Protection system for block chain management serverTechnical Field
The invention relates to the technical field of protection systems, in particular to a protection system for a blockchain management server.
Background
With the rapid development of blockchain technology, the security of blockchain servers is also receiving more and more attention, and blockchain servers are called nodes in a blockchain system, and they provide storage space and computational support for the whole blockchain system.
However, the prior blockchain servers have no safety protection measures in the process of operation, the phenomenon of mutual attack easily occurs between the blockchain servers, meanwhile, the technical problems of inconsistent safety states, inconsistent running environments and storm safety risk of resource occupation exist between the blockchain servers, and potential safety hazards are brought to the use of the blockchain servers.
Disclosure of Invention
The present invention is directed to a protection system for a blockchain management server, so as to solve the above-mentioned problems in the prior art.
The protection system comprises gateway deployment, security agent, application deployment, security center and management center, wherein the gateway deployment is deployed on a protection wall and used for protecting the edge safety of a virtual platform, providing DHCP, NAT, unified firewall, responsible balancing, VPN and port isolation functions, the security agent is deployed in the blockchain server and used for providing antivirus engine and antivirus database for the whole blockchain server, the application is deployed in the blockchain server and used for providing non-agent virus searching and killing, IDS/IPS, program protection, program control management, integrity monitoring and log audit, the security center is responsible for unified updating of a virus library and trusted data access, the management center enables an administrator to conduct security policy management and apply the security policy to the server by establishing and maintaining a global cache of a scanned file, and the security update and report generation can be used for managing, deploying, reporting, recording and integrating third party security services to realize role-based access control and role separation;
The protection system also comprises a virus protection module, a patch protection module, a malicious software protection module, a Web application protection module, an intrusion protection module, an access control module, an intrusion detection module, an integrity detection module, an application isolation module and a status firewall.
Preferably, the virus protection module aims at the problems of inconsistent safety state and storm occupied by resources in a blockchain server service environment, provides agent-free virus protection by realizing the virus protection module, and adopts heuristic scanning to timely check and kill viruses;
The patch protection module is used for evaluating the blockchain servers through a patch technology, automatically providing comprehensive bug fixes for each blockchain server, and providing interception for bug attacks before patch programs are not installed;
preferably, the malicious software protection module integrates VMWARE VSHIELD Endpoint APIs, can prevent the blockchain server from being infringed by viruses and Trojan horse malicious software, and thus provides protection for complex attack interference security in the blockchain server environment;
And the Web application protection module is used for preventing cross-site script attack and other Web application program loopholes and providing automatic notification containing summary information such as an attacker, attack time and the like.
Preferably, the intrusion protection module provides high-security protection for the blockchain server by blocking SQL injection attack, denial of service attack, worm virus intrusion attack and the like, checks all incoming and outgoing data packets, and does not allow protocol modification and violating security policy to cause the attack to have a multiplicative opportunity;
the access control module provides an access control function based on state detection, realizes access control based on a network port of the block chain server, realizes logic isolation among the block chain servers, simultaneously identifies and intercepts various flooding attacks, blocks illegal traffic and optimizes traffic distribution according to a traffic management protocol;
And the intrusion detection module is used for providing a strategy-based monitoring and analyzing tool based on a protocol, more accurately monitoring, analyzing and accessing the flow, simultaneously analyzing network behaviors, matching attack characteristics with a characteristic library for rapidly and accurately detecting the intrusion behaviors in an unattended environment, recording new attack characteristics and continuously perfecting the characteristic library.
Preferably, the integrity detection module supports key file monitoring functions such as files, catalogs, registries and the like based on a base line, wherein key positions are maliciously tampered or infected with viruses, and the system automatically gives an alarm to an administrator and records problems;
the application isolation module supports the separation of virtual applications, thereby avoiding the mutual infection among the blockchain server applications and protecting HTTP and FTP services by utilizing the intrusion prevention function based on the signature;
And (3) carrying out fine-granularity filtering, aiming at a network design strategy and an IP protocol-based position sensing function, reducing the attacked range of the server, centrally managing the firewall strategy of the server, preventing denial of service attack and detecting scout scanning.
Preferably, the integrity detection module further comprises suspicious file analysis, specifically, parameters are selected, the selected customer service system parameters are analyzed, and in the analysis, the disassembly technology of the instruction sequence is utilized to obtain interested data, so that a final result is obtained.
Preferably, the management center further comprises establishing DNS communication with a blockchain couple.
Preferably, the Web application protection module further comprises setting an IP access limit, screening the user, checking whether the client has legal access rights, setting the function in the Web server filtering module, and matching the IP address in the HTTP request with the IP address in the blacklist, when the user requests a page and runs the JSP program, the Web server reads the access control file, obtains access control information from the process, and simultaneously requires the client to provide a user name and a password, then the browser transmits the user name and the password to the server, and after verification, the server can meet the content requested by the user, such as sending back the request page or executing the JSP program.
The system has the technical effects and advantages that through the blockchain server safety protection system, comprehensive protection is realized in aspects of virus protection, patch protection, malicious software protection, intrusion detection and protection, access control and integrity monitoring, the problems of mutual attack, inconsistent safety states, inconsistent running environments and storm safety risks occupied by resources among servers in the blockchain server are solved, the system reduces safety threat, the capability of resisting the latest safety threat is provided, the safety of the server is improved, and therefore, the high availability of the blockchain service application is guaranteed.
Drawings
FIG. 1 is a system block diagram of a protection system for a blockchain management server in accordance with the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The invention provides a protection system for a blockchain management server, which comprises gateway deployment, a security agent, application deployment, a security center and a management center, wherein the gateway deployment is deployed on a protection wall and used for protecting the edge security of a virtual platform, providing DHCP, NAT, a unified firewall, being responsible for balancing, VPN and port isolation functions, the security agent is deployed in the blockchain server and used for providing an antivirus engine and an antivirus database for the whole blockchain server, the application deployment is deployed in the blockchain server and used for providing non-agent virus searching and killing, IDS/IPS, program protection, program control management, integrity monitoring and log audit, the security center is responsible for unified updating of a virus library and providing trusted data access, the management center enables an administrator to conduct security policy management and apply the security policy to the server and security update and generate reports by establishing and maintaining a global cache of a scanned file, and can be used for managing, deploying, reporting, recording and integrating third-party security services, so that role-based access control and responsibility separation are realized;
the risks of the blockchain management server include inter-attack, inconsistent security states, inconsistent running environments, resource occupation storm, tool vulnerability risk, data security risk and system replication risk among the blockchain services.
The protection system also comprises a virus protection module, a patch protection module, a malicious software protection module, a Web application protection module, an intrusion protection module, an access control module, an intrusion detection module, an integrity detection module, an application isolation module and a status firewall.
Aiming at the problems of inconsistent safety state and storm occupied by resources in the service environment of the block chain server, the virus protection module provides agent-free virus protection by realizing the virus protection module, and adopts heuristic scanning to timely check and kill viruses;
The patch protection module is used for evaluating the blockchain servers through a patch technology, automatically providing comprehensive bug fixes for each blockchain server, and providing interception for bug attacks before patch programs are not installed;
The malicious software protection module integrates VMWARE VSHIELD Endpoint APIs, can prevent the blockchain server from being infringed by viruses and Trojan horse malicious software, and thus provides protection for complex attack interference security in the blockchain server environment;
And the Web application protection module is used for preventing cross-site script attack and other Web application program loopholes and providing automatic notification containing summary information such as an attacker, attack time and the like.
The intrusion protection module provides high-security protection for the blockchain server by blocking SQL injection attack, denial of service attack, worm virus intrusion attack and the like, and checks all incoming and outgoing data packets, so that protocol modification is not allowed, and the attack content caused by violation of a security policy is multiplicable;
the access control module provides an access control function based on state detection, realizes access control based on a network port of the block chain server, realizes logic isolation among the block chain servers, simultaneously identifies and intercepts various flooding attacks, blocks illegal traffic and optimizes traffic distribution according to a traffic management protocol;
And the intrusion detection module is used for providing a strategy-based monitoring and analyzing tool based on a protocol, more accurately monitoring, analyzing and accessing the flow, simultaneously analyzing network behaviors, matching attack characteristics with a characteristic library for rapidly and accurately detecting the intrusion behaviors in an unattended environment, recording new attack characteristics and continuously perfecting the characteristic library.
The integrity detection module supports key file monitoring functions such as files, catalogues, registries and the like based on a base line, the key positions are maliciously tampered or infected with viruses, and the system automatically gives an alarm to an administrator and records problems;
the application isolation module supports the separation of virtual applications, thereby avoiding the mutual infection among the blockchain server applications and protecting HTTP and FTP services by utilizing the intrusion prevention function based on the signature;
And (3) carrying out fine-granularity filtering, aiming at a network design strategy and an IP protocol-based position sensing function, reducing the attacked range of the server, centrally managing the firewall strategy of the server, preventing denial of service attack and detecting scout scanning.
The integrity detection module further comprises suspicious file analysis, specifically, selected parameters are analyzed, the selected customer service system parameters are analyzed, and the disassembly technology of the instruction sequence is utilized in the analysis to obtain interested data, so that a final result is obtained.
The management center also comprises a step of establishing DNS communication with the blockchain couple, and specifically comprises the following steps:
Step S1, a client sends a city name query request to a server, specific query content is provided, when the queried content of the client belongs to a host name within a domain name of the server, the DNS server directly replies to the client to inform an IP address, when the queried content of the client belongs to other domain names, the client firstly queries self cache content of the server to see whether related information exists, if found, the client replies to the client to inform the IP address;
Step S2, if the related information is not found in the cache content of the server, the server can turn to the inquiry of the root server, the inquiry information of the server is received, the root server can inform the server of the position of the next layer of authorized server, namely the IP address, possibly comprising a plurality of next layer of authorized server addresses, the local server can inquire one of the authorized servers, the next layer of authorized server address list is stored in the cache, and then the client can directly answer the client when requesting similar content;
And step S3, responding the local server by the remote authorization server, if the response of the remote authorization server is not the answer of the last layer, continuing to inquire downwards until the result required by the client is obtained, responding the inquiry result to the client by the local server, storing the inquiry result in a cache of the server at the same time, and responding by data stored in the cache of the server if the same inquiry of the client is received before the storage time of the local server is not out of date.
The Web application protection module further comprises setting an IP access limit, screening a user, checking whether the client has legal access right, setting the function in the Web server filtering module, and matching an IP address in an HTTP request with an IP address in a blacklist, when the user requests a page and runs a JSP program, the Web server can read an access control file, acquire access control information from the process, simultaneously ask the client to provide a user name and a password, then the browser transmits the user name and the password to the server, and after verification, the server can meet the content requested by the user, such as sending back the request page or executing the JSP program.
What is not described in detail in this specification is prior art known to those skilled in the art. The specific embodiments described herein are offered by way of example only to illustrate the spirit of the invention. Those skilled in the art may make various modifications or additions to the described embodiments or substitutions thereof without departing from the spirit of the invention or exceeding the scope of the invention as defined in the accompanying claims.