Search

CN-117251845-B - Virus searching and killing exercise method, device, equipment and storage medium

CN117251845BCN 117251845 BCN117251845 BCN 117251845BCN-117251845-B

Abstract

The invention discloses a virus searching and killing exercise method, a device, equipment and a storage medium, which comprise the steps of acquiring backup data from a disaster recovery system after receiving a workflow starting instruction; and performing virus searching and killing exercise on the target recovery data in a pre-constructed data sandbox with a unidirectional isolation function. According to the technical scheme, the problem that the virus killing environment is not isolated from the production environment is solved, the influence of the virus checking and killing process on the production environment is avoided, the safety of production data in the production environment is guaranteed while the virus checking and killing is realized, and the economic loss of production is reduced.

Inventors

  • HUANG YUQIN
  • LIU DONG

Assignees

  • 上海爱数信息技术股份有限公司

Dates

Publication Date
20260512
Application Date
20231031

Claims (9)

  1. 1.A virus searching and killing exercise method is characterized by comprising the following steps: after receiving a workflow starting instruction, backup data are obtained from a disaster recovery system; Performing data recovery on the backup data, and determining target recovery data; virus searching, killing and drilling are carried out on the target recovery data in a pre-constructed data sandbox with a unidirectional isolation function; The construction of the data sandbox comprises the following steps: Creating a virtual switch without an uplink on a target virtualization platform and a preset number of isolated network ports on the virtual switch, wherein the virtual switch without the uplink is isolated from an external network, and any virtual machine connected to the virtual switch network is isolated from the external network; Creating a virtual machine with a preset operating system and starting a route forwarding function on the target virtualization platform, and determining the virtual machine as proxy equipment; establishing connection between the proxy equipment and the isolated network port and connection between the proxy equipment and the target virtualization platform; And receiving firewall configuration information of the client and configuring corresponding firewall rules of the proxy equipment according to the firewall configuration information, wherein the firewall configuration information is configuration information of a network filter, and the external unidirectional communication function of the data sandbox is realized by configuring corresponding network filter rules on the proxy equipment.
  2. 2. The method of claim 1, wherein the performing data recovery on the backup data and determining target recovery data comprises: Restoring the backup data to the restoring resources in the data sandbox to form initial restoring data and verifying the initial restoring data; And determining the initial recovery data which passes the verification as target recovery data.
  3. 3. The method of claim 1, wherein the virus search and killing exercise of the target recovery data in a pre-constructed data sandbox with unidirectional barrier function comprises: Sending a virus killing engine option to a client, and receiving a target virus killing engine fed back by the client; and in a pre-constructed data sandbox with a unidirectional isolation function, performing virus searching and killing exercise on the target recovery data according to the target virus searching and killing engine, wherein the data sandbox comprises at least one recovery resource, each recovery resource comprises at least one resource catalog, and the target recovery data is on the resource catalog.
  4. 4. A method according to claim 3, wherein said performing virus search and killing exercises on said target recovery data according to said target virus search and killing engine comprises: Calling an adapter corresponding to the target virus killing engine through a preset virus killing interface; and calling the target virus killing engine to perform virus killing exercise on the target recovery data according to the adapter corresponding to the target virus killing engine.
  5. 5. The method as recited in claim 1, further comprising: and generating a virus killing exercise report, and feeding the virus killing exercise report back to the server.
  6. 6. The method of claim 1, wherein the establishing the connection of the proxy device with the isolated network port comprises: Creating a preset number of virtual network cards on the proxy equipment, and correspondingly connecting each virtual network card with each isolated network port; Determining gateway addresses of production networks mapped by all the isolated networks as addresses of virtual network cards corresponding to the isolated networks; and receiving network configuration information of the client and configuring a subnet mask and a disguised network segment of the virtual network card according to the network configuration information.
  7. 7. A virus search and killing exercise device, comprising: The backup data recovery module is used for acquiring backup data from the disaster recovery system after receiving the workflow starting instruction; the recovery data determining module is used for carrying out data recovery on the backup data and determining target recovery data; the virus searching and killing exercise module is used for performing virus searching and killing exercise on the target recovery data in a pre-constructed data sandbox with a unidirectional isolation function; The device also comprises a data sandbox creation module, wherein the data sandbox creation module comprises: an isolated network creation unit for creating a virtual switch without an uplink on a target virtualization platform and creating a preset number of isolated network ports on the virtual switch, wherein the virtual switch without the uplink is isolated from an external network, and any virtual machine connected to the virtual switch network is also isolated from the external network; The agent equipment determining unit is used for creating a virtual machine with a preset operating system and starting a route forwarding function on the target virtualization platform, and determining the virtual machine as agent equipment; a proxy connection establishing unit, configured to establish a connection between the proxy device and the isolated network port, and a connection between the proxy device and the target virtualization platform; And the rule configuration unit is used for receiving firewall configuration information of the client and carrying out corresponding firewall rule configuration on the proxy equipment according to the firewall configuration information, wherein the firewall configuration information is the configuration information of the network filter, and the external unidirectional communication function of the data sandbox is realized by configuring corresponding network filter rules on the proxy equipment.
  8. 8. An electronic device, comprising: at least one processor, and A memory communicatively coupled to the at least one processor, wherein, The memory stores a computer program executable by the at least one processor to enable the at least one processor to perform a virus challenge exercise method according to any of claims 1-6.
  9. 9. A computer readable storage medium, wherein the computer readable storage medium stores computer instructions for causing a processor to perform a virus challenge exercise method according to any of claims 1-6.

Description

Virus searching and killing exercise method, device, equipment and storage medium Technical Field The invention relates to the technical field of data security, in particular to a virus searching and killing exercise method, device, equipment and storage medium. Background In recent years, computer viruses, particularly the lux virus, have had a very large impact on the availability and data security of business systems, and are becoming more and more rampant. Aiming at the threat, the main coping method at the data level at present is to regularly backup necessary data into a disaster recovery system by using a backup or disaster recovery system, once the data in a production environment is infected by viruses, the data in the disaster recovery system can be quickly recovered to minimize the loss, but the method can not solve all the problems of the Lesovirus prevention, and if the production data is infected before backup or the incubation period of the file during the virus infection is reserved, the virus infection data can not be prevented by backup. Aiming at the problems, the general solution is to utilize a disaster recovery system to periodically recover backup data, and then utilize antivirus software to search and kill viruses of the recovered data so as to ensure the safety of the data. However, the risk of the above process is that if the sterilization environment is not isolated from the production environment during the sterilization process, each virus challenge may result in the production environment being affected, resulting in a greater, unpredictable loss. Disclosure of Invention The invention provides a virus checking and killing exercise method, device, equipment and storage medium, which solve the problem that the virus killing environment is not isolated from the production environment, avoid the influence of the virus checking and killing process on the production environment, realize virus checking and killing, ensure the safety of production data in the production environment and reduce the economic loss of production. In a first aspect, an embodiment of the present disclosure provides a virus search and killing exercise method, including: after receiving a workflow starting instruction, backup data are obtained from a disaster recovery system; Performing data recovery on the backup data, and determining target recovery data; and virus searching, killing and drilling are carried out on the target recovery data in a pre-constructed data sandbox with a unidirectional isolation function. In a second aspect, embodiments of the present disclosure provide a virus search and killing exercise device, including: The backup data recovery module is used for acquiring backup data from the disaster recovery system after receiving the workflow starting instruction; the recovery data determining module is used for carrying out data recovery on the backup data and determining target recovery data; And the virus searching and killing exercise module is used for performing virus searching and killing exercise on the target recovery data in a pre-constructed data sandbox with a unidirectional isolation function. In a third aspect, an embodiment of the present disclosure provides an electronic device, including: at least one processor, and A memory communicatively coupled to the at least one processor, wherein, The memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform the virus search and killing exercise method provided by the embodiment of the first aspect described above. In a fourth aspect, an embodiment of the present disclosure provides a computer readable storage medium, where computer instructions are stored, where the computer instructions are configured to cause a processor to execute the virus search and killing exercise method provided in the foregoing embodiment of the first aspect. The virus searching and killing exercise method, device, equipment and storage medium provided by the embodiment of the invention acquire backup data from a disaster recovery system after receiving a workflow starting instruction, perform data recovery on the backup data, determine target recovery data, and perform virus searching and killing exercise on the target recovery data in a pre-constructed data sandbox with a unidirectional isolation function. According to the technical scheme, the problem that the virus killing environment is not isolated from the production environment is solved, the influence of the virus checking and killing process on the production environment is avoided, the safety of production data in the production environment is guaranteed while the virus checking and killing is realized, and the economic loss of production is reduced. It should be understood that the description in this section is not intended to identify key or critical features of th