Abstract: The present invention discloses an external terminal protection device for data flow control and a corresponding protection system. The external terminal protection device includes: an interface control module, used for providing a plurality of data interfaces respectively connected to a protected host and one or more external devices; and a system control module, used for monitoring in real time a data transmission state of each data interface in the interface control module, and controlling the data flow of each data interface. The present invention realizes the functions of performing protocol filtering and auditing on various types of data flow without installing flow monitoring and security protection software on the protected host, and achieves the effects of low-latency network auditing and high-reliability protocol filtering, thereby comprehensively eliminating potential security hazards such as Trojan Horse virus implantation and flow anomaly that may be generated by the interfaces.

Abstract: The present invention discloses a hardware control logic based data forwarding control method and a corresponding data forwarding control system. The method includes: externally connecting a terminal protection device to a protected host, and taking over all the data interfaces of the protected host; and controlling by a hardware control logic in the terminal protection device the connection and/or disconnection of a physical circuit corresponding to data forwarding when an external device interacts data with the protected host via the terminal protection device, so as to control the data interaction between the external device and the protected host.

Abstract: The present invention discloses a hardware control logic based data forwarding control method and a corresponding data forwarding control system. The method includes: externally connecting a terminal protection device to a protected host, and taking over all the data interfaces of the protected host; and controlling by a hardware control logic in the terminal protection device the connection and/or disconnection of a physical circuit corresponding to data forwarding when an external device interacts data with the protected host via the terminal protection device, so as to control the data interaction between the external device and the protected host.

Abstract: The present invention provides an external terminal protection device and a corresponding protection system, the external terminal protection device including: an interface control module, used for providing an internal interface and an external interface, the internal interface being connected to a corresponding interface of a protected host, and the external interface being configured to access one or more external devices; and a system control module, used for connecting the interface control module, and controlling security authentication of the external devices accessed to the one or more external interfaces on the interface control module, so as to determine whether the external devices are licensed access devices. The present invention can protect the security of the protected host without installing security protection software on the protected host, thereby greatly reducing system security risks, and comprehensively eliminating the potential security hazards that may be generated by the interfaces.

Abstract: The present invention provides an external terminal protection device and a corresponding protection system, the external terminal protection device including: an interface control module, used for providing an internal interface and an external interface, the internal interface being connected to a corresponding interface of a protected host, and the external interface being configured to access one or more external devices; and a system control module, used for connecting the interface control module, and controlling security authentication of the external devices accessed to the one or more external interfaces on the interface control module, so as to determine whether the external devices are licensed access devices. The present invention can protect the security of the protected host without installing security protection software on the protected host, thereby greatly reducing system security risks, and comprehensively eliminating the potential security hazards that may be generated by the interfaces.

Abstract: The present invention discloses an external terminal protection device for data flow control and a corresponding protection system. The external terminal protection device includes: an interface control module, used for providing a plurality of data interfaces respectively connected to a protected host and one or more external devices; and a system control module, used for monitoring in real time a data transmission state of each data interface in the interface control module, and controlling the data flow of each data interface. The present invention realizes the functions of performing protocol filtering and auditing on various types of data flow without installing flow monitoring and security protection software on the protected host, and achieves the effects of low-latency network auditing and high-reliability protocol filtering, thereby comprehensively eliminating potential security hazards such as Trojan Horse virus implantation and flow anomaly that may be generated by the interfaces.

Abstract: A method and system for dynamic scheduling and allocation of network traffic are provided. The method includes: distributing, by a central scheduling system, a domain name initial configuration table and a determination strategy to each detection node; detecting, by each detection node, each server node of a pre-set domain name in the domain name initial configuration table, thereby obtaining performance information of each server node; generating, by each detection node, a corresponding best coverage record; and converting, by the central scheduling system, the best coverage record into a target server node and feeding back, by the central scheduling system, the target server node to a local DNS server. The disclosed method and system for dynamic scheduling and allocation of network traffic improves network access speed and reduces operation and maintenance cost.

Abstract: A method and system for dynamic scheduling and allocation of network traffic are provided. The method includes: distributing, by a central scheduling system, a domain name initial configuration table and a determination strategy to each detection node; detecting, by each detection node, each server node of a pre-set domain name in the domain name initial configuration table, thereby obtaining performance information of each server node; generating, by each detection node, a corresponding best coverage record; and converting, by the central scheduling system, the best coverage record into a target server node and feeding back, by the central scheduling system, the target server node to a local DNS server. The disclosed method and system for dynamic scheduling and allocation of network traffic improves network access speed and reduces operation and maintenance cost.

Abstract: The present disclosure relates to a method and system for guaranteeing website resource utilization rate using a content delivery network. The method includes following steps: receiving a domain name resolution request sent by a local domain name server; monitoring a resource load of a website source site corresponding to the domain name resolution request; utilizing monitoring data and according to a predetermined strategy to determine whether a result of the domain name resolution request is an address of the website source site or a content delivery network system; and sending a domain name resolution result to the local domain name server.

Abstract: The present disclosure relates to a method and system for guaranteeing website resource utilization rate using a content delivery network. The method includes following steps: receiving a domain name resolution request sent by a local domain name server; monitoring a resource load of a website source site corresponding to the domain name resolution request; utilizing monitoring data and according to a predetermined strategy to determine whether a result of the domain name resolution request is an address of the website source site or a content delivery network system; and sending a domain name resolution result to the local domain name server.