Method and system for realizing unified threat management in heterogeneous network

A heterogeneous network and management system technology, applied in the field of network security, can solve the problems that single-device UTM prevention methods cannot be realized

Active Publication Date: 2010-09-08
BLUEDON INFORMATION SECURITY TECH CO LTD
View PDF0 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention provides a method and system for realizing unified threat management in a heterogeneous network, whi

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for realizing unified threat management in heterogeneous network
  • Method and system for realizing unified threat management in heterogeneous network
  • Method and system for realizing unified threat management in heterogeneous network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0021] Embodiment 1, see figure 1 As shown, the method for realizing unified threat management in the heterogeneous network in the embodiment of the present invention includes the following main steps:

[0022] S101. Perform protocol matching and identification on the data packets flowing into the UTM, and determine the actual protocol type of each data packet.

[0023] S102. Distribute each data packet according to the actual protocol type of the data packet.

[0024] S103. Filter the offloaded data packets according to the actual protocol type corresponding to the offload.

[0025] S104. Perform UTM proxy on the filtered data packet, and send the data packet.

Embodiment 2

[0026] Embodiment 2. The method for implementing unified threat management in a heterogeneous network in the embodiment of the present invention includes the following main steps:

[0027] S201. Perform protocol matching and identification on the data packets flowing into the UTM, and determine the actual protocol type of each data packet.

[0028] Since in a composite network (heterogeneous network), the network protocol used is not a single protocol, but uses multiple protocols at the same time, therefore, the data packets transmitted in the composite network usually carry multiple protocols, such as TCP / IP protocol (IPv4, IPv6), non-TCP / IP protocol (IPX / SPX, NETBEUI, GRE and other protocols). The process of the actual protocol type determined in this step is for example: the data packet sent by the composite network is an IPv4 data packet encapsulated in IPv6 mode, after matching and identifying with the protocol feature information in the protocol signature database, it i...

Embodiment 3

[0035] Embodiment 3. The method for implementing unified threat management in a heterogeneous network in the embodiment of the present invention includes the following main steps:

[0036] S301. Perform protocol matching and identification on the data packets flowing into the UTM, and determine the actual protocol type of each data packet.

[0037] Since in a composite network (heterogeneous network), the network protocol used is not a single protocol, but uses multiple protocols at the same time, therefore, the data packets transmitted in the composite network usually carry multiple protocols, such as TCP / IP protocol (IPv4, IPv6), non-TCP / IP protocol (IPX / SPX, NETBEUI, GRE and other protocols). The process of the actual protocol type determined in this step is for example: the data packet F1 sent by the composite network at T1 time is an IPv4 data packet encapsulated in IPv6 mode. After matching and identifying the protocol feature information in the protocol signature datab...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a system for realizing unified threat management in a heterogeneous network, relating to the field of network security and aiming at solving the problem that the preventive mode of single equipment UTM of the current heterogeneous network can not be realized. The method comprises the following steps: carrying out protocol matching recognition on data flowing into the UTM, and determining actual protocol types of all data packets; distributing all the data packets according to the actual protocol types of all data packets; filtering the distributed data packet by the actual protocol type corresponding to distribution; and carrying out UTM agency on filtered data packets, and sending out the data packets. The system comprises a protocol analysis module, a protocol distribution module, a filtering module and a UTM function module. As the method and the system provides a set of complete mechanism including analysis, distribution, filtering, protocol conversion, UTM agency and protocol reduction mechanism, the preventive mode of single equipment UTM of the heterogeneous network can be realized.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method and system for realizing unified threat management in a heterogeneous network. Background technique [0002] Most firewall devices currently on the market are based on the IPv4 protocol and cannot automatically adapt to new network protocols or heterogeneous networks such as IPv6 and MPLS. As a result, the firewall cannot be applied in a multi-network environment, and a dedicated firewall for the new protocol must be used, or the new protocol must be translated into an IPv4 protocol that the firewall can recognize by using route translation. Dedicated protocol protection walls such as IPv6 dedicated unified threat management (UTM United Threat Mnagement), dedicated routing equipment such as Iv6 routing equipment are set up before UTM to perform IPv6-IPv4 protocol conversion. [0003] At present, even if a dedicated device is installed, it still cannot solve the single-de...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/56
Inventor 柯宗贵柯宗庆
Owner BLUEDON INFORMATION SECURITY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap