CN102404161B - Method and universal serial bus (USB) equipment for detecting secret leakage - Google Patents
Method and universal serial bus (USB) equipment for detecting secret leakage Download PDFInfo
- Publication number
- CN102404161B CN102404161B CN201010281907.1A CN201010281907A CN102404161B CN 102404161 B CN102404161 B CN 102404161B CN 201010281907 A CN201010281907 A CN 201010281907A CN 102404161 B CN102404161 B CN 102404161B
- Authority
- CN
- China
- Prior art keywords
- client
- monitoring program
- information
- usb
- program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Small-Scale Networks (AREA)
Abstract
The method discloses a method and universal serial bus (USB) equipment for detecting secret leakage, which belongs to the field of information safety. The method comprises that when the USB equipment is connected to an internal network client, the USB equipment receives and is mounted with a corresponding monitoring program; when the USB equipment mounted with corresponding monitoring program is connected to any client, the corresponding monitoring program judges whether the any client is an external network client, if the any client is the external network client, corresponding treatment is performed. The equipment comprises a write-in module, a monitoring module and a sending module. By means of the method and USB equipment for detecting secret leakage, a secret leakage monitoring program is mounted on the internal network and run in real time, monitoring programs are written in the USB equipment connected with the internal network client, the USB equipment receives and is mounted with corresponding motoring programs, and when the USB equipment mounted with the monitoring programs is connected with the external network, the USB equipment is performed with monitoring in real time, thereby timely monitoring secret leakage accidents of the USB equipment.
Description
Technical Field
The invention relates to the field of information security, in particular to a method for detecting secret leakage and USB equipment.
Background
With the development of technology, the application of networks is more and more common. Conventionally, a network isolated from the internet is called an intranet, and is a closed network, and usually, a unit is isolated from the internet for security so as to guarantee the leakage of sensitive and even confidential information. Accordingly, we refer to the internet as an extranet. With the development of science and technology, people use storage devices such as mobile hard disks and card readers more and more widely, these external storage devices exchange information through a USB (Universal Serial BUS), which is generally called as USB devices, and these external storage devices are used alternately between an intranet and an extranet, which is very easy to cause a disclosure problem.
The current common methods and measures for preventing the divulgence of secret through the USB interface are:
forbidding the use of the removable memory, forbidding employees to use the mobile storage device, such as: floppy disks, optical disks, flash memory devices (USB disks, USB hard disks), etc.
And (5) sticking a seal and checking regularly. Some peripheral interfaces are pasted with seals and checked regularly, and the peripheral interfaces comprise USB interfaces, serial-parallel interfaces, firewire interfaces and the like. And a specially assigned person is dispatched to regularly check the quality and the state of the seals.
The methods and measures are artificial control and supervision management methods, and aim to block paths and vulnerabilities which may lose secret. In the process of implementing the invention, the inventor finds that the prior art has at least the following problems:
first, the degree of functioning of these passive solutions depends on the responsibility, care and consciousness of the insiders, and it is not technically possible to automatically prevent the loss of secret.
Secondly, the solutions are still imperfect, and have many hidden dangers, which cannot completely prevent the secret divulgence of the staff and prevent the secret divulgence.
Finally, these solutions bring much inconvenience to the actual work, resulting in a decrease in the work efficiency of the staff, which is not paid. For example, some units are isolated by physically sealing the USB port, but this method requires repeated work on each machine, and the work load is very large when the unit network is large. Furthermore, the physical isolation is too inflexible, since sometimes it is necessary to work and use them.
Disclosure of Invention
The invention mainly aims to detect the problem of external connection of a sensitive network through a USB interface, and provides a method for detecting secret leakage and USB equipment. The technical scheme is as follows:
a method of detecting a compromised compromise comprising:
when the USB equipment is connected to the intranet client, the USB equipment receives and installs a corresponding monitoring program;
when the USB equipment provided with the corresponding monitoring program is connected to any client, the corresponding monitoring program judges whether the client is an extranet client, and if so, corresponding processing is carried out;
wherein, the corresponding monitoring program judges whether any client is an extranet client, if yes, corresponding processing is carried out, and the method specifically comprises the following steps:
the corresponding monitoring program sends communication information to an external network monitoring server; if the corresponding monitoring program receives the information returned by the monitoring server, any client is an extranet client; the corresponding monitoring program locks the USB equipment or sends alarm information to the monitoring server, so that the monitoring server sends the alarm information to an intranet specific server, wherein the alarm information comprises an external network client terminal identifier, interaction information, an intranet client terminal identifier and information of the USB equipment; or,
the corresponding monitoring program judges whether any client is an extranet client, if so, corresponding processing is carried out, and the method specifically comprises the following steps:
if the corresponding monitoring program does not receive the information sent by any client, the USB equipment is connected with an independent client, the corresponding monitoring program locks the USB equipment or copies the corresponding monitoring program to the independent client to monitor the independent client;
wherein the corresponding monitor program locks the USB device, comprising:
the monitor program in the USB device overlays an existing file or the corresponding monitor program formats the USB device.
When the USB device is connected to the intranet client, the USB device receives and installs a corresponding monitoring program, which specifically includes:
the USB equipment receives the detection of the monitoring program of the intranet client, inquires whether the USB equipment has a corresponding monitoring program, and if not, the USB equipment receives and installs the corresponding monitoring program, wherein the corresponding monitoring program comprises an execution instruction of the corresponding monitoring program, a terminal identifier of the intranet client and a USB equipment user number.
The corresponding monitoring program is copied to the extranet client to monitor the extranet client, and the monitoring method specifically includes:
the corresponding monitoring program sends communication information to an external network monitoring server;
the independent client operates, the corresponding monitoring program operates and continuously sends communication information to the monitoring server, if the corresponding monitoring program receives information returned by the monitoring server and indicates that the independent client is connected with an external network, the corresponding monitoring program sends alarm information to the monitoring server, so that the monitoring server sends the alarm information to an internal network specific server, and the alarm information comprises terminal identification of the external network client, interactive information, terminal identification of the internal network client and information of the USB device.
After receiving and installing the corresponding monitoring program, the USB device further comprises:
and the monitoring program of the intranet client sends the USB equipment connection event information to an intranet server, wherein the information comprises the information of the USB equipment and the terminal identification of the intranet client.
A USB device for detecting a compromise comprising:
a writing module: the monitoring system is used for receiving and installing a corresponding monitoring program when the USB equipment is connected to the intranet client;
a monitoring module: when the USB device provided with the corresponding monitoring program is connected to any client, the corresponding monitoring program judges whether the client is an extranet client, and if so, corresponding processing is carried out;
wherein, the monitoring module specifically includes:
a first judging unit, configured to, when the corresponding monitor program sends communication information to an extranet monitor server, judge that any client is an extranet client if the corresponding monitor program receives information returned by the monitor server;
the first processing unit is used for locking the USB equipment or sending alarm information to the monitoring server by the corresponding monitoring program, so that the monitoring server sends the alarm information to an intranet specific server, wherein the alarm information comprises an external network client terminal identifier, interaction information, an intranet client terminal identifier and information of the USB equipment; or,
the monitoring module specifically comprises:
a second determining unit, configured to determine that the USB device is connected to an independent client if the corresponding monitor does not receive the information sent by any client;
a second processing unit for the respective monitor program to lock the USB device or for the respective monitor program to be copied to the independent client, monitoring the independent client;
the second processing unit is further configured to enable a monitor program in the USB device to overwrite an existing file or enable the corresponding monitor program to format the USB device.
The writing module specifically includes:
a query unit: the monitoring program is used for receiving the detection of the monitoring program of the intranet client, inquiring whether the USB equipment has the corresponding monitoring program or not, and if not, receiving and installing the corresponding monitoring program, wherein the corresponding monitoring program comprises an execution instruction of the corresponding monitoring program, a terminal identifier of the intranet client and a USB equipment user number.
The device further comprises
And the sending module is used for sending the intranet client USB equipment connection event information to an intranet server, wherein the information comprises the information of the USB equipment and the terminal identification of the intranet client.
The technical scheme provided by the embodiment of the invention has the following beneficial effects: the method comprises the steps that a secret leakage loss monitoring program is installed and run in real time at an intranet client, the monitoring program is written in USB equipment connected to the intranet client, the USB equipment receives and installs the corresponding monitoring program, when the USB equipment provided with the monitoring program is connected with an extranet, the USB equipment is monitored, and secret leakage loss events of the USB equipment are detected in time.
Drawings
Fig. 1 is a flowchart of a method for detecting a divulgence of a secret according to embodiment 1 of the present invention;
fig. 2 is a schematic view of the structures of an internal network and an external network provided in embodiment 2 of the present invention;
fig. 3 is a structural diagram of a USB device for detecting a compromise according to embodiment 3 of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
Example 1
Referring to fig. 1, an embodiment of the present invention provides a method for detecting a divulgence, including:
step 101: when the USB equipment is connected to the intranet client, the USB equipment receives and installs a corresponding monitoring program;
step 102: when the USB device with the corresponding monitoring program is connected to any client, the corresponding monitoring program judges whether any client is an extranet client, and if so, corresponding processing is carried out.
When the intranet client detects that the USB device is connected, the USB device receives and installs a corresponding monitoring program, which specifically includes:
the USB equipment receives the detection of the monitoring program of the intranet client, inquires whether the USB equipment has a corresponding monitoring program or not, and if not, the USB equipment receives and installs the corresponding monitoring program, wherein the corresponding monitoring program comprises an execution instruction of the corresponding monitoring program, a USB equipment user number and a terminal identifier of the intranet client.
In this embodiment, the corresponding monitoring program determines whether any client is an extranet client, and if so, the corresponding processing includes:
the corresponding monitoring program sends communication information to the external network monitoring server;
if the corresponding monitoring program receives the information returned by the monitoring server, any client is an external network client;
and the corresponding monitoring program locks the USB equipment or sends alarm information to the monitoring server, so that the monitoring server sends the alarm information to the intranet specific server, and the alarm information comprises the terminal identification of the extranet client, the interaction information, the terminal identification of the intranet client and the information of the USB equipment.
Wherein, the corresponding monitoring program is copied to the extranet client, and the monitoring extranet client specifically comprises:
the corresponding monitoring program sends communication information to the external network monitoring server;
and if the corresponding monitoring program receives the information returned by the monitoring server, the corresponding monitoring program sends alarm information to the monitoring server, so that the monitoring server sends the alarm information to the intranet specific server, and the alarm information comprises the terminal identification of the extranet client, the interaction information, the terminal identification of the intranet client and the information of the USB equipment.
In this embodiment, the corresponding monitoring program determines whether any client is an extranet client, and if so, the corresponding processing includes:
if the corresponding monitoring program does not receive the information sent by any client, any client is an external network client, the corresponding monitoring program locks the USB equipment or is used for copying the corresponding monitoring program to the external network client, and the external network client is monitored.
In this embodiment, after receiving and installing the corresponding monitoring program, the USB device further includes:
and the monitoring program of the intranet client sends the USB equipment connection event information to the intranet server, wherein the information comprises the information of the USB equipment and the terminal identifier of the intranet client.
The technical scheme provided by the embodiment of the invention has the following beneficial effects: the method comprises the steps that a secret leakage loss monitoring program is installed and run in real time at an intranet client, the monitoring program is written in USB equipment connected to the intranet client, the USB equipment receives and installs the corresponding monitoring program, when the USB equipment provided with the monitoring program is connected with an extranet, the USB equipment is monitored, and secret leakage loss events of the USB equipment are detected in time.
Example 2
Referring to fig. 2, the intranet in the embodiment of the present invention refers to an a-unit network, and includes an intranet client, an intranet server, and a specific server. And the intranet server in the intranet is connected with each intranet client, and records the use log of each intranet client. The external network is the internet connected with the monitoring server, the monitoring server is controlled by a third party, is connected with the specific server of the internal network, and is used for receiving the information sent by the monitoring program in the USB equipment and returning the information to the specific server of the internal network. The extranet client is a client of the internet connected to the monitoring server, as opposed to the intranet client, or may be an independent client, which is not connected to the intranet of the unit a, nor to the extranet.
The embodiment of the invention provides a method for detecting secret leakage, each intranet client is provided with a secret leakage monitoring program (namely a monitor), when the intranet client runs, the monitoring program can run all the time, each intranet client stores the corresponding monitoring program, when a USB device is connected, the monitoring program of the intranet client writes the corresponding monitoring program into the USB device, and the method specifically comprises the following steps:
step 201: the USB device is connected to the intranet client, and the monitoring program of the intranet client detects that the USB device is inserted.
Step 202: and the monitoring program of the intranet client inquires whether the USB equipment has a corresponding monitoring program.
The method comprises the steps that a monitoring program of an intranet client sends query information to USB equipment, a file in the USB equipment is queried, if the file related to the monitoring program is found, the monitoring program of the intranet client sends a call-out instruction to the USB equipment, the monitoring program file in the monitoring program file is called out, Hash operation is carried out on the monitoring program file to obtain a first numerical value, Hash operation is carried out on a corresponding monitoring program file stored in a client connected with the USB equipment to obtain a second numerical value, the first numerical value and the second numerical value are compared, and if the first numerical value and the second numerical value are equal, the monitoring program is written into the monitoring program, the USB equipment is connected with the intranet client; if not, it indicates that the corresponding monitoring program of the intranet client is not available in the USB device, and the corresponding monitoring program needs to be written in.
Step 203: if the monitor program of the intranet client finds the corresponding monitor program in the USB device, step 205 is executed.
Step 204: and if the monitoring program does not exist, the monitoring program of the intranet client writes the corresponding monitoring program into the USB equipment.
The corresponding monitoring program includes an execution instruction of the corresponding monitoring program, a terminal identifier of the intranet client, and a user number of the USB device, where the user number may be defined in advance, or generated according to features of the USB device, such as a manufacturer number, a product number, and a serial number, or generated by other methods, and is intended to be written into the USB device as an identifier of the USB device.
Step 205: the intranet client monitoring program obtains a terminal identifier of the USB device (the terminal identifier of the USB may be an identifier composed of a manufacturer number, a product number, a serial number, or the like, or an identity number assigned to the USB device by the a unit, which is not limited in the embodiment of the present invention), and sends the USB connection event information to the intranet server.
The information includes information of the USB and information such as a terminal identifier of the intranet client connected to the USB device. The information of the USB equipment comprises a series of information such as a terminal identification of the USB equipment, a USB user number, the time for accessing the USB equipment to the intranet client and the like.
The intranet server has a detailed log for each USB device connected to the client, and the log content may include: the terminal identification of the USB device, the time for accessing the USB device to the intranet client, the terminal identification of the intranet client connected with the USB device and the like. According to the log contents, the intranet server can monitor the service condition of the USB equipment in real time, can find unregistered USB equipment in time, and is convenient for tracing, auditing and the like of the USB equipment.
Through step 201 and step 204, the monitoring program of the intranet client writes the corresponding monitoring program into the connected USB device, the USB device receives and installs the corresponding monitoring program, and when the USB device installed with the corresponding monitoring program is connected to any client, the monitoring program in the USB device performs a monitoring function, specifically:
step 206: when the USB device with the corresponding monitoring program is connected to any client, the monitoring program in the USB runs immediately, and communication information is sent to the monitoring server of the external network.
The monitoring server can be one or a plurality of monitoring servers, two monitoring servers are selected, the purpose is to avoid that if one monitoring server fails, information cannot be returned to the monitoring program in the USB device, so that the correct judgment of the monitoring program in the USB device is influenced, if information is sent to the two monitoring servers, the other monitor which normally runs can still normally return information to the monitoring program in the USB device, and the correct judgment of the monitoring program in the USB device cannot be influenced.
Step 207: if the monitoring program in the USB device receives the communication information returned by the monitoring server, and the communication is successful, it may be determined that the USB device is connected to the internet client, and step 208 is executed; if the monitoring program in the USB equipment does not receive the communication information returned by the monitoring server and the communication is not successful, the USB equipment can be judged not to be connected with the Internet client. If the monitor program in the USB device receives the information sent by the client monitor program, where the information may be query information or call instruction, which indicates that the USB device is connected to the client having the monitor program, step 201 is executed, and if the monitor program in the USB device does not receive any information, it indicates that the USB device is connected to the independent client, step 210 is executed.
