CN110535860A - The method and Network Security Device of flow are blocked when a kind of Network Security Device is restarted - Google Patents
The method and Network Security Device of flow are blocked when a kind of Network Security Device is restarted Download PDFInfo
- Publication number
- CN110535860A CN110535860A CN201910812686.7A CN201910812686A CN110535860A CN 110535860 A CN110535860 A CN 110535860A CN 201910812686 A CN201910812686 A CN 201910812686A CN 110535860 A CN110535860 A CN 110535860A
- Authority
- CN
- China
- Prior art keywords
- network security
- security device
- configuration information
- mentioned
- power
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/12—Arrangements for remote connection or disconnection of substations or of equipment thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Sources (AREA)
Abstract
The application provides a kind of method that flow is blocked when Network Security Device is restarted, and is applied to Network Security Device, and the Network Security Device includes master control borad and power-off protective plate, the first non-volatile memory medium and power supply circuit with master control borad communication connection;Wherein, first non-volatile memory medium stores the configuration information for indicating the operating mode of the power-off protective plate;The power supply circuit is used to power when the Network Security Device is restarted for the power-off protective plate;The described method includes: the master control borad reads the configuration information of the first non-volatile memory medium storage in response to the instruction of restarting for being directed to the Network Security Device;Determine the operating mode of the configuration information instruction read;If the operating mode of the configuration information instruction is abnormal blocking mode, the master control borad configures PASS state so that the flow that the Network Security Device blocks it to pass through when restarting enters next-hop device for the power-off protective plate.
Description
Technical field
When restarting this application involves network security technology more particularly to a kind of Network Security Device block flow method and
Network Security Device.
Background technique
Continuous with computer network is popularized, and attack is also increasing.
In order to prevent the network equipment by network attack, Network Security Device comes into being.The equipment can be known in time
Other attacker, harmful code and its clone and mutation, take preventive measures, effectively prevention poisoning intrusion, prevent trouble before it happens.
Summary of the invention
In view of this, the application provides a kind of method for blocking flow when Network Security Device is restarted, it is applied to network and pacifies
Full equipment, above-mentioned Network Security Device include master control borad and with the power-off protective plate of master control borad communication connection, first non-volatile
Property storage medium and power supply circuit;Wherein, above-mentioned first non-volatile memory medium stores the above-mentioned power-off protective plate of instruction
The configuration information of operating mode;Above-mentioned power supply circuit is used to supply when above-mentioned Network Security Device is restarted for above-mentioned power-off protective plate
Electricity;
The above method includes:
In response to being directed to the instruction of restarting of above-mentioned Network Security Device, above-mentioned master control borad reading above-mentioned first is non-volatile to be deposited
The above-mentioned configuration information of storage media storage;
Determine the operating mode of the above-mentioned configuration information instruction read;
If the operating mode of above-mentioned configuration information instruction is abnormal blocking mode, above-mentioned master control borad is by above-mentioned power down protection
Plate is configured to PASS state so that the flow that above-mentioned Network Security Device blocks it to pass through when restarting enters next-hop device.
The application also provides a kind of Network Security Device that flow is blocked when restarting, and above-mentioned Network Security Device includes: master
Control plate and power-off protective plate, the first non-volatile memory medium and power supply circuit with master control borad communication connection;Wherein, on
It states the first non-volatile memory medium and stores the configuration information for indicating the operating mode of above-mentioned power-off protective plate;Above-mentioned power supply electricity
Road is used to power when above-mentioned Network Security Device is restarted for above-mentioned power-off protective plate;
It is non-volatile to read above-mentioned first in response to being directed to the instruction of restarting of above-mentioned Network Security Device for above-mentioned master control borad
The above-mentioned configuration information of storage medium storage;
Determine the operating mode of the above-mentioned configuration information instruction read;
If the operating mode of above-mentioned configuration information instruction is abnormal blocking mode, configure above-mentioned power-off protective plate to
PASS state is so that above-mentioned Network Security Device blocks the flow by the Network Security Device to enter next-hop when restarting sets
It is standby.
By above scheme it is found that since above-mentioned power supply circuit can be above-mentioned power down when above-mentioned Network Security Device is restarted
Protection board power supply;It is non-volatile to read above-mentioned first in response to the instruction of restarting for above-mentioned Network Security Device for above-mentioned master control borad
Property storage medium storage above-mentioned configuration information;And determining that the operating mode of the above-mentioned configuration information instruction read is abnormal
When blocking mode, PASS state is configured by above-mentioned power-off protective plate so that above-mentioned Network Security Device blocks it to pass through when restarting
The flow crossed enters next-hop device, and therefore, above-mentioned Network Security Device effectively prevents follow-up equipment by network attack.
Detailed description of the invention
Fig. 1 is a kind of structure chart of Network Security Device shown in the application;
Fig. 2 is the power-off protective plate shown in the application when being PASS state by the flux and flow direction of above-mentioned Network Security Device
Schematic diagram;
Fig. 3 is the power-off protective plate shown in the application when being BYPASS state by the traffic flow of above-mentioned Network Security Device
To schematic diagram;
Fig. 4 is the flow chart that the method for flow is blocked when a kind of Network Security Device shown in the application is restarted;
Fig. 5 is a kind of structure chart of Network Security Device that flow is blocked when restarting shown in the application;
Fig. 6 is that power-off protective plate is abnormal blocking operating mode, and the network security is passed through when Network Security Device is restarted
The flux and flow direction schematic diagram of equipment.
