阅读说明：本技术 一种防火墙维护网络方法及其装置 (Method and device for maintaining network by firewall ) 是由 荆亮 于 2021-08-04 设计创作，主要内容包括：本申请提供的一种防火墙维护网络方法,包括：获取计算机的网络访问表,将所述网络访问表发送到云病毒中心；所述云病毒中心根据所述网络访问列表建立防火墙规则,根据所述防火墙规则编写防火墙的设置代码；接收病毒中心返回的所述防火墙规则、设置代码和更新后的病毒库,根据所述设置代码创建网络流量和数据接口的对应关系,以及分别为所述数据接口创建病毒过滤器；根据所述病毒库和防火墙规则,为所述病毒过滤器添加阻断控制规则,阻止病毒网络链接的进入。根据用户的使用习惯个性化的定制防火墙规则,并通过自动化的防火墙设置,增加防火墙设置的安全性。本申请还提供一种防火墙维护网络装置。(The application provides a firewall network maintenance method, which comprises the following steps: acquiring a network access table of a computer, and sending the network access table to a cloud virus center; the cloud virus center establishes a firewall rule according to the network access list, and writes a firewall setting code according to the firewall rule; receiving the firewall rules, the setting codes and the updated virus library returned by the virus center, creating a corresponding relation between network flow and a data interface according to the setting codes, and respectively creating virus filters for the data interface; and adding a blocking control rule for the virus filter according to the virus library and the firewall rule to prevent the entrance of virus network links. The firewall rules are customized according to the use habits of users in a personalized manner, and the safety of the firewall setting is improved through the automatic firewall setting. The application also provides a firewall maintenance network device.)

1. A method for maintaining a network by a firewall, comprising:

acquiring a network access table of a computer, and sending the network access table to a cloud virus center;

the cloud virus center establishes a firewall rule according to the network access list, and writes a firewall setting code according to the firewall rule;

receiving the firewall rules, the setting codes and the updated virus library returned by the virus center, creating a corresponding relation between network flow and a data interface according to the setting codes, and respectively creating virus filters for the data interface;

and adding a blocking control rule for the virus filter according to the virus library and the firewall rule to prevent the entrance of virus network links.

2. The firewall maintenance network method according to claim 1, wherein the firewall rules comprise:

and the cloud virus center detects the virus network link according to the virus library and a processing method for the virus network link.

3. The firewall maintenance network method of claim 2, wherein the firewall rules further comprise:

and the setting code creates the corresponding relation between the network flow and the data port according to the network link security index.

4. The method for maintaining the network through the firewall according to claim 3, wherein the method for obtaining the network link security index comprises:

the cloud virus center acquires the network access list to access one list in the network access list, and enters a website linked with the list according to the list;

detecting a download item in the website, and downloading downloadable content according to the download item;

sequentially detecting website authentication information and viruses in the downloaded content;

and determining the network link security index according to the attribute of the virus and the website authentication information.

5. The firewall maintenance network method according to claim 1, wherein the blocking control rule comprises: pass, limit, or delete.

6. A firewall maintenance network apparatus, comprising:

the sending module is used for acquiring a network access table of the computer and sending the network access table to the cloud virus center;

the cloud virus center is used for establishing a firewall rule according to the network access list and compiling a firewall setting code according to the firewall rule;

the setting module is used for receiving the firewall rules, the setting codes and the updated virus library returned by the virus center, creating the corresponding relation between the network flow and the data interface according to the setting codes, and respectively creating virus filters for the data interface;

and the blocking module is used for adding a blocking control rule to the virus filter according to the virus library and the firewall rule to prevent the entrance of a virus network link.

7. The firewall maintenance network device of claim 6, wherein the firewall rules comprise:

and the cloud virus center detects the virus network link according to the virus library and a processing method for the virus network link.

8. The firewall maintenance network device of claim 7, wherein the firewall rules further comprise:

and the setting code creates the corresponding relation between the network flow and the data port according to the network link security index.

