Background technology
The manufacturing enterprise of China is used Digit Control Machine Tool to carry out precision optical machinery processing more and more.In the machining system based on Digit Control Machine Tool, by a controller and a plurality of Digit Control Machine Tool, formed, they couple together by network, by controller, Digit Control Machine Tool are implemented to long-range setting and control, form a Digit Control Machine Tool net.
Along with industrialization and the informationalized degree of depth merge, increasing enterprise is linked into Enterprise Information Net by the Digit Control Machine Tool net, design machining drawing on the work station of engineer in Enterprise Information Net, after generating the machined parameters file, be transferred on the controller in the Digit Control Machine Tool net, be directly used in the control Digit Control Machine Tool and carry out machining, the mistake of having avoided manual delivery and input machined parameters file to introduce, improved operating efficiency greatly.
Because the node in the Digit Control Machine Tool net is mainly controller of digital controlled machine tool, belong to built-in terminal, can't protect by the safety information products such as anti-virus software are installed, in state in the air.There is larger potential safety hazard in this direct access way, and main manifestations is:
(1) may be passed to the Digit Control Machine Tool net from rogue programs such as the virus in Enterprise Information Net, wooden horses, mechanical processing process is disturbed and destroys.Shake net virus is exactly typical case.
(2), from the attack in Enterprise Information Net and violation operation, Digit Control Machine Tool net and mechanical processing process are disturbed and destroyed.
(3) the machined parameters file may illegally be distorted in transmitting procedure, the serious consequence such as cause that part is scrapped.
(4) illegal access host in the Digit Control Machine Tool net, the Entry Firm information network, implement unlawful activities without permission.
On the other hand; a lot of military enterprises have mostly set up the Digit Control Machine Tool net; and military enterprise's information network belongs to the classified information net; regulation according to national Information System Security cascade protection system; any terminal equipment must just can be linked in the classified information net under the condition of safety prevention measure is arranged, to guarantee the safety of network boundary.Because controller of digital controlled machine tool is built-in terminal, security protection system can't be installed.Therefore, usually forbid the Digit Control Machine Tool net without security protection is linked in the classified information net, can only adopt data to derive mode, on the work station of classified information net, deposit the machined parameters file of generation in CD; Then on the controller in machined parameters file in CD is imported to the Digit Control Machine Tool net again.Although this data export method is safer, also bring problems such as using inconvenience and the wasting of resources.
Visible, directly access way exists very large potential safety hazard, and data derivation mode exists problems such as using inconvenience.The key addressed these problems is the Digit Control Machine Tool net to be linked in Enterprise Information Net (comprising the classified information net) how safely, under safety, controlled condition, realizes that the safety of data file transmits.
At first, the Digit Control Machine Tool net is non-classified network, does not exist classified information to process and storage problem.Secondly, the Digit Control Machine Tool net must be linked into the company information network having under the condition of safety prevention measure, this safety prevention measure can be realized by a security gateway is set between Enterprise Information Net and Digit Control Machine Tool net, under the control of security gateway, Enterprise Information Net transmits the machined parameters file to the Digit Control Machine Tool net, both effectively reduced the security risk that direct access way is brought, and solved again data and derived the use inconvenience problem that mode is brought.
Summary of the invention
In order to overcome the poor deficiency of existing gateway security of system, the invention provides a kind of Digit Control Machine Tool net security gateway system.This system comprises data communications security subsystem, system safety protection subsystem, the management interface based on the role and telemanagement instrument.When Digit Control Machine Tool net accessing enterprise information net, carry out the authentication of data source authentication, data integrity and the communication unit tropism authenticates by the data communications security subsystem, then protect subsystem by system safety and communicate controllability authentication, abnormal event alarming and security audit.By security gateway system, set up the one way data communication passage of a safety between Enterprise Information Net and Digit Control Machine Tool net, realized the security mechanisms such as data source authentication, data integrity and communication unit tropism.In security gateway system inside, the security mechanisms such as communication controllability, abnormal event alarming, security audit and safety management are provided, further strengthened security of system.Security mechanism and security mechanism combine, and the security risk of Digit Control Machine Tool net access is reduced in controlled range, can solve the high technical problem of security risk of direct access way.
The technical solution adopted for the present invention to solve the technical problems is: a kind of Digit Control Machine Tool net security gateway system is characterized in comprising data communications security subsystem, system safety protection subsystem, the management interface based on the role and telemanagement instrument.
The data communications security subsystem is realized data source authentication, data integrity and communication unit tropism.The data source white list adopts the XML language description, and the one-way hash function in data source authentication and data integrity protection adopts the MD5 algorithm to realize.
