Network port security-based micro-isolation system

Abstract

The invention belongs to the field of network security, and particularly discloses a network port security-based micro-isolation system, which comprises a micro-isolation system and a micro-isolation plug-in, and is characterized in that the micro-isolation plug-in is installed on a host machine or a physical host and has a timing check task; the micro-isolation system issues an instruction to the micro-isolation plug-in installed on the host machine or the physical host, the micro-isolation plug-in controls a certain port on the host machine by controlling the software firewall, only opens a specified IP address and monitors the external IP addresses of the current host machine and the virtual machine in the host machine, and then the micro-isolation effect is achieved. The problem of IP address drift of the virtual machine is solved by installing a micro-isolation plug-in, adding a timed task and monitoring external IP addresses of the current host machine and the virtual machine in the host machine, and the illegal port access behavior is isolated and blocked in real time by using a micro-isolation system, so that attack risk diffusion in network service is effectively avoided, therefore, the aim of isolating according to the threat area is fulfilled.

Description

technical field [0001] The invention relates to the field of network security, in particular to a micro-isolation system based on network port security. Background technique [0002] With the rapid development of cloud computing and virtualization technologies, more and more enterprises are migrating data and services to multiple data center environments spanning physical machines, public clouds, private clouds, and hybrid clouds. When the attacker has the opportunity to get a springboard machine on the intranet, it turns out that the intranet network is basically unimpeded. Traditional firewalls, WAFs, IPS and other endpoint security and network security methods are stretched in the cloud environment. [0003] Network-oriented micro-isolation control, through comprehensive and detailed visual analysis of network internal traffic, monitoring network port activities, and based on fine-grained security access policies, it helps users quickly and easily realize isolation of dif...

AI Technical Summary

Problems solved by technology

[0005] 1. The price of high-quality hardware firewalls in the current network has always been relatively high, resulting in increased procurement and maintenance costs

[0006] 2. Due to the network itself, the network nodes are complex, and the deployment of hardware firewalls is also difficult

[0008] 4. It is difficult to upgrade. For example, the network card used to be 100M is now a 10G network card. Network equipment will be continuously upgraded. If a hardware firewall is used, related equipment will also need to be upgraded in batches, resulting in a significant increase in network upgrade costs

[0009] 5. Historical reasons lead to inconsistent hardware firewall functions

[0010] 6. Difficult to operate, high training costs, operators need to learn a lot of professional knowledge from different manufacturers, in order to operate different software and hardware firewalls

[0011] 7. The virtual machine IP drift problem, because the virtual machine is migrated from the A host machine to the B host machine, and the A and B host machines are not in the same firewall hardware, which leads to the failure of the firewall isolation

[0012] In the later period, the plug-in software firewall isolation was further developed. Although the plug-in software firewall improved the inflexibility of the hardware firewall, the above problems still existed.

Images