Unlock instant, AI-driven research and patent intelligence for your innovation.

Method of terminal exchange access and control device thereof

A control device and terminal technology, applied in the field of communication, can solve problems such as relatively high requirements, unable to work normally, and information security, etc., and achieve the effect of reducing information security risks

Inactive Publication Date: 2013-01-02
HUAWEI DIGITAL TECH (CHENGDU) CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0015] 2. Control and repair the network access range of terminals (terminals deployed with a security agent, pass identity authentication, but fail the enterprise security policy compliance check), making it impossible to access domain resources after authentication, and unable to work normally, so as to force the terminal Make remediation to meet the security policy of the enterprise;
[0019] There is a kind of prior art that uses 802.1X mode to realize network admission control, but it has the following defects: 1. The 802.1X scheme based on dynamic VLAN (virtual local area network) needs to carry out major adjustment to existing network structure, to A large number of switches in the network are divided into VLANs, and ACL (Access Control List) needs to be configured on the switches at the aggregation layer to control the isolation and access rights between different VLANs; 2. The 802.1X solution based on dynamic VLAN The requirements of the network environment are relatively high, and the switches at the access layer must support 802.1X and support dynamic VLAN; this may require a large number of network device replacements on the network
[0020] In the process of realizing the present invention, the inventors found that there are at least the following problems in the prior art: However, due to the solution based on the access control gateway, the location of the access control gateway is relatively high, and there are the following disadvantages: 1. Due to the access control gateway The point is on the switch. For external untrusted terminals, it cannot prevent its access to other trusted terminals in the same switch, and there are hidden dangers and loopholes in information security; 2. For terminals to be repaired, based on access control The gateway solution cannot prevent its access to other trusted terminals in the same switch. When the terminal to be repaired has security problems such as viruses, this solution cannot prevent the virus from spreading in the same switch.
To sum up, it can be seen that the existing technology is still unable to reduce the potential information security risks in the mutual access of LAN terminals.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method of terminal exchange access and control device thereof
  • Method of terminal exchange access and control device thereof
  • Method of terminal exchange access and control device thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] Such as figure 2 As shown, it is a flowchart of a method for terminal mutual access according to an embodiment of the present invention. The above method includes:

[0034] Step 201, obtain a preset screening configuration from a server.

[0035] Optionally, the above-mentioned screening configuration may include IP security policy screening parameters, and passwords used for IP protocol security negotiation and verification between trusted terminals; after obtaining the above-mentioned screening configuration from the server, the above-mentioned IP security policy screening parameters and the The password for IP protocol security negotiation and verification between trusted terminals is written into the IP security policy module of the security agent of the terminal, and the above IP security policy module is enabled.

[0036] Step 202, use the above screening configuration to screen the terminals within the range of the local area network, and generate a screening r...

Embodiment 2

[0058] The first embodiment above can be applied not only to the access control scheme of the access control gateway, but also applicable to the absence of the access control gateway. The following aims at the defects existing in the existing technology based on the access control gateway scheme, and the embodiment of the present invention Second, it is used to reduce the potential information security risks of mutual visits of LAN terminals. Specifically, it can solve the following problems based on the access control gateway access control scheme: 1) Within the scope of the LAN, prevent untrusted terminals from accessing trusted terminals and Repair terminal access to reduce information security risks; 2) Within the scope of the local area network, prevent the repair terminal from accessing trusted terminals, and prevent the security defects of the repair terminal from spreading within the local area network. Embodiments of the present invention include: defining a plurality ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a method of terminal exchange access and a control device thereof. The method comprises the steps of: obtaining preset screening configuration from a server, screening terminals within the range of a local area network on the basis of the screening configuration to generate screening results and controlling the exchange access of the terminals according tothe screening results. The control device comprises: an acquiring unit for obtaining the preset screening configuration from the server, a screening unit for screening terminals within the range of the local area network on the basis of the screening configuration to generate screening results, and a control unit for controlling the exchange access of the terminals according to the screening results. The embodiment of the invention adopts the technical means of obtaining preset screening configuration from the server, screening terminals within the range of the local area network on the basisof the screening configuration to generate screening results and controlling the exchange access of the terminals according to the screening results, thus reducing information safety risk.

Description

technical field [0001] The present invention relates to the communication field, in particular to a method and a control device for terminal mutual access. Background technique [0002] While security technology has evolved over the years and is costly to implement, viruses, worms, spyware, and other forms of malware are still major problems organizations face today. The high number of security incidents that organizations experience each year has a huge financial impact on organizations resulting from system outages, lost revenue, data corruption or destruction, and reduced productivity. [0003] Although most organizations use identity management and authentication, authorization, and accounting (Authentication, Authorization, Accounting, AAA) mechanisms to authenticate users and assign them network access rights, these do little to verify the security posture of user terminal devices. effect. If one of these endpoints becomes infected with a virus or worm, locating and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 陈海彬赖后华蒋明邹贤文
Owner HUAWEI DIGITAL TECH (CHENGDU) CO LTD