9. The firewall maintenance network apparatus according to claim 8, wherein the cloud virus center comprises:

the access unit is used for acquiring the network access list to access one list in the network access list and entering a website linked with the list according to the list;

the downloading unit is used for detecting a downloading item in the website and downloading the downloadable content according to the downloading item;

the detection unit is used for sequentially detecting the website authentication information and the viruses in the downloaded content;

and the confirming unit is used for determining the network link security index according to the attribute of the virus and the website authentication information.

10. The firewall maintenance network device according to claim 1, wherein the blocking control rule comprises: pass, limit, or delete.

Technical Field

The present application provides a firewall technology, and in particular, provides a firewall network maintenance method and apparatus.

Background

Nowadays, network information technology is an indispensable infrastructure in social life and production activities, more and more key information needs to be transmitted through a network, once the network is attacked by a malicious network, a great loss will be generated, and various vulnerabilities in the network make information security become a key object of attention in various fields.

To protect networks from malicious attacks, network firewall applications are used. In the prior art, a network firewall performs virus defense by setting a data receiving authority, so that malicious codes cannot enter an intranet through interception of the firewall, and network data information of a user is protected. However, the firewall setting of the network is very professional and is not operated by the general public, so that the firewall setting of some users cannot effectively block the attack of viruses.

Content of application

The application provides a firewall network maintenance method which can solve the problem that a common user cannot effectively block virus attacks when setting a firewall. The application also provides a firewall maintenance network device.

The firewall network maintenance method provided by the application comprises the following steps:

acquiring a network access table of a computer, and sending the network access table to a cloud virus center;

the cloud virus center establishes a firewall rule according to the network access list, and writes a firewall setting code according to the firewall rule;

receiving the firewall rules, the setting codes and the updated virus library returned by the virus center, creating a corresponding relation between network flow and a data interface according to the setting codes, and respectively creating virus filters for the data interface;

and adding a blocking control rule for the virus filter according to the virus library and the firewall rule to prevent the entrance of virus network links.

Optionally, the firewall rules include:

and the cloud virus center detects the virus network link according to the virus library and a processing method for the virus network link.

Optionally, the firewall rule further includes:

and the setting code creates the corresponding relation between the network flow and the data port according to the network link security index.

Optionally, the method for obtaining the network link security index includes:

the cloud virus center acquires the network access list to access one list in the network access list, and enters a website linked with the list according to the list;

detecting a download item in the website, and downloading downloadable content according to the download item;

sequentially detecting website authentication information and viruses in the downloaded content;

and determining the network link security index according to the attribute of the virus and the website authentication information.

Optionally, the blocking control rule includes: pass, limit, or delete.

The present application further provides a firewall maintenance network device, including:

the sending module is used for acquiring a network access table of the computer and sending the network access table to the cloud virus center;

the cloud virus center is used for establishing a firewall rule according to the network access list and compiling a firewall setting code according to the firewall rule;

the setting module is used for receiving the firewall rules, the setting codes and the updated virus library returned by the virus center, creating the corresponding relation between the network flow and the data interface according to the setting codes, and respectively creating virus filters for the data interface;

and the blocking module is used for adding a blocking control rule to the virus filter according to the virus library and the firewall rule to prevent the entrance of a virus network link.

Optionally, the firewall rules include:

and the cloud virus center detects the virus network link according to the virus library and a processing method for the virus network link.

Optionally, the firewall rule further includes:

and the setting code creates the corresponding relation between the network flow and the data port according to the network link security index.

Optionally, the cloud virus center includes:

the access unit is used for acquiring the network access list to access one list in the network access list and entering a website linked with the list according to the list;

the downloading unit is used for detecting a downloading item in the website and downloading the downloadable content according to the downloading item;

the detection unit is used for sequentially detecting the website authentication information and the viruses in the downloaded content;

and the confirming unit is used for determining the network link security index according to the attribute of the virus and the website authentication information.

Optionally, the blocking control rule includes: pass, limit, or delete.

The application has the advantages relative to the prior art:

the application provides a firewall network maintenance method, which comprises the following steps: acquiring a network access table of a computer, and sending the network access table to a cloud virus center; the cloud virus center establishes a firewall rule according to the network access list, and writes a firewall setting code according to the firewall rule; receiving the firewall rules, the setting codes and the updated virus library returned by the virus center, creating a corresponding relation between network flow and a data interface according to the setting codes, and respectively creating virus filters for the data interface; and adding a blocking control rule for the virus filter according to the virus library and the firewall rule to prevent the entry of virus network links. Through the detection of the cloud virus center, the access liking of the user is obtained, the firewall setting is liked according to the access liking of the user, the firewall rules can be customized according to the use habit individuation of the user, the firewall setting is automatically carried out, the operation of setting the firewall by the user is avoided, and the safety of setting the firewall is improved.

Drawings

FIG. 1 is a flow chart of a firewall maintenance network according to the present application;

FIG. 2 is a flow chart of the security index acquisition of the present application;

fig. 3 is a schematic diagram of a firewall maintenance network apparatus according to the present application.

Detailed Description

In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application, but the present application may be implemented in many ways other than those described herein, and it will be apparent to those of ordinary skill in the art that the present application is not limited to the specific implementations disclosed below without departing from the spirit of the present application.

The application provides a firewall network maintenance method, which comprises the following steps: acquiring a network access table of a computer, and sending the network access table to a cloud virus center; the cloud virus center establishes a firewall rule according to the network access list, and writes a firewall setting code according to the firewall rule; receiving the firewall rules, the setting codes and the updated virus library returned by the virus center, creating a corresponding relation between network flow and a data interface according to the setting codes, and respectively creating virus filters for the data interface; and adding a blocking control rule for the virus filter according to the virus library and the firewall rule to prevent the entrance of virus network links. By detecting the cloud virus center, the habit of the user for accessing the network is obtained, and the firewall is automatically set according to the network access habit of the user, so that the harm of network virus intrusion can be automatically and effectively resisted.

Fig. 1 is a flow chart of a firewall maintenance network according to the present application.

Referring to fig. 1, a firewall network maintenance method according to the present application mainly includes: and detecting and automatically setting a firewall by the cloud virus center.

S101, acquiring a network access table of a computer, and sending the network access table to a cloud virus center;

the network access list is a list of websites that the user accesses within a period of time that is set by one skilled in the art according to a specific use case. For example, a user may use a computer for many years to obtain a network access list for the user within three years, but in some special cases, the user may obtain the entire network access list.

And sending the network access list to a cloud virus center, wherein the cloud virus center comprises a virus library collected in the whole network and viruses artificially updated in the virus library. In particular, one skilled in the art can use existing libraries of mature viruses.

The cloud virus center can be arranged in a cloud server and is linked with a user local area network or equipment through a private network.

The computer in the application can be a computer of a single user or a plurality of computers in a private local area network, if the computer is a computer in the private local area network, the whole private local area network can be regarded as one computer, and a service can be provided for one computer in the local area network.

S102, the cloud virus center establishes a firewall rule according to the network access list, and writes a firewall setting code according to the firewall rule;

and after receiving the sent network access lists, the cloud virus center sequentially accesses the websites in each network access list according to the network access lists, and detects the security of the websites. Specifically, the detecting the security of the website includes: and detecting authentication information of the website, and detecting safety information of the website, wherein the safety information comprises virus attributes.

And the cloud virus center detects each website and establishes a firewall rule according to the detection result of the website.

The firewall rules are determined by the cloud virus center according to the virus network links and the processing method of the virus network links. Before this step, the virus type of the virus network link needs to be detected.

As mentioned above, the cloud virus center of the present application includes a virus library, and detecting the virus type includes comparing the detected virus with viruses recorded in the virus library, and determining the virus type according to the classification of the virus type by the virus library.

After the type of virus is determined, the virus can be processed according to preset rules. The application requests that the virus is processed by blocking control rules, and the processing comprises the following steps: pass, limit, or delete operations. The preset rules are preset processing rules for different types of viruses.

After the firewall rules are obtained, the setting codes of the firewall can be created according to the firewall rules, the setting codes can enter the computer actively to set the firewall, but the setting needs the authority of a user administrator, so that before the technical scheme of the application is executed, the user needs to grant the authority of the administrator or super authority firstly.

S103, receiving the firewall rules, the setting codes and the updated virus library returned by the virus center, creating a corresponding relation between network flow and a data interface according to the setting codes, and creating virus filters for the data interface respectively;

in the above steps S101 and S102, after obtaining the user network access list, the cloud virus center obtains the preference of the user for network access through detection, and obtains the virus type that the user may encounter according to the detection of the network accessed by the user, where the judgment of the virus type that the user may encounter is implemented according to the network authentication information of the user accessing the network and the network virus detection of the user accessing the network.

And then, the cloud virus center sends the updated virus library, the setting code and the firewall rule to the user computer, and further sets the user computer.

The first step is to create the corresponding relation between the network flow and the data interface according to the setting code. In this application, the correspondence relationship only allows data transmission of a certain type of network traffic through a certain specific interface, and other data interfaces do not receive transmission requests of the network traffic.

To achieve the purpose, the application sets a network security index for the network traffic, the index can represent the danger degree of the network traffic, and then according to the network link security index, the setting code creates the corresponding relation between the network traffic and the data port and divides the traffic into specific data ports.

Fig. 2 is a flow chart of security index acquisition according to the present application.

As shown in fig. 2, the network security index shown in the present application is determined according to the network authentication information and the virus attribute.

S201, the cloud virus center acquires the network access list to access one list in the network access list, and enters a website linked with the list according to the list;

the network access list of the user comprises the network address of the website accessed by the user, and each website accessed by the user is accessed according to the address.

S202, detecting a download item in the website, and downloading downloadable content according to the download item;

after entering the website, all downloadable content in the website is detected, including downloadable options and automatically popped-up download links.

Further, the cloud virus center detects an advertisement link in the website, and performs the operation of step S202 in the advertisement link. And setting the number of network layers which can be accessed by the cloud virus center by setting a threshold, stopping further advertisement website access when the number of the accessed layers reaches the threshold, and quitting all websites.

S203, detecting website authentication information and viruses in the downloaded content in sequence;

in the above-mentioned network access list of the user, this step downloads the downloadable content in the website, and stores it in the isolated memory.

S204, determining the network link security index according to the attribute of the virus and the website authentication information.

And then, calculating a security index according to the authentication information of the website and the virus attribute in the downloaded content.

The network authentication information refers to website identity information authentication of a website performed by a third party authority, the cloud virus center is associated with authentication information of the third party authority, and the cloud virus center can be connected to a third party server through a private network or a public network to obtain the authentication information. According to the authority of the third party authentication, the authentication index of the authentication information is set, for example: the method comprises the steps of industrial and commercial authentication, setting the authentication index to be 10, performing association authentication, setting the authentication index to be 6, performing official authentication, setting the authentication index to be 4 and the like, wherein the method can be set by a person skilled in the art according to actual conditions.

The virus attribute refers to the risk degree of the virus-containing type in the website. In this application, the risk degree can be set by a person skilled in the art according to actual conditions, for example: if the virus is a virus which maliciously paralyzes the computer, setting the danger degree to be 10; if the virus steals the user account, the risk degree is set to 9; if the virus steals the user information, setting the danger degree to be 8; if the virus steals the user flow, setting the risk degree to be 7; and if the virus is a virus of malicious downloaded software, setting the risk degree to be 6 and the like.

The network security index has the following calculation formula:

BT＝(A*P+B*D)

wherein, A is the weight of the virus attribute in the network security index, P is the virus attribute, B is the weight of the authentication index in the network security index, and D is the authentication index.

In fact, there are multiple virus attributes in a single virus, so the above formula can be modified as:

where i is the sequence number of the virus attribute that each virus has, and n is the number of virus attributes.

And after the network security index is obtained, setting the corresponding relation between the network flow and the data interface according to the network security index.

In the application, network interfaces of a computer are grouped corresponding to the network security indexes respectively, wherein after the interfaces establish a corresponding relationship with network traffic, the network traffic can only be received through the interfaces.

After the corresponding relation between the network flow and the data interface is established, a virus filter is respectively established for each interface. The virus filter is a virus processor containing virus detection bytes, and can detect viruses according to the virus detection bytes and process the viruses.

S104, adding a blocking control rule for the virus filter according to the virus library and the firewall rule, and preventing the entrance of virus network links.

The virus library can provide virus detection bytes for the virus filter, and the firewall rules can provide virus processing rules for the virus filter, so that virus blocking control rules are detected according to the virus library and the firewall rules, and after a specific type of virus is detected, the virus is processed to prevent the invasion of virus network links.

Corresponding to the firewall network maintenance method, the application also provides a firewall network maintenance device, which includes: the system comprises a sending module 301, a cloud virus center 302, a setting module 303 and a blocking module 304.

Fig. 3 is a schematic diagram of a firewall maintenance network apparatus according to the present application.

Referring to fig. 3, a sending module 301 is configured to obtain a network access table of a computer, and send the network access table to a cloud virus center;

the network access list is a list of websites that the user accesses within a period of time that is set by one skilled in the art according to a specific use case. For example, a user may use a computer for many years to obtain a network access list for the user within three years, but in some special cases, the user may obtain the entire network access list.

And sending the network access list to a cloud virus center, wherein the cloud virus center comprises a virus library collected in the whole network and viruses artificially updated in the virus library. In particular, one skilled in the art can use existing libraries of mature viruses.

The cloud virus center can be arranged in a cloud server and is linked with a user local area network or equipment through a private network.

The computer in the application can be a computer of a single user or a plurality of computers in a private local area network, if the computer is a computer in the private local area network, the whole private local area network can be regarded as one computer, and a service can be provided for one computer in the local area network.

The cloud virus center 302 is used for establishing a firewall rule according to the network access list and compiling a firewall setting code according to the firewall rule;

and after receiving the sent network access lists, the cloud virus center sequentially accesses the websites in each network access list according to the network access lists, and detects the security of the websites. Specifically, the detecting the security of the website includes: and detecting authentication information of the website, and detecting safety information of the website, wherein the safety information comprises virus attributes.

And the cloud virus center detects each website and establishes a firewall rule according to the detection result of the website.

The firewall rules are determined by the cloud virus center according to the virus network links and the processing method of the virus network links. Before this step, the virus type of the virus network link needs to be detected.

As mentioned above, the cloud virus center of the present application includes a virus library, and detecting the virus type includes comparing the detected virus with viruses recorded in the virus library, and determining the virus type according to the classification of the virus type by the virus library.

After the type of virus is determined, the virus can be processed according to preset rules. The application requests that the virus is processed by blocking control rules, and the processing comprises the following steps: pass, limit, or delete operations. The preset rules are preset processing rules for different types of viruses.

After the firewall rules are obtained, the setting codes of the firewall can be created according to the firewall rules, the setting codes can enter the computer actively to set the firewall, but the setting needs the authority of a user administrator, so that before the technical scheme of the application is executed, the user needs to grant the authority of the administrator or super authority firstly.

A setting module 303, configured to receive the firewall rule, the setting code, and the updated virus library returned by the virus center, create a correspondence between a network flow and a data interface according to the setting code, and create a virus filter for the data interface respectively;

after obtaining the user network access list, the cloud virus center obtains the preference of the user to network access through detection, and obtains the virus types possibly encountered by the user according to the detection of the network accessed by the user, wherein the judgment of the virus types possibly suffered by the user is realized according to the network authentication information of the user access network and the network virus detection of the user access network.

And then, the cloud virus center sends the updated virus library, the setting code and the firewall rule to the user computer, and further sets the user computer.

The first step is to create the corresponding relation between the network flow and the data interface according to the setting code. In this application, the correspondence relationship only allows data transmission of a certain type of network traffic through a certain specific interface, and other data interfaces do not receive transmission requests of the network traffic.

To achieve the purpose, the application sets a network security index for the network traffic, the index can represent the danger degree of the network traffic, and then according to the network link security index, the setting code creates the corresponding relation between the network traffic and the data port and divides the traffic into specific data ports.

The network security index shown in the present application is determined according to the network authentication information and the virus attribute, and specifically, the cloud virus center shown in the present application further includes:

the access unit is used for acquiring the network access list to access one list in the network access list and entering a website linked with the list according to the list;

the network access list of the user comprises the network address of the website accessed by the user, and each website accessed by the user is accessed according to the address.

The downloading unit is used for detecting a downloading item in the website and downloading the downloadable content according to the downloading item;

after entering the website, all downloadable content in the website is detected, including downloadable options and automatically popped-up download links.

Further, the cloud virus center detects an advertisement link in the website, and performs the operation of step S202 in the advertisement link. And setting the number of network layers which can be accessed by the cloud virus center by setting a threshold, stopping further advertisement website access when the number of the accessed layers reaches the threshold, and quitting all websites.

The detection unit is used for sequentially detecting the website authentication information and the viruses in the downloaded content;

in the above-mentioned network access list of the user, this step downloads the downloadable content in the website, and stores it in the isolated memory.

And the confirming unit is used for determining the network link security index according to the attribute of the virus and the website authentication information.

And then, calculating a security index according to the authentication information of the website and the virus attribute in the downloaded content.

The network authentication information refers to website identity information authentication of a website performed by a third party authority, the cloud virus center is associated with authentication information of the third party authority, and the cloud virus center can be connected to a third party server through a private network or a public network to obtain the authentication information. According to the authority of the third party authentication, the authentication index of the authentication information is set, for example: the method comprises the steps of industrial and commercial authentication, setting the authentication index to be 10, performing association authentication, setting the authentication index to be 6, performing official authentication, setting the authentication index to be 4 and the like, wherein the method can be set by a person skilled in the art according to actual conditions.

The virus attribute refers to the risk degree of the virus-containing type in the website. In this application, the risk degree can be set by a person skilled in the art according to actual conditions, for example: if the virus is a virus which maliciously paralyzes the computer, setting the danger degree to be 10; if the virus steals the user account, the risk degree is set to 9; if the virus steals the user information, setting the danger degree to be 8; if the virus steals the user flow, setting the risk degree to be 7; and if the virus is a virus of malicious downloaded software, setting the risk degree to be 6 and the like.

The network security index has the following calculation formula:

BT＝(A*P+B*D)

wherein, A is the weight of the virus attribute in the network security index, P is the virus attribute, B is the weight of the authentication index in the network security index, and D is the authentication index.

In fact, there are multiple virus attributes in a single virus, so the above formula can be modified as:

where i is the sequence number of the virus attribute that each virus has, and n is the number of virus attributes.

And after the network security index is obtained, setting the corresponding relation between the network flow and the data interface according to the network security index.

In the application, network interfaces of a computer are grouped corresponding to the network security indexes respectively, wherein after the interfaces establish a corresponding relationship with network traffic, the network traffic can only be received through the interfaces.

After the corresponding relation between the network flow and the data interface is established, a virus filter is respectively established for each interface. The virus filter is a virus processor containing virus detection bytes, and can detect viruses according to the virus detection bytes and process the viruses.

And the blocking module 104 is configured to add a blocking control rule to the virus filter according to the virus library and the firewall rule, and prevent a virus network link from entering.

The virus library can provide virus detection bytes for the virus filter, and the firewall rules can provide virus processing rules for the virus filter, so that virus blocking control rules are detected according to the virus library and the firewall rules, and after a specific type of virus is detected, the virus is processed to prevent the invasion of virus network links.