Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network port security-based micro-isolation system

A technology for isolating systems and network ports, applied in the field of micro-isolation systems, it can solve the problems of inconsistent hardware firewall functions, difficult upgrades, and increased procurement and maintenance costs, so as to solve the security management of east-west traffic and avoid the spread of attack risks.

Pending Publication Date: 2022-02-18
北京宏达隆和科技有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] 1. The price of high-quality hardware firewalls in the current network has always been relatively high, resulting in increased procurement and maintenance costs
[0006] 2. Due to the network itself, the network nodes are complex, and the deployment of hardware firewalls is also difficult
[0008] 4. It is difficult to upgrade. For example, the network card used to be 100M is now a 10G network card. Network equipment will be continuously upgraded. If a hardware firewall is used, related equipment will also need to be upgraded in batches, resulting in a significant increase in network upgrade costs
[0009] 5. Historical reasons lead to inconsistent hardware firewall functions
[0010] 6. Difficult to operate, high training costs, operators need to learn a lot of professional knowledge from different manufacturers, in order to operate different software and hardware firewalls
[0011] 7. The virtual machine IP drift problem, because the virtual machine is migrated from the A host machine to the B host machine, and the A and B host machines are not in the same firewall hardware, which leads to the failure of the firewall isolation
[0012] In the later period, the plug-in software firewall isolation was further developed. Although the plug-in software firewall improved the inflexibility of the hardware firewall, the above problems still existed.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network port security-based micro-isolation system
  • Network port security-based micro-isolation system
  • Network port security-based micro-isolation system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0040] Example: The specific micro-isolation implementation process is as follows:

[0041] S1. Through the micro-isolation system, issue isolation instructions to the micro-isolation plug-in of the host (such as image 3 shown);

[0042] S2. The micro-isolation plug-in receives the instruction, executes the isolation, and returns the result (such as Figure 4 shown); specifically, through the following steps:

[0043] S21. Install the micro-isolation plug-in on each host computer, and broadcast instructions from the micro-isolation system to all micro-isolation plug-ins;

[0044] S22, the micro-isolation plug-in, compares whether the server IP address in the instruction is consistent with the external IP address of the server local machine and the internal virtual machine, thereby judging whether the isolation instruction should be executed at the local firewall;

[0045] S23. After it is determined that it needs to be executed, execute the isolation instruction;

[0046]...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the field of network security, and particularly discloses a network port security-based micro-isolation system, which comprises a micro-isolation system and a micro-isolation plug-in, and is characterized in that the micro-isolation plug-in is installed on a host machine or a physical host and has a timing check task; the micro-isolation system issues an instruction to the micro-isolation plug-in installed on the host machine or the physical host, the micro-isolation plug-in controls a certain port on the host machine by controlling the software firewall, only opens a specified IP address and monitors the external IP addresses of the current host machine and the virtual machine in the host machine, and then the micro-isolation effect is achieved. The problem of IP address drift of the virtual machine is solved by installing a micro-isolation plug-in, adding a timed task and monitoring external IP addresses of the current host machine and the virtual machine in the host machine, and the illegal port access behavior is isolated and blocked in real time by using a micro-isolation system, so that attack risk diffusion in network service is effectively avoided, therefore, the aim of isolating according to the threat area is fulfilled.

Description

technical field [0001] The invention relates to the field of network security, in particular to a micro-isolation system based on network port security. Background technique [0002] With the rapid development of cloud computing and virtualization technologies, more and more enterprises are migrating data and services to multiple data center environments spanning physical machines, public clouds, private clouds, and hybrid clouds. When the attacker has the opportunity to get a springboard machine on the intranet, it turns out that the intranet network is basically unimpeded. Traditional firewalls, WAFs, IPS and other endpoint security and network security methods are stretched in the cloud environment. [0003] Network-oriented micro-isolation control, through comprehensive and detailed visual analysis of network internal traffic, monitoring network port activities, and based on fine-grained security access policies, it helps users quickly and easily realize isolation of dif...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40
CPCH04L63/0236H04L63/20
Inventor 袁建国陈诚
Owner 北京宏达隆和科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com