CN112615832A - Method and related device for blocking SMB lateral movement - Google Patents
Method and related device for blocking SMB lateral movement Download PDFInfo
- Publication number
- CN112615832A CN112615832A CN202011445119.1A CN202011445119A CN112615832A CN 112615832 A CN112615832 A CN 112615832A CN 202011445119 A CN202011445119 A CN 202011445119A CN 112615832 A CN112615832 A CN 112615832A
- Authority
- CN
- China
- Prior art keywords
- workstation
- smb
- server
- blocking
- servers
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000000903 blocking effect Effects 0.000 title claims abstract description 47
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000004590 computer program Methods 0.000 claims description 10
- 230000002401 inhibitory effect Effects 0.000 claims description 2
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 claims description 2
- 230000000694 effects Effects 0.000 abstract description 4
- 238000007726 management method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The application discloses a method for blocking SMB lateral shifting, which comprises the following steps: grading the servers; wherein the workstation is at a lowest level; disabling a server ranked higher than the workstation from logging into the workstation; closing a server port of the workstation to reject SMB traffic flowing into the workstation; creating a DENY SMB strategy for the first class server; ASR rules are created for the second category of servers. The method can reliably and effectively block the SMB from transversely moving and prevent the harm caused by the SMB from transversely moving in an intranet in a large scale. The application also discloses a device, equipment and computer readable storage medium for blocking SMB lateral shifting, which all have the technical effects.
Description
Technical Field
The application relates to the technical field of network security, in particular to a method for blocking SMB lateral movement; it also relates to an apparatus, a device and a computer readable storage medium for blocking SMB lateral movement.
Background
SMB (Server Message Block) is a network file sharing and data structure protocol. SMB is almost used by devices employing various operating systems, including Windows, MacOS, iOS, Linux, and Android. Clients may use SMB to access data on the server, thereby allowing for file sharing, centralized data management, and reduced storage capacity requirements for the mobile device. Lateral movement refers to a technique used by a network attacker after obtaining initial access rights, and can go deep into the network to search for sensitive data and other high-value assets. Upon entering the network, an attacker can obtain rights by moving in the infected environment and using various tools, and persist control rights.
At present, the blocking of SMB lateral movement depends on upgrading patches issued by windows, however, the patches are time-efficient and can be bypassed by emerging technologies, so that the blocking and defending method depending on the upgrading patches is relatively one-sided, the SMB lateral movement cannot be reliably blocked, and the risk of damage expansion exists.
In view of the above, providing a reliable scheme for blocking SMB lateral shift has become an urgent technical problem to be solved by those skilled in the art.
Disclosure of Invention
The application aims to provide a method for blocking SMB lateral shifting, which can reliably and effectively block the SMB lateral shifting. It is another object of the present application to provide an apparatus, a device and a computer-readable storage medium for blocking SMB lateral movement, all having the above technical effects.
In order to solve the technical problem, the application provides a method for blocking SMB lateral shift, which comprises the following steps:
grading the servers; wherein the workstation is at a lowest level;
disabling a server ranked higher than the workstation from logging into the workstation;
closing a server port of the workstation to reject SMB traffic flowing into the workstation;
creating a DENY SMB strategy for the first class server;
ASR rules are created for the second category of servers.
Optionally, the ranking the servers includes:
dividing a domain control server into the highest grade, dividing the workstation into the lowest grade, and dividing other servers except the domain control server and the workstation into intermediate grades;
accordingly, inhibiting a server that is ranked higher than the workstation from logging into the workstation comprises:
and forbidding the domain control server and the other servers to log in the workstation.
Optionally, the closing the server port of the workstation includes:
the 139 and 445 ports of the workstation are closed.
Optionally, the method further includes:
assigning permissions allowing local login to administrator groups and user groups of the workstation;
assigning a right to allow local login to an administrator group of the domain control server.
Optionally, the method further includes:
and setting an administrator and a backup operator for the other servers.
For solving above-mentioned technical problem, this application still provides a device of blocking SMB lateral shifting, includes:
the grading module is used for grading the servers; wherein the workstation is at a lowest level;
the forbidding module is used for forbidding a server with a higher level than the workstation to log in the workstation;
the closing module is used for closing a server port of the workstation to refuse SMB flow to flow into the workstation;
the first creating module is used for creating a DENY SMB strategy for the first class server;
and the second creating module is used for creating the ASR rule for the second class server.
Optionally, the classification module is specifically configured to classify a domain control server into a highest grade, classify the workstation into a lowest grade, and classify other servers except the domain control server and the workstation into intermediate grades;
correspondingly, the forbidding module is specifically configured to forbid the domain control server and the other servers from logging in to the workstation.
Optionally, the closing module is specifically configured to close 139 ports and 445 ports of the workstation.
For solving above-mentioned technical problem, this application still provides a block SMB lateral shifting's equipment, includes:
a memory for storing a computer program;
a processor for implementing the steps of the method of blocking SMB lateral movement of any of the above when said computer program is executed.
To solve the above technical problem, the present application further provides a computer-readable storage medium having a computer program stored thereon, where the computer program is executed by a processor to implement the steps of the method for blocking SMB lateral shift according to any one of the above-mentioned embodiments.
The method for blocking SMB lateral shifting provided by the application comprises the following steps: grading the servers; wherein the workstation is at a lowest level; disabling a server ranked higher than the workstation from logging into the workstation; closing a server port of the workstation to reject SMB traffic flowing into the workstation; creating a DENY SMB strategy for the first class server; ASR rules are created for the second category of servers.
It can be seen that compared with the traditional technical scheme of blocking SMB lateral movement by depending on the upgrade patch issued by windows, the method for blocking SMB lateral movement provided by the application performs SMB lateral movement blocking in multiple dimensions, by classifying the servers and prohibiting SMB lateral movement between the upper and lower servers, by closing the server ports of the workstation, and by creating a DENY SMB strategy and ASR rules for the servers, SMB lateral movement can be reliably and effectively blocked, and damage caused by large-scale lateral movement of SMB in the intranet is prevented.
The device, the equipment and the computer-readable storage medium for blocking the SMB lateral movement have the technical effects.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed in the prior art and the embodiments are briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a schematic flow chart of a method for blocking SMB lateral shift according to an embodiment of the present application;
fig. 2 is a schematic view of an apparatus for blocking SMB lateral movement according to an embodiment of the present application;
fig. 3 is a schematic diagram of an apparatus for blocking SMB lateral movement according to an embodiment of the present application.
Detailed Description
The core of the application is to provide a method for blocking SMB lateral shifting, which can reliably and effectively block SMB lateral shifting. Another core of the present application is to provide an apparatus, a device and a computer-readable storage medium for blocking SMB lateral movement, which all have the above technical effects.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a schematic flow chart of a method for blocking SMB lateral shift according to an embodiment of the present application, and referring to fig. 1, the method includes:
s101: grading the servers; wherein the workstation is at a lowest level;
specifically, this step is intended to perform server ranking, and may specifically be performed according to the role of the server itself in the intranet. Wherein, the workstation is the lowest level server.
In one specific embodiment, the manner in which the servers are ranked may be as follows: the domain control server is divided into the highest grade, the workstation is divided into the lowest grade, and other servers except the domain control server and the workstation are divided into the middle grade.
Specifically, the server in this embodiment includes three layers, namely, a domain control server, a workstation, and other servers except the domain control server and the workstation. And the domain control server is classified into the highest level 0 level, the workstation is classified into the lowest level 2 level, and the other servers out of the domain control server and the workstation are classified into the intermediate level, i.e., 1 level between the level 0 and the level 2. Other servers may include file servers, logging servers, and the like.
S102: prohibiting a server with a higher level than the workstation from logging into the workstation;
specifically, the servers are classified, so that the on-off relationship among the servers is clarified, and on the basis of the clarified on-off relationship, the servers with the higher grades than the workstation are prohibited from logging in the workstation. Therefore, when a certain workstation is invaded by a network attacker and further invades a higher-level server of the workstation, the network attacker can be prevented from further invading other workstations through the server with the higher level than the workstation by forbidding the server with the higher level than the workstation to log in the workstation, and the SMB lateral movement is prevented.