Step 208: and a monitoring program in the USB equipment acquires the external network client terminal identification and the interactive information.
The identifier of the extranet terminal may be one or more host information such as an IP address, an MAC address, and a user name of the terminal, and the interactive information refers to URL information of a website accessed by a user of the USB device, an IP address of a communication party, mailbox information of a contact person, and the like, which are not described herein.
Step 209: and the monitoring program in the USB equipment sends alarm information to the external network monitoring server.
The information comprises an external network client terminal identifier connected with the USB equipment, interactive information, an internal network client terminal identifier in a monitoring program, information of the USB equipment and the like. The information of the USB equipment comprises a series of information such as a terminal identification of the USB equipment, a USB user number, the time for accessing the USB equipment to the intranet client and the like.
Step 210: the monitor program in the USB device locks the USB device from communicating with the connected client.
No matter the USB equipment is connected with the Internet client or the independent client, the USB equipment is locked, so that information leakage is avoided, and the safety of intranet information is protected. The locking method may be that the monitoring program in the USB device covers the existing file, or may format the USB device, and the present invention is not limited in detail.
In this embodiment, step 210 may be replaced by the following operations in addition to locking the USB device: when the corresponding monitoring program in the USB device is automatically copied to the independent client together with the information of the USB device, the use condition of the independent client is monitored. The information of the USB equipment comprises a series of information such as a terminal identification of the USB equipment, a USB user number, and the time of accessing the USB equipment to the intranet client. The independent client end runs, the corresponding monitoring program runs, communication information is continuously sent to the external network monitoring server, when the communication is successful, the independent client end is indicated to be connected with the external network (the independent client end is theoretically independent and not connected with the external network, the independent client end can be inserted into an external network cable by a user of the independent client end when the independent client end is connected with the external network), the corresponding monitoring program sends the information of the terminal identification, the interaction information, the terminal identification of the internal network client end and the USB equipment of the independent client end to the external network monitor, the external network monitoring server sends the information to the specific server of the A unit, and the specific server gives an alarm.
Through step 206 and 210, the monitoring server in the extranet detects the information that the USB device installed with the monitoring program is connected to the extranet client, the third party can selectively send the received alarm information to the intranet specific server through the protocol with the intranet user, and the intranet specific server immediately alarms after receiving the information sent by the monitoring server, so that the staff can find the secret leakage event in time.
The technical scheme provided by the embodiment of the invention has the following beneficial effects: the method comprises the steps that a secret leakage loss monitoring program is installed and run in real time at an intranet client, the monitoring program is written in USB equipment connected to the intranet client, the USB equipment receives and installs the corresponding monitoring program, when the USB equipment provided with the monitoring program is connected with an extranet, the USB equipment is monitored, and secret leakage loss events of the USB equipment are detected in time.
Example 3
Referring to fig. 3, an embodiment of the present invention provides a USB device for detecting a secret divulgence, which is used in a system composed of an intranet and an extranet. The intranet consists of an intranet client, an intranet server and a specific server. And the intranet server in the intranet is connected with each intranet client, and records the use log of each intranet client. The external network is the internet connected with the monitoring server, the monitoring server is controlled by a third party, is connected with the specific server of the internal network, and is used for receiving the information sent by the divulging device and returning the information to the specific server of the internal network. The extranet client is a client of the internet connected to the monitoring server, as opposed to the intranet client, or may be an independent client that is not connected to either the intranet or the extranet.
In the embodiment of the present invention, the apparatus specifically includes: a write module 301 and a monitor module 302.
The writing module 301: the monitoring system is used for receiving and installing a corresponding monitoring program when the USB equipment is connected to the intranet client;
the monitoring module 302: when the USB device provided with the corresponding monitoring program is connected to any client, the corresponding monitoring program judges whether any client is an extranet client, and if so, corresponding processing is carried out.
The writing module 301 specifically includes:
a query unit: the monitoring program is used for receiving the detection of the monitoring program of the intranet client, inquiring whether the USB equipment has the corresponding monitoring program or not, and if not, receiving and installing the corresponding monitoring program, wherein the corresponding monitoring program comprises an execution instruction of the corresponding monitoring program, a USB equipment user number and a terminal identifier of the intranet client.
