System and method for hiding host in network

A host, network technology, applied in the field of information technology processing, can solve problems such as IP access control of network ports

Inactive Publication Date: 2019-04-26
COLASOFT
View PDF8 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In order to solve the problem that after the hosts on the public network open the network ports, they cannot perform IP access control on these network ports, a method of hiding the server hosts to reduce or even eliminate attacks from the network is proposed to hide the hosts in the network system and method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for hiding host in network
  • System and method for hiding host in network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0029] A system for realizing the hiding of hosts in the network, characterized in that: comprising

[0030] Client module: used to send an encrypted IP access authentication request to the kernel security module;

[0031] Kernel security module: used to perform security authentication on the request content of the client module;

[0032] Configuration module: used to configure the kernel security module;

[0033] The kernel security module and the configuration module are deployed on the server, the client module is deployed on the client, and the kernel security module is signally connected to the configuration module and the client module respectively.

Embodiment 2

[0035] A method for realizing the hiding of hosts in the network is characterized in that it comprises the following steps:

[0036] (1) Configure the kernel security module through the configuration module, such as configuring the IP whitelist, decryption key parameters, timeout parameters, and ports of the security module. The kernel security module only allows the trusted IP to communicate with the server, and all other IP communication packets are discarded;

[0037] (2) The client module sends an encrypted IP access authentication request to the kernel security module;

[0038] (3) After the kernel security module receives the IP access authentication request, it decrypts the request message and extracts the information of the request. If the fields of the authentication request are all legal, the authentication passes, and the client's IP is added to the trusted IP list. And record its UUID and serial number ID, and start timing;

[0039] (4) The client module initiate...

Embodiment 3

[0047] The specific implementation process takes the Linux system as an example:

[0048] (1) When the kernel security module is initialized, read the authentication request decryption key, port number, white list, kernel security module password (optional) and other parameters, and register the NF_IP_PRE_ROUTING and NF_IP_LOCAL_OUT hook functions through netfilter.

[0049] (2) The configuration module communicates with the kernel security module for configuration delivery and status information acquisition through the Netlink socket. It is mainly to decrypt the key, port number, whitelist, password (optional) configuration update and obtain information such as trusted IP, whitelist, kernel security module status, etc.

[0050] (3) The client module sends a UDP authentication request packet to the port configured by the kernel security module. The authentication request packet contains the UUID string associated with the server IP, the serial number ID, and the password of th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the field of information technology processing, and specifically relates to a system and method for hiding a host in a network. The system comprises a client module used for sending an encrypted IP access authentication request to a kernel security module; the kernel security module used for performing security authentication on a request content of the client module; a configuration module used for configuring the kernel security module; and the kernel security module and the configuration module are deployed on a server, the client module is deployed on a client, andthe kernel security module is respectively in signal connection with the configuration module and the client module. The system for hiding the host in the network provided by the invention performs access control at an IP layer, and is applicable to protection of any application host; the server responds only to a TCP connection request initiated by a trusted IP, and does not respond to a TCP connection request initiated by a non-trusted IP; and the host cannot be discovered through a port scanning mode, and no extra authentication server needs to be added.

Description

technical field [0001] This application belongs to the field of information technology processing, and in particular relates to a system and method for realizing the hiding of hosts in a network. Background technique [0002] For a network server exposed on the public network, any client can initiate network access to it, and there is a risk of being attacked by the network. The traditional security solution is to deploy a firewall or IDS device at the front end of the server to allow data packets to pass through the firewall or The IDS device filters and then goes to the host, or reinforces the server host to control access to the host's resources. However, these solutions are only effective against known attacks. Since there is no IP access control for open ports, any external IP can scan open ports to find security holes. New attack methods emerge in endlessly, making it difficult to prevent attacks from the network . [0003] Existing related patent applications such a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/0236H04L63/0245H04L63/0876H04L63/10H04L2101/663
Inventor 林康罗鹰谭春海
Owner COLASOFT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap