for, and based on domain name, the described security protection information under the same domain name is divided into same class; According to domain name, show sorted described security protection information.
Preferably, the visit data that described gras generally recognized as safe gateway obtains is, the user accesses the data that the node resource of the content node server nearest apart from self geographical position produces.
The present invention issues security strategy to the gras generally recognized as safe gateway by the core security gateway; Described gras generally recognized as safe gateway obtains visit data, mate described security strategy, protection designated domain name user's information security, record security are protected information and are reported to the method for described core security gateway, have the beneficial effect that the domain name of being accurate to is implemented protected network safety.
Description of drawings
Fig. 1 is the distribute network application guard system deployment architecture schematic diagram that the present invention is based on domain name;
Fig. 2 is the network protection method one embodiment schematic flow sheet that the present invention is based on domain name;
Fig. 3 is the another embodiment schematic flow sheet of network protection method that the present invention is based on domain name;
Fig. 4 the present invention is based in the network protection method of domain name, the security protection daily record one example structure schematic diagram of gras generally recognized as safe gateway record;
Fig. 5 is the network-safeguard system one example structure schematic diagram that the present invention is based on domain name.
The realization of the object of the invention, functional characteristics and advantage are described further with reference to accompanying drawing in connection with embodiment.
Embodiment
Further specify technical scheme of the present invention below in conjunction with Figure of description and specific embodiment.Should be appreciated that specific embodiment described herein only in order to explain the present invention, is not intended to limit the present invention.
The present invention is based on the network protection method and system of domain name in conjunction with the distributed characteristics of CDN, adopt a core security gateway, the structure of a plurality of gras generally recognized as safe gateways, according to unified security strategy, based on domain name the network information is protected, and will protect the recorded information unification and be uploaded to the core security gateway, concentrate displaying by the core security gateway.
Please refer to Fig. 1, Fig. 1 is the distribute network application guard system deployment architecture schematic diagram that the present invention is based on domain name; Source station shown in Figure 1 refers to content distributed original site, and file newly-increased, that delete and change the website all carries out in the source station; The object of caching server crawl also all comes from the source station.Content node shown in Figure 1 is caching server, the site resource that content node directly provides the user to access.Network design shown in Figure 1 adopts the CDN deployment mode; Described CDN is a kind of new network building mode, by in existing Internet(the Internet) in increase the new network architecture of one deck, the content of website is published to network " edge " near the user, make the user can obtain required content nearby, solve the situation of Internet network congestion, improve the response speed of user's access websites; From the angle of broad sense, CDN has represented a kind of network service mode based on quality and order.
Based on above description, please refer to Fig. 2, Fig. 2 is the network protection method one embodiment schematic flow sheet that the present invention is based on domain name; As shown in Figure 2, the network protection method that the present invention is based on domain name may further comprise the steps:
Step S01, core security gateway issue security strategy to the gras generally recognized as safe gateway;
In a preferred embodiment, domain name can be formulated security strategy as object, according to this security strategy configuration core security gateway; After configuration was finished, the core security gateway issued security strategy to each gras generally recognized as safe gateway, realizes the unification of each security gateway security strategy; Simultaneously, as long as the security strategy on the core security gateway has renewal, then this core security gateway just can be according to the security strategy on each gras generally recognized as safe gateway of renewal real-time update of inherently safe strategy; Like this, just realized the security strategy by the control core security gateway, just can upgrade automatically real-time security strategy to the effect of each gras generally recognized as safe gateway, and need not remove to arrange artificially each security gateway in the network by the keeper, realized the consistency of security strategy before each node server.
Step S02, described gras generally recognized as safe gateway obtain visit data, mate described security strategy, protection designated domain name user's information security, and record security protection information also reports to described core security gateway.
When the user passes through the browse request network server resources, name server is according to the geographical location information of user's access, the IP of the content node server that layback user self geographical position is nearest is convenient to user's accessed content node resource nearby to the user, saves the access time.When user's accessed content node resource, the gras generally recognized as safe gateway obtains user's visit data, and the coupling security strategy based on this user's domain name, is followed the trail of the security threat of this user's domain name, and this security threat is identified; To professional and the extent of injury of data security and keeper's corresponding configuration, alarm is tackled or sent to this security threat according to this security threat.Simultaneously; gras generally recognized as safe gateway record security protection information is usually said security protection daily record; analyze the safe condition of the domain name of the content node of current protection and protection; and the safety state information summarizing and reporting of current content node to the core security gateway, for the core security gateway respective handling is carried out in above-mentioned security protection daily record.
