Method and device for network access control

Abstract

The invention discloses a method and device for network access control. The method comprises the steps that a hook function is added to the key position, for receiving or sending data, of an kernel layer and an interface chain table between the hook function and the kernel layer is established; a DNS request packet is intercepted in the inner nuclear layer by the hook function; a requested inquiring name section of the DNS request packet is analyzed and domain name information requiring analysis is obtained; the domain name information is matched with a domain name list in a preset filtering rule and whether the DNS request packet is discharged or abandoned is determined according to a matching result. According to the method and device for network access control, DNS filtering can be achieved in a kernel mode.

Description

Technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for network access control. Background technique [0002] URL (Uniform / Universal Resource Locator, Uniform Resource Locator) filtering is an important access control method for firewalls. At the same time, a series of technologies have been derived, such as URL reorganization and URL classification server linkage. Although URL filtering can be restricted to file-level granularity, there is almost no such fine-grained control in practical applications. Directory names and file names that are not restricted to access are basically restricted to the domain name level. The problem caused by this is that instead of URL access, IP address access is used. For example, before accessing, use tools such as ping and nslookup to resolve the IP address first, and then use IP to access, so that the URL domain name filtering will be invalid; second , Even if the domain ...

AI Technical Summary

Problems solved by technology

Although URL filtering can be limited to the granularity of the file level, in practical applications, there is almost no such fine-grained control. It does not limit the directory name and file name accessed, and is basically limited to the domain name level.

The problem brought about by this is that you do not use URL access, but use IP address access. For example, use tools such as ping and nslookup to resolve the IP address before accessing, and then use IP access, so that URL domain name filtering will be invalid; , even if the domain name restriction is established, but after the URL is reorganized, it will be recognized and disconnected forcibly, which will waste the resources of the system, including the client, server and firewall

In addition, URL filtering has a relatively big defect. In HTTP / 1.1, the domain name part is obtained through the "Host:" field of the HTTP header, and other fields cannot guarantee that the domain name can be obtained correctly. However, some servers in this field It does not check, you can fill in individual domain names at will, and the server can return correctly; and in HTTP / 1.0, this field is even more unnecessary, so there is no guarantee to obtain the correct domain name at all

In short, the method of access control using URL filtering still needs to be improved in terms of filtering effectiveness

Images