Search

CN-122027312-A - Cloud network end cooperative integrated safety protection system

CN122027312ACN 122027312 ACN122027312 ACN 122027312ACN-122027312-A

Abstract

The application discloses a cloud network end collaborative integrated safety protection system, and belongs to the technical field of network safety. The safety protection system comprises a safety control platform and a safety control component which are connected with the video network, wherein the safety control component is arranged in cloud equipment connected with the video network and terminal equipment connected with the video network. According to the embodiment of the application, when the cloud device and the target device of the terminal device execute the data receiving or transmitting, the security management and control platform is preferably adopted to execute the pre-configured subject policy or object policy, so that the security of the cloud network terminal is ensured, and the cooperative and integrated security protection of the cloud network terminal is realized.

Inventors

  • HUO WEI
  • SU HONGSHENG
  • SHEN JUN
  • WANG YANHUI

Assignees

  • 视联动力信息技术股份有限公司

Dates

Publication Date
20260512
Application Date
20260303

Claims (10)

  1. 1. The cloud network end collaborative integrated safety protection system is characterized by comprising a safety control platform and a safety control assembly which are connected with the video network; the safety control component is arranged in cloud equipment accessed to the video network and terminal equipment accessed to the video network; The security management and control platform is used for configuring a subject policy for performing release judgment on the sent first target data when the target devices in the cloud device and the terminal device are used as data transmission subjects and/or an object policy for performing release judgment on the received second target data when the target devices are used as data transmission objects, and sending the subject policy and/or the object policy to the security management and control component; The security management and control component is configured to receive the subject policy and/or the object policy, and execute the subject policy when the target device is used as the data transmission subject to send out the first target data, and/or execute the object policy when the target device is used as the data transmission object to receive the second target data.
  2. 2. The security protection system according to claim 1, wherein the security management component is configured to determine whether a subject policy corresponding to the target device exists when the target device sends out first target data as the data transmission subject, and execute the subject policy when the subject policy exists in the security management component.
  3. 3. The security system according to claim 1 or 2, wherein the security management and control component is configured to determine, according to the subject policy, whether to release the first target data sent when the target device is the data transmission subject, and send the first target data to the corresponding data transmission object through the internet of view when the subject policy determines that the first target data sent when the target device is the data transmission subject is released.
  4. 4. The security protection system according to claim 1, wherein the security management component is configured to determine whether a guest policy corresponding to the target device exists when the target device receives second target data as the data transmission guest, and execute the guest policy when the guest policy exists in the security management component.
  5. 5. The security system according to claim 1 or 4, wherein the security management component is configured to determine whether to release the second target data received when the target device is the data transmission subject object according to the object policy, and control the data transmission object to receive the second target data when the object policy determines to release the second target data received when the target device is the data transmission object.
  6. 6. The security system of claim 1, wherein the security management component is configured to open a target tunnel between a data transfer subject and a data transfer object in the target device, and perform data transfer between the data transfer subject and the data transfer object through the target tunnel.
  7. 7. The security system of claim 1, wherein the security management component is configured to determine, when receiving second target data sent by a data transmission subject, the data transmission subject according to the second target data, and further determine whether an object policy matching the data transmission subject exists.
  8. 8. A safety protection method based on a safety protection system, characterized in that the safety protection method is applied to the safety protection system of claims 1 to 7, the method comprising: Configuring a subject policy for performing release judgment on the sent first target data when the target device is used as a data transmission subject and/or an object policy for performing release judgment on the received second target data when the target device is used as a data transmission object through the safety control platform, and sending the subject policy and/or the object policy to the safety control assembly; And receiving the subject policy and/or the object policy by adopting the security management and control component, and executing the subject policy when the target device is used as the data transmission subject to send out the first target data and/or executing the object policy when the target device is used as the data transmission object to receive the second target data.
  9. 9. An electronic device comprising a processor, a memory, and a program or instruction stored on the memory and executable on the processor, which when executed by the processor, implements the security system-based security method of claim 8.
  10. 10. A readable storage medium having stored thereon a program or instructions which when executed by a processor implement the safety protection method based on a safety protection system according to claim 8.

Description

Cloud network end cooperative integrated safety protection system Technical Field The application belongs to the technical field of network security, and particularly relates to a cloud network end collaborative integrated security protection system. Background The current state of cloud, network and end network security presents the characteristics of the coexistence of rapid technical evolution and continuous threat upgrading, and simultaneously faces the double challenges of strict compliance requirements and insufficient defense capability. At present, the cloud, the network and the terminal all consider the universality, and the safe solution is compared with the fracture, but the overall consideration is not taken into consideration. Disclosure of Invention The embodiment of the application aims to provide a cloud network end collaborative integrated safety protection system, which can solve the problem of network safety in the video networking. In order to solve the technical problems, the application is realized as follows: in a first aspect, an embodiment of the present application provides a cloud network end collaborative integrated security protection system, The safety protection system comprises a safety control platform and a safety control assembly which are connected with the video network; the safety control component is arranged in cloud equipment accessed to the video network and terminal equipment accessed to the video network; The security management and control platform is used for configuring a subject policy for performing release judgment on the sent first target data when the target devices in the cloud device and the terminal device are used as data transmission subjects and/or an object policy for performing release judgment on the received second target data when the target devices are used as data transmission objects, and sending the subject policy and/or the object policy to the security management and control component; The security management and control component is configured to receive the subject policy and/or the object policy, and execute the subject policy when the target device is used as the data transmission subject to send out the first target data, and/or execute the object policy when the target device is used as the data transmission object to receive the second target data. Optionally, the security management and control component is configured to determine whether a subject policy corresponding to the target device exists when the target device sends out the first target data as the data transmission subject, and execute the subject policy when the subject policy exists in the security management and control component. Optionally, the security management and control component is configured to determine, according to the subject policy, whether to release the first target data sent when the target device is used as the data transmission subject, and send, when the subject policy determines to release the first target data sent when the target device is used as the data transmission subject, the first target data to the corresponding data transmission object through the view network. Optionally, the security management and control component is configured to determine whether an object policy corresponding to the target device exists when the target device receives the second target data as the data transmission object, and execute the object policy when the object policy exists in the security management and control component. Optionally, the security management and control component is configured to determine whether to release the second target data received when the target device is used as the data transmission host object according to the object policy, and control the data transmission object to receive the second target data when the object policy determines to release the second target data received when the target device is used as the data transmission object. Optionally, the security management and control component is configured to open a target tunnel between the data transmission host and the data transmission object in the target device, and perform data transmission between the data transmission host and the data transmission object through the target tunnel. Optionally, the security management and control component is configured to determine, when receiving second target data sent by the data transmission subject, the data transmission subject according to the second target data, so as to determine whether there is a guest policy matching the data transmission subject In a second aspect, an embodiment of the present application provides a safety protection method based on a safety protection system, where the safety protection method is applied to the safety protection system, and the method includes: Configuring a subject policy for performing release judgment on the sent first target data when the target device is used as a data transmissio