In this embodiment, the monitoring module 302 specifically includes:
a first judgment unit: when the corresponding monitoring program sends communication information to the external network monitoring server, if the corresponding monitoring program receives the information returned by the monitoring server, any client is judged to be an external network client;
a first processing unit: the monitoring server is used for locking the USB equipment or sending alarm information to the monitoring server by the corresponding monitoring program, so that the monitoring server sends the alarm information to the intranet specific server, and the alarm information comprises an external network client terminal identifier, interactive information, a terminal identifier of an intranet client and information of the USB equipment.
In this embodiment, the monitoring module 302 further includes:
a second judgment unit: the client side is used for judging that any client side is an external network client side if the corresponding monitoring program does not receive the information sent by any client side;
a second processing unit: monitoring the extranet client for a corresponding monitor program locking a USB device or for the corresponding monitor program being copied to the extranet client.
Further, the detecting the compromised USB device further comprises:
and the sending module is used for sending the intranet client USB equipment connection event information to the intranet server, wherein the information comprises the terminal identification of the USB equipment, the time for accessing the USB equipment to the intranet client and the terminal identification of the intranet client.
The technical scheme provided by the embodiment of the invention has the following beneficial effects: the method comprises the steps that a secret leakage loss monitoring program is installed and run in real time at an intranet client, the monitoring program is written in USB equipment connected to the intranet client, the USB equipment receives and installs the corresponding monitoring program, when the USB equipment provided with the monitoring program is connected with an extranet, the USB equipment is monitored, and secret leakage loss events of the USB equipment are detected in time.
Finally, it should be noted that, as will be understood by those skilled in the art, all or part of the processes in the methods of the above embodiments may be implemented by a computer program, which may be stored in a computer-readable storage medium, and when executed, may include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), a Random Access Memory (RAM), or the like.
Each functional unit in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium. The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc. The USB device may perform the methods in the corresponding method embodiments.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (7)
1. A method of detecting a compromised, the method comprising:
when the USB equipment is connected to the intranet client, the USB equipment receives and installs a corresponding monitoring program;
when the USB equipment provided with the corresponding monitoring program is connected to any client, the corresponding monitoring program judges whether the client is an extranet client, and if so, corresponding processing is carried out;
wherein, the corresponding monitoring program judges whether any client is an extranet client, if yes, corresponding processing is carried out, and the method specifically comprises the following steps:
the corresponding monitoring program sends communication information to an external network monitoring server; if the corresponding monitoring program receives the information returned by the monitoring server, any client is an extranet client; the corresponding monitoring program locks the USB equipment or sends alarm information to the monitoring server, so that the monitoring server sends the alarm information to an intranet specific server, wherein the alarm information comprises an external network client terminal identifier, interaction information, an intranet client terminal identifier and information of the USB equipment; or,
the corresponding monitoring program judges whether any client is an extranet client, if so, corresponding processing is carried out, and the method specifically comprises the following steps:
if the corresponding monitoring program does not receive the information sent by any client, the USB equipment is connected with an independent client, the corresponding monitoring program locks the USB equipment or copies the corresponding monitoring program to the independent client to monitor the independent client;
wherein the corresponding monitor program locks the USB device, comprising:
the monitor program in the USB device overlays an existing file or the corresponding monitor program formats the USB device.
2. The method according to claim 1, wherein when the USB device is connected to the intranet client, the USB device receives and installs a corresponding monitoring program, and specifically includes:
the USB equipment receives the detection of the monitoring program of the intranet client, inquires whether the USB equipment has a corresponding monitoring program, and if not, the USB equipment receives and installs the corresponding monitoring program, wherein the corresponding monitoring program comprises an execution instruction of the corresponding monitoring program, a terminal identifier of the intranet client and a USB equipment user number.
