Method, device and system for security control

Abstract

The invention discloses a safety control method, device and system and belongs to the technical field of Internet security. The safety control method comprises the steps that 1, an opposite terminal device receives a control command request; 2, the opposite terminal device conducts white list check on a control command in the control command request; 3, the opposite terminal device verifies an executive program corresponding to the control command; 4, the opposite terminal device executes the executive program corresponding to the control command and returns an execution result to a host on the corresponding side. Compared with the prior art, the safety control method has the advantages that the host on the corresponding side is prevented from damaging the system of the opposite terminal device; the authority of the host on the corresponding side is limited; it is guaranteed that an executable file is not tampered; and safe remote control over an imported front-end processor by an extranet host and safe remote control over an imported server by an intranet host can be achieved.

Description

technical field [0001] The present invention relates to the field of Internet security, in particular to a method, device and system for security control. Background technique [0002] With the continuous development of networked e-government, government departments at all levels have built a large number of networks and application systems, which are physically or logically separated due to different application scenarios, different users, and different data security requirements. Multiple divisions were made. [0003] In these networking applications, there are often cases where data content needs to be exchanged between multiple networks with different security levels, and even some high-security networks are themselves classified networks. Faced with this situation, in accordance with the requirements of the State Security Bureau for physical isolation, and at the same time to meet the data transmission between different networks, a one-way physical isolation transmissi...

AI Technical Summary

Problems solved by technology

[0005] In this way, although the one-way import system has increased security protection and audit capabilities, the security of the entire system needs to be further improved. Intranet hosts need to control the import server

[0006] In the prior art, remote login is usually used for control. Specifically, the external network host directly logs in to the import front-end processor to remotely control the import front-end processor, and the intranet host directly logs in to the import server to remotely control the import server. Although the remote control has been realized, there are great potential safety hazards in the way of direct login: firstly, it is easy to cause damage to the system imported into the front-end processor or server after direct login; secondly, the imported front-end The computer or import server cannot restrict the permissions of the logged-in external network host or internal network host; finally, the import front-end processor or import server does not verify the control instructions, and cannot guarantee that the execution file will not be tampered with

Images