Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Server security defense method and system, communication equipment and storage medium

A server security and server technology, applied in the security field, can solve problems such as the vulnerability of servers to attacks, achieve the effects of improving security and service availability, improving user experience, and increasing the difficulty of attacks

Pending Publication Date: 2021-03-26
ZTE CORP
View PDF0 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The embodiment of the present invention provides a server security defense method and system, communication equipment, and storage; the main technical problem to be solved is: in the Internet, the IP address of the server and the service port are open to all access terminals, causing the server to be vulnerable to attack problem

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Server security defense method and system, communication equipment and storage medium
  • Server security defense method and system, communication equipment and storage medium
  • Server security defense method and system, communication equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0031] In order to solve the problem that the server's IP address and service port are open to all access terminals on the Internet, causing the server to be vulnerable to attacks, the embodiment of the present invention provides a server security defense method, which is used in a server security defense network system.

[0032] See figure 1 , figure 1 A server security defense system provided by an embodiment of the present invention. In the embodiment of the present invention, the server security defense network system includes: a client 101 , a domain name server 102 , an identification management server 103 , an identification gateway 104 , and a service server 105 . Wherein the identification gateway 104 is located between the client 101 and the service server 105, that is, the client 101 and the service server 105 are divided into different security areas, wherein the service server 105 is located in a high security area, and the identification gateway 104 provides sec...

Embodiment 2

[0044] In order to solve the problem that the server's IP address and service port are open to all access terminals on the Internet, making the server vulnerable to attacks, image 3 Shown is a server security defense method provided by the embodiment of the present invention, including the following steps:

[0045] Firstly, the concept of service identifier is explained. The service identifier indicates the Internet service resource that the user wants to access, and is generally described by a uniform resource locator, which is composed of a server identifier and a content identifier, such as: www.example.com:80 / news / top. xml, where "www.example.com:80" is the server ID, specifically including the server domain name (www.example.com) port (80), where the server domain name can also be identified by the server's IP address, if the default port is used, you can Omit the port; " / news / top.xml / " indicates the specific content provided by the business service, and the combination ...

Embodiment 3

[0085] Figure 4 Shown is a flow chart of a server security defense method provided by the present invention. The client uses the service identifier to conduct service access, including the following steps:

[0086] S401: the client sends a domain name resolution request to the domain name server;

[0087] S402: The domain name server performs domain name resolution, and returns a domain name query response;

[0088] Wherein, the response information returned by the domain name server to the client includes at least one IP address identifying the management server. In the embodiment of the present invention, in the domain name server, the IP address configured by the server domain name is not the real address of the server, but the IP address of the identity management server. If there are multiple identity management servers in the network, multiple identity management servers can be configured for IP address, the domain name server selects at least one IP address of the id...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a server security defense method and system, communication equipment and a storage medium, a client sends a domain name resolution request to a domain name server, and the domain name server resolves a server domain name in request information into an identification management server IP address and returns the identification management server IP address tothe client; the client sends a service request to the identifier management server, the service request comprises a service identifier, the identifier management server requests a dynamic identifier from the identifier gateway, the identifier gateway allocates dynamic identifier information and returns the dynamic identifier information to the identifier management server, a mapping relationship is established, and the identifier management server returns a redirection response to the client; and the client sends a service request to the identification gateway, and the identification gateway converts the service request information according to the mapping relationship, sends the service request information to the service server, converts the received response information of the service server and sends the converted response information to the client. In some implementation processes, the communication parameters of the server are randomly and dynamically transformed, the target server is actively protected, and the safety is improved.

Description

technical field [0001] Embodiments of the present invention relate to but are not limited to the field of security technologies, and specifically, relate to but are not limited to a server security defense method and system, communication equipment, and storage media. Background technique [0002] Moving Target Defense (MTD for short) is a new type of network security protection idea. Through technical means, the attack surface presented to the attacker by the protected target is continuously and dynamically changed to confuse the attacker, thereby increasing The cost and complexity of an attacker's successful attack reduces the probability of a successful attack and improves system resilience and security. [0003] In the Internet business, in order to ensure the reachability of the server business, the IP address of the server and the port providing the service must remain stable and open to all access terminals, which will make the server vulnerable to attacks. Therefore...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/08H04L29/12H04L29/06
CPCH04L63/1441H04L63/20H04L61/4511H04L67/563H04L67/565H04L67/63H04L61/00
Inventor 郝振武
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products