Specific embodiment
It will explain the exemplary embodiments in detail below, the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended
The example of the consistent device and method of some aspects be described in detail in claims, the application.
It is only to be not intended to be limiting the application merely for for the purpose of describing particular embodiments in term used in this application.
It is also intended in the application and the "an" of singular used in the attached claims, " above-mentioned " and "the" including majority
Form, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein refers to and wraps
It may be combined containing one or more associated any or all of project listed.It is also understood that word used herein
Language " if ", context is depended on, can be construed to " ... when " or " when ... " or " in response to determination ".
Referring to Figure 1, Fig. 1 is a kind of structure chart of Network Security Device shown in the application.
As shown in Figure 1, common Network Security Device generally includes master control borad, and the power down with master control borad communication connection
Protection board and business board.
Above-mentioned master control borad can configure the working condition of power-off protective plate, and carry out data interaction with business board.
Above-mentioned business board can handle the flow by Network Security Device.For example, if above-mentioned business board identifies
Stating flow is Network Attack, then can block to the flow, prevents from entering next-hop device, to protect follow-up equipment
By hacker attack.
Above-mentioned power-off protective plate may exist two kinds of working conditions of PASS and BYPASS.
Wherein, referring to figure 2., Fig. 2, which is the power-off protective plate shown in the application, pacifies by above-mentioned network when being PASS state
The flux and flow direction schematic diagram of full equipment.
As shown in Fig. 2, above-mentioned power-off protective plate is PASS state.At this point, being set if there is flow passes through above-mentioned network security
When standby, which will enter above-mentioned business board by above-mentioned power-off protective plate and carry out related service processing.Until above-mentioned business board
It is disposed after the flow, which is sent to next-hop device to keep flow normally to transmit by above-mentioned business board.
Referring to figure 3., Fig. 3, which is the power-off protective plate shown in the application, sets by above-mentioned network security when being BYPASS state
Standby flux and flow direction schematic diagram.
As shown in figure 3, above-mentioned power-off protective plate is BYPASS state.At this point, if there is flow passes through above-mentioned network security
When equipment, which will not pass through above-mentioned power-off protective plate and carries out related service processing into above-mentioned business board, but pass through
Above-mentioned power-off protective plate flows directly into next-hop device to keep flow normally to transmit.
Herein, it should be noted that on the one hand, above two working condition can be converted mutually, for example, when above-mentioned
When power-off protective plate powers on, if above-mentioned master control borad sends PASS state configuration-direct, above-mentioned power down to above-mentioned power-off protective plate
Protection board will be responsive to above-mentioned configuration-direct and configure PASS state for working condition;And if above-mentioned master control borad is to above-mentioned power down
Protection board sends BYPASS state configuration-direct, and above-mentioned power-off protective plate then will be responsive to above-mentioned configuration-direct and match working condition
It is set to BYPASS state.On the other hand, when above-mentioned power-off protective plate power down, above-mentioned power-off protective plate will persistently keep BYPASS
State prevents in regular traffic so that the flow by above-mentioned Network Security Device can be normally transferred to next-hop device
It is disconnected.
And in practical applications, especially network traffic security require it is high in the case of, if above-mentioned network security
Device looses power is restarted, and above-mentioned power-off protective plate will keep BYPASS state due to power down and persistently.And at this point, if there is flow passes through
Above-mentioned Network Security Device is crossed, which will be directly transmitted to next-hop device, this, which will lead to follow-up equipment, exists by network
The risk of attack.As it can be seen that above-mentioned Network Security Device needs a kind of method for blocking flow to transmit backward when the equipment is restarted.
Based on this, the application proposes a kind of method that flow is blocked when Network Security Device is restarted.Here, need to illustrate
It is that Network Security Device restarting process shown in the application may include that Network Security Device receives (packet after instruction of restarting
Include abnormal restarting and normally restart) power process and re-power until the process restarted of completion.
This method is by keeping the work shape of the power-off protective plate in Network Security Device when Network Security Device is restarted
State is PASS state, so that the flow that above-mentioned Network Security Device blocks it to pass through when restarting enters next-hop device.
Above-mentioned Network Security Device include master control borad and with master control borad communication connection power-off protective plate, first it is non-easily
The property lost storage medium and power supply circuit;Wherein, above-mentioned first non-volatile memory medium stores the above-mentioned power-off protective plate of instruction
Operating mode configuration information;Above-mentioned power supply circuit is used to be above-mentioned power-off protective plate when above-mentioned Network Security Device is restarted
Power supply.
Fig. 4 is referred to, Fig. 4 is the process that the method for flow is blocked when a kind of Network Security Device shown in the application is restarted
Figure.
As shown in figure 4, the above method includes:
S401, in response to being directed to the instruction of restarting of above-mentioned Network Security Device, it is non-easy that above-mentioned master control borad reads above-mentioned first
The above-mentioned configuration information of the property lost storage medium storage;
S402 determines the operating mode of the above-mentioned configuration information instruction read;
S403, if the operating mode of above-mentioned configuration information instruction is abnormal blocking mode, above-mentioned master control borad by it is above-mentioned fall
Electric protection plate is configured to PASS state so that above-mentioned Network Security Device blocks the stream by the Network Security Device when restarting
Amount enters next-hop device.
By above scheme it is found that since above-mentioned power supply circuit can be above-mentioned power down when above-mentioned Network Security Device is restarted
Protection board power supply;It is non-volatile to read above-mentioned first in response to the instruction of restarting for above-mentioned Network Security Device for above-mentioned master control borad
Property storage medium storage above-mentioned configuration information;And determining that the operating mode of the above-mentioned configuration information instruction read is abnormal
When blocking mode, PASS state is configured by above-mentioned power-off protective plate so that above-mentioned Network Security Device blocks it to pass through when restarting
The flow crossed enters next-hop device, and therefore, above-mentioned Network Security Device effectively prevents follow-up equipment by network attack.
Hereinafter, the technical solution recorded in conjunction with specific embodiments to the application is illustrated.
Refer to Fig. 5, Fig. 5 is the structure chart that the Network Security Device of flow is blocked when a kind of shown in the application is restarted.
As shown in figure 5, Network Security Device may include master control borad and the power down protection with master control borad communication connection
Plate, the first non-volatile memory medium and power supply circuit.
Above-mentioned Network Security Device can handle the flow by Network Security Device.For example, above-mentioned Network Security Device
When for IPS equipment, if identifying that above-mentioned flow is Network Attack, which can be blocked, prevent from entering
Next-hop device, to prevent follow-up equipment by hacker attack.Certainly, above-mentioned Network Security Device can also be other equipment, example
Such as, firewall etc., is not limited thereto.It, below can abbreviation equipment in order to briefly explain embodiment.
Above-mentioned master control borad can communicate with power-off protective plate, the first non-volatile memories of connection as main control unit
Medium and power supply circuit interaction data, and above-mentioned each device work (board) is controlled by interactive instruction.It needs, it is above-mentioned
Master control borad core processor can be CPU, FPGA, MCU etc., be not limited thereto and circuit knot that above-mentioned master control borad has
Structure is also not construed as limiting herein.
Above-mentioned power-off protective plate, may exist two kinds of working conditions of PASS and BYPASS, and above two working condition can be with
It is mutually converted.Power-off protective plate is in upper two kinds of working conditions by the flow direction explanation of the flow of above equipment, Yi Jishang
It states the procedure declaration that two kinds of working conditions mutually convert and please refers to aforementioned relevant portion, therefore not to repeat here.Here, needing to illustrate
, above-mentioned power-off protective plate can keep BYPASS state under power-down state;And under power-up state, if master control borad is to it
It is configured, then its working condition can be modified, if master control borad does not configure it, can keep same work shape
State.In practical applications, above-mentioned power-off protective plate can be the board that light protection board etc. has above two working condition, herein
It is not construed as limiting.
Above-mentioned first non-volatile memory medium, store the operating mode for indicating above-mentioned power-off protective plate matches confidence
Breath.Wherein, the operating mode of above-mentioned power-off protective plate can be the usual habit by Manual definition or the application correlative technology field
Used definition.For example, the normal mode of operation shown in the application, refers to the operating mode of above-mentioned power-off protective plate for before the application
State the mode shown in relevant portion;Abnormal blocking mode shown in the application refers to that when device looses power is restarted, above-mentioned power down is protected
The mode of backplate holding PASS working condition.Herein, it should be noted that above-mentioned operating mode is merely illustrative, this Shen
The power-off protective plate that please be shown can have other operating modes, be not limited thereto;Also, above-mentioned first non-volatile memories
The model of medium and there are positions to be not limited thereto, in the embodiment shown in the application, in order to guarantee that equipment was restarted
Cheng Zhong, the configuration information in above-mentioned accessible above-mentioned first non-volatile memory medium of master control borad, above-mentioned first is non-volatile
Storage medium can be EEPROM, and be present on above-mentioned power-off protective plate.
Above-mentioned power supply circuit, for being that above-mentioned power-off protective plate is powered when above equipment is restarted.For example, in power supply circuit
It is powered using devices such as super capacitor or batteries for above-mentioned power-off protective plate.It is above-mentioned in the embodiment shown in the present invention
Power supply circuit can be powered when needing and powering for above equipment in response to the configuration-direct of above-mentioned master control borad.In
In another embodiment shown in the present invention, above-mentioned power supply circuit can be non-volatile according to above-mentioned first when above equipment is restarted
Configuration information in storage medium determines whether for the power supply of above-mentioned power-off protective plate.
In the embodiment shown in the present invention, above equipment is the network equipment connected to it as Network Security Device
(may include next-hop network equipment) carries out security protection.Above equipment is in power-down rebooting in order to prevent, by the equipment
Flow be shown delivered directly to next-hop device so that follow-up equipment exists by the risk of network attack, proposed in the application
The method of flow is blocked when a kind of equipment is restarted.The specific method is as follows:
Step A, above-mentioned master control borad are issued in response to the configuration-direct that receives, the first non-volatile memory medium of Xiang Shangshu
Configuration information.
In this step, user (administrator) or equipment itself can rule of thumb or scene demand is sent out to above-mentioned master control borad
Configuration-direct is sent, so that master control borad can issue configuration information to above-mentioned first non-volatile memory medium.
In practical applications, user (administrator) can pass through life in the case of network traffic security requires high
Capable or page downloading mode is enabled to send configuration-direct to above-mentioned master control borad to change the operating mode of above-mentioned power-off protective plate.Example
Such as, user can configure power-off protective plate to abnormal blocking mode.
In the scenario above, user can be by way of order line or page downloading, and Xiang Shangshu master control borad, which is sent, to be carried
Configure above-mentioned power-off protective plate to the configuration-direct of abnormal blocking mode;Above-mentioned master control borad after receiving above-mentioned configuration-direct,
Configuration information can be issued to above-mentioned first non-volatile memory medium, so that the first non-volatile memory medium can store
State configuration information.