On the basis of the above embodiment in which the domain control server is divided into the highest level, the workstation is divided into the lowest level, and the other servers except the domain control server and the workstation are divided into the intermediate level, the corresponding manner for prohibiting the server with the level higher than the workstation from logging in the workstation is as follows: and forbidding the domain control server and other servers to log in the workstation.
For example, taking 3 workstations as an example, after the workstation 1 is invaded by a network attacker and further invades other servers through the workstation 1, because other servers are prohibited from logging in the workstation, even if the network attacker invades other servers, the workstation 2 and the workstation 3 cannot be further invaded by other servers, thereby effectively blocking the SMB from moving transversely.
S103: closing a server port of the workstation to refuse SMB traffic to flow into the workstation;
in particular, this step is intended to reject SMB traffic flowing into the workstation. In particular, a windows firewall may be used to close portions of the server ports of the workstation to deny SMB traffic flowing into the workstation.
In a specific embodiment, the closing the server port of the workstation may include: the 139 and 445 ports of the workstation are closed.
Specifically, in this embodiment, the closed server ports of the workstation are specifically 139 port and 445 port, and all inbound traffic of the 139 port and the 445 port may be rejected by issuing a group policy using a windows firewall.
S104: creating a DENY SMB strategy for the first class server;
specifically, this step is directed to creating a DENY SMB policy for the first class of servers. The first category server is a server with a general risk of being invaded. Specifically, a domain control server, a file server and a log record server which are communicated with a workstation are screened out, and a DENY SMB strategy is created under the group strategy path of the domain control server, the file server and the log record server, so that the purpose of rejecting most SMBs from the workstation to the domain control server, the file server and the like is achieved. Wherein, the group policy path is: group policy management editor/computer configuration/preferences/windows settings/registry.
S105: ASR rules are created for the second category of servers.
Specifically, this step is intended to create an ASR (Attack Surface Reduction) rule for the second class of servers. The second category of servers refers to servers with higher risk of being invaded, namely high-risk servers. By creating ASR rules for high-risk servers helps prevent malware from being used to compromise the operation of a device or network, blocking SMB lateral movement of the host layer.
Specifically, open group policy path: the method comprises the steps of managing an editor, a strategy, a management template, a Windows component, Microsoft depender antivirus, Windows Defender vulnerability protection, attack face reduction and attack face reduction, configuring attack face reduction rules, configuring specific ASR rule IDs, issuing ASR rules through a group strategy to block flow creation of PSExec and WMI commands, block stealing of credentials from a Windows local security authorization subsystem (lsass. exe), block JavaScript or VBScript from starting downloaded executable content and block all Office application program creation sub-processes.
On the basis of the above embodiment, the method further includes: assigning permissions allowing local login to administrator groups and user groups of the workstation; assigning a right to allow local login to an administrator group of the domain control server; and set up administrators and backup operators for other servers.
Specifically, for the domain control server, only the user authority allowing local login is assigned to the administerrates group, i.e., the administrator group. For other types of servers, a backup operator may be added in addition to the administrator. For the workstation, in addition to assigning the user right to allow local login to the administrator group, the user right to allow local login is also assigned to the user group.
In summary, the method for blocking SMB lateral shift provided by the present application includes: grading the servers; wherein the workstation is at a lowest level; disabling a server ranked higher than the workstation from logging into the workstation; closing a server port of the workstation to reject SMB traffic flowing into the workstation; creating a DENY SMB strategy for the first class server; ASR rules are created for the second category of servers. Compared with the traditional technical scheme of blocking SMB lateral movement by depending on upgrading patches issued by windows, the method for blocking SMB lateral movement provided by the application carries out the blocking of SMB lateral movement in multiple dimensions, the server is classified and the SMB lateral movement between the upper-level server and the lower-level server is forbidden, the SMB lateral movement can be reliably and effectively blocked by closing the server port of the workstation and establishing a DENY SMB strategy and an ASR rule for the server, and the harm caused by the large-scale lateral movement of the SMB in an intranet is prevented.
The application also provides a device for blocking SMB lateral movement, and the device described below can be mutually and correspondingly referenced with the method described above. Referring to fig. 2, fig. 2 is a schematic view of an apparatus for blocking SMB lateral movement according to an embodiment of the present application, and referring to fig. 2, the apparatus includes:
a grading module 10 for grading the servers; wherein the workstation is at a lowest level;
a prohibition module 20 for prohibiting a server with a higher rank than the workstation from logging into the workstation;
a closing module 30, configured to close a server port of the workstation to reject SMB traffic from flowing into the workstation;
a first creation module 40, configured to create a DENY SMB policy for the first class server;
a second creating module 50 for creating ASR rules for the second class server.
On the basis of the foregoing embodiment, as a specific implementation manner, the classification module 10 is specifically configured to divide a domain control server into a highest class, divide a workstation into a lowest class, and divide servers other than the domain control server and the workstation into an intermediate class;
correspondingly, the prohibiting module 20 is specifically configured to prohibit the domain control server and the other servers from logging in to the workstation.
On the basis of the foregoing embodiment, as a specific implementation manner, the shutdown module 30 is specifically configured to shutdown 139 ports and 445 ports of the workstation.
On the basis of the above embodiment, as a specific implementation manner, the method further includes:
a first allocation module for allocating permissions allowing local login to administrator groups and user groups of the workstation;
and the second distribution module is used for distributing the authority for allowing local login to the administrator group of the domain control server.
On the basis of the above embodiment, as a specific implementation manner, the method further includes:
and the setting module is used for setting an administrator and a backup operator for the other servers.
The present application also provides an apparatus for blocking SMB lateral movement, shown with reference to fig. 3, comprising a memory 1 and a processor 2.
A memory 1 for storing a computer program;
a processor 2 for executing a computer program to implement the steps of:
grading the servers; wherein the workstation is at a lowest level; disabling a server ranked higher than the workstation from logging into the workstation; closing a server port of the workstation to reject SMB traffic flowing into the workstation; creating a DENY SMB strategy for the first class server; ASR rules are created for the second category of servers.
For the introduction of the device provided in the present application, please refer to the above method embodiment, which is not described herein again.
The present application further provides a computer readable storage medium having a computer program stored thereon, which when executed by a processor, performs the steps of:
grading the servers; wherein the workstation is at a lowest level; disabling a server ranked higher than the workstation from logging into the workstation; closing a server port of the workstation to reject SMB traffic flowing into the workstation; creating a DENY SMB strategy for the first class server; ASR rules are created for the second category of servers.
The computer-readable storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
For the introduction of the computer-readable storage medium provided in the present application, please refer to the above method embodiments, which are not described herein again.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device, the apparatus and the computer-readable storage medium disclosed by the embodiments correspond to the method disclosed by the embodiments, so that the description is simple, and the relevant points can be referred to the description of the method.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The method, apparatus, device and computer readable storage medium for blocking SMB lateral shift provided by the present application are described in detail above. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
Claims (10)
1. A method of blocking SMB lateral movement, comprising:
grading the servers; wherein the workstation is at a lowest level;
disabling a server ranked higher than the workstation from logging into the workstation;
closing a server port of the workstation to reject SMB traffic flowing into the workstation;
creating a DENY SMB strategy for the first class server;
ASR rules are created for the second category of servers.
2. A method of blocking SMB lateral movement in accordance with claim 1, wherein said ranking servers comprises:
dividing a domain control server into the highest grade, dividing the workstation into the lowest grade, and dividing other servers except the domain control server and the workstation into intermediate grades;
accordingly, inhibiting a server that is ranked higher than the workstation from logging into the workstation comprises:
and forbidding the domain control server and the other servers to log in the workstation.
3. A method of blocking SMB lateral movement in accordance with claim 1, wherein said shutting down a server port of said workstation comprises:
the 139 and 445 ports of the workstation are closed.
4. The method of blocking SMB lateral movement of claim 1, further comprising:
assigning permissions allowing local login to administrator groups and user groups of the workstation;
assigning a right to allow local login to an administrator group of the domain control server.
5. The method of blocking SMB lateral movement of claim 1, further comprising:
and setting an administrator and a backup operator for the other servers.
6. A device for blocking SMB lateral movement, comprising:
the grading module is used for grading the servers; wherein the workstation is at a lowest level;
the forbidding module is used for forbidding a server with a higher level than the workstation to log in the workstation;
the closing module is used for closing a server port of the workstation to refuse SMB flow to flow into the workstation;
the first creating module is used for creating a DENY SMB strategy for the first class server;
and the second creating module is used for creating the ASR rule for the second class server.
7. The device for blocking SMB lateral movement according to claim 6, wherein the classification module is specifically configured to classify a domain control server into a highest class, classify the workstation into a lowest class, and classify other servers except the domain control server and the workstation into an intermediate class;
correspondingly, the forbidding module is specifically configured to forbid the domain control server and the other servers from logging in to the workstation.
8. Device for blocking SMB lateral movement according to claim 7, characterised in that the shut-down module is specifically adapted to shut down 139 and 445 ports of the workstation.
9. An apparatus for blocking SMB lateral movement, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the method of blocking SMB lateral movement of any one of claims 1 to 5 when said computer program is executed.
10. A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, carries out the steps of the method of blocking SMB lateral movement of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011445119.1A CN112615832B (en) | 2020-12-11 | 2020-12-11 | A method and related device for blocking lateral movement of SMB |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011445119.1A CN112615832B (en) | 2020-12-11 | 2020-12-11 | A method and related device for blocking lateral movement of SMB |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112615832A true CN112615832A (en) | 2021-04-06 |
| CN112615832B CN112615832B (en) | 2022-08-02 |
Family
ID=75232891
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011445119.1A Active CN112615832B (en) | 2020-12-11 | 2020-12-11 | A method and related device for blocking lateral movement of SMB |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112615832B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060069683A1 (en) * | 2004-09-30 | 2006-03-30 | Braddy Ricky G | Method and apparatus for assigning access control levels in providing access to networked content files |
| US20100088767A1 (en) * | 2008-10-08 | 2010-04-08 | Sourcefire, Inc. | Target-based smb and dce/rpc processing for an intrusion detection system or intrusion prevention system |
| CN102362281A (en) * | 2009-03-18 | 2012-02-22 | 日本电气株式会社 | Policy generation and conversion system, policy distribution system, and method and program therefor |
| US20130055359A1 (en) * | 2010-06-25 | 2013-02-28 | Nec Corporation | Secret information leakage prevention system, secret information leakage prevention method and secret information leakage prevention program |
| CN103391273A (en) * | 2012-05-08 | 2013-11-13 | 孙玮 | Method and device for controlling access authority of internet website user information |
| US20140026181A1 (en) * | 2012-07-19 | 2014-01-23 | Box, Inc. | Data loss prevention (dlp) methods and architectures by a cloud service |
| CN103780684A (en) * | 2014-01-10 | 2014-05-07 | 清华大学 | Method for data sharing among intelligent equipment based on file system |
| CN104539611A (en) * | 2014-12-26 | 2015-04-22 | 北京奇虎科技有限公司 | Method, device and system for managing shared file |
| US9264395B1 (en) * | 2012-04-11 | 2016-02-16 | Artemis Internet Inc. | Discovery engine |
| CN110933094A (en) * | 2019-12-04 | 2020-03-27 | 深信服科技股份有限公司 | Network security equipment and smb vulnerability detection method, device and medium thereof |
| US20200287938A1 (en) * | 2019-03-07 | 2020-09-10 | Microsoft Technology Licensing, Llc | Adaptation of attack surface reduction clusters |
-
2020
- 2020-12-11 CN CN202011445119.1A patent/CN112615832B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060069683A1 (en) * | 2004-09-30 | 2006-03-30 | Braddy Ricky G | Method and apparatus for assigning access control levels in providing access to networked content files |
| US20100088767A1 (en) * | 2008-10-08 | 2010-04-08 | Sourcefire, Inc. | Target-based smb and dce/rpc processing for an intrusion detection system or intrusion prevention system |
| CN102362281A (en) * | 2009-03-18 | 2012-02-22 | 日本电气株式会社 | Policy generation and conversion system, policy distribution system, and method and program therefor |
| US20130055359A1 (en) * | 2010-06-25 | 2013-02-28 | Nec Corporation | Secret information leakage prevention system, secret information leakage prevention method and secret information leakage prevention program |
| US9264395B1 (en) * | 2012-04-11 | 2016-02-16 | Artemis Internet Inc. | Discovery engine |
| CN103391273A (en) * | 2012-05-08 | 2013-11-13 | 孙玮 | Method and device for controlling access authority of internet website user information |
| US20140026181A1 (en) * | 2012-07-19 | 2014-01-23 | Box, Inc. | Data loss prevention (dlp) methods and architectures by a cloud service |
| CN103780684A (en) * | 2014-01-10 | 2014-05-07 | 清华大学 | Method for data sharing among intelligent equipment based on file system |
| CN104539611A (en) * | 2014-12-26 | 2015-04-22 | 北京奇虎科技有限公司 | Method, device and system for managing shared file |
| US20200287938A1 (en) * | 2019-03-07 | 2020-09-10 | Microsoft Technology Licensing, Llc | Adaptation of attack surface reduction clusters |
| CN110933094A (en) * | 2019-12-04 | 2020-03-27 | 深信服科技股份有限公司 | Network security equipment and smb vulnerability detection method, device and medium thereof |
Non-Patent Citations (1)
| Title |
|---|
| 韦加宁等: "专网安全保护策略研究", 《信息网络安全》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112615832B (en) | 2022-08-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5203969B2 (en) | Securing data in a networked environment | |
| US12081577B2 (en) | Systems and methods for automated risk-based network security focus | |
| CN113169975A (en) | Automatic generation of security rules for network microsegmentation and nanosegmentation | |
| US10467058B2 (en) | Sandboxing for multi-tenancy | |
| CN101018200B (en) | Bi-planar network architecture | |
| CN114553540B (en) | Zero trust-based Internet of things system, data access method, device and medium | |
| US11757888B2 (en) | Systems and methods for fine grained forward testing for a ZTNA environment | |
| US20220400113A1 (en) | Systems and methods for focused learning of application structure and ztna policy generation | |
| CN111212077B (en) | Host access system and method | |
| US10911487B2 (en) | On-device network protection | |
| CN116566747B (en) | Security protection methods and devices based on industrial Internet | |
| CN113407941A (en) | Edge cloud node and terminal user security management method | |
| EP4338075B1 (en) | Abnormally permissive role definition detection systems | |
| US12022292B2 (en) | Partial limitation of a mobile network device | |
| US12177261B2 (en) | Adaptive network security using zero trust microsegmentation | |
| CN112615832A (en) | Method and related device for blocking SMB lateral movement | |
| US20230132611A1 (en) | Abnormal classic authorization detection systems | |
| CN112912879A (en) | Apparatus and method for secure messaging between processes | |
| US12321444B2 (en) | Partial limitation of a mobile network device | |
| CN117354060B (en) | Method, system and medium for detecting loopholes of cloud computing IaaS layer | |
| Alsalamh et al. | DMoiSDN: A defensive mechanism of object integrity for SDN | |
| CN113343282A (en) | File security monitoring method and system for mandatory access control and storage medium | |
| CN119814443A (en) | A cloud data center security protection method, device, electronic equipment and medium | |
| HK40042840A (en) | System for and method of determining data connections between software applications | |
| CN120145358A (en) | Access rights management method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20210406 Assignee: Dbappsecurity Co.,Ltd. Assignor: Hangzhou Anheng Information Security Technology Co.,Ltd. Contract record no.: X2024980043371 Denomination of invention: A method and related device for blocking lateral movement of SMB Granted publication date: 20220802 License type: Common License Record date: 20241231 |
|
| EE01 | Entry into force of recordation of patent licensing contract |