[go: up one dir, main page]

CN108400879A - The discovery method and system of information assets based on gateway - Google Patents

The discovery method and system of information assets based on gateway Download PDF

Info

Publication number
CN108400879A
CN108400879A CN201710065912.0A CN201710065912A CN108400879A CN 108400879 A CN108400879 A CN 108400879A CN 201710065912 A CN201710065912 A CN 201710065912A CN 108400879 A CN108400879 A CN 108400879A
Authority
CN
China
Prior art keywords
network
types
services
network address
judging result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710065912.0A
Other languages
Chinese (zh)
Inventor
薛永刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xin'an Spring Technology Co Ltd
Original Assignee
Beijing Xin'an Spring Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xin'an Spring Technology Co Ltd filed Critical Beijing Xin'an Spring Technology Co Ltd
Priority to CN201710065912.0A priority Critical patent/CN108400879A/en
Publication of CN108400879A publication Critical patent/CN108400879A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

An embodiment of the present invention provides a kind of discovery method of the information assets based on gateway, this method includes:During carrying out network message forwarding, service type identification is carried out to the network message received, obtains the types of network services to be asked of network message;Network address analysis is carried out to the network message, obtains the destination network addresses for the target device that the network message to be asked;Based on the types of network services and the network address, judges types of network services and whether there is map record identical with the types of network services and network address in the mapping table of network address;Based on judging result, the operation in response to judging result is executed.The network message based on gateway type device for flow warp of the embodiment of the present invention carries out network service identification and network address analysis, the automatic variation for finding the various assets in current network, additional equipment need not be increased, the automatic purpose for finding networked asset can be realized in the original network architecture.

Description

The discovery method and system of information assets based on gateway
Technical field
The present invention relates to networked asset administrative skill field more particularly to a kind of discovery sides of the information assets based on gateway Method and system.
Background technology
Gateway is a term in network communication, it typically represents the net for isolation and intercommunication between heterogeneous networks Network equipment.This kind of equipment is often arranged on the boundary of network, such as the broadband outlet of a company, the outer net of a school go out Mouthful, etc..
The effect of gateway in a network is very important, and ensures that the intercommunication of internal-external network is its basic function, And herein on, gateway also need to intranet and extranet carry out effectively be isolated and protect, ensure the safely controllable of internal network.It is based on Safely controllable demand derives a series of gateway type Network Security Device, such as fire wall, network log-in management system, UTM Deng.
Network Security Device is usually required for different networked asset (such as WEB server, mail server, code clothes Business device, database) different security protections is carried out, to meet the needs of business and management.Each networked asset generally can be right One or more network address, Network Security Device is answered to distinguish various networked assets by these network address.
In existing gateway type safety equipment, network administrator needs manually to count all networked assets, and in network Relevant various protection configurations are carried out on safety equipment.When networked asset changes (such as newly-increased networked asset, The network address of networked asset changes), network administrator is required for changing relevant configuration.
There are many kinds of different forms for the technical solution of specific implementation, but basically, are built by manual configuration The correspondence of network address and Asset Type is erected, and this relationship is applied in the configuration of security protection.
In existing implementation method, the discovery needs of assets are manually completed by administrator.New network money is added in network When production, administrator must be known by these variations, and relevant configuration is carried out on gateway.When a network size is larger It waits, there are many user of network, and each user may increase or reduce the assets in network;Original assets may be due to industry The variation of business demand provides new network service, so that its networked asset type changes.The change of these networked assets Change (increase, reduce, change type etc.) network administrator is required for respond in time.This mode is asked of both existing Topic.
Disadvantage one:Network administrator is difficult to know all networked asset situations of change, thus can not be according to networked asset Variation carry out corresponding protection adjustment.
Disadvantage two:Even if network administrator understand that the situation of change of these networked assets, it is also desirable to spend a large amount of Time carries out relevant configuration, can not accomplish automatic business processing.
Invention content
The purpose of the embodiment of the present invention is to provide a kind of discovery method and system of the information assets based on gateway, can be certainly The dynamic variation (increase, reduce, changing Asset Type) for finding various assets informations in network, improves the identification effect of assets information Rate.
One side according to the ... of the embodiment of the present invention provides a kind of discovery method of the information assets based on gateway, application In gateway device, the gateway device setting between inner network and external network, the method includes:Carrying out network message forwarding In the process, service type identification is carried out to the network message received, obtains the network service to be asked of the network message Type;Network address analysis is carried out to the network message, obtains the target for the target device that the network message to be asked Network address;Based on the types of network services and the network address, the mapping of types of network services and network address is judged It whether there is map record identical with the types of network services and network address in relation table;Based on judging result, sound is executed It should be in the operation of judging result.
Wherein, be based on judging result, execute in response to judging result operation the step of include:When judging result is mapping When existing in relation table with the types of network services and the different map record of network address, based on the types of network services and Network address, the new mappings for generating the types of network services and the destination network addresses record.
Wherein, be based on judging result, execute in response to judging result operation the step of include:When judging result is mapping When there is map record identical with the types of network services and network address in relation table, the network based on target device The network message is transmitted to corresponding target device by location.
Wherein, be based on judging result, execute in response to judging result operation the step of include:When judging result is mapping There are when a map record identical as the types of network services, network address is different in relation table, it is based on the network service Type and the network address, generate the types of network services in the mapping table of the types of network services and network address It is recorded with the new mappings of the destination network addresses.
Wherein, be based on judging result, execute in response to judging result operation the step of include:When judging result is mapping In relation table there are one different from the types of network services, network address identical map record when, be based on the network service Type and the network address are deleted in the mapping table of the types of network services and network address in mapping table Former map record, the new mappings for generating the types of network services and the destination network addresses record.
