Alarm and blocking method for illegal external connections

Abstract

The invention relates to an alarm and blocking method for illegal external connections. The alarm and blocking method comprises that 1), an intranet host client monitors networking behaviors of intranet computers in real time according to a plurality of external connection modes; 2), the intranet host client initiatively sends an encrypted alarm data packet to an external connection alarm monitoring terminal by using a Libnet function library to detect whether the intranet computers have external connection behaviors and gives an alarm for illegal external connection behaviors; 3), the intranet host client performs bottom layer packet capture on alarmed intranet hosts to obtain all data packets passing through network cards of the hosts to judge the illegal external connection behaviors; 4), blocking the network cards of the hosts having the illegal external connection behaviors through judgment. The alarm and blocking method is high in timeliness and good in monitoring performance in the aspect of illegal external connection monitoring. By means of the alarm and blocking method, the safety and the transmission efficiency of the alarm data packets in systems are improved, leaking risks caused by stealing of alarm information are effectively avoided, meanwhile, the safety of software is improved, and the software has anti-shielding and anti-unloading capacities.

Description

technical field [0001] The invention relates to a monitoring method for illegal outreach, in particular to an alarm and blocking method for illegal outreach, which belongs to the technical field of information security. Background technique [0002] In recent years, with the development of informatization, many units have attached great importance to illegal outreach. Many units have established their own illegal outreach monitoring systems, which can monitor intranet computers through modems, ADSL dial-up equipment, wireless network cards and other network equipment. Unauthorized and illegal outreach activities, thereby preventing the leakage of important internal information of the unit, and achieved a certain protective effect. [0003] There are currently two main monitoring mechanisms for outreach violations, one adopts a dual-machine architecture, and the other adopts a C / S (client / server) architecture: [0004] The dual-machine architecture consists of a monitoring c...

AI Technical Summary

Problems solved by technology

With the development of technology, there are various methods of outreach and complicated mechanisms, relying on a single technical means cannot meet the monitoring requirements, and various technical measures need to be taken for comprehensive protection

[0007] Although the above two architectures prevent intranet and outreach behaviors to a certain extent, there are still certain defects.

For example, for a dual-machine architecture system, if the network environment of the unit is complex, there are multiple network segments, and there are isolation restrictions between each network segment, multiple host detection agents are required to increase the complexity of the system; for the C / S mode architecture, The anti-outreach server is installed in the internal network, and cannot detect illegal outreach behaviors that are disconnected from the internal network

[0008] To sum up, most of the domestic and foreign products and technologies for illegal outreach focus on a certain function, lack of comprehensive, systematic and standardized solutions and technical solutions, and cannot provide comprehensive and effective technical support for modern confidentiality work. There are more or less the following problems:

[0011] (3) There is no unified alarm information format, and it is impossible to implement centralized monitoring of intranet computer violations and outreach;

[0012] (4) It can only detect and cannot realize the blocking function;

[0013] (5) It must be detected online, once it is disconnected from the intranet, it can be disconnected from the monitoring;

[0014] (6) The illegal outreach monitoring function is single, and it is impossible to comprehensively monitor all illegal outreach activities;

[0015] (7) The security protection of the software itself is weak, and the anti-shielding and anti-unloading capabilities are poor

Images