Access control method and apparatus, electronic device, and storage medium
By monitoring the idle time and historical operation records of terminal devices to assess risks, and suspending or restoring operation and maintenance permissions, the problem of bastion hosts being unable to identify the actual operators is solved, achieving a balance between security and user experience.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- BEIJING TOPSEC NETWORK SECURITY TECH
- Filing Date
- 2023-04-28
- Publication Date
- 2026-07-14
AI Technical Summary
In existing technologies, bastion hosts cannot determine whether the actual operator of the terminal device is the same person with the necessary maintenance permissions, which poses a security risk when the maintenance personnel fail to log out of the system or temporarily leave the terminal device.
By monitoring the idle time of terminal devices, it is determined whether it exceeds the time threshold, and a risk score is assessed based on historical operation records. If the risk score is higher than the threshold, operation and maintenance permissions are suspended and identity verification is required. Permissions are restored after successful identity verification.
It reduces the security risks caused by maintenance personnel leaving the terminal device without promptly disconnecting the session connection, while also taking into account the user experience of maintenance personnel and improving the flexibility of access control management.
Smart Images

Figure CN116436805B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of network security technology, and in particular to access control methods, devices, electronic devices and storage media. Background Technology
[0002] To ensure network and data security of service systems, some service providers choose to equip their systems with bastion hosts. These bastion hosts monitor and record the actions of maintenance personnel on servers, network devices, security devices, and databases within the service system. When a terminal device accesses the service system, the bastion host verifies its access permissions. If the access permission verification is successful, the bastion host adopts a trust policy for the terminal device by default. This can reduce security risks during maintenance to some extent. However, in actual maintenance, the uncertainty of the personnel operating the terminal devices remains. For example, maintenance personnel may not log out of the system or temporarily leave the terminal device for various reasons. The bastion host cannot determine whether the actual operator of the terminal device is the authorized maintenance personnel, posing a security risk. Summary of the Invention
[0003] In view of the above-mentioned problems existing in the prior art, this application provides an access control method, access control device, electronic device and computer-readable storage medium, and the technical solution of this application is as follows.
[0004] The first aspect of this application provides an access control method, including:
[0005] When a terminal device has a session connection with a network device in the target network, the idle time of the terminal device is detected, and it is determined whether the idle time is greater than a time threshold. The idle time is the time interval between the operation time of the previous maintenance operation performed by the terminal device on the network device and the current time.
[0006] If the idle time exceeds the time threshold, then based on the historical operation records of the terminal device, determine the risk score of the terminal device performing operation and maintenance on the network device, and determine whether the risk score is greater than the risk threshold.
[0007] If the risk score is greater than the risk threshold, then the terminal device's operation and maintenance rights to the network device are suspended, and an authentication request is sent to the terminal device to request the terminal device to perform authentication.
[0008] If the terminal device receives the first identity information and the first identity information is verified, the terminal device's operation and maintenance permissions for the network device are restored.
[0009] In some embodiments, the method further includes:
[0010] If the risk score is less than or equal to the risk threshold, then the terminal device's operation and maintenance rights over the network device are maintained.
[0011] In some embodiments, the method further includes:
[0012] If the first identity information is not obtained within the target time range or the first identity information verification fails, the session connection between the terminal device and the network device is disconnected, and a risk alarm is issued to the terminal device.
[0013] In some embodiments, the method further includes:
[0014] If the verification of the first identity information fails, the number of times the verification of the first identity information fails is determined;
[0015] If the number of verification failures is less than or equal to the verification failure threshold, then send an authentication request to the terminal device again.
[0016] If the number of verification failures exceeds the verification threshold, the session connection between the terminal device and the network device is disconnected, and a risk alarm is issued to the terminal device.
[0017] In some embodiments, determining the risk score of the terminal device performing maintenance operations on the network device based on the terminal device's historical operation records includes:
[0018] Based on the historical operation records, risk variables are determined for risk assessment. The risk variables include at least: the number of times the terminal device performs the target operation in the operation and maintenance operations performed on the network device in the current control cycle, the number of risk alarms issued by the terminal device in the current control cycle, and the number of network devices that the terminal device has access to.
[0019] Based on the aforementioned risk variables and risk assessment logic, the risk score of the terminal device in the current control cycle is determined.
[0020] In some embodiments, the method further includes:
[0021] After the end of the previous control cycle, the risk scores of the multiple terminal devices in the previous control cycle are determined;
[0022] Based on the risk scores of the multiple terminal devices in the previous control cycle, the risk threshold for the next control cycle is determined.
[0023] In some embodiments, the method further includes:
[0024] Before detecting the idle time, a session connection request sent by the terminal device is obtained; the session connection request includes the terminal device's second identity information and a network device identifier used to identify the network device to be accessed;
[0025] If the second identity information is verified, it is determined whether the terminal device has access to the corresponding network device based on the network device identifier;
[0026] If it is determined that the terminal device has access rights to the corresponding network device, a session connection is established between the terminal device and the network device.
[0027] A second aspect of this application provides an access control device, comprising:
[0028] The detection module is used to detect the idle time of the terminal device when the terminal device is connected to a network device in the target network, and to determine whether the idle time is greater than a time threshold; the idle time is the time interval between the operation time of the previous maintenance operation performed by the terminal device on the network device and the current time.
[0029] The scoring module is used to determine a risk score for the terminal device to perform maintenance operations on the network device based on the historical operation records of the terminal device when the idle time exceeds a time threshold, and to determine whether the risk score is greater than a risk threshold.
[0030] The request module is used to suspend the terminal device's operation and maintenance rights to the network device when the risk score is greater than the risk threshold, and to send an authentication request to the terminal device to request the terminal device to perform authentication.
[0031] The verification module is used to restore the terminal device's operation and maintenance rights over the network device when it receives the first identity information fed back by the terminal device and the first identity information is verified.
[0032] A third aspect of this application provides an electronic device, including at least a memory and a processor, wherein the memory stores a program, and the processor implements the method described above when executing the program in the memory.
[0033] A fourth aspect of this application provides a computer-readable storage medium storing computer-executable instructions, wherein the method described above is implemented when the computer-executable instructions in the computer-readable storage medium are executed.
[0034] The access control method in this application monitors idle time to determine whether maintenance personnel may have left the terminal device without disconnecting the session connection. If it is determined that maintenance personnel may have left the terminal device without disconnecting the session connection, the session connection between the terminal device and the network device is not immediately disconnected. Instead, the operational risk of the terminal device performing maintenance operations on the network device is assessed. If the terminal device is determined to have a high operational risk, the maintenance permissions of the terminal device on the network device are suspended, and the terminal device is required to authenticate itself to verify the identity of the maintenance personnel operating the terminal device. If the authentication is successful, the maintenance permissions of the terminal device on the network device are restored. This not only reduces the security risks caused by maintenance personnel leaving the terminal device without timely disconnection of the session connection but also considers the user experience of maintenance personnel, improving the flexibility of access control management. Attached Figure Description
[0035] Other features, objects, and advantages of this application will become more apparent from the following detailed description of non-limiting embodiments with reference to the accompanying drawings:
[0036] Figure 1 This is a flowchart of the access control method according to the first embodiment of this application;
[0037] Figure 2 This is a flowchart of step S100 in the access control method of the first embodiment of this application;
[0038] Figure 3 This is a flowchart of the access control method according to the second embodiment of this application;
[0039] Figure 4 This is a structural block diagram of the access control device according to the third embodiment of this application;
[0040] Figure 5 This is a structural block diagram of an electronic device according to the fourth embodiment of this application. Detailed Implementation
[0041] The present application will now be described in further detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and not intended to limit it. Furthermore, it should be noted that, for ease of description, only the parts relevant to the invention are shown in the accompanying drawings.
[0042] It should be noted that, unless otherwise specified, the embodiments and features described in this application can be combined with each other. This application will now be described in detail with reference to the accompanying drawings and embodiments.
[0043] The first embodiment of this application provides an access control method applied to a bastion host, which monitors network devices in a target network. The bastion host can be implemented in hardware or software. When the bastion host is hardware, it can be formed by a single electronic device or multiple electronic devices. These electronic devices include, but are not limited to, personal computers, workstations, or servers. When the bastion host is software, it can be implemented as multiple software programs or software modules, or as a single software program or software module. For example, the bastion host can be formed by one or more virtual machines.
[0044] Figure 1 This is a flowchart of the access control method according to the first embodiment of this application. See also: Figure 1 As shown, the access control method of the first embodiment of this application may specifically include the following steps.
[0045] S110, when the terminal device is connected to a network device in the target network, detect the idle time of the terminal device and determine whether the idle time is greater than a time threshold; the idle time is the time interval between the operation time of the terminal device performing the previous maintenance operation on the network device and the current time.
[0046] The term "network device" is used in a broad sense and can include various devices within the target network monitored by the bastion host. The network device can be a hardware device, such as a server, personal computer, workstation, printer, switch, router, network interface, or wireless network base station within the target network. The network device can also be a virtual device, such as a virtual machine or virtual container. The terminal device includes, but is not limited to, desktop computers, laptops, tablets, and smartphones.
[0047] Before detecting the idle duration, the terminal device can establish a session connection with the network device through the bastion host. Once the terminal device has established a session connection with the network device, the bastion host can acquire the terminal device's historical operation records at a specific frequency. These historical operation records can be used to record the maintenance operations performed by the terminal device on the network device. For example, the historical operation records can record the operation items, operation content, and operation time of the maintenance operations, etc. Then, the bastion host can determine the idle duration based on the operation time of the previous maintenance operation and the current time. The previous maintenance operation is the maintenance operation most recent to the current time. The previous maintenance operation may include various operations performed by the terminal device on the network device. The idle duration is the duration during which the terminal device has stopped operating on the network device since the previous maintenance operation.
[0048] The time threshold can be used to characterize whether the maintenance personnel operating the terminal device may have left the terminal device. In specific implementations, the time threshold can be pre-configured based on historical data or experience. When the idle duration is determined, it can be compared with the time threshold to determine whether the idle duration is greater than the time threshold, thereby determining whether the maintenance personnel operating the terminal device may have left the terminal device but have not disconnected the session connection between the terminal device and the network device.
[0049] Optionally, if the idle time is less than or equal to the time threshold, it indicates that the terminal device is continuously performing maintenance operations on the network device, the possibility of maintenance personnel leaving the terminal device is small, the security risk is relatively small, the session connection between the terminal device and the network device can be maintained, and the idle time of the terminal device can continue to be monitored.
[0050] S120, if the idle time is greater than the time threshold, then based on the historical operation records of the terminal device, determine the risk score of the terminal device performing operation and maintenance on the network device, and determine whether the risk score is greater than the risk threshold.
[0051] Optionally, if the idle time exceeds the time threshold, it indicates that the terminal device has not performed maintenance operations on the network device for a considerable period since the previous maintenance operation, and there is a high probability that the maintenance personnel have left the terminal device and have not promptly disconnected the session connection. In this case, the operational risk of the terminal device performing maintenance operations on the network device can be assessed based on the terminal device's historical operation records, and a risk score characterizing the operational risk can be obtained. Corresponding to the risk score, the bastion host can be pre-configured with a risk threshold, which is used to assess the level of operational risk. Once the risk score is determined, it can be compared with the risk threshold to determine the level of operational risk of the terminal device.
[0052] S130, if the risk score is greater than the risk threshold, then suspend the terminal device's operation and maintenance rights to the network device, and send an authentication request to the terminal device to request the terminal device to perform authentication.
[0053] If the risk score is greater than the risk threshold, the risk level of the terminal device performing maintenance operations on the network device can be determined to be high risk. If the terminal device continues to perform maintenance operations on the network device, the network device connected to the terminal device in a session, as well as other network devices in the target network, may face high security risks. Based on this, the terminal device's maintenance permissions on the network device can be suspended, but the session connection between the terminal device and the network device remains open. For example, forwarding operation instructions sent by the terminal device to the network device can be suspended, or the network device can be instructed to suspend responding to the terminal device's operation instructions. Simultaneously, the bastion host also sends an authentication request to the terminal device, requesting the terminal device to provide first identity information for authentication, in order to verify the identity of the maintenance personnel operating the terminal device.
[0054] S140, if the first identity information fed back by the terminal device is obtained and the first identity information is verified, the terminal device's operation and maintenance rights over the network device are restored.
[0055] If the terminal device receives the first identity information and the first identity information is verified, it indicates that the maintenance personnel operating the terminal device have operating privileges and can restore the terminal device's maintenance privileges over the network device. Optionally, the first identity information may include various information that can prove the identity of the maintenance personnel operating the terminal device. For example, account passwords, SMS verification codes, pre-set authentication codes, keys, tokens, etc.
[0056] The access control method in this application monitors idle time to determine whether maintenance personnel may have left the terminal device without disconnecting the session connection. If it is determined that maintenance personnel may have left the terminal device without disconnecting the session connection, the session connection between the terminal device and the network device is not immediately disconnected. Instead, the operational risk of the terminal device performing maintenance operations on the network device is assessed. If the terminal device is determined to have a high operational risk, the maintenance permissions of the terminal device on the network device are suspended, and the terminal device is required to authenticate itself to verify the identity of the maintenance personnel operating the terminal device. If the authentication is successful, the maintenance permissions of the terminal device on the network device are restored. This not only reduces the security risks caused by maintenance personnel leaving the terminal device without timely disconnection of the session connection but also considers the user experience of maintenance personnel, improving the flexibility of access control management.
[0057] In some embodiments, the method may further include: if the risk score is less than or equal to the risk threshold, then maintaining the terminal device's operational and maintenance permissions on the network device. If the risk score is less than the risk threshold, then the risk level of the terminal device performing operational and maintenance operations on the network device can be determined to be low risk, and the terminal device's operational and maintenance permissions on the network device can be maintained to balance system security and the user experience of operational and maintenance personnel.
[0058] In some embodiments, the method may further include: if the first identity information is not obtained within a target time range or the first identity information verification fails, disconnecting the session connection between the terminal device and the network device, and issuing a risk alarm to the terminal device.
[0059] If the terminal device fails to provide its primary identity information within the target timeframe, it can be determined that the terminal device is in an unattended state, and without security measures, it may face a high security risk. In this case, the session connection between the terminal device and the network device can be disconnected to ensure the data security of the network device and the system security of the target network.
[0060] If the terminal device has returned the first identity information within the target time range, but the verification of the returned first identity information fails, it indicates that the person operating the terminal device may not have operating authority and may not be an authorized maintenance personnel. In this case, the session connection between the terminal device and the network device can be disconnected to ensure the data security of the network device and the system security of the target network.
[0061] In addition to disconnecting the session connection, the bastion host also issues risk alerts to the terminal device. For example, it can send alert messages to the terminal device, send alert messages to the system administrator's terminal, and / or record the risk alert in the historical operation log. Information such as the time of the risk alert, the number of authentication failures, and the terminal device identifier can be recorded in the historical operation log.
[0062] In some embodiments, the method may further include: if the verification of the first identity information fails, determining the number of verification failures of the first identity information; if the number of verification failures is less than or equal to a verification failure threshold, sending an authentication request to the terminal device again; if the number of verification failures is greater than the verification failure threshold, disconnecting the session connection between the terminal device and the network device, and issuing a risk alarm to the terminal device. Thus, as long as the terminal device passes verification within the verification failure threshold range, it can regain its operational and maintenance rights over the network device, providing a fault-tolerant correction mechanism for the terminal device and improving the user experience.
[0063] In some embodiments, step S120, which determines the risk score of the terminal device performing operation and maintenance operations on the network device based on the historical operation records of the terminal device, may include the following steps.
[0064] S121, Based on the historical operation records, determine the risk variables used for risk assessment. The risk variables include at least: the number of times the terminal device performs the target operation in the maintenance operations performed on the network device during the current control period, the number of risk alarms issued by the terminal device during the current control period, and the number of network devices that the terminal device has access to.
[0065] The control period is a time frame set to facilitate the assessment of the operational risks posed by the terminal device to the network device. For example, the control period can be a day, a week, a month, a quarter, or a year, etc.
[0066] The target operations may include maintenance operations with relatively high operational risks. These target operations include, but are not limited to, rebooting, shutting down, deleting files (rm*), killing processes (kill*), and setting user authentication information (Passwd), etc. The user authentication information setting operation may include setting user passwords, password expiration times, etc. The number of times the terminal device performs maintenance operations on the network device that fall under the target operations within the current control cycle can be determined based on the historical operation records. Optionally, the total number of maintenance operations performed by the terminal device on the network device within the current control cycle can also be determined based on the historical operation records.
[0067] The number of network devices that the terminal device has access to is the number of network devices that can be accessed through the bastion host based on the terminal device's access permissions. If network devices in the target network are defined as assets, then the number of network devices that the terminal device has access to is the number of assets authorized to the terminal device. Optionally, the total number of network devices in the target network can also be obtained, that is, the total number of assets in the target network.
[0068] S122, Based on the risk variables and risk assessment logic, determine the risk score of the terminal device in the current control cycle.
[0069] Optionally, the risk assessment logic can be as follows:
[0070]
[0071] Where f represents the risk score. `assets` represents the number of network devices the terminal device has access to. `assets0` represents the total number of network devices in the target network. `operations` represents the number of times the terminal device performs the target operation on the network devices within the current control period. `operations0` represents the total number of maintenance operations performed by the terminal device on the network devices within the current control period. `warn` represents the number of risk alarms issued by the terminal device within the current control period. In this way, the operational risks of the terminal device performing maintenance operations on network devices can be comprehensively assessed by considering the terminal device's access permissions, the type of maintenance operations performed, and the number of risk alarms, making it highly reliable.
[0072] It should be noted that, in specific implementation, other risk assessment logic and other risk variables may also be adopted, as long as the operational risks of the terminal device performing maintenance operations on the network device can be accurately assessed.
[0073] In some embodiments, the method further includes: after the end of the previous control cycle, determining a risk score for a plurality of terminal devices in the previous control cycle; and determining a risk threshold for the next control cycle based on the risk scores of the plurality of terminal devices in the previous control cycle.
[0074] Optionally, the risk score of each terminal device with access to the target network in the previous control period can be determined based on formula (1). The risk scores of each terminal device can be sorted to obtain a score sequence. The target number of risk scores that rank high or low in the score sequence can be selected to form a target dataset. For example, the target dataset can be constructed by selecting the top 80% of the risk scores from the score sequence. Then, the average value of the risk scores in the target dataset can be calculated as the risk threshold for the next control period. Optionally, a fixed value can be selected as the risk threshold in the initial control period.
[0075] Cooperate Figure 2 As shown, in some embodiments, the method further includes: S100, establishing a session connection between the client and the network device. Step S100 may specifically include the following steps.
[0076] S101, before detecting the idle duration, obtain the session connection request sent by the terminal device. The session connection request includes the terminal device's second identity information and a network device identifier used to identify the network device requested for access.
[0077] Optionally, the second identity information may be the same as or different from the first identity information. For example, the second identity information may include the username and password of the terminal device, or it may include a mobile phone number and SMS verification code; alternatively, it may include a terminal device key, token, etc. Optionally, the network device identifier may include various information that can identify the network device, such as address information and interface information.
[0078] Optionally, the bastion host may hold an identity information database, which may record the identity information of each terminal device that has access to the target network. The bastion host may verify the second identity information based on the identity information database. For example, it may verify the username and password of the terminal device, or verify the terminal device's key or token, etc.
[0079] S102, if the second identity information is verified, determine whether the terminal device has access to the corresponding network device based on the network device identifier.
[0080] Optionally, if the second identity information is verified successfully, authorization information of the terminal device can be obtained based on the second identity information. This authorization information can be used to record the terminal device's access permissions. For example, the authorization information may record a network device identifier used to identify network devices to which the terminal device has access permissions. Then, based on the authorization information and the network device identifier carried in the session connection request, it can be determined whether the terminal device has access permissions to the corresponding network device. For example, it can be determined whether the authorization information records the network device identifier carried in the session connection request. If yes, it can be determined that the terminal device has access permissions to the corresponding network device. If no, it can be determined that the terminal device does not have access permissions to the corresponding network device.
[0081] S103, if it is determined that the terminal device has access rights to the corresponding network device, a session connection is established between the terminal device and the network device.
[0082] If it is determined that the terminal device has access rights to the corresponding network device, it can send a session establishment request to the network device. This request may carry the terminal device's identifier. The terminal device identifier may include the terminal device's secondary identity information, address information, etc. Upon receiving the session establishment request, the network device can establish a session connection with the terminal device based on the communication protocol used between the network device and the terminal device. In this way, the identity and access rights of the terminal device can be effectively verified during the session connection establishment phase, thereby effectively ensuring the system security of the target network.
[0083] The second embodiment of this application provides an access control method applied to a bastion host, which is used to monitor network devices in a target network. Figure 3 This is a flowchart of the access control method according to the second embodiment of this application. See also: Figure 3 As shown, the access control method of the second embodiment of this application may specifically include the following steps.
[0084] S201, when the terminal device is connected to a network device in the target network, the operation time of the previous maintenance operation performed by the terminal device on the server is determined based on the historical operation record of the terminal.
[0085] S202, determine the time interval between the operation time of the previous maintenance operation and the current time, and use it as the spatial duration t of the terminal device.
[0086] S203, determine whether the idle time t is greater than the time threshold t0. If yes, proceed to step S204. If no, proceed to step S201.
[0087] S204, Based on the historical operation records of the terminal device, determine the risk score f of the terminal device performing operation and maintenance on the network device.
[0088] Optionally, the risk score can be determined based on the following risk assessment logic:
[0089]
[0090] Where f represents the risk score. assets represents the number of network devices the terminal device has access to. assets0 represents the total number of network devices in the target network. operations represents the number of times the terminal device performs the target operation on the network devices within the current control period. operations0 represents the total number of maintenance operations performed by the terminal device on the network devices within the current control period. warn represents the number of risk alarms issued by the terminal device within the current control period.
[0091] S205, determine whether the risk score f is greater than the risk threshold f0. If yes, proceed to step S206. If no, proceed to step S201.
[0092] S206, Suspend the terminal device's operation and maintenance permissions for the network device.
[0093] S207, send an authentication request to the terminal device to request the terminal device to perform authentication.
[0094] S208, determine whether the first identity information fed back by the terminal device has been obtained within the target time range. If yes, proceed to step S209. If no, proceed to S213.
[0095] S209, determine whether the first identity information has been verified. If yes, proceed to step S210. If no, proceed to step S211.
[0096] S210, restore the terminal device's operation and maintenance rights over the network device.
[0097] S211, increment the number of verification failures by one, and determine the increased number of verification failures m = m + 1.
[0098] S212, determine whether the increased number of verification failures m is greater than the verification failure threshold m0. If yes, proceed to step S213. If no, proceed to step S207.
[0099] S213, disconnect the session connection between the terminal device and the network device, and issue a risk alarm to the terminal device.
[0100] The access control method of this application embodiment can not only reduce the security risks caused by maintenance personnel leaving the terminal device and failing to disconnect the session connection in time, but also take into account the user experience of the maintenance personnel and improve the flexibility of access control management.
[0101] See Figure 4 As shown, a third embodiment of this application provides an access control device, including:
[0102] The detection module 301 is used to detect the idle time of the terminal device when the terminal device is connected to a network device in the target network, and to determine whether the idle time is greater than a time threshold; the idle time is the time interval between the operation time of the previous maintenance operation performed by the terminal device on the network device and the current time.
[0103] The scoring module 302 is used to determine a risk score for the terminal device to perform maintenance operations on the network device based on the historical operation records of the terminal device when the idle time exceeds a time threshold, and to determine whether the risk score is greater than a risk threshold.
[0104] The request module 303 is used to suspend the terminal device's operation and maintenance rights to the network device when the risk score is greater than the risk threshold, and to send an authentication request to the terminal device to request the terminal device to perform authentication.
[0105] The verification module 304 is used to restore the terminal device's operation and maintenance rights over the network device when it receives the first identity information fed back by the terminal device and the first identity information is verified.
