CN116015876A - Access control method, device, electronic equipment and storage medium - Google Patents
Access control method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN116015876A CN116015876A CN202211686960.9A CN202211686960A CN116015876A CN 116015876 A CN116015876 A CN 116015876A CN 202211686960 A CN202211686960 A CN 202211686960A CN 116015876 A CN116015876 A CN 116015876A
- Authority
- CN
- China
- Prior art keywords
- access control
- electronic device
- information
- electronic
- electronic equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The application discloses an access control method, an access control device, electronic equipment and a storage medium, wherein the access control method comprises the following steps: based on each network address in the target address range, sending a detection message, wherein the detection message is used for detecting the electronic equipment in a survival state in the target address range; acquiring equipment information of the electronic equipment based on a response message fed back by the electronic equipment in a survival state; configuring an access control strategy for the electronic equipment based on the equipment information; and performing access control on the electronic equipment based on the access control policy. Thus, the access control can be efficiently and accurately performed on various electronic devices to which the unit belongs, the network security can be improved, and the management cost is reduced.
Description
Technical Field
The embodiment of the application relates to the technical field of security protection, in particular to an access control method, an access control device, electronic equipment and a computer readable storage medium.
Background
With the rapid development of business, various electronic devices and network devices inside the business, such as servers, personal computers, routers, switches, etc., are increasing. As the number of electronic devices increases, a large number of unattended "zombie" devices may be created. Such "zombie" devices often use lower versions of open source systems, components, web frameworks, etc., making these "zombie" devices a weak link to security. An illegal attacker may use these "zombie" devices as network hops to bypass the enterprise's network boundary guard to attack the enterprise's network system. Therefore, how to efficiently control access to various electronic devices to which the present unit belongs is a technical problem to be solved by those skilled in the art.
Disclosure of Invention
In view of the foregoing problems in the prior art, embodiments of the present application provide an access control method, an access control device, an electronic apparatus, and a computer readable storage medium, where the technical solutions provided in the embodiments of the present application are as follows.
The first aspect of the present application provides an access control method, including:
based on each network address in the target address range, sending a detection message, wherein the detection message is used for detecting the electronic equipment in a survival state in the target address range;
acquiring equipment information of the electronic equipment based on a response message fed back by the electronic equipment in a survival state;
configuring an access control policy for the electronic device based on the device information;
and performing access control on the electronic equipment based on the access control strategy.
In some embodiments, the sending the probe packet based on each network address in the target address range includes:
and sequentially sending a plurality of detection messages of different types based on each network address in the target address range.
In some embodiments, the obtaining, based on the response message fed back by the surviving electronic device, device information of the electronic device includes:
analyzing the response message, and acquiring a network address of the electronic equipment and operating system information capable of representing the type of an operating system of the electronic equipment;
based on the operating system information, determining the device type of the electronic device, and generating device type information capable of representing the device type of the electronic device.
In some embodiments, the configuring an access control policy for the electronic device based on the device information includes:
generating an address resource object based on the network address;
configuring a first access control policy for a server if the device type information characterizes the electronic device as the server;
the first access control policy is configured to control access operations directed to the server by using the address resource object as a destination address.
In some embodiments, the configuring an access control policy for the electronic device based on the device information includes:
generating an address resource object based on the network address;
configuring a second access control policy for the electronic device if the device type information characterizes the electronic device as a workstation, a personal computer, or a network device;
the second access control policy is configured to control access operations of the electronic device to other electronic devices by using the address resource object as a source address.
In some embodiments, the configuring an access control policy for the electronic device based on the device information includes:
acquiring a control data set; wherein the control data set comprises device information of the electronic devices configured with access control policies, and access control policies configured for the respective electronic devices;
determining whether the electronic device is configured with an access control policy based on the control data set and the acquired device information of the electronic device;
under the condition that the electronic equipment is not configured with an access control strategy, the access control strategy is configured for the electronic equipment;
determining whether the acquired device information of the electronic device is identical to the device information of the electronic device recorded in the control data set under the condition that the electronic device is configured with an access control policy;
if not, the control data set is updated based on the acquired device information of the electronic device.
In some embodiments, the method further comprises:
acquiring equipment information of the electronic equipment input through an information input interface; or alternatively
An imported information file is obtained, wherein the information file comprises device information of one or more electronic devices.
A second aspect of the present application provides an access control apparatus, including:
the sending module is used for sending a detection message based on each network address in the target address range, wherein the detection message is used for detecting the electronic equipment in a survival state in the target address range;
the acquisition module is used for acquiring equipment information of the electronic equipment based on a response message fed back by the electronic equipment in a survival state;
a configuration module, configured to configure an access control policy for the electronic device based on the device information;
and the control module is used for carrying out access control on the electronic equipment based on the access control strategy.
A third aspect of the present application provides an electronic device comprising at least a memory having a program stored thereon and a processor, which when executing the program on the memory, implements a method as described above.
A fourth aspect of the present application provides a computer-readable storage medium having stored therein computer-executable instructions that when executed implement a method as described above.
According to the access control method, based on each network address in the target address range, a detection message is sent to detect the electronic equipment in the survival state in the target address range; acquiring equipment information of the electronic equipment based on a response message fed back by the electronic equipment in a survival state; configuring an access control strategy adapted to the electronic equipment for the electronic equipment based on the equipment information; and performing access control on the electronic equipment based on the access control strategy. Thus, the access control can be efficiently and accurately performed on various electronic devices to which the unit belongs, the network security can be improved, and the management cost is reduced.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the following drawings, in which:
fig. 1 is a flowchart of an access control method according to a first embodiment of the present application;
fig. 2 is a flowchart of one embodiment of step S130 in the access control method according to the first embodiment of the present application;
fig. 3 is a flowchart of another embodiment of step S130 in the access control method according to the first embodiment of the present application;
fig. 4 is a block diagram of an access control apparatus according to a second embodiment of the present application;
fig. 5 is a block diagram of an electronic device according to a third embodiment of the present application.
Detailed Description
The present application is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be noted that, for convenience of description, only the portions related to the present invention are shown in the drawings.
It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other. The present application will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
A first embodiment of the present application provides an access control method, and fig. 1 is a flowchart of the access control method of the first embodiment of the present application, and referring to fig. 1, the access control method of the first embodiment of the present application specifically includes the following steps.
S110, based on each network address in the target address range, sending a detection message, wherein the detection message is used for detecting the electronic equipment in the survival state in the target address range.
Alternatively, the access control method may be applied to an access control device, which may be a security protection apparatus set by an enterprise, an organization or an organization. The access control means may be formed by, for example, a server, a workstation or a network device.
Alternatively, the access control device may be equipped with the target address range in advance. For example, a network administrator may pre-configure a target address range via a configuration module. The target address range may be or include a network address range of an enterprise, organization or institution. The target address range may be an IP address range.
Optionally, the network addresses in the target address range may be used as target addresses to send a detection message. The detection message is used for detecting the electronic equipment in the survival state in the target address range, and the electronic equipment in the survival state is connected with the network through a network address in the target address range. That is, the detection message is used for detecting the electronic device in a connection state with the network through the network address in the target address range. Alternatively, the network may be an internal network of an enterprise, organization or institution, such as a local area network or a subnetwork.
S120, acquiring equipment information of the electronic equipment based on a response message fed back by the electronic equipment in a survival state.
Optionally, the detection message may be configured as a response message that can be fed back by the electronic device in the surviving state when the detection message is received by the electronic device in the surviving state. The access control device can send a detection message by taking the network address as a target address, and if the electronic equipment is connected with the network through the network address and receives the detection message, the electronic equipment feeds back a response message to the access control device. At this point, it may be determined that the network address has a corresponding surviving electronic device. If no response message is received within the target time frame, it may be determined that there is no surviving electronic device at the network address.
Optionally, step S120, based on the response message fed back by the electronic device in the surviving state, acquires device information of the electronic device, which may include the following steps.
S121, analyzing the response message, and acquiring the network address of the electronic equipment and the operating system information capable of representing the operating system type of the electronic equipment.
S122, determining the equipment type of the electronic equipment based on the operating system information, and generating equipment type information capable of representing the equipment type of the electronic equipment.
Optionally, the response message is acquired, and the response message may be parsed based on a protocol type of the response message. The source address of the response message may be used as a network address of the electronic device. For example, the source IP address and the MAC address of the electronic device may be obtained from the response message as the network address of the electronic device. In addition, operating system information which can characterize the operating system type of the electronic equipment can be obtained from the response message. Optionally, the device information may further include other information, for example, the device information may further include information capable of characterizing a service state of the electronic device, and so on.
Alternatively, in the case where the device information is acquired, the device type of the electronic device may be determined based on the operating system information. For example, when the operating system information of the electronic device includes a keyword such as Ubuntu, debian, server, the electronic device may be determined to be a server, and device type information capable of characterizing the electronic device as the server may be generated. Also for example, in the case where the operating system of the electronic device is an operating system of Linux, windows, windows8, windows11, or the like, the electronic device may be determined to be a workstation or a personal computer. For another example, in the case where the operating system of the electronic device is an operating system such as Vyatta, clearOS, endian, untangle, it may be determined that the electronic device is a network device such as a router or a switch.
S130, configuring an access control strategy for the electronic equipment based on the equipment information.
Alternatively, multiple access control policies may be formulated in advance for different types of electronic devices. After the device information is acquired, an adapted access control policy may be determined from among a plurality of access control policies formulated in advance based on the device information. For example, a plurality of different types of access control policies may be added in advance to the access control policy pool by the configuration module. After the device information is obtained, an access control policy may be selected from the access control policy pool based on the device information. In this way, the selected access control policy is adapted to the device type of the electronic device.
And S140, performing access control on the electronic equipment based on the access control strategy.
Alternatively, the electronic device may be monitored, for example, by an access control module. When the electronic equipment is detected to execute the network communication operation, whether the network communication operation needs to be detected or not is determined based on the access control strategy, and whether the network communication operation needs to be interfered is determined. If so, the network communication operation may be displayed based on the access control policy, or prompted, or the like. For example, the network communication operation may be disabled when the electronic device is detected to access an unsecure target device, or when the electronic device is accessed by an unsecure device. If the detection result indicates that the network communication operation is secure, the network communication operation may be released.
According to the access control method, based on each network address in the target address range, a detection message is sent to detect the electronic equipment in the survival state in the target address range; acquiring equipment information of the electronic equipment based on a response message fed back by the electronic equipment in a survival state; configuring an access control strategy adapted to the electronic equipment for the electronic equipment based on the equipment information; and performing access control on the electronic equipment based on the access control strategy. Thus, the access control can be efficiently and accurately performed on various electronic devices to which the unit belongs, the network security can be improved, and the management cost is reduced.
In some embodiments, step S110, based on each network address in the target address range, may include: and sequentially sending a plurality of detection messages of different types based on each network address in the target address range.
That is, based on each network address, a plurality of different types of probe messages are sent, and if the electronic device feeds back a response message for any one of the plurality of probe messages, it can be determined that the network address has the electronic device in a surviving state. Therefore, detection errors caused by filtering out the detection message by a firewall of the electronic equipment or packet loss can be avoided.
For example, a ICMP Echo Request message, TCP SYN packet to port 443 message, TCP ACK packet to port 80 message, and ICMP Timestamp Request message may be sent separately based on each IP address, and it is determined that the IP address has an electronic device in a surviving state as long as the electronic device feeds back a response message for one of the probe messages.
In some embodiments, the method may further comprise:
s110', acquiring equipment information of the electronic equipment input through an information input interface; or alternatively
S110", an imported information file is obtained, wherein the information file comprises device information of one or more electronic devices.
When sending the detection message, the electronic device may fail to detect due to the electronic device being in a closed state, the detection message being filtered by a firewall, or the detection message being lost. In order to control access to all the electronic devices belonging to the unit, device information of the electronic devices can be manually input through an information input interface, or an information file in which the device information is recorded can be imported. For example, the IP address, MAC address, device information, etc. of the electronic device may be recorded through an information table, which may be imported into the access control apparatus for the purpose of efficient information entry.
In some embodiments, in conjunction with the illustration of fig. 2, step S130, configuring an access control policy for the electronic device based on the device information may include the following steps.
S131, generating an address resource object based on the network address.
S132, configuring a first access control strategy for a server under the condition that the equipment type information characterizes the electronic equipment as the server. The first access control policy is configured to control access operations directed to the server by using the address resource object as a destination address.
S133, configuring a second access control strategy for the electronic equipment in the condition that the equipment type information characterizes the electronic equipment as a workstation, a personal computer or a network equipment. The second access control policy is configured to control access operations of the electronic device to other electronic devices by using the address resource object as a source address.
Alternatively, the address resource object may contain an IP address and a MAC address of the electronic device. Alternatively, the device type information may be a device identification capable of characterizing a device type of the electronic device. For example, servers, workstations, personal computers, and network devices may be identified by different identifiers.
When the electronic equipment is a server, a first access control strategy is configured for the server, and access operations of other electronic equipment to the server can be controlled based on the first access control strategy, so that malicious equipment is prevented from accessing the server.
And controlling access operation of the electronic equipment to other electronic equipment based on a second access control strategy under the condition that the electronic equipment is a workstation, a personal computer or a network equipment, so as to avoid the electronic equipment from accessing malicious equipment. Thus, effective protection strategies can be respectively formulated for different types of electronic equipment.
In some embodiments, in conjunction with the illustration of fig. 3, step S130, configuring an access control policy for the electronic device based on the device information may include the following steps.
S134, acquiring a control data set; wherein the control data set includes device information of the electronic devices configured with access control policies, and access control policies configured for the respective electronic devices.
S135, determining whether the electronic device is configured with an access control strategy based on the control data set and the acquired device information of the electronic device.
S136, configuring an access control strategy for the electronic equipment under the condition that the electronic equipment is not configured with the access control strategy;
and S137, determining whether the acquired device information of the electronic device is identical with the device information of the electronic device recorded in the control data set in the case that the electronic device is configured with an access control policy.
And S138, if the control data sets are different, updating the control data sets based on the acquired device information of the electronic device.
S139, if the control data sets are identical, not updating the control data sets.
That is, upon acquiring device information of an electronic device, it may be determined whether the electronic device has configured an access control policy. If the electronic device is not configured with the access control policy, the access control policy is configured for the electronic device based on the device information. If the electronic device has configured an access control policy, it is determined whether device information of the electronic device has changed. If the device information of the electronic device changes, the control data set may be updated based on the obtained device information. For example, when an electronic device corresponding to an IP address changes from a server to a workstation, the access control policy may be modified from a first access control policy to a second access control policy. Also for example, when an electronic device corresponding to an IP address changes from a workstation to a personal computer, the MAC address of the electronic device changes, and the MAC address in the control data set may be updated to ensure that an access control operation can be effectively performed on the electronic device. If the device information of the electronic device is unchanged, the device information and the corresponding response message can be discarded, and the control data set is not updated. In this way, the access control policy can be added surface-repeatedly.
Referring to fig. 4, a second embodiment of the present application provides an access control apparatus, including:
a sending module 201, configured to send a detection message based on each network address in the target address range, where the detection message is used to detect an electronic device in a surviving state in the target address range;
an obtaining module 202, configured to obtain device information of an electronic device in a surviving state based on a response message fed back by the electronic device;
a configuration module 203, configured to configure an access control policy for the electronic device based on the device information;
and the control module 204 is used for performing access control on the electronic equipment based on the access control strategy.
In some embodiments, the sending module 201 is specifically configured to:
and sequentially sending a plurality of detection messages of different types based on each network address in the target address range.
In some embodiments, the obtaining module 202 is specifically configured to:
analyzing the response message, and acquiring a network address of the electronic equipment and operating system information capable of representing the type of an operating system of the electronic equipment;
based on the operating system information, determining the device type of the electronic device, and generating device type information capable of representing the device type of the electronic device.
In some embodiments, the configuration module 203 is specifically configured to:
generating an address resource object based on the network address;
configuring a first access control policy for a server if the device type information characterizes the electronic device as the server;
the first access control policy is configured to control access operations directed to the server by using the address resource object as a destination address.
In some embodiments, the configuration module 203 is specifically configured to:
generating an address resource object based on the network address;
configuring a second access control policy for the electronic device if the device type information characterizes the electronic device as a workstation, a personal computer, or a network device;
the second access control policy is configured to control access operations of the electronic device to other electronic devices by using the address resource object as a source address.
In some embodiments, the configuration module 203 is specifically configured to:
acquiring a control data set; wherein the control data set comprises device information of the electronic devices configured with access control policies, and access control policies configured for the respective electronic devices;
determining whether the electronic device is configured with an access control policy based on the control data set and the acquired device information of the electronic device;
under the condition that the electronic equipment is not configured with an access control strategy, the access control strategy is configured for the electronic equipment;
determining whether the acquired device information of the electronic device is identical to the device information of the electronic device recorded in the control data set under the condition that the electronic device is configured with an access control policy;
if not, the control data set is updated based on the acquired device information of the electronic device.
In some embodiments, the acquisition module 202 is further configured to:
acquiring equipment information of the electronic equipment input through an information input interface; or alternatively
An imported information file is obtained, wherein the information file comprises device information of one or more electronic devices.
Referring to fig. 5, a third embodiment of the present application further provides an electronic device, at least including a memory 301 and a processor 302, where the memory 301 stores a program, and the processor 302 implements the method described in any of the embodiments above when executing the program on the memory 301. When the method described in the first embodiment is implemented, the electronic device is a server. When the method described in the second embodiment is implemented, the electronic device is a terminal device.
The fourth embodiment of the present application further provides a computer-readable storage medium having stored therein computer-executable instructions that, when executed, implement a method as in any of the embodiments above.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, an electronic device, a computer-readable storage medium, or a computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media having computer-usable program code embodied therein. When implemented in software, these functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The processor may be a general purpose processor, a digital signal processor, an application-specific integrated circuit (ASIC), a programmable logic device (programmable logic device, PLD), or a combination thereof. The PLD may be a complex programmable logic device (complex programmable logic device, CPLD), a field-programmable gate array (field-programmable gate array, FPGA), general-purpose array logic (generic array logic, GAL) or any combination thereof. The general purpose processor may be a microprocessor or any conventional processor or the like.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
The readable storage medium may be a magnetic disk, an optical disk, a DVD, a USB, a read-only memory (ROM), a random-access memory (RAM), etc., and the specific storage medium form is not limited in this application.
The above embodiments are only exemplary embodiments of the present application and are not intended to limit the present application, the scope of which is defined by the claims. Various modifications and equivalent arrangements may be made to the present application by those skilled in the art, which modifications and equivalents are also considered to be within the scope of the present application.
Claims (10)
1. An access control method, comprising:
based on each network address in the target address range, sending a detection message, wherein the detection message is used for detecting the electronic equipment in a survival state in the target address range;
acquiring equipment information of the electronic equipment based on a response message fed back by the electronic equipment in a survival state;
configuring an access control policy for the electronic device based on the device information;
and performing access control on the electronic equipment based on the access control strategy.
2. The access control method according to claim 1, wherein the sending the probe message based on each network address in the target address range includes:
and sequentially sending a plurality of detection messages of different types based on each network address in the target address range.
3. The access control method according to claim 1, wherein the obtaining the device information of the electronic device based on the response message fed back by the electronic device in the surviving state includes:
analyzing the response message, and acquiring a network address of the electronic equipment and operating system information capable of representing the type of an operating system of the electronic equipment;
based on the operating system information, determining the device type of the electronic device, and generating device type information capable of representing the device type of the electronic device.
4. The access control method according to claim 3, wherein said configuring an access control policy for the electronic device based on the device information comprises:
generating an address resource object based on the network address;
configuring a first access control policy for a server if the device type information characterizes the electronic device as the server;
the first access control policy is configured to control access operations directed to the server by using the address resource object as a destination address.
5. The access control method according to claim 3, wherein said configuring an access control policy for the electronic device based on the device information comprises:
generating an address resource object based on the network address;
configuring a second access control policy for the electronic device if the device type information characterizes the electronic device as a workstation, a personal computer, or a network device;
the second access control policy is configured to control access operations of the electronic device to other electronic devices by using the address resource object as a source address.
6. The access control method according to claim 1, wherein the configuring an access control policy for the electronic device based on the device information includes:
acquiring a control data set; wherein the control data set comprises device information of the electronic devices configured with access control policies, and access control policies configured for the respective electronic devices;
determining whether the electronic device is configured with an access control policy based on the control data set and the acquired device information of the electronic device;
under the condition that the electronic equipment is not configured with an access control strategy, the access control strategy is configured for the electronic equipment;
determining whether the acquired device information of the electronic device is identical to the device information of the electronic device recorded in the control data set under the condition that the electronic device is configured with an access control policy;
if not, the control data set is updated based on the acquired device information of the electronic device.
7. The access control method according to claim 1, characterized in that the method further comprises:
acquiring equipment information of the electronic equipment input through an information input interface; or alternatively
An imported information file is obtained, wherein the information file comprises device information of one or more electronic devices.
8. An access control apparatus, comprising:
the sending module is used for sending a detection message based on each network address in the target address range, wherein the detection message is used for detecting the electronic equipment in a survival state in the target address range;
the acquisition module is used for acquiring equipment information of the electronic equipment based on a response message fed back by the electronic equipment in a survival state;
a configuration module, configured to configure an access control policy for the electronic device based on the device information;
and the control module is used for carrying out access control on the electronic equipment based on the access control strategy.
9. An electronic device comprising at least a memory and a processor, the memory having a program stored thereon, characterized in that the processor, when executing the program on the memory, implements the method of any of claims 1-7.
10. A computer readable storage medium having stored therein computer executable instructions, wherein the computer executable instructions in the computer readable storage medium when executed implement the method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211686960.9A CN116015876B (en) | 2022-12-27 | 2022-12-27 | Access control method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211686960.9A CN116015876B (en) | 2022-12-27 | 2022-12-27 | Access control method, device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116015876A true CN116015876A (en) | 2023-04-25 |
| CN116015876B CN116015876B (en) | 2024-01-26 |
Family
ID=86027774
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211686960.9A Active CN116015876B (en) | 2022-12-27 | 2022-12-27 | Access control method, device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116015876B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101056306A (en) * | 2006-04-11 | 2007-10-17 | 中兴通讯股份有限公司 | Network device and its access control method |