The present embodiment issues security strategy to the gras generally recognized as safe gateway by the core security gateway; Described gras generally recognized as safe gateway obtains visit data, mate described security strategy, protection designated domain name user's information security, record security are protected information and are reported to the method for described core security gateway, have the beneficial effect that the domain name of being accurate to is implemented protected network safety.
With reference to Fig. 3, Fig. 3 is the another embodiment schematic flow sheet of network protection method that the present invention is based on domain name; The difference of the present embodiment and the described embodiment of Fig. 2 is only to have increased step S03; The present embodiment only is described specifically step S03, and other the related steps of network protection method that the present invention is based on domain name please refer to the specific descriptions of above-described embodiment, do not repeat them here.
As shown in Figure 3, the network protection method that the present invention is based on domain name is obtained visit data at step S02, described gras generally recognized as safe gateway, mate described security strategy, protection designated domain name user's information security, record security protects information and reports to described core security gateway and also comprises step afterwards:
Step S03, described core security gateway receive the described security protection information of also preserving, and described security protection information is classified and showed.
The core security gateway receives the security protection information that the gras generally recognized as safe gateway is reported; The security protection daily record of this user's domain name that the gras generally recognized as safe gateway on no matter which fringe node is collected, can both feed back in real time the core security gateway, write the database of core security gateway, namely the core security gateway can see that all are based on the security protection daily record of domain name.The core security gateway is classified all security protection daily records that the gras generally recognized as safe gateway reports according to domain name, the security protection daily record that is about to same domain name is divided into a class, and shows sorted security protection daily record.Particularly, the personnel with authority can see security protection daily records all on the core security gateway such as network manager, supplier etc., thereby carry out flexible charging of fees etc. according to above-mentioned security protection information; The user can consult the separately security protection daily record of domain name, and namely the user of certain certain domain name can only inquire the security protection daily record of own domain name, can not check the security protection daily record of other domain name; With reference to Fig. 4, Fig. 4 the present invention is based in the network protection method of domain name, the security protection daily record one example structure schematic diagram of gras generally recognized as safe gateway record; As shown in Figure 4, shared percentage in the number of times of attack that security protection log packet includes network attack type, each attack type of gras generally recognized as safe gateway record are corresponding and the attack type of each same node server in attack type place.Like this, when checking this security protection daily record, various information are very clear.
The present embodiment receives by the core security gateway and preserves described security protection information, to the method that described security protection information is classified and showed, has centralized collection and according to the beneficial effect of domain name displaying security protection daily record.
With reference to Fig. 5, Fig. 5 is the network-safeguard system one example structure schematic diagram that the present invention is based on domain name.As shown in Figure 5, the network-safeguard system that the present invention is based on domain name comprises: core security gateway 01 and gras generally recognized as safe gateway 02.
In a preferred embodiment, domain name can be formulated security strategy as object, according to this security strategy configuration core security gateway 01; After configuration was finished, core security gateway 01 issued security strategy to each gras generally recognized as safe gateway 02, realizes the unification of each security gateway security strategy; Simultaneously, as long as the security strategy on the core security gateway 01 has renewal, then this core security gateway 01 just can be according to the security strategy on each gras generally recognized as safe gateway 02 of renewal real-time update of inherently safe strategy; Like this, just realized the security strategy by control core security gateway 01, just can upgrade automatically real-time security strategy to the effect of each gras generally recognized as safe gateway 02, and need not remove to arrange artificially each security gateway in the network by the keeper, realized the consistency of security strategy before each node server.
Gras generally recognized as safe gateway 02 is used for, and obtains visit data, mates described security strategy, protection designated domain name user's information security, and record security protection information also reports to described core security gateway.
When the user passes through the browse request network server resources, name server is according to the geographical location information of user's access, the IP of the content node server that layback user self geographical position is nearest is convenient to user's accessed content node resource nearby to the user, saves the access time.When user's accessed content node resource, gras generally recognized as safe gateway 02 obtains user's visit data, and the coupling security strategy based on this user's domain name, is followed the trail of the security threat of this user's domain name, and this security threat is identified; To professional and the extent of injury of data security and keeper's corresponding configuration, alarm is tackled or sent to this security threat according to this security threat.Simultaneously; gras generally recognized as safe gateway 02 record security protection information is usually said security protection daily record; analyze the safe condition of the domain name of the content node of current protection and protection; and the safety state information summarizing and reporting of current content node to core security gateway 01, carry out respective handling for core security gateway 01 pair of above-mentioned security protection daily record.
