Control method and system for efficient concurrent access based on network stealth

Abstract

The invention provides a control method and system for efficient concurrent access based on network stealth, and the method comprises the following steps that a server obtains an authorization authentication request initiated by a client, opens a non-famous port for service interception, carries out the authentication of the authorization application, and permits the authorization application after the authentication succeeds; the server deploys a database, the server compares the release rule with the database to ensure that the release rule is a new non-repetitive rule, and the release ruleis added to the database and labeled; for the repeatedly applied rules, timeout time is updated in the database; and the server checks the database regularly, deletes the new rule label after adding the new rule to the firewall from the database, and deletes the timeout rule. The performance problem in a single-packet authorization model is solved, performance reduction caused by the number of rules brought by firewall software is avoided, the maximum number of the contained rules is greatly increased, the operation speed of the firewall rules is greatly increased, and the situation that a client side feels authorization delay is avoided.

Description

technical field [0001] The invention belongs to the technical field of computer security communication, and in particular relates to a control method and system for efficient concurrent access based on network stealth. Background technique [0002] Most of the current enterprise security models basically deploy software firewalls in addition to physical firewalls. At the same time, single-package authorization is deployed on the software firewalls to protect the ports to be opened by the business, so as to avoid the danger caused by the long-term opening of business ports. . At this time, the software firewall is controlled by the single-package authorization CS service. When the client wants to access a certain service port, the corresponding service port is opened through the single-package authorization application. After the client authentication is successful, the server-side control The software firewall opens the corresponding port. This solution effectively protect...

AI Technical Summary

Problems solved by technology

[0003] 1. In the traditional single-package authorization service, the server side only does identity authentication, access rule records, addition, deletion and other operations are all performed through the firewall, so its deployment depends on the firewall environment, iptables, firewalld and other firewall software Causing performance gaps in single-package licensing services;

[0004] 2. The problem of repeated authorization. The same legitimate user may send multiple access authorization requests. Of course, all legitimate users can pass the authentication. However, the management of the rules is performed by the firewall software, which does not perform repeated verification, which will lead to A large number of identical and repeated rules, when the number reaches a certain scale, will affect the interaction efficiency between the single-package authorization service and the firewall;

[0005] 3. Software performance issues. Since the access rules are recorded and operated by the software firewall, when a large number of users access at the same time, the access performance will be limited by the performance of the software firewall. When the firewall rules reach as many as a thousand, the interactive performance will change. is extremely low, which causes a large delay in adding new rules, or even fails to add them;

[0006] 4. Message blocking problem. Since message processing and rule control are linear, when there are a large number of requests, some messages cannot be received and ignored during message processing. The larger the message volume, the more obvious the problem

Images