Network security protection method and device

Abstract

Embodiments of the invention provide a network security protection method and device. According to the network security protection method and device, a first node controller receives the characteristic data of network attacks, wherein the characteristic data of the network attacks are sent by a first prevention system, wherein the first prevention system is any prevention system connected with the first node controller; a new detection and prevention rule is established according to the characteristic data; the new detection and prevention rule is sent to at least one second prevention system, so that the at least one second prevention system can detect and intercept the network attacks according to the detection and prevention rule, wherein the second prevention systems are prevention systems connected with the first node controller; and each prevention system can send the characteristic data of the detected attacks to the node controller, and the node controller generates the detection and prevention rule and sends the detection and prevention rule to the plurality of prevention systems managed by the node controller, so that the plurality of prevention systems can simultaneously detect and prevent the attacks, intrusion discovery and prevention capabilities can be improved, and the prevention pressure of a single prevention system can be effectively reduced.

Description

technical field [0001] The embodiments of the present invention relate to Internet technologies, and in particular to a network security protection method and device. Background technique [0002] With the continuous development of network technology, network viruses, attacks, hackers and other technologies are also more rapid, and virus mutations, attacks are intelligent and multiplied, and the maintenance of network security is particularly important. [0003] figure 1 It is a schematic diagram of a conventional network security protection system, such as figure 1 As shown, in view of the current network attacks and the propagation of viruses and Trojan horses, most enterprises will deploy firewalls Anti-DDos, intrusion detection systems (English: Intrusion Detection Systems, abbreviated: IDS), and intrusion prevention systems (English: Intrusion PreventionSystems) at the network layer. , referred to as: IPS) and firewalls to detect and intercept it; and in the applicati...

AI Technical Summary

Problems solved by technology

[0005] This application provides a method and device for network security protection, which are used to solve the problem that each defense system cannot effectively communicate with the upper layer or adjacent defense systems in a single operation, cannot update detection features in time to carry out defense and interception actions, and network attacks break through a single point After the defense system, the defense pressure of another defense system will be greatly increased, and the infinite amplification of attack traffic will easily cause the failure of multiple single-node defense systems, and tenants will face great security threats.

Images