Step B, above-mentioned master control borad read the above-mentioned configuration information stored in above-mentioned first non-volatile memory medium;
If the operating mode of above-mentioned configuration information instruction is abnormal blocking mode, above-mentioned master control borad is by above-mentioned power supply circuit
It is configured to power when above equipment is restarted for above-mentioned power-off protective plate.
In this step, above-mentioned configuration information can be configuration identifier, for example, above-mentioned configuration identifier can be the first configuration mark
Know (for example, 1), is used to refer to above-mentioned power-off protective plate and is configured to abnormal blocking mode.Above-mentioned power supply circuit may include control
Circuit, wherein above-mentioned control circuit can receive the configuration-direct of above-mentioned master control borad, and controlling above-mentioned power supply circuit can be in equipment
It powers when power down starts for above-mentioned power-off protective plate.Certainly, above-mentioned power supply circuit can also according to demand for above equipment or on
The power supply of other boards of equipment is stated, is not particularly limited herein.
In the scenario above, above-mentioned master control borad will usually read in above-mentioned first non-volatile memory medium store it is above-mentioned
Configuration identifier, and determine the mark content;If above-mentioned configuration identifier is the first configuration identifier, above-mentioned master control borad will be to above-mentioned control
Circuit (for example, the circuit of the compositions such as single-chip microcontroller, CPLD, FPGA, is not limited thereto) processed sends configuration-direct so that above-mentioned confession
Circuit is configured as powering when above equipment is restarted for above-mentioned power-off protective plate.
Herein, it should be noted that above-mentioned master control borad can in response to user (administrator) send configuration-direct or from
Body actively executes above-mentioned step B, is not limited thereto.
In the embodiment shown in the present invention, above-mentioned power supply circuit includes control circuit, and above-mentioned step B is also possible that
Above-mentioned control circuit reads the above-mentioned configuration information stored in above-mentioned first non-volatile memory medium;Determine above-mentioned configuration information
The operating mode of instruction;If the operating mode of above-mentioned configuration information instruction is abnormal blocking mode, above-mentioned power supply circuit is upper
It states and powers when equipment is restarted for above-mentioned power-off protective plate.
In this step, it is non-volatile that the control circuit in power supply circuit can read above-mentioned first in above equipment power down
Configuration information in storage medium, and determined whether according to above-mentioned configuration information for the power supply of above-mentioned power-off protective plate.
For example, above-mentioned power supply include further include super capacitor or battery and control circuit (for example, single-chip microcontroller, CPLD,
The circuit of the compositions such as FPGA, is not limited thereto), above-mentioned super capacitor or battery can be above-mentioned control electricity in device looses power
Road powers so that the control circuit can read configuration information in above-mentioned first non-volatile memory medium.In the scenario above,
If the operating mode for the configuration information instruction that above-mentioned control circuit is read in above equipment power down is abnormal blocking mode,
Then above-mentioned power supply circuit will power when above equipment is restarted for above-mentioned power-off protective plate.
Step C (S401-S403), in response to being directed to the instruction of restarting of above equipment, above-mentioned master control borad reads above-mentioned first
The above-mentioned configuration information of non-volatile memory medium storage;Determine the operating mode of the above-mentioned configuration information instruction read;If
The operating mode of above-mentioned configuration information instruction is abnormal blocking mode, then above-mentioned master control borad configures above-mentioned power-off protective plate to
PASS state is so that the flow that above equipment blocks it to pass through when restarting enters next-hop device.
In this step, above-mentioned instruction of restarting may include that instruction of restarting when above equipment is normally restarted and above equipment are different
Instruction of restarting when often restarting.In order to make master control borad be able to carry out step C operation, developer can set above-mentioned according to demand
Restart in process instruction for what reboot process process instruction performed when normally restarting and/or above equipment abnormal restarting executed
Increase and executes executing instruction for step C.For example, developer is normal in above equipment in the embodiment shown in the application
What performed reboot process process instruction and above equipment abnormal restarting executed when restarting, which restart to increase in process instruction, holds
Row step C executes instruction.
In the scenario above, whether unit exception power-down rebooting (for example, board loosen caused by powered-off fault restart)
Or equipment normally restart (user trigger reload key or by the modes such as order line realize normally restart) when, above-mentioned master control borad
The above-mentioned configuration information of above-mentioned first non-volatile memory medium storage will be all read in the reboot process;And it determines and reads
The operating mode of above-mentioned configuration information instruction.
For example, above-mentioned configuration information can be configuration identifier, if current device Working mould in one embodiment of the application
Formula is configured as abnormal blocking mode, then above-mentioned configuration identifier is the first configuration identifier, i.e., above-mentioned first non-volatile memories are situated between
The above-mentioned configuration information of matter storage is the first configuration identifier.At this point, when equipment is restarted since a certain board loosens powered-off fault,
The above-mentioned configuration information that above-mentioned master control borad reads the storage of the first non-volatile memory medium is the first configuration identifier, and thus really
The operating mode of fixed above-mentioned configuration information instruction is abnormal blocking mode, and then above-mentioned master control borad will execute S403, by it is above-mentioned fall
Electric protection plate is configured to PASS state so that the flow that above equipment blocks it to pass through when restarting enters next-hop device.In
This, it should be noted that the mode of master control borad configuration power-off protective plate is referred to the relevant technologies, is not limited thereto.
At this point, please referring to Fig. 6, Fig. 6 is that power-off protective plate is abnormal blocking operating mode, when Network Security Device is restarted
By the flux and flow direction schematic diagram of the Network Security Device.
