Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Intrusion prevention method and system based on virtual local area network switching

A virtual local area network and border switch technology, applied in the field of communication, can solve problems such as attack traffic blocking, consumption, and risk of large network breakpoints, and achieve the effects of ensuring security, avoiding congestion and paralysis, and reducing system overhead

Active Publication Date: 2015-09-16
CHINA TELECOM CORP LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This deployment method based on switch redirection has the following problems: switch redirection will consume certain access control list (Access Control List, hereinafter referred to as: ACL) resources of the switch, and, as a security gateway, originally only need to protect VLAN and external network However, in this case, all data traffic in the VLAN is also processed, which puts a lot of pressure on the processing performance of the security gateway, and there is a great risk of network breakpoints;
[0011] Firewalls, abnormal traffic cleaning equipment, and security gateway products are not suitable for Layer 2 network environments where the network boundary includes multiple VLANs; IDS only detects and analyzes network traffic and alerts attack traffic, but does not block attack traffic and cannot Protect devices in a VLAN

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion prevention method and system based on virtual local area network switching
  • Intrusion prevention method and system based on virtual local area network switching
  • Intrusion prevention method and system based on virtual local area network switching

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0033] figure 1It is a flow chart of an embodiment of the intrusion prevention method based on VLAN switching in the present invention. Such as figure 1 As shown, the intrusion prevention method based on VLAN switching in this embodiment includes the following processes:

[0034] Step 101, the border switch receives the data message sent by the sender host to the receiver host, the header of the data message includes the source Internet Protocol (Internet Protoco...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Embodiments of the invention discloses an intrusion prevention system (IPS) based on virtual local area network (VLAN) exchange and a system thereof. The method comprises the following steps: receiving a data message by a boundary switch; identifying whether a sender host and a receiver host belong to the same VLAN and belong to the preset protection VLAN; if the sender host and a receiver host belong to the same VLAN, carrying out forwarding processing to the data message; if the sender host and a receiver host do not belong to the same VLAN and the sender host or the receiver host belongs to the preset protection VLAN, requesting the IPS to carry out data content safety protection processing of an application layer on the data message and carrying out forwarding processing on the data message which has went through the safety protection processing. According to the embodiments of the invention, in a network boundary including a two layer network environment which comprises a plurality of VLANs, data content detection and protection of the application layer can be realized so as to guarantee security of a VLAN user. A system overhead can be reduced and a network breakpoint risk can be reduced too.

Description

technical field [0001] The present invention relates to communication technology, in particular to an intrusion prevention method and system based on virtual local area network (Virtual Local Area Network, hereinafter referred to as: VLAN) exchange. Background technique [0002] VLAN is an end-to-end logical network built on the basis of switched local area networks and using network management software that can span different network segments and networks. In VLAN, information only arrives where it should arrive, preventing most intrusion methods based on network monitoring. For example: sensitive departments such as the financial department, personnel department, and production department of an enterprise involve a lot of sensitive data. The information on the network does not want too many people to be able to access it casually. By applying VLAN technology on the switch, it can be well realized. these functions. Through years of development, VLAN technology has been wi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/70
Inventor 孙培良张连营
Owner CHINA TELECOM CORP LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com