Another aspect according to the ... of the embodiment of the present invention provides a kind of information assets discovery system based on gateway, feature Be, be applied to gateway device, gateway device setting between inner network and external network, the system comprises:It is single using identification Member, for during carrying out network message forwarding, carrying out service type identification to the network message received, obtaining described The types of network services to be asked of network message;Information process unit, for carrying out network address point to the network message Analysis, obtains the destination network addresses for the target device that the network message to be asked;Judging unit, for being based on the network Service type and the network address judge to whether there is and the net in the mapping table of types of network services and network address Network service type and the identical map record of network address;Response unit is executed for being based on judging result in response to judging to tie The operation of fruit.
Wherein, when the judging result of judging unit is to exist and the types of network services and network address in mapping table When different map record, response unit be based on the types of network services and network address, generate the types of network services with The new mappings of the destination network addresses record.
Wherein, when the judging result of judging unit is to exist and the types of network services and network address in mapping table When identical map record, which is transmitted to corresponding target by network address of the response unit based on target device Equipment.
Wherein, when the judging result of judging unit be mapping table in there are one it is identical as the types of network services, When the different map record of network address, response unit is based on the types of network services and the network address, is taken in the network The new mappings that the types of network services and the destination network addresses are generated in the mapping table of service type and network address record.
Wherein, be based on judging result, execute in response to judging result operation the step of include:When the judgement of judging unit As a result be exist in mapping table one different from the types of network services, network address identical map record when, respond Unit is based on the types of network services and the network address, in the mapping table of the types of network services and network address In, the former map record in mapping table is deleted, the new mappings for generating the types of network services and the destination network addresses are remembered Record.
Another aspect according to the ... of the embodiment of the present invention provides a kind of gateway device, which is characterized in that including being based on gateway Information assets find system.
The advantageous effect of the embodiment of the present invention is, the embodiment of the present invention by the network message by gateway device into Row application identification and network address analysis, obtain the types of network services to be asked of the network message and the mesh to be asked The destination network addresses of marking device, the destination network addresses based on types of network services He the target device to be asked generate The mapping table of types of network services and destination network addresses, to realize automatic discovery and the record of information assets.
Description of the drawings
Fig. 1 is deployed position schematic diagram of the gateway device of the offer of the embodiment of the present invention one in whole network system;
Fig. 2 is the flow chart of the discovery method for the information assets based on gateway that the embodiment of the present invention one provides;
Fig. 3 is a kind of flow chart of the discovery method for information assets based on gateway that the embodiment of the present invention three provides;
Fig. 4 is a kind of flow chart of the discovery method for information assets based on gateway that the embodiment of the present invention four provides;
Fig. 5 is a kind of flow chart of the discovery method for information assets based on gateway that the embodiment of the present invention five provides;
Fig. 6 is the structural schematic diagram of the discovery system for the information assets based on gateway that the embodiment of the present invention six provides.
Specific implementation mode
In order to make the objectives, technical solutions and advantages of the present invention clearer, With reference to embodiment and join According to attached drawing, the present invention is described in more detail.It should be understood that these descriptions are merely illustrative, and it is not intended to limit this hair Bright range.In addition, in the following description, descriptions of well-known structures and technologies are omitted, to avoid this is unnecessarily obscured The concept of invention.
It should be noted that:Network services identification technology, is answered by the flow (message) to specific server With identification, it can analyze which application operation on the server has.Pass through an application or the combination of multiple applications, it may be determined that The server externally provides what type of service.For example, finding that operation has Nginx applications on the server, which will It is classified as web server;Find that operation there are Oracle applications on the server, which will be classified as database service Device.
Fig. 1 is referred to, Fig. 1 is deployed position of the gateway device of the offer of the embodiment of the present invention one in whole network system Schematic diagram.The gateway device is arranged between inner network and external network, for being forwarded to the network message for flowing through the gateway device, The network message for flowing through the network equipment includes:Client is sent to the server for providing network service by the gateway device Network message, and the server of network service is provided and is sent to the network message of client by the gateway device.Wherein, network Message includes:Types of network services, destination address and source address.
Due to the specific position of gateway device in a network, the network message between all Intranets and outer net must all pass through Gateway is forwarded, therefore, if during gateway forwards network message, to network message carry out network service identification and Network address is analyzed, on this basis, it will be able to realize the automatic function of finding networked asset.
Embodiment one
Fig. 2 is the flow chart of the discovery method for the information assets based on gateway that the embodiment of the present invention one provides.
As shown in Fig. 2, in the embodiment of the present invention one, a kind of discovery method of the information assets based on gateway is applied to Gateway device, this method include:
S11 carries out service type identification to the network message received, obtains during carrying out network message forwarding The types of network services to be asked to the network message.
In this step, the network equipment is during carrying out network message forwarding, while (the packet of the network message to receiving Client is included to be sent to the network message for the server that network service is provided by the gateway device and the clothes of network service are provided Business device is sent to the network message of client by the network equipment) network service identification is carried out, the message is obtained to be asked Types of network services.
S12 carries out network address analysis to the network message, obtains the target device to be asked of the network message Destination network addresses.
In this step, network address analysis is carried out to network message, parsing obtains the target to be asked of network message The destination network addresses of equipment and the source network address of source device.
It needs to illustrate:Target device and source device are relative concepts, it is assumed that user end to server sends network message, Then client is source device, and server is target device, and source network address is the network address of client, and destination network addresses are The network address of server.It is assumed that server end sends network message to client, then server is source device, and client is Target device, source network address are the network address of server, and destination network addresses are the network address of client.
As an example it is assumed that customer end A sends network message D by gateway device B to server C, gateway device B is connecing When receiving network message D, network service identification and network address analysis are carried out to it, obtains the net to be asked of the network message The destination network addresses F (i.e. the network address of server C) of network service type E and the target device to be asked.
Here, the execution sequence of step S11 and step S12 is not unique, can successively execute, can also be performed simultaneously.Example Such as, it can be executed according to the execution sequence that the embodiment of the present invention one provides, it can also be according to first carrying out step S12, then execute step The sequence of rapid S11, or it is performed simultaneously step S11 and step S12.
S13 is based on the types of network services and the network address, judges reflecting for types of network services and network address It penetrates and whether there is map record identical with the types of network services and network address in relation table.
In this step, according to first two steps analyze come types of network services and network address, judge types of network services With in the mapping table of network address whether there is map record identical with the types of network services and network address.
Above-mentioned example is accepted, the types of network services and destination network addresses F parsed according to first two steps judges network Service type in the mapping table of network address with the presence or absence of with types of network services E and network address F is identical reflects Penetrate record.
S14 is based on judging result, executes the operation in response to judging result.
In this step, according to the judging result of previous step, the operation in response to the judging result is executed.
In the present invention, types of network services includes web services, mail service, database service, code service etc..
Embodiment two
Fig. 2 is a kind of flow chart of the discovery method of information assets based on gateway provided by Embodiment 2 of the present invention.
As shown in Fig. 2, on the basis of the embodiment of the present invention one, step S14 further comprises:
S15, when judging result is to be not present in mapping table and the types of network services and network address all same When map record, it is based on the types of network services and network address, generates the types of network services and the destination network addresses New mappings record.
Above-mentioned example is accepted, if it is judged that be not present and types of network services E and network in mapping table When the map record of address F all sames, according to types of network services E and network address F, generate types of network services E with The new mappings of destination network addresses F record.That is, being not present and types of network services E and network address F in mapping table The map record being all different.
Embodiment three
Fig. 3 is a kind of flow chart of the discovery method for information assets based on gateway that the embodiment of the present invention three provides.
As shown in figure 3, on the basis of the embodiment of the present invention one, step S14 further comprises:
S16, when judging result is the presence of mapping identical with the types of network services and network address in mapping table When record, which is transmitted to corresponding target device by the network address based on target device.
Above-mentioned example is accepted, if it is judged that exist with types of network services E and network in mapping table When the map record of location F all sames, then according to the network address F of target device, which is transmitted to target device i.e. It can.
In the present invention, source device and target device can be client, server or other functional terminals.
Example IV
Fig. 4 is a kind of flow chart of the discovery method for information assets based on gateway that the embodiment of the present invention four provides.
As shown in figure 4, on the basis of the embodiment of the present invention one, step S14 further comprises:
S17, when judging result is that there are one identical as the types of network services, network address is different in mapping table Map record when, based on the types of network services and the network address, in reflecting for the types of network services and network address The new mappings record that the types of network services is generated with the destination network addresses is penetrated in relation table.
Accept above-mentioned example, if it is judged that in mapping table there are one it is identical as types of network services E, When the different map records of network address F, then according to types of network services E and network address F, class is serviced in the network The new mappings that the types of network services and the destination network addresses are generated in the mapping table of type and network address record.
Embodiment five
Fig. 5 is a kind of flow chart of the discovery method for information assets based on gateway that the embodiment of the present invention five provides.
As shown in figure 5, on the basis of the embodiment of the present invention one, step S14 further comprises:
S18, when judging result is that there are one different from the types of network services, network address is identical in mapping table Map record when, based on the types of network services and the network address, in reflecting for the types of network services and network address It penetrates in relation table, deletes the former map record in mapping table, generate the types of network services and the destination network addresses New mappings record.
Accept above-mentioned example, if it is judged that in mapping table there are one it is different from types of network services E, When the identical map records of network address F, then according to types of network services E and network address F, in the types of network services With the mapping table of network address, the former map record of deletion generates new mappings record.
Embodiment six
Fig. 6 is the structural schematic diagram of the discovery system for the information assets based on gateway that the embodiment of the present invention six provides.
As shown in fig. 6, a kind of discovery system for information assets based on gateway that the embodiment of the present invention six provides, is applied to Gateway device, the gateway device are arranged between inner network and external network, as shown in Figure 1, the system comprises:
Using recognition unit 10, for during carrying out network message forwarding, being carried out to the network message received Service type identifies, obtains the types of network services to be asked of the network message.
Information process unit 20 obtains the network message institute for carrying out network address analysis to the network message The destination network addresses of the target device to be asked.
Judging unit 30 is connect with application recognition unit 10 and information process unit 20 respectively, for being taken based on the network Service type and the network address judge to whether there is and the network in the mapping table of types of network services and network address Service type and the identical map record of network address.
Response unit 40 is connect with judging unit 30, for being based on judging result, executes the operation in response to judging result.
In one embodiment, on the basis of the embodiment of the present invention six, when the judging result of judging unit 30 is mapping When existing in relation table with the types of network services and the different map record of network address, response unit 40 is based on the network Service type and network address, the new mappings for generating the types of network services and the destination network addresses record.
In one embodiment, on the basis of the embodiment of the present invention six, when the judging result of judging unit 30 is mapping When there is map record identical with the types of network services and network address in relation table, response unit 40 is based on target device Network address, which is transmitted to corresponding target device.
In one embodiment, on the basis of the embodiment of the present invention six, when the judging result of judging unit 30 is mapping There are when a map record identical as the types of network services, network address is different in relation table, response unit 40 is based on The types of network services and the network address, generate the net in the mapping table of the types of network services and network address Network service type and the new mappings of the destination network addresses record.
In one embodiment, on the basis of the embodiment of the present invention six, when the judging result of judging unit 30 is mapping In relation table there are one different from the types of network services, network address identical map record when, response unit 40 is based on The types of network services and the network address, in the mapping table of the types of network services and network address, deletion is reflected The former map record in relation table is penetrated, the new mappings for generating the types of network services and the destination network addresses record.
The not technical detail of detailed description in the present embodiment in above-mentioned each unit, reference can be made to the embodiment of the present invention is provided Method.
A kind of gateway device is additionally provided according to embodiments of the present invention, including the above-mentioned information assets based on gateway finds system System.
In the present invention, gateway device includes:Router, fire wall, second generation fire wall, web application firewalls, invasion are anti- Imperial system, network log-in management system, Anti Virus Gateway etc..
As described above, the present invention describes a kind of discovery method and system of the information assets based on gateway, this hair in detail Bright embodiment carries out network service identification and network address analysis based on the network message that gateway type device for flow passes through, automatic to find The variation (increasing assets, reduction assets or change Asset Type etc.) of various assets in current network, need not increase volume The automatic purpose for finding networked asset can be realized in outer equipment in the original network architecture.The present invention is realized to network The automatic discovery of assets can effectively improve the automatic configuration ability of gateway type equipment, solves user in the prior art and exists The practical problem of administrator's manual configuration networked asset, the work of streamlining management person reduce the omission being likely to occur in use.
In the embodiment of the present invention, it is only necessary to which passive analysis need not actively be sent by the network message of gateway device Network message.Network application, then combination, network application by one or more network applications are found by application identification technology Behavior etc., types of network services is judged, to can recognize that networked asset.The networked asset that the embodiment of the present invention identifies Configuration item can be formed, for automation strategy generating and other subsequent purposes of administrator.
It should be understood that the above-mentioned specific implementation mode of the present invention is used only for exemplary illustration or explains the present invention's Principle, but not to limit the present invention.Therefore, that is done without departing from the spirit and scope of the present invention is any Modification, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.In addition, appended claims purport of the present invention Covering the whole variations fallen into attached claim scope and boundary or this range and the equivalent form on boundary and is repairing Change example.