[0106] In some embodiments, the scoring module 302 is further configured to:
[0107] If the risk score is less than or equal to the risk threshold, the terminal device's operation and maintenance rights over the network device shall be maintained.
[0108] In some embodiments, the verification module 304 is further configured to:
[0109] If the first identity information is not obtained within the target time range or the verification of the first identity information fails, the session connection between the terminal device and the network device is disconnected, and a risk alarm is issued to the terminal device.
[0110] In some embodiments, the verification module 304 is further configured to:
[0111] If the verification of the first identity information fails, the number of times the verification of the first identity information fails is determined;
[0112] If the number of verification failures is less than or equal to the verification failure threshold, then send an authentication request to the terminal device again.
[0113] If the number of verification failures exceeds the verification threshold, the session connection between the terminal device and the network device is disconnected, and a risk alarm is issued to the terminal device.
[0114] In some embodiments, the scoring module 302 is specifically used for:
[0115] Based on the historical operation records, risk variables are determined for risk assessment. The risk variables include at least: the number of times the terminal device performs the target operation in the operation and maintenance operations performed on the network device in the current control cycle, the number of risk alarms issued by the terminal device in the current control cycle, and the number of network devices that the terminal device has access to.
[0116] Based on the aforementioned risk variables and risk assessment logic, the risk score of the terminal device in the current control cycle is determined.
[0117] In some embodiments, the scoring module 302 is further configured to:
[0118] After the end of the previous control cycle, the risk scores of the multiple terminal devices in the previous control cycle are determined;
[0119] Based on the risk scores of the multiple terminal devices in the previous control cycle, the risk threshold for the next control cycle is determined.
[0120] In some embodiments, the apparatus further includes a construction module, the construction module being configured to:
[0121] Before detecting the idle time, a session connection request sent by the terminal device is obtained; the session connection request includes the terminal device's second identity information and a network device identifier used to identify the network device to be accessed;
[0122] If the second identity information is verified, it is determined whether the terminal device has access to the corresponding network device based on the network device identifier;
[0123] If it is determined that the terminal device has access rights to the corresponding network device, a session connection is established between the terminal device and the network device.
[0124] See Figure 5 As shown, the fourth embodiment of this application also provides an electronic device, including at least a memory 401 and a processor 402. The memory 401 stores a program, and the processor 402 implements the method described in any of the above embodiments when executing the program on the memory 401.
[0125] The sixth embodiment of this application also provides a computer-readable storage medium storing computer-executable instructions, wherein executing the computer-executable instructions in the computer-readable storage medium implements the method described in any of the above embodiments.
[0126] Those skilled in the art will understand that embodiments of this application can be provided as methods, electronic devices, computer-readable storage media, or computer program products. Therefore, this application can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware. Furthermore, this application can take the form of a computer program product implemented on one or more computer-readable storage media containing computer-readable program code. When implemented in software, these functions can be stored in a computer-readable medium or transmitted as one or more instructions or code on a computer-readable medium.
[0127] The aforementioned processor can be a general-purpose processor, a digital signal processor, an application-specific integrated circuit (ASIC), a programmable logic device (PLD), or a combination thereof. The aforementioned PLD can be a complex programmable logic device (CPLD), a field-programmable gate array (FPGA), a generic array logic (GAL), or any combination thereof. The general-purpose processor can be a microprocessor or any conventional processor, etc.
[0128] The aforementioned memory may include non-persistent memory in computer-readable media, such as random access memory (RAM) and / or non-volatile memory, like read-only memory (ROM) or flash RAM. Memory is an example of computer-readable media.
[0129] The aforementioned readable storage medium may be a magnetic disk, optical disk, DVD, USB, read-only memory (ROM) or random access memory (RAM), etc. This application does not limit the specific form of storage medium.
[0130] The above embodiments are merely exemplary embodiments of this application and are not intended to limit this application. The scope of protection of this application is defined by the claims. Those skilled in the art can make various modifications or equivalent substitutions to this application within its substance and scope of protection, and such modifications or equivalent substitutions should also be considered to fall within the scope of protection of this application.
