Method for building globle network safety system in tracing to the source in each sub domain

A network security and global network technology, applied in the field of computer Internet global network security architecture, can solve problems such as hindering the deployment of new Internet services, difficulty in forming a unified standard, and increased security costs

Active Publication Date: 2009-11-25
G CLOUD TECH
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The solutions proposed by these manufacturers have solved part of the security threats from the intranet to a certain extent, but it is still difficult to defend against new types of attacks from the business layer. External security black holes on the Internet still exist, and at the same time, too strict security access restrictions have It may hinder the deployment of new Internet services, and its frequent authentication and maintenance will greatly increase the security overhead, and the user's rights, privacy, and freedom will also be severely damaged
[0005] Especially for the Internet that crosses different jurisdictional boundaries, it is difficult to form a unified standard for the regulatory control between different network areas due to technical, interest, and geographical constraints. There are major difficulties and defects in transition and inter-domain security control supervision

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for building globle network safety system in tracing to the source in each sub domain
  • Method for building globle network safety system in tracing to the source in each sub domain
  • Method for building globle network safety system in tracing to the source in each sub domain

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

[0027] Such as figure 2 As shown, the construction method of the sub-domain traceability type global network security system of the present invention specifically includes the following steps:

[0028] Step 10, divide the entire Internet into multiple network security domains, and each network security domain has a security control point.

[0029] The security control point has at least the following functions: it can perform access control on any node in the network security domain; it can detect and analyze the security status of any node; Control strategies, such as requiring anti-virus software to be loaded, eliminating system security holes, etc.; all nodes can be controlled and managed in parallel at the same time.

[0030] When dividing the network security domains, follow the following principles:

[0031] There is a unified securit...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for constructing a domain-divided traceability global network security system, comprising: dividing the Internet into network security domains; forming the network security domain into a virtual safety network area, and other parts of the Internet except the network security domain form a non-virtual network security domain; Safety network area; adopt different security access and admission policies according to the source of the flow entering the security domain; monitor the security status of the node, and send a source tracing notification to the attack flow; the security control point performs a security check on the node according to the source tracing notification, , to judge whether the traceability is successful, if successful, send a response message of successful traceability, if not, the security control point that sends the traceability notification takes corresponding security measures. The present invention can provide a clear security boundary and a reasonable means of dividing security domains for the security defense of the Internet, taking into account both security and efficiency, and the traceability method can provide application-layer attack protection that cannot be achieved by traditional architectures, and is a defense against DDoS attacks architecture.

Description

technical field [0001] The invention relates to a computer Internet global network security framework based on the TCP / IP protocol, in particular to a domain-based traceability global network security framework. Background technique [0002] The emergence and widespread use of the Internet has changed the traditional concepts of work, communication, commerce and security. At the same time, because of the openness of its resources, the security of the Internet has become a very challenging problem. [0003] Traditional network security protection mainly isolates the internal network that needs to be defended from the external network by setting up security tools such as firewalls (FW) at network boundary points. Such as figure 1 As shown, this closed and isolated defense architecture has many defects and deficiencies. It not only cannot prevent attacks from inside the network, but also cannot effectively defend against application-layer attacks from the external network. In...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 李彦君张国清沈苏彬
Owner G CLOUD TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products