Data transmission method and system based on virtualized network and network security equipment

Abstract

The invention provides a data transmission method and system based on a virtualized network and network security equipment. The method comprises the following steps: hijacking a plurality of data messages sent from a plurality of first end communication equipment by first security equipment; compiling the network address of the first end communication equipment based on a first compiling strategy by using the first safety equipment to obtain a plurality of mutually nested virtual network addresses, and respectively sending data messages to the opposite end communication equipment based on the virtual network addresses on the established physical lines between the first end communication equipment and the opposite end communication equipment; the first compiling strategy comprisesa preset network address compiling algorithm or an initiator virtual IP network address randomly generated in a virtual IP network segment range corresponding to the service requested by the data message; and the second security equipment receives the data from the first security equipment, analyzes the compiled virtual network address of the initiator based on the first analysis strategy, and transmits a data message identified by the initiator to the receiver after successful analysis.

Description

technical field [0001] The invention relates to the technical field of data security, in particular to a virtualized network-based data transmission method, system and network security equipment. Background technique [0002] In recent years in our country, with the development of network technology and the popularization and enrichment of network applications, the problem of network security has become increasingly serious. High-tech crimes using information technology have shown an increasing trend. Therefore, building a safe communication environment is an inevitable trend. [0003] Due to the diversity of connection forms, the uneven distribution of terminals, and the openness and interconnectivity of the network, it is possible for attackers to detect and scan asset devices in the network, eavesdrop on information on the network, and steal user information. Passwords, database information; it is also possible to tamper with the contents of the database, forge user ident...

AI Technical Summary

Problems solved by technology

Among them, the risks at the software level are mainly reflected in: (1) The traditional network security defense method is to passively detect virus samples, intrusion signature samples and other mechanisms. What can be released and what can be blocked, but in actual network communication, hackers are often simulated as ordinary users who can be released to access, and are directly released by the network security gateway to enter the user's intranet, which causes uncontrollable risks; (2) The traditional network security is a tower defense. Various security software products are stacked and accumulated, and various static passive defenses are superimposed on each other. It is impossible to defend in a fundamentally effective way. It can only be found and repaired, which cannot be realized. Dynamic + unknown automatic defense; (3) Traditional application software, network equipment, and network security equipment are all marked with clear IP identifiers, such as IP addresses or MAC addresses, which will create opportunities for hackers to scan and detect network IP with hacking tools. address or MAC address and then find the risk of corresponding vulnerabilities to attack; (4) In addition, common application software or system software is often infinitely enlarged due to continuous expansion and boundary expansion of system vulnerabilities or patches, if hackers exploit software vulnerabilities, it will The risk of launching an intrusion attack, thus bringing new risks and hidden dangers

[0005] In terms of hardware-level risks, traditional network security devices operate in an inline mode for network operation and maintenance. To connect and debug your own equipment, there will be a potential risk that the network security protection equipment is exposed in the network, that is to say, any node in the network can connect to this equipment as long as the network route is reachable. At that time, hackers can use brute force password cracking to continuously try user names, passwords, or log in to the browser vulnerabilities of this security device or find backdoors for intrusion attacks; at the same time, the network security device itself also has a CPU that is physically attacked. The crystal oscillator attack and the side channel attack on memory resources, these two attack methods can directly bypass any security protection and directly take over the core control unit, reaching the risk of arbitrary control of the device

In addition, there is another problem that if you want to disconnect the client's access to a certain resource of the server, you need to disconnect the actual physical link to really prevent the client from accessing, and the disconnection of the actual physical line will affect the client's access to the server. Access to other business resources

Images