3. The method according to claim 1, wherein the corresponding monitor program is copied to the extranet client, and monitoring the extranet client specifically comprises:
the corresponding monitoring program sends communication information to an external network monitoring server;
the independent client operates, the corresponding monitoring program operates and continuously sends communication information to the monitoring server, if the corresponding monitoring program receives information returned by the monitoring server and indicates that the independent client is connected with an external network, the corresponding monitoring program sends alarm information to the monitoring server, so that the monitoring server sends the alarm information to an internal network specific server, and the alarm information comprises terminal identification of the external network client, interactive information, terminal identification of the internal network client and information of the USB device.
4. The method of claim 1, wherein the receiving and installing the corresponding monitor program by the USB device further comprises:
and the monitoring program of the intranet client sends the USB equipment connection event information to an intranet server, wherein the information comprises the information of the USB equipment and the terminal identification of the intranet client.
5. A USB device for detecting a compromise, the device comprising:
the write-in module is used for receiving and installing a corresponding monitoring program when the USB equipment is connected to the intranet client;
the monitoring module is used for judging whether any client is an extranet client or not by the corresponding monitoring program when the USB equipment provided with the corresponding monitoring program is connected to any client, and if so, carrying out corresponding processing;
wherein, the monitoring module specifically includes:
a first judging unit, configured to, when the corresponding monitor program sends communication information to an extranet monitor server, judge that any client is an extranet client if the corresponding monitor program receives information returned by the monitor server;
the first processing unit is used for locking the USB equipment or sending alarm information to the monitoring server by the corresponding monitoring program, so that the monitoring server sends the alarm information to an intranet specific server, wherein the alarm information comprises an external network client terminal identifier, interaction information, an intranet client terminal identifier and information of the USB equipment; or,
the monitoring module specifically comprises:
a second determining unit, configured to determine that the USB device is connected to an independent client if the corresponding monitor does not receive the information sent by any client;
a second processing unit for the respective monitor program to lock the USB device or for the respective monitor program to be copied to the independent client, monitoring the independent client;
the second processing unit is further configured to enable a monitor program in the USB device to overwrite an existing file or enable the corresponding monitor program to format the USB device.
6. The device of claim 5, wherein the write module specifically comprises:
and the query unit is used for receiving the detection of the monitoring program of the intranet client, querying whether the USB equipment has the corresponding monitoring program, and if not, receiving and installing the corresponding monitoring program, wherein the corresponding monitoring program comprises an execution instruction of the corresponding monitoring program, a terminal identifier of the intranet client and a USB equipment user number.
7. The apparatus of claim 5, further comprising:
and the sending module is used for sending the intranet client USB equipment connection event information to an intranet server, wherein the information comprises the information of the USB equipment and the terminal identification of the intranet client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010281907.1A CN102404161B (en) | 2010-09-14 | 2010-09-14 | Method and universal serial bus (USB) equipment for detecting secret leakage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010281907.1A CN102404161B (en) | 2010-09-14 | 2010-09-14 | Method and universal serial bus (USB) equipment for detecting secret leakage |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102404161A CN102404161A (en) | 2012-04-04 |
| CN102404161B true CN102404161B (en) | 2015-05-20 |
Family
ID=45885976
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010281907.1A Active CN102404161B (en) | 2010-09-14 | 2010-09-14 | Method and universal serial bus (USB) equipment for detecting secret leakage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102404161B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105243336B (en) * | 2015-09-30 | 2018-02-13 | 北京奇安信科技有限公司 | Data prevention method and device |