As shown in fig. 6, above-mentioned power-off protective plate is abnormal blocking operating mode.At this point, if restarting in above equipment
Cheng Zhongyou flow passes through above-mentioned Network Security Device, which will flow to business board by above-mentioned power-off protective plate, but due to
Above-mentioned business board is in rebooting status (equipment is in rebooting status), and therefore, which will be formed a team, under will not entering
One jumps equipment.
As shown from the above technical solution, on the one hand, due to equipment master control can configuration-direct with plate in response to receiving,
Configuration information is issued to above-mentioned first non-volatile memory medium, and master control board card non-volatile can be deposited according to above-mentioned first
The operating mode of the configuration information configuration equipment stored in storage media, therefore, user is in the demanding feelings of network traffic security
Under shape, can by equipment send configuration-direct be abnormal blocking mode by device configuration so that above equipment block its
The flow passed through when restarting enters next-hop device, sense that the user experience is improved.
On the other hand, after equipment opens abnormal blocking mode, since equipment power supply circuit can in device looses power and again
It powers when opening for above-mentioned power-off protective plate;Above-mentioned master control borad reads above-mentioned first in response to the instruction of restarting for above equipment
The above-mentioned configuration information of non-volatile memory medium storage;And in the operating mode for determining the above-mentioned configuration information instruction read
When for abnormal blocking mode, PASS state is configured so that above equipment blocks it to pass through when restarting by above-mentioned power-off protective plate
Flow enter next-hop device, therefore, above equipment effectively prevents follow-up equipment by network attack.
In the embodiment shown in the application, in order to keep above equipment that can restore automatically after restarting successfully
Previous work mode.The application also proposes that a kind of equipment restarts the method for successfully restoring Previous work mode afterwards.It is applied to
In equipment as shown in Figure 5.
As shown in figure 5, above equipment further includes the second non-volatile memory medium with master control borad communication connection.
Above-mentioned second non-volatile memory medium, have recorded the operating mode of instruction above equipment before restarting matches confidence
Breath.
When above equipment is restarted successfully, above-mentioned master control borad can be stored according in above-mentioned second non-volatile memory medium
Above-mentioned configuration information above equipment is reverted to the operating mode before restarting.
In practical applications, above-mentioned master control borad will can periodically indicate the configuration information storage of the operating mode of above equipment
To in above-mentioned second non-volatile memory medium.After equipment is restarted successfully, it is non-that above-mentioned master control borad can read above-mentioned second
The above-mentioned configuration information stored in volatile storage medium, and determine the operating mode of above-mentioned configuration information instruction, and will be above-mentioned
Above equipment reverts to the operating mode before restarting.
For example, equipment before restarting above equipment operating mode be AUTO mode.Above-mentioned second non-volatile memories are situated between
The above-mentioned configuration information stored in matter can be the second configuration identifier (operating mode of indicating equipment is normal mode of operation).In
Under said circumstances, after equipment is restarted successfully, the above-mentioned configuration identifier that above-mentioned master control borad is read is the second configuration identifier, because
This, above-mentioned master control borad will configure above equipment so that above-mentioned network security will revert to the AUTO operating mode before restarting.
Above equipment can not be changed operating mode by power-off protective plate and be influenced as a result, still can keep restarting it
Preceding operating mode adjusts in the smallest situation equipment with reaching, and the function of flow is blocked when restarting equipment increase.
Corresponding to above method embodiment, the present invention also provides a kind of Network Security Devices.
The internal structure of above-mentioned Network Security Device please refers to attached drawing 5.
As shown in figure 5, above-mentioned Network Security Device includes: master control borad and the power down protection with master control borad communication connection
Plate, the first non-volatile memory medium and power supply circuit;Wherein, it is above-mentioned to store instruction for above-mentioned first non-volatile memory medium
The configuration information of the operating mode of power-off protective plate;Above-mentioned power supply circuit is used to when above-mentioned Network Security Device is restarted be above-mentioned
Power-off protective plate power supply;
It is non-volatile to read above-mentioned first in response to being directed to the instruction of restarting of above-mentioned Network Security Device for above-mentioned master control borad
The above-mentioned configuration information of storage medium storage;
Determine the operating mode of the above-mentioned configuration information instruction read;
If the operating mode of above-mentioned configuration information instruction is abnormal blocking mode, configure above-mentioned power-off protective plate to
PASS state is so that above-mentioned Network Security Device blocks the flow by the Network Security Device to enter next-hop when restarting sets
It is standby.
In the embodiment shown, above-mentioned Network Security Device further include: the second non-volatile memory medium;Above-mentioned
The configuration information for indicating the operating mode of above-mentioned Network Security Device before restarting is had recorded in two non-volatile memory mediums;
Above-mentioned master control borad, when above-mentioned Network Security Device restarts success, according in above-mentioned second non-volatile memory medium
Above-mentioned Network Security Device is reverted to the operating mode before restarting by the above-mentioned configuration information of storage.
In the embodiment shown, for the instruction of restarting of above-mentioned Network Security Device, comprising: above-mentioned network security is set
Instruction of restarting when standby instruction of restarting and above-mentioned Network Security Device abnormal restarting when normally restarting.
In the embodiment shown, above-mentioned master control borad, in response to the configuration-direct received, Xiang Shangshu first is non-volatile
Property storage medium issues configuration information.
In the embodiment shown, above-mentioned master control borad, plate, which is read, to be stored in above-mentioned first non-volatile memory medium
Above-mentioned configuration information;
If the operating mode of above-mentioned configuration information instruction is abnormal blocking mode, configure above-mentioned power supply circuit to upper
It states and powers when Network Security Device is restarted for above-mentioned power-off protective plate.