The present embodiment issues security strategy to the gras generally recognized as safe gateway by the core security gateway; Described gras generally recognized as safe gateway obtains visit data, mates described security strategy, protection designated domain name user's information security, and record security protection information also reports to described core security gateway, has the beneficial effect that the domain name of being accurate to is implemented protected network safety.
Please referring again to Fig. 5, the gateway of core security described in Fig. 5 01 also is used for, and receives and preserve described security protection information, and described security protection information is classified and showed.
The present embodiment receives and preserves described security protection information by the core security gateway, described security protection information is classified and showed, has centralized collection and according to the beneficial effect of domain name displaying security protection daily record.
When actual deployment, the present invention is based in the network-safeguard system of domain name, core gateway can be same physical entity with certain edge of table gateway.
The above only is the preferred embodiments of the present invention; be not so limit its claim; every equivalent structure or equivalent flow process conversion that utilizes specification of the present invention and accompanying drawing content to do; directly or indirectly be used in other relevant technical fields, all in like manner be included in the scope of patent protection of the present invention.
Claims (10)
1. the network protection method based on domain name is characterized in that, may further comprise the steps:
Step S01, core security gateway issue security strategy to the gras generally recognized as safe gateway;
Step S02, described gras generally recognized as safe gateway obtain visit data, mate described security strategy, protection designated domain name user's information security, and record security protection information also reports to described core security gateway.
2. the method for claim 1 is characterized in that, also comprises step after the described step S02:
Step S03, described core security gateway receive the described security protection information of also preserving, and described security protection information is classified and showed.
3. method as claimed in claim 1 or 2 is characterized in that, described step S01 comprises:
Described core security gateway is according to the renewal of inherently safe strategy, the security strategy of the described gras generally recognized as safe gateway of real-time update.
4. method as claimed in claim 1 or 2 is characterized in that, the described step S03 center full gateway of feeling at ease is classified and showed described security protection information based on domain name and comprises:
Based on domain name, the described security protection information under the same domain name is divided into same class;
According to domain name, show sorted described security protection information.
5. method as claimed in claim 1 or 2 is characterized in that, the visit data that the gras generally recognized as safe gateway obtains described in the described step S01 is, the user accesses the data that the node resource of the content node server nearest apart from self geographical position produces.
6. the network-safeguard system based on domain name is characterized in that, comprises core security gateway and gras generally recognized as safe gateway;
Described core security gateway is used for, and issues security strategy to the gras generally recognized as safe gateway;
Described gras generally recognized as safe gateway is used for, and obtains visit data, mates described security strategy, protection designated domain name user's information security, and record security protection information also reports to described core security gateway.
7. system as claimed in claim 6 is characterized in that, described core security gateway also is used for, and receives and preserve described security protection information, and described security protection information is classified and showed.
8. such as claim 6 or 7 described systems, it is characterized in that, described core security gateway also is used for, according to the renewal of inherently safe strategy, and the security strategy of the described gras generally recognized as safe gateway of real-time update.
9. such as claim 6 or 7 described systems, it is characterized in that, described core security gateway also is used for, and based on domain name, the described security protection information under the same domain name is divided into same class; According to domain name, show sorted described security protection information.
10. system as claimed in claim 6 is characterized in that, the visit data that described gras generally recognized as safe gateway obtains is, the user accesses the data that the node resource of the content node server nearest apart from self geographical position produces.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012105281799A CN103067355A (en) | 2012-12-10 | 2012-12-10 | Network guard method and system based on domain name |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012105281799A CN103067355A (en) | 2012-12-10 | 2012-12-10 | Network guard method and system based on domain name |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103067355A true CN103067355A (en) | 2013-04-24 |
Family
ID=48109817
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012105281799A Pending CN103067355A (en) | 2012-12-10 | 2012-12-10 | Network guard method and system based on domain name |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103067355A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103561030A (en) * | 2013-11-07 | 2014-02-05 | 国家电网公司 | Wireless self-organizing network intrusion detection method and device |
| CN104021351A (en) * | 2014-05-28 | 2014-09-03 | 宇龙计算机通信科技(深圳)有限公司 | Method and device for data resource access |
| CN106210057A (en) * | 2016-07-13 | 2016-12-07 | 成都知道创宇信息技术有限公司 | A kind of cloud security means of defence based on CDN |
| CN106789959A (en) * | 2016-12-01 | 2017-05-31 | 北京锐安科技有限公司 | A kind of data safe processing device and processing method |
| JP2019179953A (en) * | 2018-03-30 | 2019-10-17 | 日本電気株式会社 | Information processing system, edge device, and information processing method |
| CN112511660A (en) * | 2020-11-12 | 2021-03-16 | 北京软通智慧城市科技有限公司 | Management system, method, device and storage medium of edge terminal equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070204040A1 (en) * | 2006-02-28 | 2007-08-30 | Red. Hat, Inc. | System and method for domain name filtering through the domain name system |
| CN101789942A (en) * | 2010-01-29 | 2010-07-28 | 蓝盾信息安全技术股份有限公司 | Method for preventing sensitive data from betraying confidential matters and device thereof |
-
2012
- 2012-12-10 CN CN2012105281799A patent/CN103067355A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070204040A1 (en) * | 2006-02-28 | 2007-08-30 | Red. Hat, Inc. | System and method for domain name filtering through the domain name system |
| CN101789942A (en) * | 2010-01-29 | 2010-07-28 | 蓝盾信息安全技术股份有限公司 | Method for preventing sensitive data from betraying confidential matters and device thereof |
Non-Patent Citations (1)
| Title |
|---|
| 熊定云: "基于域名过滤的控管技术研究", 《中国优秀硕士学位论文全文数据库 信息科技辑(2011年)》, no. 1, 15 December 2011 (2011-12-15) * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103561030A (en) * | 2013-11-07 | 2014-02-05 | 国家电网公司 | Wireless self-organizing network intrusion detection method and device |
| CN104021351A (en) * | 2014-05-28 | 2014-09-03 | 宇龙计算机通信科技(深圳)有限公司 | Method and device for data resource access |
| CN104021351B (en) * | 2014-05-28 | 2017-11-17 | 宇龙计算机通信科技(深圳)有限公司 | The access method and device of a kind of data resource |
| CN106210057A (en) * | 2016-07-13 | 2016-12-07 | 成都知道创宇信息技术有限公司 | A kind of cloud security means of defence based on CDN |
| CN106789959A (en) * | 2016-12-01 | 2017-05-31 | 北京锐安科技有限公司 | A kind of data safe processing device and processing method |
| JP2019179953A (en) * | 2018-03-30 | 2019-10-17 | 日本電気株式会社 | Information processing system, edge device, and information processing method |
| JP7028025B2 (en) | 2018-03-30 | 2022-03-02 | 日本電気株式会社 | Information processing systems, edge devices, and information processing methods |
| CN112511660A (en) * | 2020-11-12 | 2021-03-16 | 北京软通智慧城市科技有限公司 | Management system, method, device and storage medium of edge terminal equipment |
| CN112511660B (en) * | 2020-11-12 | 2023-11-24 | 北京软通智慧科技有限公司 | Management system, method and device of edge terminal equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11757945B2 (en) | Collaborative database and reputation management in adversarial information environments | |
| US10904277B1 (en) | Threat intelligence system measuring network threat levels | |
| EP3641225B1 (en) | Policy-driven compliance | |
| CN106713332B (en) | Network data processing method, device and system | |
| CN103067355A (en) | Network guard method and system based on domain name | |
| JP2020114016A (en) | Network flow log for multi-tenant environment | |
| US10140453B1 (en) | Vulnerability management using taxonomy-based normalization | |
| US8712596B2 (en) | Malicious attack detection and analysis | |
| CN107818150A (en) | A kind of log audit method and device | |
| CN106170772A (en) | Network safety system | |
| CN104376494B (en) | traffic information management and service system based on cloud system | |
| CN103152352A (en) | Perfect information security and forensics monitoring method and system based on cloud computing environment | |
| CN106293892A (en) | Distributed stream calculates system, method and apparatus | |
| CN104700024B (en) | A kind of method and system of Unix classes host subscriber operational order audit | |
| KR20140035146A (en) | Apparatus and method for information security | |
| CN105871803A (en) | Flow-based network state rapid sensing system | |
| CN104683378A (en) | Computing and debugging system for novel cloud computing service platform adopting new technology | |
| CN107948297A (en) | Suitable for the cloud management system of government affairs cloud | |
| CN105025006A (en) | An active information safety operation platform | |
| CN108965317A (en) | A kind of network data guard system | |
| CN108270718A (en) | A kind of control method and system based on Hadoop clusters | |
| CN104184629A (en) | OTA hotel system-based performance monitoring method | |
| KR20150029513A (en) | Server for assessing personal information protection and method thereof | |
| CN104796280A (en) | Service authority detection method and device | |
| CN109361683B (en) | Trust system-based low-level, middle-level and high-level website supervision device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130424 |