Claims
1. An access control method, characterized in that, include: When a terminal device has a session connection with a network device in the target network, the idle time of the terminal device is detected, and it is determined whether the idle time is greater than a time threshold. The idle time is the time interval between the operation time of the previous maintenance operation performed by the terminal device on the network device and the current time. If the idle time exceeds the time threshold, then based on the historical operation records of the terminal device, determine the risk score of the terminal device performing operation and maintenance on the network device, and determine whether the risk score is greater than the risk threshold. If the risk score is greater than the risk threshold, then the terminal device's operation and maintenance rights to the network device are suspended, and an authentication request is sent to the terminal device to request the terminal device to perform authentication. If the terminal device receives the first identity information and the first identity information is verified, then the terminal device's operation and maintenance rights over the network device are restored. The risk score for the terminal device performing maintenance operations on the network device based on the terminal device's historical operation records includes: Based on the historical operation records, risk variables are determined for risk assessment. The risk variables include at least: the number of times the terminal device performs the target operation in the operation and maintenance operations performed on the network device in the current control cycle, the number of risk alarms issued by the terminal device in the current control cycle, and the number of network devices that the terminal device has access to. Based on the aforementioned risk variables and risk assessment logic, the risk score of the terminal device in the current control cycle is determined.
2. The method according to claim 1, characterized in that, The method further includes: If the risk score is less than or equal to the risk threshold, then the terminal device's operation and maintenance rights over the network device are maintained.
3. The method according to claim 1, characterized in that, The method further includes: If the first identity information is not obtained within the target time range or the first identity information verification fails, the session connection between the terminal device and the network device is disconnected, and a risk alarm is issued to the terminal device.
4. The method according to claim 1, characterized in that, The method further includes: If the verification of the first identity information fails, the number of times the verification of the first identity information fails is determined; If the number of verification failures is less than or equal to the verification failure threshold, then send an authentication request to the terminal device again. If the number of verification failures exceeds the verification threshold, the session connection between the terminal device and the network device is disconnected, and a risk alarm is issued to the terminal device.
5. The method according to claim 1, characterized in that, The method further includes: After the end of the previous control cycle, the risk scores of the multiple terminal devices in the previous control cycle are determined; Based on the risk scores of the multiple terminal devices in the previous control cycle, the risk threshold for the next control cycle is determined.
6. The method according to claim 1, characterized in that, The method further includes: Before detecting the idle time, a session connection request sent by the terminal device is obtained; the session connection request includes the terminal device's second identity information and a network device identifier used to identify the network device to be accessed; If the second identity information is verified, it is determined whether the terminal device has access to the corresponding network device based on the network device identifier; If it is determined that the terminal device has access rights to the corresponding network device, a session connection is established between the terminal device and the network device.
7. An access control device, characterized in that, include: The detection module is used to detect the idle time of the terminal device when the terminal device is connected to a network device in the target network, and to determine whether the idle time is greater than a time threshold; the idle time is the time interval between the operation time of the previous maintenance operation performed by the terminal device on the network device and the current time. The scoring module is used to determine a risk score for the terminal device performing maintenance operations on the network device based on the terminal device's historical operation records when the idle time exceeds a time threshold, and to determine whether the risk score is greater than a risk threshold. This includes: determining risk variables for risk assessment based on the historical operation records; the risk variables at least include: the number of times the terminal device performs the target operation on the network device during the current control period, the number of risk alarms issued by the terminal device during the current control period, and the number of network devices the terminal device has access to; and determining the risk score of the terminal device in the current control period based on the risk variables and risk assessment logic. The request module is used to suspend the terminal device's operation and maintenance rights to the network device when the risk score is greater than the risk threshold, and to send an authentication request to the terminal device to request the terminal device to perform authentication. The verification module is used to restore the terminal device's operation and maintenance rights over the network device when it receives the first identity information fed back by the terminal device and the first identity information is verified.
8. An electronic device comprising at least a memory and a processor, wherein the memory stores a program, characterized in that, The processor implements the method as described in any one of claims 1-6 when executing a program on the memory.
9. A computer-readable storage medium storing computer-executable instructions, characterized in that, The method as described in any one of claims 1-6 is implemented when the computer-executable instructions in the computer-readable storage medium are executed.