Abstract: A disk operation protection method and a disk controller are disclosed herein. The method includes: receiving a request for a disk operation; obtaining, by a disk controller, operation control parameters corresponding to the current disk area to be operated, and determining whether to allow operation of the current disk area according to the operation control parameters; if determining that the current disk area is allowed to be operated according to the operation control parameters, performing the disk operation. By implementing the embodiments of the present disclosure, the operation of the data stored in a disk is protected, illegal disk operations such as maliciously intended modification are prevented, the disk is protected in the process of generating data, and the defects of the disk protection mechanism in the prior art are overcome.

Abstract: A storage method, a storage system, and a controller are disclosed. The method is applicable to a system that includes at least one controller, at least two Peripheral Component Interconnection Express (PCIE) Input/Output (IO) modules, and at least two storage devices. The at least two storage devices are connected through a PCIE switch chip of the at least one controller, and the at least two PCIE IO modules are connected through a PCIE switch chip of the at least one controller. The method includes: receiving a request message from a server through the at least two PCIE IO modules; and accessing the at least two storage devices according to the request message. The at least two PCIE IO modules are shared between controllers, thereby saving resources; and the storage devices access the controllers without the need of a hard disk controller or a hard disk extension chip, thereby saving costs.

Abstract: A method for preventing network attacks is provided, which includes: obtaining a data packet, where a source address of the data packet is a cryptographically generated address (CGA); determining that the obtained data packet includes a CGA parameter and signature information; authenticating the CGA parameter; authenticating the signature information according to the authenticated CGA parameter; and sending the data packet to a destination address when the signature information is authenticated. Accordingly, a device for preventing network attacks is also provided. A CGA parameter used by a data packet is directly used to ensure authenticity of a source address of the data packet, thus preventing network attacks performed by counterfeiting the address. In addition, by authenticating signature information, authenticity of identification of a sender of the data packet and bound address of the sender of the data packet are further ensured.

Abstract: A method, a system and a gateway for protection against network attacks are provided. The method includes: receiving source request information and destination request information that are sent by a client, where the destination request information is notified by a Domain Name System (DNS) to the client sending the source request information; checking the source request information and the destination request information; and discarding the source request information and the destination request information when the checking result is undesirable. Through the technical solution, the DNS selects the destination request information according to the source request information sent by the client, and establishes a corresponding relation between the client and a server according to a matching relation between the source request information and the destination request information, so as to prevent DDOS attacks.

Abstract: A virtual storage method and a device are disclosed. The virtual storage method includes: obtaining a volume management mode of a Logical Unit Number (LUN) from a storage array and recording the volume management mode into stitch data; and constructing a virtual LUN according to the LUN and the stitch data, and mapping the virtual LUN to a host to enable read/write access; and modifying a destination address of an Input/Output (I/O) data packet delivered by the host according to the stitch data after receiving the I/O data packet, delivering the I/O data packet to the virtual LUN, and delivering the I/O data packet which has been delivered to the virtual LUN to the storage array according to the stitch data, where an address of the storage array to which the I/O data packet is delivered is the same as the destination address of the I/O data packet before the destination address of the I/O data packet is modified.

Abstract: A method and an apparatus for accessing a network file system (NFS) are disclosed. The method includes: receiving a first request message, which is sent by a user equipment (UE) to the NFS according to an available first file type; converting, according to a preset mapping relation, the first request message into a second request message capable of driving a second file type in the NFS, and sending the second request message to the NFS; receiving a first response message, which is based on the second file type and is sent by the NFS to the UE in response to the second request message; and converting, according to the preset mapping relation, the first response message into a second response message which is based on the first file type, and sending the second response message to the UE. With the present invention, the file system protocol can be converted, and the NFS is compatible with multiple operating systems.

Abstract: A method, an apparatus and a system for improving running stability of a Serial Attached Small Computer System Interface (SAS) domain are disclosed. The method includes: monitoring and recording the number of state changes of each SAS physical channel in the SAS domain within a preset time; and isolating an SAS physical channel that fulfills a preset isolation condition according to the number of state changes. The method improves the running stability of the SAS domain.

Abstract: A method for preventing Domain Name System (DNS) spoofing includes: performing uppercase/lowercase conversion for letters of a DNS question field in a DNS request packet according to a preset rule; sending the DNS request packet; receiving a DNS response packet; obtaining uppercase/lowercase distribution of the letters of the DNS question field in the DNS response packet; and forwarding the DNS response packet to a target DNS client if the uppercase/lowercase distribution of the letters of the DNS question field in the DNS response packet complies with the preset rule. Corresponding to the method, a device for preventing DNS spoofing is disclosed. The method and device reduce occupation of storage resources of the device.

Abstract: A method for filtering out a spam call includes: transmitting test information to a calling terminal when receiving a call request from the calling terminal; determining whether feedback information corresponding to the test information and generated by the calling terminal in a one-key reply manner is correct; if the feedback information is incorrect, determining the call request as a spam call request, and filtering out the call request. An apparatus, a proxy server and a terminal are further provided, so as to effectively determine whether a call request from a calling terminal is a spam call request initiated by a machine or software, therefore improving the security and accuracy of a test, and reducing the cost as there is no need to install a speech recognition system.

Abstract: A storage method and system, a terminal service board, a control board, and a storage channel board are provided. The system includes a terminal service board, a control board, and a storage channel board, where the terminal service board is configured to be connected with a terminal and the control board, process a request from the terminal, and send a processing result to the control board; the control board is configured to encapsulate data required to be stored onto a storage apparatus into a command according to the processing result, and submit the command to the storage channel board; the storage channel board is configured to be connected with the storage apparatus and the control board, and according to the command, store onto the storage apparatus the data required to be stored onto the storage apparatus. The control board becomes more focused on the storage processing, so that the efficiency of use for the control board is improved.

Abstract: A network authentication method, a method for a client to request authentication, a client, and a device are provided.

Abstract: A method for implementing network security access control is provided, including: receiving and decrypting terminal identity information that is encrypted in a bi-directional encryption mode and forwarded by a switch, and authenticating the decrypted terminal identity information; returning an authentication result to the switch so that the switch controls access of a terminal to a network according to the authentication result; encrypting the decrypted terminal identity information in a solo-directional encryption mode and authenticating the encrypted terminal identity information; returning an authentication result to a security access control gateway so that the security access control gateway controls access of the terminal to network resources according to the authentication result; delivering a security policy to a security control module on the terminal so that the security control module controls the terminal according to the security policy.

Abstract: In the field of communications technology, a method and a system for forwarding data between private networks are provided, which can enable terminals in different private networks to securely communicate with each other by using private network addresses. The method includes the following steps. A Secure Socket Layer (SSL) tunnel to an SSL Virtual Private Network (VPN) device in another private network is established. Address allocation information of the another private network is received through the SSL tunnel. The address allocation information and a mapping relation between the address allocation information and a public network IP address of the SSL VPN device transmitting the address allocation information and a session ID of the SSL tunnel transmitting the address allocation information are saved.

Abstract: A method, device and system for storing data in a cache in case of power failure are disclosed. The method includes: in case of power failure of a storage system, receiving configuration information from a central processing unit (CPU); establishing a mapping relationship between an address of data in the cache and an address in a storage device according to the configuration information; sending a signaling message that carries the mapping relationship to the cache, so that the cache migrates the data to the storage device according to the signaling message.

Abstract: A method for automatic snapshot includes obtaining the amount of data written into a source Logical Unit Number (LUN) and performing increment accumulation; and taking a snapshot when a value of the increment accumulation exceeds the upper limit value. An apparatus for automatic snapshot is disclosed. In one embodiment of the invention, snapshots are taken according to the size of a data variable, only two characterizing parameters, an upper limit value and an increment value need to be added, and the determination logic is clear and concise. Thus, system efficiency or resource overload is not affected, the pertinence is strengthened, the resource usage is increased, and the adaptability is strengthened. Furthermore, stored data may be automatically protected with snapshot, and data safety and reliability are greatly improved.

Abstract: A method and a system for controlling terminal access, and a terminal for controlling access are provided. The method includes: receiving a policy configuration sent by a server on a network side; modifying local setting according to the policy configuration; and controlling an access authority of the terminal according to the modified local setting. Thus, when terminal access control is needed for a terminal connected to the network, the policy configuration can be delivered to the agent of the terminal, so that the agent controls an access authority of the terminal according to the policy configuration. Thereby, the convenient and flexible separation of the pre-authentication domain and the post-authentication domain is realized for different terminals, so as to meet the requirements for access control of multiple terminals.

Abstract: A file rights control method, a file rights control system, and a server are described. The file rights control method includes: monitoring identity information of a file author; determining at least one authorization object of the file according to identity information of the file author; determining rights corresponding to different authorization objects of the file according to the identity information of the file author and the at least one authorization object of the file; and authorizing the at least one authorization object of the file according to the determined rights corresponding to different authorization objects of the file. A file rights control system and a server are further described. By using the embodiments of the present invention, the complexity of file authorization control operation is reduced, thus improving the working efficiency of users. Moreover, the authorization of a fine granularity and a higher security are ensured.

Abstract: A method, a device, and a system for network interception are provided. The method for network interception includes the following steps. A matching rule obtained by parsing an interception policy. Received data are selected by adopting a deep packet inspection (DPI) according to the matching rule so as to obtain an interception result, in which the received data are obtained by adopting data preprocessing to filter packet data according to a service customizing rule obtained by parsing the interception policy. The system for network interception includes a service probe server (SPS) and a service analyze server (SAS). Thus, various packet data services transmitted over an Internet protocol (IP) network can be intercepted.

Abstract: Embodiments of the present invention provide a method and a system for detecting a malicious code. The method includes obtaining first system information and second system information, and detecting the malicious code by identifying difference between the first system information and the second system information, which thus can detect an unknown malicious code, improve the system security, and can be easily implemented.

Abstract: A method, a system for managing port status of a network device, and a relay device are provided in the field of network management. The method includes the following steps. A relay device detects working status of ports in a logic group, and the ports are mounted on the relay device and connected to an upstream/downstream device. When it is detected that the working status of a port in the logic group is Down, the relay device sets the working status of the other ports in the logic group as Down, so that the upstream/downstream device of the relay device switches a terminal service to a standby link according to the ports' Down status in the logic group being detected. The relay device includes a detecting module and a setting module. The system includes a relay device and an upstream/downstream device of the relay device. The technical solution provided in the embodiments of the present disclosure guarantees that the terminal service is transmitted uninterruptedly.