In the embodiment shown, above-mentioned power supply circuit includes control circuit;
Above-mentioned control circuit reads the above-mentioned configuration information stored in above-mentioned first non-volatile memory medium;
Determine the operating mode of above-mentioned configuration information instruction;
If the operating mode of above-mentioned configuration information instruction is abnormal blocking mode, above-mentioned power supply circuit is pacified in above-mentioned network
Full equipment is powered when restarting for above-mentioned power-off protective plate.
In the embodiment shown, above-mentioned configuration information is configuration identifier;
The operating mode for the above-mentioned configuration information instruction that above-mentioned determination is read, comprising:
If above-mentioned configuration identifier is the first configuration identifier, above-mentioned operating mode is abnormal blocking mode.
In the embodiment shown, above-mentioned Network Security Device is IPS equipment.
In the embodiment shown, above-mentioned first non-volatile memory medium is EEPROM, and above-mentioned EEPROM is present in
On above-mentioned power-off protective plate.
In the embodiment shown, above-mentioned power-off protective plate is light protection board.
Theme described in this specification and the embodiment of feature operation can be realized in the following: Fundamental Digital Circuit,
Computer software or firmware, the computer including structure disclosed in this specification and its structural equivalents of tangible embodiment are hard
The combination of part or one or more of which.The embodiment of theme described in this specification can be implemented as one or
Multiple computer programs, i.e. coding are executed by data processing equipment on tangible non-transitory program carrier or are controlled at data
Manage one or more modules in the computer program instructions of the operation of device.Alternatively, or in addition, program instruction can be with
It is coded on manually generated transmitting signal, such as electricity, light or electromagnetic signal that machine generates, the signal are generated will believe
Breath encodes and is transferred to suitable receiver apparatus to be executed by data processing equipment.Computer storage medium can be machine can
Read storage equipment, machine readable storage substrate, random or serial access memory equipment or one or more of which group
It closes.
Processing described in this specification and logic flow can by execute one of one or more computer programs or
Multiple programmable calculators execute, to execute corresponding function by the way that output is operated and generated according to input data.On
It states processing and logic flow can also be by dedicated logic circuit-such as FPGA (field programmable gate array) or ASIC (dedicated collection
At circuit) Lai Zhihang, and device also can be implemented as dedicated logic circuit.
The computer for being suitable for carrying out computer program includes, for example, general and/or special microprocessor or it is any its
The central processing unit of his type.In general, central processing unit will refer to from read-only memory and/or random access memory reception
Order and data.The basic module of computer includes central processing unit for being practiced or carried out instruction and for storing instruction
With one or more memory devices of data.In general, computer will also be including one or more great Rong for storing data
Amount storage equipment, such as disk, magneto-optic disk or CD etc. or computer will be coupled operationally with this mass-memory unit
To receive from it data or have both at the same time to its transmission data or two kinds of situations.However, computer is not required to have in this way
Equipment.In addition, computer can be embedded in another equipment, such as mobile phone, personal digital assistant (PDA), mobile sound
Frequency or video player, game console, global positioning system (GPS) receiver or such as universal serial bus (USB) flash memory
The portable memory apparatus of driver, names just a few.
It is suitable for storing computer program instructions and the computer-readable medium of data including the non-volatile of form of ownership
Memory, medium and memory devices, for example including semiconductor memory devices (such as EPROM, EEPROM and flash memory device),
Disk (such as internal hard drive or removable disk), magneto-optic disk and CD ROM and DVD-ROM disk.Processor and memory can be by special
It is supplemented or is incorporated in dedicated logic circuit with logic circuit.
Although this specification includes many specific implementation details, these are not necessarily to be construed as the model for limiting any invention
It encloses or range claimed, and is primarily used for describing the feature of the specific embodiment of specific invention.In this specification
Certain features described in multiple embodiments can also be combined implementation in a single embodiment.On the other hand, individually implementing
Various features described in example can also be performed separately in various embodiments or be implemented with any suitable sub-portfolio.This
Outside, although feature can work in certain combinations as described above and even initially so be claimed, institute is come from
One or more features in claimed combination can be removed from the combination in some cases, and claimed
Combination can be directed toward the modification of sub-portfolio or sub-portfolio.
Similarly, although depicting operation in the accompanying drawings with particular order, this is understood not to require these behaviour
Make the particular order shown in execute or sequentially carry out or require the operation of all illustrations to be performed, to realize desired knot
Fruit.In some cases, multitask and parallel processing may be advantageous.In addition, the various system modules in above-described embodiment
Separation with component is understood not to be required to such separation in all embodiments, and it is to be understood that described
Program assembly and system can be usually integrated in together in single software product, or be packaged into multiple software product.
The specific embodiment of theme has been described as a result,.Other embodiments are within the scope of the appended claims.In
In some cases, the movement recorded in claims can be executed in different order and still realize desired result.This
Outside, the processing described in attached drawing and it is nonessential shown in particular order or sequential order, to realize desired result.In certain realities
In existing, multitask and parallel processing be may be advantageous.
It above are only the preferred embodiment of the application above, not to limit the application, all essences in the application
Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the application protection.
Claims (20)
1. a kind of method for blocking flow when Network Security Device is restarted is applied to Network Security Device, which is characterized in that described
Network Security Device includes master control borad and power-off protective plate, the first non-volatile memory medium with master control borad communication connection
And power supply circuit;Wherein, first non-volatile memory medium stores the operating mode for indicating the power-off protective plate
Configuration information;The power supply circuit is used to power when the Network Security Device is restarted for the power-off protective plate;
The described method includes:
In response to being directed to the instruction of restarting of the Network Security Device, the master control borad reads first non-volatile memories and is situated between
The configuration information of matter storage;
Determine the operating mode of the configuration information instruction read;
If the operating mode of the configuration information instruction is abnormal blocking mode, the master control borad matches the power-off protective plate
PASS state is set to so that the flow that the Network Security Device blocks it to pass through when restarting enters next-hop device.
2. the method according to claim 1, wherein the Network Security Device further includes second non-volatile depositing
Storage media;It is had recorded in second non-volatile memory medium and indicates the operating mode of the Network Security Device before restarting
Configuration information;The method also includes:
When the Network Security Device restarts success, the master control borad in second non-volatile memory medium according to storing
The Network Security Device is reverted to the operating mode before restarting by the configuration information.
3. the method according to claim 1, wherein being directed to the instruction of restarting of the Network Security Device, comprising:
Instruction of restarting when instruction of restarting and the Network Security Device abnormal restarting when Network Security Device is normally restarted.
4. the method according to claim 1, wherein the method also includes:
The master control borad issues configuration information in response to the configuration-direct that receives, the first non-volatile memory medium of Xiang Suoshu.
5. the method according to claim 1, wherein the method also includes:
The master control borad reads the configuration information stored in first non-volatile memory medium;
Determine the operating mode of the configuration information instruction;
If the operating mode of the configuration information instruction is abnormal blocking mode, the master control borad configures the power supply circuit
To be power-off protective plate power supply when the Network Security Device is restarted.
6. the method according to claim 1, wherein the power supply circuit includes control circuit;The method is also
Include:
The control circuit reads the configuration information stored in first non-volatile memory medium;
Determine the operating mode of the configuration information instruction;
If the operating mode of the configuration information instruction is abnormal blocking mode, the power supply circuit is set in the network security
It powers for when restarting for the power-off protective plate.
7. the method according to claim 1, wherein the configuration information is configuration identifier;
The operating mode for the configuration information instruction that the determination is read, comprising:
If the configuration identifier is the first configuration identifier, the operating mode is abnormal blocking mode.
8. the method according to claim 1, wherein the Network Security Device is IPS equipment.
9. the method according to claim 1, wherein first non-volatile memory medium is EEPROM, institute
EEPROM is stated to be present on the power-off protective plate.
10. the method according to claim 1, wherein the power-off protective plate is light protection board.
11. a kind of Network Security Device for blocking flow when restarting, which is characterized in that the Network Security Device includes: master control
Plate and power-off protective plate, the first non-volatile memory medium and the power supply circuit communicated to connect with master control borad;Wherein, described
First non-volatile memory medium stores the configuration information for indicating the operating mode of the power-off protective plate;The power supply circuit
For being that the power-off protective plate is powered when the Network Security Device is restarted;
The master control borad reads first non-volatile memories in response to being directed to the instruction of restarting of the Network Security Device
The configuration information of media storage;
Determine the operating mode of the configuration information instruction read;
If the operating mode of the configuration information instruction is abnormal blocking mode, PASS shape is configured by the power-off protective plate
State enters next-hop device by the flow of the Network Security Device so that the Network Security Device is blocked when restarting.
12. equipment according to claim 11, which is characterized in that the Network Security Device further include: second is non-volatile
Property storage medium;It is had recorded in second non-volatile memory medium and indicates the work of the Network Security Device before restarting
The configuration information of mode;
The master control borad is stored according in second non-volatile memory medium when the Network Security Device restarts success
The configuration information Network Security Device is reverted to the operating mode before restarting.
13. equipment according to claim 11, which is characterized in that for the instruction of restarting of the Network Security Device, packet
It includes: restarting finger when instruction of restarting and the Network Security Device abnormal restarting when Network Security Device is normally restarted
It enables.
14. equipment according to claim 11 characterized by comprising
The master control borad, in response to the configuration-direct received, the first non-volatile memory medium of Xiang Suoshu issues configuration information.
15. equipment according to claim 11 characterized by comprising
The master control borad, plate read the configuration information stored in first non-volatile memory medium;
If the operating mode of the configuration information instruction is abnormal blocking mode, configure the power supply circuit in the net
It powers when network safety equipment is restarted for the power-off protective plate.
16. equipment according to claim 11 characterized by comprising
The power supply circuit includes control circuit;
The control circuit reads the configuration information stored in first non-volatile memory medium;
Determine the operating mode of the configuration information instruction;
If the operating mode of the configuration information instruction is abnormal blocking mode, the power supply circuit is set in the network security
It powers for when restarting for the power-off protective plate.
17. equipment according to claim 11, which is characterized in that the configuration information is configuration identifier;
The operating mode for the configuration information instruction that the determination is read, comprising:
If the configuration identifier is the first configuration identifier, the operating mode is abnormal blocking mode.
18. equipment according to claim 11, which is characterized in that the Network Security Device is IPS equipment.
19. equipment according to claim 11, which is characterized in that first non-volatile memory medium is EEPROM,
The EEPROM is present on the power-off protective plate.