System safety protection subsystem is realized communication controllability, abnormal event alarming and security audit.Communication controllability white list adopts the XML language description, and utilizes the API of operating system to realize its communication control function.Abnormal event alarming adopts screen display, SMS and E-mail mode, and the anomalous event details are recorded in journal file.Anomalous event comprises the accessing operation that excludes white list and the abnormal behaviour of breach of security rule.Journal file comprises two proper communication behavioural informations and exceptional communication behavioural information, and identifies different danger classes according to the order of severity of anomalous event.Journal file adopts the standard logs form record that rolled, and provides information when journal file is about to write all over, requires the timely backup log file of keeper.
Management interface module based on the role provides the management interface based on the role for the telemanagement instrument, comprise system manager and security audit person that the role separates, the system manager mainly is responsible for white list and safety regulation foundation and editor, abnormal event alarming information processing, checks that algorithm upgrades and maintenance and other the operations such as system management; Security audit person mainly is responsible for log information inquiry, audit and backup operation.
The telemanagement instrument, for the user provides the management platform of the security gateway based on the B/S three-decker, comprises secure configuration management, system operational management, anomalous event management, log query and security audit function.System manager and security audit person's role and account are divided and are arranged, and login and identity are differentiated separately separately, form the supervision mechanism of restriction mutually, guarantee fail safe and credibility that security gateway is managed.
The invention has the beneficial effects as follows: this system comprises data communications security subsystem, system safety protection subsystem, the management interface based on the role and telemanagement instrument.When Digit Control Machine Tool net accessing enterprise information net, carry out the authentication of data source authentication, data integrity and the communication unit tropism authenticates by the data communications security subsystem, then protect subsystem by system safety and communicate controllability authentication, abnormal event alarming and security audit.By security gateway system, set up the one way data communication passage of a safety between Enterprise Information Net and Digit Control Machine Tool net, realized the security mechanisms such as data source authentication, data integrity and communication unit tropism.In security gateway system inside, the security mechanisms such as communication controllability, abnormal event alarming, security audit and safety management are provided, further strengthened security of system.Security mechanism and security mechanism combine, and the security risk of Digit Control Machine Tool net access is reduced in controlled range, have solved the high technical problem of security risk of direct access way.
Below in conjunction with drawings and Examples, the present invention is elaborated.
Embodiment
Digit Control Machine Tool net security gateway system of the present invention comprises data communications security subsystem, system safety protection subsystem, the management interface based on the role and telemanagement instrument.
(1) data communications security subsystem: mainly realize the security mechanisms such as data source authentication, data integrity and communication unit tropism, wherein:
1. the data source white list adopts the XML language to describe, and the one-way hash function in data source authentication adopts the MD5 algorithm to realize.
2. the one-way hash function in the data integrity protection is also to adopt the MD5 algorithm to realize.
In addition, on work station end and controller end, need to realize corresponding with it data file sending and receiving program.
(2) system safety protection subsystem: the main security mechanisms such as communication controllability, abnormal event alarming, security audit of realizing, wherein:
1. the controllability of communicating by letter white list adopts the XML language to describe, and the API(that utilizes operating system is as Windows TDI interface function) realize its communication control function.
2. abnormal event alarming adopts the modes such as screen display, SMS, Email, and the anomalous event details are recorded in journal file.Anomalous event comprises the accessing operation that excludes white list and abnormal behaviour of breach of security rule etc.
3. log recording comprises two category informations: proper communication behavioural information and exceptional communication behavioural information, and identify different danger classes according to the order of severity of anomalous event.Journal file adopts the standard logs form record that rolled, and provides information when journal file is about to write all over, requires the timely backup log file of keeper.
(3) the management interface module based on the role: for the telemanagement instrument provides the management interface based on the role, comprise system manager and security audit person that the role separates, the system manager mainly is responsible for white list and safety regulation foundation and editor, abnormal event alarming information processing, checks that algorithm upgrades and maintenance and other the operations such as system management; Security audit person mainly is responsible for the operations such as log information inquiry, audit, backup.
(4) telemanagement instrument: for the user provides the management platform of the security gateway based on the B/S three-decker, comprise the functions such as secure configuration management, system operational management, anomalous event management and log query, security audit.System manager and security audit person's role and account minute are arranged, and login and identity are differentiated separately separately, form the supervision mechanism of restriction mutually, guarantee fail safe and the credibility of security gateway management.
The security mechanism that security gateway system mainly is achieved as follows:
(1) data source authentication: by the data source authentication mechanism based on white list, data source is authenticated, only have the data source (work station) on white list just to allow to initiate the TCP connection, transmission data file, prevent rogue program and attack interference and the destruction to the Digit Control Machine Tool net.
(2) data integrity: by one-way hash function, transmitted data file is carried out to integrity protection, prevent that data file from illegally being distorted in transmitting procedure.
(3) communication unit tropism: by one-way communication mechanism, only allowing Enterprise Information Net to initiate TCP to the Digit Control Machine Tool net connects and transmission data file, and forbid oppositely connecting and transmitting data, and prevent from utilizing Digit Control Machine Tool net Entry Firm information network without permission, implement unlawful activities.
(4) communication controllability: by the controlled mechanism of the communication based on white list, network service behavior to process, services and applications on security gateway system is controlled, only have the credible program on white list just to allow to carry out network communication operations, prevent that rogue program is to Enterprise Information Net or to Digit Control Machine Tool net initiation network attack.
(5) operation retrospective: by log recording and Security Auditing Mechanism, operation behaviors all on security gateway system and security incident are recorded and audit, and anomalous event is sent to warning in time.For assessing security risk, trace assailant's responsibility foundation and evidence be provided.
Below describe the present invention in detail.
1. data source authentication mechanism.
Each allows the work station of access control machine, must identify with 32 authentication codes and IP address, and registration in advance is in the data source white list of security gateway system.
Data source authentication is divided into two stages:
(1) preliminary authentication: send while setting up the TCP connection request to the controller (abbreviation controller) of Digit Control Machine Tool net when the work station (abbreviation work station) of Enterprise Information Net is used Transmission Control Protocol, at first security gateway system receives sets up the TCP connection request, then extract source IP address, data query source white list, take and determine whether as believable data source.If incredible data source does not allow to set up TCP and connects, end this operation.
(2) final authentication: connect if allow to set up TCP, work station is used one-way hash function to do hash calculating to oneself authentication code and IP address, obtain the data source hashed value, and construct a data structure, comprising data file, filename, data file hashed value, data source hashed value etc., by the tcp data bag, send to controller.At first security gateway system receives the tcp data bag, extract the data source hashed value, then use data source authentication code and IP address in identical one-way hash function calculated data source white list, the hashed value that obtains and the hashed value of extraction are compared, if identical, illustrate that this data source is believable data source, proceeds to follow-up processing; Otherwise be illegal data source, end this operation.Final authentication is attacked mainly for preventing IP spoofing.
2. data integrity mechanism.
Work station is used one-way hash function to do hash to the data file that will transmit and calculates, obtain the data file hashed value, and construct a data structure, comprising data file, filename, data file hashed value, data source hashed value etc., by the tcp data bag, send to controller.At first security gateway system receives the tcp data bag, extract the data file hashed value, then use identical one-way hash function to calculate the hashed value of received data file, compare two hashed values, if identical, illustrate that received data file is complete, be not tampered, proceed to follow-up processing; Otherwise illustrate that data file is tampered, end this operation.
3. communication unit tropism mechanism.
Security gateway system, after checking by data source authentication and data integrity, sends and sets up the TCP connection request to controller.When security gateway system receive controller allow set up the TCP connection response after, send the tcp data bag only comprise data file and filename to controller.Controller receives the tcp data bag, file is stored under the catalogue of appointment, completes this data file and transmits, and has realized the safe transfer of data file.Under any circumstance, security gateway system is all forbidden the communication request from controller, mainly for preventing from utilizing Digit Control Machine Tool net Entry Firm information network without permission, implements unlawful activities.
4. communication controllability mechanism.
In advance by allowing to carry out the process of network service on security gateway system, the title of services and applications is registered in the credible program white list of security gateway system.After the security gateway system operation, for any process, services and applications of attempting to start network service, system will be inquired about credible program white list, if its program name appears in white list, allow to carry out network communication operations, otherwise forbid this program execution.Initiate network attack mainly for preventing the rogue programs such as virus, wooden horse to Enterprise Information Net or to the Digit Control Machine Tool net.
5. Security Auditing Mechanism.
Operation behavior and security incidents all on security gateway system all will be recorded in journal file, and the information of record comprises: program module, seriousness, time, host name or IP, process name, process ID and the text etc. that produce daily record.In order to guarantee the integrality of log information, take following safeguard measure: (1) information of preventing is distorted: system forbids revising or deleting the log information in journal file usually, to keep the integrality of log information.(2) prevent loss of data: produce loss of data in order to prevent journal file from writing all over, system will be according to the journal file length of Administrator, file size is monitored, when reaching the higher limit of setting, provide continuously warning message, remind keeper's current daily record data of backup in time, to prevent loss of data.
Security audit is by the user's operation behavior in system and the statistical analysis of security incident, the violation operation that may exist in therefrom discovery system, anomalous event, attack and system vulnerability etc., for electronic evidence-collecting and the trackability of security incident provides technological means.The keeper is by the system management facility bookkeeping of auditing, and comprises that system parameters configuration, log information are checked, event statistical analysis, alarm information processing, log information backup etc.