Claims (11)

1. a kind of discovery method of the information assets based on gateway, which is characterized in that be applied to gateway device, the gateway device Setting between inner network and external network, the method includes:
During carrying out network message forwarding, service type identification is carried out to the network message received, obtains the net The types of network services to be asked of network message;
Network address analysis is carried out to the network message, obtains the target network for the target device that the network message to be asked Network address;
Based on the types of network services and the network address, the mapping table of types of network services and network address is judged In whether there is map record identical with the types of network services and network address;
Based on judging result, the operation in response to judging result is executed.
2. according to the method described in claim 1, wherein, being based on judging result, the step of the operation in response to judging result is executed Suddenly include:
When judging result is that there is no the map records with the types of network services and network address all same in mapping table When, it is based on the types of network services and network address, the new mappings for generating the types of network services and the destination network addresses are remembered Record.
3. according to the method described in claim 1, wherein, being based on judging result, the step of the operation in response to judging result is executed Suddenly include:
When judging result is there is map record identical with the types of network services and network address in mapping table, base In the network address of target device, which is transmitted to corresponding target device.
4. according to the method described in claim 1, wherein, being based on judging result, the step of the operation in response to judging result is executed Suddenly include:
When judging result is that there are a mapping notes identical as the types of network services, network address is different in mapping table When record, based on the types of network services and the network address, in the mapping table of the types of network services and network address The middle new mappings for generating the types of network services and the destination network addresses record.
5. according to the method described in claim 1, wherein, being based on judging result, the step of the operation in response to judging result is executed Suddenly include:
When judging result is that there are a, network address identical mapping notes different from the types of network services in mapping table When record, based on the types of network services and the network address, in the mapping table of the types of network services and network address In, the former map record in mapping table is deleted, the new mappings for generating the types of network services and the destination network addresses are remembered Record.
6. a kind of information assets based on gateway finds system, which is characterized in that be applied to gateway device, the gateway device is set Set between inner network and external network, the system comprises:
Using recognition unit (10), for during carrying out network message forwarding, being taken to the network message received Service type identifies, obtains the types of network services to be asked of the network message;
Information process unit (20) obtains the network message and is wanted for carrying out network address analysis to the network message The destination network addresses of the target device of request;
Judging unit (30) judges types of network services and net for being based on the types of network services and the network address It whether there is map record identical with the types of network services and network address in the mapping table of network address;
Response unit (40) executes the operation in response to judging result for being based on judging result.
7. system according to claim 6, wherein when the judging result of judging unit (30) is to exist in mapping table When with the types of network services and the different map record of network address, response unit (40) be based on the types of network services and Network address, the new mappings for generating the types of network services and the destination network addresses record.
8. system according to claim 6, wherein when the judging result of judging unit (30) is to exist in mapping table When map record identical with the types of network services and network address, the network of response unit (40) based on target device The network message is transmitted to corresponding target device by location.
9. system according to claim 6, wherein when the judging result of judging unit (30) is to exist in mapping table When one map record identical as the types of network services, network address is different, response unit (40) is based on the network service Type and the network address, generate the types of network services in the mapping table of the types of network services and network address It is recorded with the new mappings of the destination network addresses.
10. system according to claim 6, wherein be based on judging result, execute the step of the operation in response to judging result Suddenly include:
When the judging result of judging unit (30) is that there are one different from the types of network services, network in mapping table When the identical map record in location, response unit (40) is based on the types of network services and the network address, in the network service In the mapping table of type and network address, the former map record in mapping table is deleted, the types of network services is generated It is recorded with the new mappings of the destination network addresses.
11. a kind of gateway device, which is characterized in that including the information money based on gateway described in any one of claim 6-10 Produce discovery system.
CN201710065912.0A 2017-02-06 2017-02-06 The discovery method and system of information assets based on gateway Pending CN108400879A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710065912.0A CN108400879A (en) 2017-02-06 2017-02-06 The discovery method and system of information assets based on gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710065912.0A CN108400879A (en) 2017-02-06 2017-02-06 The discovery method and system of information assets based on gateway

Publications (1)

Publication Number Publication Date
CN108400879A true CN108400879A (en) 2018-08-14

Family

ID=63093932

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710065912.0A Pending CN108400879A (en) 2017-02-06 2017-02-06 The discovery method and system of information assets based on gateway

Country Status (1)

Country Link
CN (1) CN108400879A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131429A (en) * 2019-12-19 2020-05-08 北京安华金和科技有限公司 Efficient and accurate database service discovery method
CN113949582A (en) * 2021-10-25 2022-01-18 绿盟科技集团股份有限公司 Network asset identification method and device, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102164078A (en) * 2011-03-25 2011-08-24 北京星网锐捷网络技术有限公司 Policy routing method, device and system
US20120102213A1 (en) * 2010-10-08 2012-04-26 Qian Guofeng Information providing method, home gateway, and home network system
CN103095709A (en) * 2013-01-17 2013-05-08 深信服网络科技(深圳)有限公司 Safety protection method and device
CN103716300A (en) * 2013-11-22 2014-04-09 汉柏科技有限公司 Network service dynamic protection method
WO2015100615A1 (en) * 2013-12-31 2015-07-09 华为技术有限公司 Method and apparatus for processing service packet, and gateway device
CN106209505A (en) * 2016-06-29 2016-12-07 北京网康科技有限公司 A kind of application identifies device and method, fire wall, server

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120102213A1 (en) * 2010-10-08 2012-04-26 Qian Guofeng Information providing method, home gateway, and home network system
CN102164078A (en) * 2011-03-25 2011-08-24 北京星网锐捷网络技术有限公司 Policy routing method, device and system
CN103095709A (en) * 2013-01-17 2013-05-08 深信服网络科技(深圳)有限公司 Safety protection method and device
CN103716300A (en) * 2013-11-22 2014-04-09 汉柏科技有限公司 Network service dynamic protection method
WO2015100615A1 (en) * 2013-12-31 2015-07-09 华为技术有限公司 Method and apparatus for processing service packet, and gateway device
CN106209505A (en) * 2016-06-29 2016-12-07 北京网康科技有限公司 A kind of application identifies device and method, fire wall, server

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131429A (en) * 2019-12-19 2020-05-08 北京安华金和科技有限公司 Efficient and accurate database service discovery method
CN111131429B (en) * 2019-12-19 2022-03-08 北京安华金和科技有限公司 Efficient and accurate database service discovery method
CN113949582A (en) * 2021-10-25 2022-01-18 绿盟科技集团股份有限公司 Network asset identification method and device, electronic equipment and storage medium
CN113949582B (en) * 2021-10-25 2023-05-30 绿盟科技集团股份有限公司 Network asset identification method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US11050713B2 (en) Firewall configured with dynamic membership sets representing machine attributes
CN110113345B (en) Automatic asset discovery method based on flow of Internet of things
US7483972B2 (en) Network security monitoring system
US8005945B2 (en) Aggregating policy criteria parameters into ranges for efficient network analysis
CN103609070B (en) Network flow detection method, system, equipment and controller
US20110280160A1 (en) VoIP Caller Reputation System
US8301771B2 (en) Methods, systems, and computer program products for transmission control of sensitive application-layer data
US7882229B2 (en) Security checking program for communication between networks
US8166138B2 (en) Network evaluation grid techniques
US20080044018A1 (en) Method and system to detect and prevent computer network intrusion
US20120011590A1 (en) Systems, methods and devices for providing situational awareness, mitigation, risk analysis of assets, applications and infrastructure in the internet and cloud
CN101399749A (en) Method, system and device for packet filtering
CN106452955B (en) A kind of detection method and system of abnormal network connection
CN111901317B (en) Access control policy processing method, system and equipment
CN109327395A (en) A kind of message processing method and device
CN108400879A (en) The discovery method and system of information assets based on gateway
US9325719B2 (en) Method and system for evaluating access granted to users moving dynamically across endpoints in a network
CN104702618B (en) The method and apparatus for determining network access information
US20200067834A1 (en) Stateful packet inspection and classification
US8654127B2 (en) Method, device arrangement and computer program product for producing identity graphs for analyzing communication network
CN112995179B (en) Response message processing method and device
CN107222330A (en) A kind of intelligent identifying system request and the method for response sensitive content
CN107809387A (en) A kind of method of message transmissions, equipment and network system
CN106385402A (en) Application identification method and device, application session table sending method and server
CN109120448A (en) A kind of alarm method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180814

RJ01 Rejection of invention patent application after publication