| CN112069489A (en) * | 2020-08-13 | 2020-12-11 | 中国电子科技集团公司第三十研究所 | Detection method for cross use of internal network and external network of mobile storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101017525A (en) * | 2007-03-05 | 2007-08-15 | 北京邮电大学 | Divulging secrets prevention system of USB storage device date based on certificate and transparent encryption technology |
| CN101364986A (en) * | 2008-09-19 | 2009-02-11 | 广东南方信息安全产业基地有限公司 | Credible equipment authentication method under network environment |
| CN101504711A (en) * | 2009-03-26 | 2009-08-12 | 北京鼎普科技股份有限公司 | Movable storage device and method for controlling computer data downloading |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7516495B2 (en) * | 2004-09-10 | 2009-04-07 | Microsoft Corporation | Hardware-based software authenticator |
| CN100498742C (en) * | 2007-01-08 | 2009-06-10 | 中国信息安全产品测评认证中心 | Reliable U disc, method for realizing reliable U disc safety and its data communication with computer |
| CN101141245A (en) * | 2007-08-29 | 2008-03-12 | 深圳市同强信息技术有限责任公司 | Movable medium external connection monitoring system and method |
| CN201509204U (en) * | 2009-09-07 | 2010-06-16 | 北京鼎普科技股份有限公司 | Computer illegal external link monitoring device and system thereof |
-
2010
- 2010-09-14 CN CN201010281907.1A patent/CN102404161B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101017525A (en) * | 2007-03-05 | 2007-08-15 | 北京邮电大学 | Divulging secrets prevention system of USB storage device date based on certificate and transparent encryption technology |
| CN101364986A (en) * | 2008-09-19 | 2009-02-11 | 广东南方信息安全产业基地有限公司 | Credible equipment authentication method under network environment |
| CN101504711A (en) * | 2009-03-26 | 2009-08-12 | 北京鼎普科技股份有限公司 | Movable storage device and method for controlling computer data downloading |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102404161A (en) | 2012-04-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108268354B (en) | Data security monitoring method, background server, terminal and system | |
| CN111274583A (en) | A kind of big data computer network security protection device and its control method | |
| CN111327601B (en) | Abnormal data response method, system, device, computer equipment and storage medium | |
| JP2008541273A5 (en) | ||
| TW200424845A (en) | Method and system for responding to a computer intrusion | |
| CN112039894B (en) | Network access control method, device, storage medium and electronic equipment | |
| CN102184371B (en) | Detecting method and system for database operation authority of SQL (Structured Query Language) | |
| CN110191102B (en) | Illegal external connection comprehensive monitoring system and method thereof | |
| WO2009051336A1 (en) | Apparatus and method for managing terminal users | |
| CN106803037A (en) | A kind of software security means of defence and device | |
| US20140259171A1 (en) | Tunable intrusion prevention with forensic analysis | |
| CN105306610B (en) | Network identity detection method and device | |
| CN119397599A (en) | A security protection method, system and storage medium for information management system | |
| CN111934913A (en) | Intelligent network management system | |
| CN102404161B (en) | Method and universal serial bus (USB) equipment for detecting secret leakage | |
| US11895155B2 (en) | Resilient self-detection of malicious exfiltration of sensitive data | |
| CN106850562A (en) | A kind of malice peripheral hardware detecting system and method | |
| CN114037286B (en) | A method and system for detecting sensitive data of power dispatch automation based on big data | |
| CN110674499A (en) | Method, device and storage medium for identifying computer threat | |
| WO2005031499A2 (en) | Host intrusion detection and isolation | |
| CN110826094A (en) | Information leakage monitoring method and device | |
| CN110866245B (en) | A detection method and detection system for maintaining virtual machine file security | |
| CN117118753A (en) | Network attack protection method, device, equipment and storage medium | |
| CN108111503A (en) | Based on the information safety protection host machine for accessing limitation | |
| CN115174144A (en) | Zero-trust gateway self-security detection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200616 Address after: 570100 301, floor 3, building A09, Hainan Ecological Software Park, hi tech industry demonstration zone, Laocheng, Haikou, Hainan Patentee after: Zhongdian Jizhi (Hainan) Information Technology Co.,Ltd. Address before: 100097, Beijing, Haidian District, 1 Jin Yuan Road shopping center, 6 A069 Patentee before: BEIJING HARBIN INSTITUTE OF TECHNOLOGY COMPUTER NETWORK AND INFORMATION SECURITY TECHNOLOGY RESEARCH CENTER |
|
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 571924 301, floor 3, building A09, Hainan Ecological Software Park, high tech industry demonstration zone, Laocheng, Hainan Province Patentee after: Jizhi (Hainan) Information Technology Co.,Ltd. Country or region after: China Address before: Room 301, 3rd Floor, Building A09, Hainan Ecological Software Park, Laocheng High tech Industrial Demonstration Zone, Haikou City, Hainan Province, 570100 Patentee before: Zhongdian Jizhi (Hainan) Information Technology Co.,Ltd. Country or region before: China |