| CN102055735A (en) * | 2009-11-04 | 2011-05-11 | 中国移动通信集团山东有限公司 | Configuration method and device of firewall access control policy |
| CN106230800A (en) * | 2016-07-25 | 2016-12-14 | 恒安嘉新(北京)科技有限公司 | A kind of to assets active probe with the method for leak early warning |
| US20170220798A1 (en) * | 2014-12-16 | 2017-08-03 | Hewlett Packard Enterprise Development Lp | Determining permissible activity based on permissible activity rules |
| CN109802953A (en) * | 2018-12-29 | 2019-05-24 | 北京奇安信科技有限公司 | A kind of recognition methods of industry control assets and device |
| CN111314286A (en) * | 2019-12-20 | 2020-06-19 | 杭州迪普科技股份有限公司 | Configuration method and device of security access control policy |
| US11356419B1 (en) * | 2021-10-01 | 2022-06-07 | Oversec, Uab | System and method for retrieving aggregated information about virtual private network servers |
| CN115348171A (en) * | 2022-08-12 | 2022-11-15 | 中国工商银行股份有限公司 | Method, apparatus, device and medium for managing access control list of network device |
| CN115514586A (en) * | 2022-11-24 | 2022-12-23 | 河北纬坤电子科技有限公司 | Access control policy configuration method and electronic equipment |
-
2022
- 2022-12-27 CN CN202211686960.9A patent/CN116015876B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101056306A (en) * | 2006-04-11 | 2007-10-17 | 中兴通讯股份有限公司 | Network device and its access control method |
| CN102055735A (en) * | 2009-11-04 | 2011-05-11 | 中国移动通信集团山东有限公司 | Configuration method and device of firewall access control policy |
| US20170220798A1 (en) * | 2014-12-16 | 2017-08-03 | Hewlett Packard Enterprise Development Lp | Determining permissible activity based on permissible activity rules |
| CN106230800A (en) * | 2016-07-25 | 2016-12-14 | 恒安嘉新(北京)科技有限公司 | A kind of to assets active probe with the method for leak early warning |
| CN109802953A (en) * | 2018-12-29 | 2019-05-24 | 北京奇安信科技有限公司 | A kind of recognition methods of industry control assets and device |
| CN111314286A (en) * | 2019-12-20 | 2020-06-19 | 杭州迪普科技股份有限公司 | Configuration method and device of security access control policy |
| US11356419B1 (en) * | 2021-10-01 | 2022-06-07 | Oversec, Uab | System and method for retrieving aggregated information about virtual private network servers |
| CN115348171A (en) * | 2022-08-12 | 2022-11-15 | 中国工商银行股份有限公司 | Method, apparatus, device and medium for managing access control list of network device |
| CN115514586A (en) * | 2022-11-24 | 2022-12-23 | 河北纬坤电子科技有限公司 | Access control policy configuration method and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116015876B (en) | 2024-01-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11082436B1 (en) | System and method for offloading packet processing and static analysis operations | |
| US11089057B1 (en) | System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits | |
| US10929538B2 (en) | Network security protection method and apparatus | |
| US8839442B2 (en) | System and method for enabling remote registry service security audits | |
| US8972571B2 (en) | System and method for correlating network identities and addresses | |
| US8321943B1 (en) | Programmatic communication in the event of host malware infection | |
| US8844041B1 (en) | Detecting network devices and mapping topology using network introspection by collaborating endpoints | |
| CN111010409B (en) | Encryption attack network traffic detection method | |
| US10491561B2 (en) | Equipment for offering domain-name resolution services | |
| EP3297248B1 (en) | System and method for generating rules for attack detection feedback system | |
| US20200296121A1 (en) | Network traffic threat identification | |
| WO2020142133A1 (en) | Rogue device detection including mac address spoofing detection | |
| US20120005743A1 (en) | Internal network management system, internal network management method, and program | |
| US10834125B2 (en) | Method for defending against attack, defense device, and computer readable storage medium | |
| US20180020017A1 (en) | Advanced persistent threat mitigation | |
| CN110677414A (en) | Network detection method and device, electronic equipment and computer readable storage medium | |
| US9614719B2 (en) | Method for ensuring reliable communication between security software client and cloud, and security software client | |
| CN116015876B (en) | Access control method, device, electronic equipment and storage medium | |
| CN113965343B (en) | Terminal equipment isolation method and device based on local area network | |
| US10015179B2 (en) | Interrogating malware | |
| CN115296893A (en) | Method, device, system and medium for detecting address information abnormity | |
| CN110995738A (en) | Violent cracking behavior identification method and device, electronic equipment and readable storage medium | |
| JP4710889B2 (en) | Attack packet countermeasure system, attack packet countermeasure method, attack packet countermeasure apparatus, and attack packet countermeasure program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |