[go: up one dir, main page]

CN1630245B - Method of network system virus prevention, network system - Google Patents

Method of network system virus prevention, network system Download PDF

Info

Publication number
CN1630245B
CN1630245B CN 200310120487 CN200310120487A CN1630245B CN 1630245 B CN1630245 B CN 1630245B CN 200310120487 CN200310120487 CN 200310120487 CN 200310120487 A CN200310120487 A CN 200310120487A CN 1630245 B CN1630245 B CN 1630245B
Authority
CN
China
Prior art keywords
mentioned
isolation
network system
vulnerable
computer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CN 200310120487
Other languages
Chinese (zh)
Other versions
CN1630245A (en
Inventor
张伟钦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
TREND CO Ltd
Original Assignee
TREND CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by TREND CO Ltd filed Critical TREND CO Ltd
Priority to CN 200310120487 priority Critical patent/CN1630245B/en
Publication of CN1630245A publication Critical patent/CN1630245A/en
Application granted granted Critical
Publication of CN1630245B publication Critical patent/CN1630245B/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

一种以隔离方式实现网络防毒的方法,其适用于一网络系统中。此网络系统具有隔离管理模块并连结多个计算机装置。首先,隔离管理模块会找出连结于此网络系统中所有计算机装置中的弱点装置,弱点装置是具有安全弱点的计算机装置。然后,隔离管理模块便隔离所找出的弱点装置。其后,当安全弱点排除时,隔离管理模块会解除弱点装置的隔离状态,进入正常的运作状态。

Figure 200310120487

A method for implementing network antivirus in an isolated manner is applicable to a network system. The network system has an isolated management module and connects multiple computer devices. First, the isolation management module will find out the weak devices among all the computer devices connected to the network system, and the weak devices are computer devices with security weaknesses. Then, the isolation management module isolates the found vulnerable devices. Afterwards, when the security weakness is eliminated, the isolation management module will release the isolation state of the weak device and enter the normal operation state.

Figure 200310120487

Description

网络系统防毒的方法及其网络系统Antivirus method for network system and its network system

技术领域technical field

本发明涉及一种网络系统防毒的方法,特别涉及一种以隔离方式实现网络系统防毒的方法。The invention relates to a network system antivirus method, in particular to a network system antivirus method in an isolated manner.

技术背景technical background

由于计算机与网络技术的不断进步,网络系统(network system)已成为一企业或一组织的信息基础设备(Information Infrastructure)。对内而言,内部网络(Intranet)可作为沟通联系的工具,逐步取代传统的书面作业。对外而言,通过因特网(Internet)可由外界搜集信息或进行互动(interaction)等。换言之,无论目前或可预见的未来,企业或组织对于网络系统的使用率及仰赖度必然与日俱增。Due to the continuous advancement of computer and network technology, the network system has become the information infrastructure of an enterprise or an organization. Internally, the internal network (Intranet) can be used as a communication tool to gradually replace traditional written work. Externally, through the Internet (Internet), information can be collected or interacted with by the outside world. In other words, no matter at present or in the foreseeable future, the usage rate and dependence of enterprises or organizations on network systems will inevitably increase day by day.

网络系统使用普及化与网络系统使用者复杂化会增加连结于此网络系统的计算机装置被计算机病毒(computer virus)或恶性程序(malicious code)感染的机率,其中有些恶性程序会在网络系统使用者没有查觉的情形,侵入使用者所使用的计算机装置中,再进而感染连结于此网络系统中其它使用者的计算机装置。举例而言,某些恶性程序会利用程序或系统的安全弱点(security hole)进而侵入使用者的计算机装置中。安全弱点是指内建(built-in)或安装(install)于网络系统或计算机装置的程序所具有的感染漏洞,如微软网络信息服务(Microsoft Internet Information Services,IIS)或数据库管理工具如SQL Server等,在某些特殊条件下会丧失控制权而导致恶性程序侵入。The popularization of network system usage and the complexity of network system users will increase the chances of computer devices connected to the network system being infected by computer viruses or malicious codes, some of which will be transmitted to network system users Without detection, it invades the computer device used by the user, and then infects the computer devices of other users connected to the network system. For example, some malicious programs may utilize security holes of programs or systems to intrude into users' computer devices. Security vulnerabilities refer to the infection vulnerabilities of programs built-in or installed on network systems or computer devices, such as Microsoft Internet Information Services (IIS) or database management tools such as SQL Server etc., under some special conditions, control rights will be lost, resulting in malicious program intrusion.

前述问题传统上是以安装修正程序(patch)来解决。然而,以安装修正程序来解决计算机装置被计算机病毒或恶性程序由安全弱点侵入的问题具有若干缺点。其一,当网络系统的安全弱点数量过多时,一一安装修正程序不仅耗时费力,同时容易产生遗漏,不易达到完全防止的目的。其二,修正程序本身是属于程序升级(upgrade)的一种形式,贸然安装于使用者的计算机装置常会产生软件兼容性(compatibility)的问题,减低使用者安装修正程序的意愿。其三,各式计算机病毒与恶性程序的生命周期(cyclet ime)愈来愈短,修正程序的更新速度往往跟不上计算机病毒或恶性程序发展的速度。也就是说,修改程序的更新版本尚未发展成熟时,计算机病毒或恶性程序已经产生新的版本或变形,因此修正程序往往无法彻底解决问题。The aforementioned problems are traditionally solved by installing a patch. However, installing a patch program to solve the problem of a computer device being invaded by a computer virus or a malicious program through a security vulnerability has several disadvantages. First, when there are too many security vulnerabilities in the network system, installing correction programs one by one is not only time-consuming and laborious, but also prone to omissions, making it difficult to achieve the goal of complete prevention. Second, the correction program itself is a form of program upgrade, and hastily installed on the user's computer device will often cause software compatibility problems, reducing the user's willingness to install the correction program. Third, the life cycle (cycle time) of various computer viruses and malicious programs is getting shorter and shorter, and the update speed of corrected programs often cannot keep up with the speed of development of computer viruses or malicious programs. That is to say, when the updated version of the modified program has not yet matured, a new version or deformation of the computer virus or malicious program has already been produced, so the modified program often cannot completely solve the problem.

然而,现行的网络系统防毒方法,并不能彻底解决网络系统受到计算机病毒或恶性程序由安全弱点侵入的问题。However, the current anti-virus methods for network systems cannot completely solve the problem that the network system is invaded by computer viruses or malicious programs through security weaknesses.

发明内容Contents of the invention

有鉴于此,本发明的目的就在于利用网络系统中具有隔离(segmentation)功能的计算机装置,如集线器(switch)或路由器(router)等,将连结于此网络系统中,可能被计算机病毒或恶性程序侵入的计算机装置加以隔离。当前述可能被计算机病毒或恶性程序侵入的计算机装置,已经排除被侵入的危机时,再解除隔离状态进行正常的运作。In view of this, the purpose of the present invention is just to utilize the computer device that has isolation (segmentation) function in the network system, as hub (switch) or router (router) etc., will link in this network system, may be infected by computer virus or malicious The computer device that the program invades is isolated. When the aforementioned computer devices that may be invaded by computer viruses or malicious programs have ruled out the crisis of being invaded, the isolated state will be released for normal operation.

为达成上述目的,本发明提供一种以隔离方式实现网络防毒的方法,其适用于一网络系统,此网络系统连结多个计算机装置并具有隔离管理模块。In order to achieve the above object, the present invention provides a method for implementing network antivirus in an isolated manner, which is suitable for a network system that connects multiple computer devices and has an isolation management module.

首先,隔离管理模块参考弱点装置列表,以找出计算机装置中的弱点装置。弱点装置列表包括弱点装置以及每一弱点装置所具有的安全弱点,弱点装置列表可以储存于数据库(database)中或者以其它方式呈现。安全弱点是指弱点装置中已经被恶性程序侵入的部份或可能被恶性程序侵入的部份。例如,微软网络信息服务在缓存器(buffer)溢满(overflow)的情形下会瞬间丧失控制权,而使得恶性程序有机可乘,将恶性程序代码送入计算机装置,并伺机通过网络系统感染其它计算机装置。First, the isolation management module refers to the vulnerable device list to find out the vulnerable devices in the computer device. The vulnerable device list includes vulnerable devices and security vulnerabilities of each vulnerable device, and the vulnerable device list can be stored in a database or presented in other ways. A security weakness refers to a part of a vulnerable device that has been invaded by a malicious program or a part that may be invaded by a malicious program. For example, when the buffer of Microsoft's network information service is overflowed, the control right will be lost instantly, so that the malicious program can take advantage of it, send the malicious program code into the computer device, and wait for the opportunity to infect other computers through the network system. computer device.

然后,隔离管理模块根据上述弱点装置列表,隔离所找出的弱点装置。隔离管理模块可以置于连结于此网络系统的一计算机装置中,也可以建置为连结于此网络系统的一独立的计算机装置。例如,隔离管理模块可以是一个由计算机可执行的程序代码所写成的程序模块,置于连结于此网络系统的一计算机装置中,利用集线器或路由器来进行隔离计算机装置的功能。或者隔离管理模块可以建置为个人计算机(personal computer)加上网络卡来进行隔离计算机装置的功能。Then, the quarantine management module isolates the found vulnerable device according to the above vulnerable device list. The isolation management module can be placed in a computer device connected to the network system, or can be built as an independent computer device connected to the network system. For example, the isolation management module can be a program module written by computer-executable program codes, placed in a computer device connected to the network system, and utilizes a hub or a router to perform the function of isolating the computer device. Or the isolation management module can be built as a personal computer (personal computer) plus a network card to perform the function of isolating the computer device.

其后,当排除安全弱点时,隔离管理模块根据会弱点装置列表,解除弱点装置的隔离。排除安全弱点可以安装修正程序或病毒清除程序来达成。值得注意的是,隔离管理模块可能只隔离弱点装置中具有安全弱点的部份,假设根据弱点装置列表,计算机装置甲为一弱点装置且连接端口一(port 1)为其安全弱点,则隔离管理模块可以只隔离计算机装置甲中连接端口一的功能,而保持其它部份正常运作。当安装可排除此安全弱点的修正程序或病毒清除程序后,隔离管理模块再解除计算机装置甲中连接端口一的隔离,恢复正常的运作状态。如此一来,隔离对计算机装置的影响可控制至最小范围,增加使用者的配合度。Afterwards, when the security weakness is eliminated, the isolation management module releases the isolation of the vulnerable device according to the vulnerable device list. Elimination of security vulnerabilities can be achieved by installing fixes or virus removal programs. It is worth noting that the isolation management module may only isolate the part with security weaknesses in the vulnerable device. Assuming that according to the list of vulnerable devices, computer device A is a vulnerable device and the connection port 1 (port 1) is its security vulnerability, then the isolation management The module can only isolate the function of the connection port 1 in the computer device A, while keeping other parts in normal operation. After installing the correction program or the virus removal program that can eliminate the security weakness, the isolation management module releases the isolation of the connection port 1 in the computer device A, and restores the normal operation state. In this way, the impact of the isolation on the computer device can be controlled to a minimum range, increasing the user's cooperation.

由上可知,本发明所提出的方法于实作上具有相当大的弹性,可以针对具有安全弱点的计算机装置进行隔离,甚至只隔离安全弱点的部份。而且,本发明所提出的方法是在病毒入侵前即先行预防,相较于现行网络防毒方法皆在查觉网络系统被计算机病毒或恶性程序入侵后,才以修正程序进行补救,本发明可达到彻底防止的效果。再者,利用隔离管理模块配合现有网络系统中具有隔离功能的计算机装置,如集线器或路由器等,达到网络系统防毒的目的,无需增加网络系统过多的负担。It can be seen from the above that the method proposed by the present invention has considerable flexibility in implementation, and can isolate computer devices with security weaknesses, or even isolate only the parts with security weaknesses. Moreover, the method proposed by the present invention is to prevent viruses before they invade. Compared with the current network anti-virus methods, which all detect that the network system has been invaded by computer viruses or malicious programs, they only use correction programs to remedy the situation. The present invention can achieve completely prevent the effect. Furthermore, the use of the isolation management module to cooperate with computer devices with isolation functions in the existing network system, such as hubs or routers, achieves the purpose of anti-virus in the network system without increasing the burden on the network system.

此外,本发明提出一种储存媒体,用以储存一计算机程序,上述计算机程序用以加载至一计算机系统中并且使得上述计算机系统执行如前所述的方法步骤。In addition, the present invention proposes a storage medium for storing a computer program, the computer program is used for loading into a computer system and causing the computer system to execute the above-mentioned method steps.

再者,本发明提出一种以隔离方式实现网络系统防毒的装置,其适用于一网络系统,此网络系统连结多个计算机装置,包括一隔离管理模块。如前所述,隔离管理模块可置于连结于此网络系统的一计算机装置中,或者建置为连结于此网络系统的一独立的计算机装置。Furthermore, the present invention proposes a device for implementing network system antivirus in an isolated manner, which is suitable for a network system that connects multiple computer devices, and includes an isolation management module. As mentioned above, the isolation management module can be placed in a computer device connected to the network system, or built as an independent computer device connected to the network system.

隔离管理模块用以参考弱点装置列表,找出计算机装置中的弱点装置,并根据弱点装置列表隔离弱点装置。弱点装置列表包括弱点装置以及每一弱点装置所具有的安全弱点,弱点装置列表可储存于一数据库中,或者以其它可被隔离管理模块读取的型态存在。安全弱点是弱点装置中已经被恶性程序侵入或可能被恶性程序侵入的部份。The isolation management module is used for referring to the vulnerable device list, finding out the vulnerable device in the computer device, and isolating the vulnerable device according to the vulnerable device list. The vulnerable device list includes vulnerable devices and the security vulnerabilities of each vulnerable device. The vulnerable device list can be stored in a database, or exist in other forms that can be read by the isolation management module. A security vulnerability is a part of a vulnerable device that has been intruded by a malicious program or may be intruded by a malicious program.

当排除安全弱点时,隔离管理模块会根据弱点装置列表,解除弱点装置的隔离。排除安全弱点可以安装修正程序或病毒清除程序来达成。同样地,隔离管理模块可能只隔离弱点装置中具有安全弱点的部份,当隔离管理模块只隔离弱点装置中具有安全弱点的部份功能,则解除隔离是指恢复弱点装置中具有安全弱点的部份功能。When the security weakness is excluded, the isolation management module will release the isolation of the weak device according to the weak device list. Elimination of security vulnerabilities can be achieved by installing fixes or virus removal programs. Similarly, the isolation management module may only isolate the part with security weaknesses in the vulnerable device. copies function.

又再者,本发明提出一种以隔离方式实现网络防毒的系统,包括一网络系统以及一隔离管理模块。此网络系统包括多个计算机装置。隔离管理模块可置于连结此网络系统的一计算机装置中,或是连结于此网络系统的一独立的计算机装置。Furthermore, the present invention proposes a system for implementing network antivirus in an isolated manner, including a network system and an isolated management module. The network system includes a plurality of computer devices. The isolation management module can be placed in a computer device connected to the network system, or an independent computer device connected to the network system.

隔离管理模块用以参考弱点装置列表,找出计算机装置中的弱点装置,并根据弱点装置列表隔离所找出的弱点装置。弱点装置列表包括弱点装置以及每一弱点装置所具有的安全弱点,弱点装置列表可储存于一数据库中或以其它隔离管理模块可读取的型态存在。安全弱点是指弱点装置中已经被恶性程序侵入或者可能被恶性程序侵入的部份。The isolation management module is used for referring to the vulnerable device list, finding out the vulnerable devices in the computer device, and isolating the found vulnerable devices according to the vulnerable device list. The vulnerable device list includes vulnerable devices and the security vulnerabilities of each vulnerable device. The vulnerable device list can be stored in a database or exist in a form that can be read by other isolation management modules. A security vulnerability refers to a part of a vulnerable device that has been invaded by a malicious program or may be invaded by a malicious program.

当排除安全弱点时,隔离管理模块会根据弱点装置列表,解除弱点装置的隔离。排除安全弱点是指安装修正程序或病毒清除程序。同样地,隔离管理模块可以只隔离弱点装置中具有安全弱点的部份功能。因此,解除隔离可能指恢复弱点装置中具有安全弱点的部份功能。When the security weakness is excluded, the isolation management module will release the isolation of the weak device according to the weak device list. Troubleshooting a security vulnerability means installing a fix or virus cleaner. Likewise, the isolation management module can only isolate some functions of the vulnerable device with security vulnerabilities. Therefore, de-quarantine may refer to restoring some functions of the vulnerable device with security vulnerabilities.

附图说明Description of drawings

图1是显示本发明所揭示的方法的执行流程图。FIG. 1 is a flowchart showing the implementation of the method disclosed in the present invention.

图2是显示本发明所揭示的储存媒体的示意图。FIG. 2 is a schematic diagram showing a storage medium disclosed in the present invention.

图3是显示本发明所揭示的装置的功能方块图。FIG. 3 is a functional block diagram showing the device disclosed in the present invention.

图4是显示本发明所揭示的网络系统的示意图。FIG. 4 is a schematic diagram showing the network system disclosed in the present invention.

附图符号说明Description of reference symbols

20-储存媒体;22-以隔离方式实现网络系统防毒的计算机程序;220-找出弱点装置的程序逻辑;222-隔离弱点装置的程序逻辑;30-数据库;32-弱点装置列表;34-隔离管理模块;36-计算机装置;40-网络系统;42-集线器;44-路由器;46、48-计算机装置;50-隔离管理模块。20-storage medium; 22-computer program to realize network system anti-virus by means of isolation; 220-find out the program logic of weak device; 222-isolate the program logic of weak device; 30-database; 32-list of vulnerable devices; 34-isolate Management module; 36-computer device; 40-network system; 42-hub; 44-router; 46, 48-computer device; 50-isolation management module.

具体实施方式Detailed ways

请参照图1,图1是显示本发明所揭示的方法的执行流程图。一种以隔离方式实现网络系统防毒的方法,其适用于一网络系统,此网络系统连结多个计算机装置并具有隔离管理模块。Please refer to FIG. 1 . FIG. 1 is a flowchart showing the implementation of the method disclosed in the present invention. A method for realizing network system antivirus in an isolated manner is applicable to a network system which connects multiple computer devices and has an isolation management module.

首先,隔离管理模块参考弱点装置列表(步骤S10),以找出计算机装置中的弱点装置(步骤S12)。弱点装置列表包括弱点装置以及每一弱点装置所具有的安全弱点,弱点装置列表可以储存于数据库中或者以其它隔离管理模块可读取的型态呈现,如文件(file)、表格(table)、列表(list)等等。安全弱点是指弱点装置中已经被恶性程序侵入的部份或可能被恶性程序侵入的部份。First, the quarantine management module refers to the vulnerable device list (step S10 ) to find out the vulnerable devices in the computer device (step S12 ). The list of vulnerable devices includes vulnerable devices and the security vulnerabilities of each vulnerable device. The list of vulnerable devices can be stored in a database or presented in a form that can be read by other isolation management modules, such as files (files), tables (tables), List (list) and so on. A security weakness refers to a part of a vulnerable device that has been invaded by a malicious program or a part that may be invaded by a malicious program.

然后,隔离管理模块根据上述弱点装置列表,隔离所找出的弱点装置(步骤S14)。隔离管理模块可以定时检测的方式,在间隔某一时段后定时检测网络系统中所有的计算机装置,如每三小时一次。隔离管理模块也可以利用计算机装置与网络系统进行连结时,对欲进行连结的计算机装置进行检测,然后在必要时进行隔离。Then, the isolation management module isolates the found vulnerable device according to the above vulnerable device list (step S14). The isolation management module can regularly detect all computer devices in the network system after a certain period of time, such as once every three hours. The isolation management module can also use the computer device to connect to the network system to detect the computer device to be connected, and then isolate it when necessary.

其后,当排除安全弱点时,隔离管理模块根据会弱点装置列表,解除弱点装置的隔离(步骤S16)。排除安全弱点可以安装修正程序或病毒清除程序来达成。在步骤S14中,当隔离管理模块隔离的是计算机装置中具有安全弱点的部份功能时,如连接端口等,则在步骤S16中,解除弱点装置的隔离即为恢复计算机装置中具有安全弱点的部份功能。Afterwards, when the security weakness is eliminated, the isolation management module releases the isolation of the vulnerable device according to the vulnerable device list (step S16). Elimination of security vulnerabilities can be achieved by installing fixes or virus removal programs. In step S14, when what the isolation management module isolates is some functions with security weaknesses in the computer device, such as connection ports, etc., then in step S16, releasing the isolation of the vulnerable device is to restore the functions with security weaknesses in the computer device. partial function.

请参照图2,图2是显示本发明所揭示的储存媒体的示意图。如图所示,一种储存媒体20,用以储存一计算机程序22,计算机程序22用以加载至一计算机系统中并且使得上述计算机系统执行如前所述的方法步骤。计算机程序22主要包括找出弱点装置的程序逻辑220以及隔离弱点装置的程序逻辑220。Please refer to FIG. 2 . FIG. 2 is a schematic diagram showing a storage medium disclosed by the present invention. As shown in the figure, a storage medium 20 is used for storing a computer program 22, and the computer program 22 is used for loading into a computer system and causing the above-mentioned computer system to execute the above-mentioned method steps. The computer program 22 mainly includes a program logic 220 for finding vulnerable devices and a program logic 220 for isolating vulnerable devices.

请参照图3,图3是显示本发明所揭示的装置的功能方块图。如图所示,一种以隔离方式实现网络系统防毒的装置,其适用于一网络系统,此网络系统连结多个计算机装置36,包括一隔离管理模块34。隔离管理模块34可置于连结于此网络系统的计算机装置36中,或者建置为连结于此网络系统的一独立的计算机装置36。Please refer to FIG. 3 . FIG. 3 is a functional block diagram showing the device disclosed in the present invention. As shown in the figure, an antivirus device for a network system is implemented in an isolated manner, which is suitable for a network system that connects multiple computer devices 36 and includes an isolation management module 34 . The isolation management module 34 can be placed in the computer device 36 connected to the network system, or built as an independent computer device 36 connected to the network system.

隔离管理模块34用以参考弱点装置列表32,找出计算机装置36中的弱点装置,并根据弱点装置列表32隔离弱点装置。弱点装置列表32包括弱点装置以及每一弱点装置所具有的安全弱点,弱点装置列表可储存于一数据库30中。安全弱点可能是弱点装置中已经被恶性程序侵入或可能被恶性程序侵入的部份。The isolation management module 34 is used for referring to the vulnerable device list 32 , finding out the vulnerable devices in the computer device 36 , and isolating the vulnerable devices according to the vulnerable device list 32 . The vulnerable device list 32 includes vulnerable devices and security vulnerabilities of each vulnerable device, and the vulnerable device list can be stored in a database 30 . A security vulnerability may be a portion of a vulnerable device that has been intruded or may be intruded by a malicious program.

当排除安全弱点时,隔离管理模块34会根据弱点装置列表32,解除弱点装置的隔离。排除安全弱点可以安装修正程序或病毒清除程序来达成。同样地,隔离管理模块34可能只隔离弱点装置中具有安全弱点的部份功能。因此,解除隔离是指恢复弱点装置中具有安全弱点的部份功能。When the security weakness is eliminated, the quarantine management module 34 will release the quarantine of the vulnerable device according to the vulnerable device list 32 . Elimination of security vulnerabilities can be achieved by installing fixes or virus removal programs. Likewise, the isolation management module 34 may only isolate some functions with security vulnerabilities in the vulnerable device. Therefore, de-isolation refers to restoring some functions of the vulnerable device with security weaknesses.

请参照图4,图4是显示本发明所揭示的网络系统的示意图。如图所示,一种以隔离方式实现网络系统防毒的网络系统,包括一网络系统40以及一隔离管理模块50。此网络系统40包括多个计算机装置42、44、46、48。隔离管理模块50可置于连结此网络系统的计算机装置中,如计算机装置46、48,或是建置为连结于此网络系统的一独立计算机装置,如计算机装置50。隔离管理模块50,用以参考弱点装置列表,找出计算机装置中的弱点装置,并根据弱点装置列表隔离所找出的弱点装置。弱点装置列表包括弱点装置以及每一弱点装置所具有的安全弱点,弱点装置列表可储存于一数据库中。安全弱点是指弱点装置中已经被恶性程序侵入或者可能被恶性程序侵入的部份。Please refer to FIG. 4 , which is a schematic diagram showing a network system disclosed by the present invention. As shown in the figure, a network system for implementing network system antivirus in an isolated manner includes a network system 40 and an isolated management module 50 . The network system 40 includes a plurality of computer devices 42 , 44 , 46 , 48 . The isolation management module 50 can be placed in a computer device connected to the network system, such as the computer devices 46 and 48 , or built as an independent computer device connected to the network system, such as the computer device 50 . The isolation management module 50 is used for referring to the list of vulnerable devices, finding out the vulnerable devices in the computer device, and isolating the found vulnerable devices according to the list of vulnerable devices. The vulnerable device list includes vulnerable devices and security vulnerabilities of each vulnerable device, and the vulnerable device list can be stored in a database. A security vulnerability refers to a part of a vulnerable device that has been invaded by a malicious program or may be invaded by a malicious program.

当排除安全弱点时,隔离管理模块50会根据弱点装置列表,解除弱点装置的隔离。排除安全弱点是指安装修正程序或病毒清除程序。When the security weakness is eliminated, the quarantine management module 50 will release the quarantine of the vulnerable device according to the list of vulnerable devices. Troubleshooting a security vulnerability means installing a fix or virus cleaner.

举例而言,请再参照图4。假设计算机装置48为具有安全弱点的计算机装置,即弱点装置。隔离管理模块建置为一独立的计算机装置,即计算机装置50。For example, please refer to FIG. 4 again. It is assumed that the computer device 48 is a computer device having a security vulnerability, ie a vulnerable device. The isolation management module is built as an independent computer device, namely the computer device 50 .

首先,隔离管理模块50会参考弱点装置列表,找出计算机装置中的弱点装置48。然后,隔离管理模块50根据弱点装置列表,隔离所找出的弱点装置48。隔离功能是利用网络系统中所现有的集线器42或路由器44来达成。First, the quarantine management module 50 will refer to the vulnerable device list to find out the vulnerable device 48 in the computer device. Then, the isolation management module 50 isolates the found vulnerable device 48 according to the vulnerable device list. The isolation function is achieved by utilizing existing hubs 42 or routers 44 in the network system.

其后,当排除安全弱点时,隔离管理模块50根据会弱点装置列表,解除弱点装置48的隔离。排除安全弱点可以安装修正程序或病毒清除程序来达成。弱点装置48便可恢复正常功能运作。Afterwards, when the security weakness is eliminated, the quarantine management module 50 releases the quarantine of the vulnerable device 48 according to the vulnerable device list. Elimination of security vulnerabilities can be achieved by installing fixes or virus removal programs. The vulnerable device 48 can resume normal functioning.

综言之,本发明利用隔离管理模块,配合网络系统中具有隔离功能的计算机装置,对可能被计算机病毒或恶性程序侵入的计算机装置进行隔离。而此隔离管理模块可建置于网络系统的任一计算机装置中或者以一独立的计算机装置实现,无需增加网络系统额外的负担,达到本发明所欲达到的目的。特别地,本发明应用于网络系统所连结的计算机装置数量众多,安全弱点不易完全预测的情况下,具有特出的成效。To sum up, the present invention uses the isolation management module to cooperate with computer devices with isolation function in the network system to isolate computer devices that may be invaded by computer viruses or malicious programs. The isolation management module can be built in any computer device in the network system or implemented as an independent computer device, without adding additional burden to the network system, and achieves the purpose of the present invention. In particular, the present invention is particularly effective when the number of computer devices connected to the network system is large and the security weaknesses are difficult to predict completely.

虽然本发明已以较佳实施例揭露如上,然其并非用以限定本发明,任何熟习此技艺者,在不脱离本发明的精神和范围内,当可作些许的更动与润饰,因此本发明的保护范围当视后附的申请专利范围所界定者为准。Although the present invention has been disclosed above with preferred embodiments, it is not intended to limit the present invention. Anyone skilled in the art can make some changes and modifications without departing from the spirit and scope of the present invention. Therefore, this The scope of protection of the invention shall be defined by the scope of the appended patent application.

Claims (7)

1. realize the method for the network virus prevention with isolation method for one kind, it is applicable to a network system, and above-mentioned network system links at least one computer installation and has one isolates administration module, comprises the following steps:
At least one weakness device in above-mentioned at least one computer installation is found out in the tabulation of above-mentioned isolation management module references one weakness device, the tabulation of above-mentioned weakness device comprises that at least one security vulnerabilities that above-mentioned at least one weakness device and each above-mentioned at least one weakness device are had, wherein above-mentioned at least one security vulnerabilities are meant in above-mentioned at least one weakness device the part that may be invaded by malignant program; And
Above-mentioned isolation administration module is tabulated according to above-mentioned weakness device, to isolate above-mentioned at least one weakness device.
2. the method that realizes the network virus prevention with isolation method as claimed in claim 1, wherein, the step of the above-mentioned at least one weakness device of above-mentioned isolation still comprises when getting rid of above-mentioned at least one security vulnerabilities, above-mentioned isolation administration module is tabulated according to above-mentioned weakness device, removes the isolation of above-mentioned at least one weakness device.
3. the method with the isolation method realization network virus prevention as claimed in claim 2, wherein, the above-mentioned at least one security vulnerabilities of above-mentioned eliminating is meant a revision program or the virus sweep program of installing.
4. the method with the isolation method realization network virus prevention as claimed in claim 1, wherein, above-mentioned isolation administration module is to place above-mentioned at least one computer installation, or for being linked to a computer installation of above-mentioned network system.
5. realize comprising the system of the network virus prevention with isolation method for one kind:
One network system, above-mentioned network system comprises at least one computer installation; And
One isolates administration module, it is coupled to above-mentioned network system, comprise the weakness device tabulation of at least one security vulnerabilities that at least one weakness device and each above-mentioned at least one weakness device are had in order to reference one, find out at least one weakness device in above-mentioned at least one computer installation, and according to above-mentioned weakness device tabulation, isolate above-mentioned at least one weakness device, when getting rid of above-mentioned at least one security vulnerabilities, according to above-mentioned weakness device tabulation, remove the isolation of above-mentioned at least one weakness device, wherein above-mentioned at least one security vulnerabilities is meant in above-mentioned at least one weakness device the part that may be invaded by malignant program.
6. the system with the isolation method realization network virus prevention as claimed in claim 5, wherein, the above-mentioned at least one security vulnerabilities of above-mentioned eliminating is meant a revision program or the virus sweep program of installing.
7. the system with the isolation method realization network virus prevention as claimed in claim 6, wherein, above-mentioned isolation administration module is to place above-mentioned at least one computer installation, or for being linked to a computer installation of above-mentioned network system.
CN 200310120487 2003-12-17 2003-12-17 Method of network system virus prevention, network system Expired - Lifetime CN1630245B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200310120487 CN1630245B (en) 2003-12-17 2003-12-17 Method of network system virus prevention, network system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200310120487 CN1630245B (en) 2003-12-17 2003-12-17 Method of network system virus prevention, network system

Publications (2)

Publication Number Publication Date
CN1630245A CN1630245A (en) 2005-06-22
CN1630245B true CN1630245B (en) 2011-07-20

Family

ID=34843935

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200310120487 Expired - Lifetime CN1630245B (en) 2003-12-17 2003-12-17 Method of network system virus prevention, network system

Country Status (1)

Country Link
CN (1) CN1630245B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1421794A (en) * 2001-11-22 2003-06-04 何鸿君 Network safety control equipment based on physical isolation and data exchange monitoring

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1421794A (en) * 2001-11-22 2003-06-04 何鸿君 Network safety control equipment based on physical isolation and data exchange monitoring

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
胡好良.大型网络系统防病毒新技术.中国金融电脑 12.1996,(12),10-14页.
胡好良.大型网络系统防病毒新技术.中国金融电脑 12.1996,(12),10-14页. *

Also Published As

Publication number Publication date
CN1630245A (en) 2005-06-22

Similar Documents

Publication Publication Date Title
US12314396B2 (en) Systems and methods for providing security services during power management mode
US7441272B2 (en) Techniques for self-isolation of networked devices
US7640589B1 (en) Detection and minimization of false positives in anti-malware processing
US7607041B2 (en) Methods and apparatus providing recovery from computer and network security attacks
US9148442B2 (en) Methods and apparatus providing automatic signature generation and enforcement
US9838415B2 (en) Fight-through nodes for survivable computer network
US7716727B2 (en) Network security device and method for protecting a computing device in a networked environment
CN1841397B (en) Aggregating the knowledge base of computer systems to proactively protect a computer from malware
US7689835B2 (en) Computer program product and computer system for controlling performance of operations within a data processing system or networks
CN100530208C (en) Network isolation techniques suitable for virus protection
US8402539B1 (en) Systems and methods for detecting malware
US20110113231A1 (en) System and method for providing secure reception and viewing of transmitted data over a network
US20160094564A1 (en) Taxonomic malware detection and mitigation
US20070143850A1 (en) Methods and apparatus providing computer and network security utilizing probabilistic policy reposturing
US20090328210A1 (en) Chain of events tracking with data tainting for automated security feedback
US9876806B2 (en) Behavioral detection of malware agents
CN1647483A (en) Detecting and countering malicious code in enterprise networks
GB2469308A (en) Disinfecting an electronic file by replacing all or part of it with a clean version
WO2011105659A1 (en) System, method, program, and recording medium for real-time detection and blocking of harmful programs through behavioral analysis of a process
US20060256730A1 (en) Intelligent quarantine device
US8341428B2 (en) System and method to protect computing systems
US20040093514A1 (en) Method for automatically isolating worm and hacker attacks within a local area network
CN1630245B (en) Method of network system virus prevention, network system
CN1352426A (en) Computer virus prevention method
KR20110032449A (en) Behavior based detection device and method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CX01 Expiry of patent term
CX01 Expiry of patent term

Granted publication date: 20110720