20. equipment according to claim 11, which is characterized in that the power-off protective plate is light protection board.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910812686.7A CN110535860A (en) | 2019-08-30 | 2019-08-30 | The method and Network Security Device of flow are blocked when a kind of Network Security Device is restarted |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910812686.7A CN110535860A (en) | 2019-08-30 | 2019-08-30 | The method and Network Security Device of flow are blocked when a kind of Network Security Device is restarted |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110535860A true CN110535860A (en) | 2019-12-03 |
Family
ID=68665393
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910812686.7A Pending CN110535860A (en) | 2019-08-30 | 2019-08-30 | The method and Network Security Device of flow are blocked when a kind of Network Security Device is restarted |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110535860A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112350771A (en) * | 2020-11-27 | 2021-02-09 | 国家计算机网络与信息安全管理中心 | Main control board soft start processing method and device |
| CN112367209A (en) * | 2020-11-27 | 2021-02-12 | 国家计算机网络与信息安全管理中心 | Hard start processing method and device for main control board |
| CN115378805A (en) * | 2022-07-27 | 2022-11-22 | 杭州云豆豆智能科技有限公司 | Communication equipment and starting method and device thereof |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101183801A (en) * | 2007-12-07 | 2008-05-21 | 杭州华三通信技术有限公司 | Power-off protection method, system and device |
| CN101873217A (en) * | 2010-07-08 | 2010-10-27 | 杭州华三通信技术有限公司 | Ethernet power supply equipment restart control method and device thereof |
| CN102064967A (en) * | 2010-12-31 | 2011-05-18 | 成都市华为赛门铁克科技有限公司 | BYPASS realizing method, equipment and system |
| CN105099825A (en) * | 2015-08-17 | 2015-11-25 | 北京神州绿盟信息安全科技股份有限公司 | Security protection method and device for external Bypass |
| CN107395407A (en) * | 2017-07-13 | 2017-11-24 | 杭州迪普科技股份有限公司 | A kind of method and apparatus of power-off protection |
-
2019
- 2019-08-30 CN CN201910812686.7A patent/CN110535860A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101183801A (en) * | 2007-12-07 | 2008-05-21 | 杭州华三通信技术有限公司 | Power-off protection method, system and device |
| CN101873217A (en) * | 2010-07-08 | 2010-10-27 | 杭州华三通信技术有限公司 | Ethernet power supply equipment restart control method and device thereof |
| CN102064967A (en) * | 2010-12-31 | 2011-05-18 | 成都市华为赛门铁克科技有限公司 | BYPASS realizing method, equipment and system |
| CN105099825A (en) * | 2015-08-17 | 2015-11-25 | 北京神州绿盟信息安全科技股份有限公司 | Security protection method and device for external Bypass |
| CN107395407A (en) * | 2017-07-13 | 2017-11-24 | 杭州迪普科技股份有限公司 | A kind of method and apparatus of power-off protection |
Non-Patent Citations (1)
| Title |
|---|
| ROC7887: "国家电网公司信息网络安全等级保护设备IPS入侵防护系统解决方案建议书", 《百度文库》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112350771A (en) * | 2020-11-27 | 2021-02-09 | 国家计算机网络与信息安全管理中心 | Main control board soft start processing method and device |
| CN112367209A (en) * | 2020-11-27 | 2021-02-12 | 国家计算机网络与信息安全管理中心 | Hard start processing method and device for main control board |
| CN115378805A (en) * | 2022-07-27 | 2022-11-22 | 杭州云豆豆智能科技有限公司 | Communication equipment and starting method and device thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110535860A (en) | The method and Network Security Device of flow are blocked when a kind of Network Security Device is restarted | |
| US10438004B2 (en) | Dual-system electronic apparatus and terminal | |
| CN103425506B (en) | Closedown method and starting-up method and communication terminal | |
| US8645721B2 (en) | System for controlling apparatus driven by battery | |
| CN104205755B (en) | For postponing the method, apparatus and system of grouping during the wake-up of the network-triggered of computing device | |
| US20110154007A1 (en) | Low energy boot options for devices | |
| JP2013511787A (en) | Apparatus and method for USB connection in a multiprocessor device | |
| CN102111735A (en) | Remote management over wireless wide-area network using short message service | |
| CN107608705A (en) | A kind of wireless WIFI video equipments and its firmware upgrade method | |
| CN109697119A (en) | Terminal Memory recycle processing method and processing device | |
| CN111988409B (en) | Method and system for realizing cloud mobile phone mounted external storage starting | |
| CN101645780B (en) | Method and device for restoring allocation after power off and power on of power over Ethernet (POE) system | |
| CN106249898A (en) | Prompting method and device for insufficient storage space and mobile device | |
| CN102890635B (en) | The loading method and device of a kind of digital signal processor | |
| CN104699647A (en) | Method and system for operating a dual chipset network interface controller | |
| US20080276299A1 (en) | Wireless terminal apparatus and method of protecting system resources | |
| EP2618259B1 (en) | Data erasable method of memory in smart card and smart card thereof | |
| RU2530353C2 (en) | Integrated circuit chip, information processing device, program module control method, information processing system and method | |
| US11275424B2 (en) | Method for operating a device having a switchable power saving mode for reducing its power consumption | |
| US20200244782A1 (en) | Communication device, method of communication device, and non-transitory computer readable storage medium | |
| WO2017023262A1 (en) | Controlling power to ports | |
| WO2018191946A1 (en) | Method for operating a device having a switchable power saving mode for reducing its power consumption | |
| CN112416669B (en) | Power-down test method and device for security chip | |
| CN117278345B (en) | Energy saving method and device applied to network equipment | |
| CN110572870A (en) | Intelligent terminal and low-power self-protection method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191203 |
|
| RJ01 | Rejection of invention patent application after publication |