CN104618353A - Computer security network - Google Patents
Computer security network Download PDFInfo
- Publication number
- CN104618353A CN104618353A CN201510022008.2A CN201510022008A CN104618353A CN 104618353 A CN104618353 A CN 104618353A CN 201510022008 A CN201510022008 A CN 201510022008A CN 104618353 A CN104618353 A CN 104618353A
- Authority
- CN
- China
- Prior art keywords
- security
- network
- computer
- intranet
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a computer security network to prevent the entire computer network from information leakage, information pollution, information control and the like. The computer security network comprises a physical isolation system, a desktop security system, an anti-virus system, an identity recognition system, an access control system, a security audit system, an intrusion detection system and a security management system, wherein the physical isolation system is used for realizing isolation of intranet and extranet of an organization on a physical line; the desktop security system is used for encrypting important information of a user through a file mode and storing on a disk of a computer; the anti-virus system is used for realizing virus security protection of the whole network; the identity recognition system can be used for performing security certification of different degrees for login personnel; the access control system is used for performing access control over the personnel who pass the identity recognition system; the security audit system is used for performing comprehensive audit on the intranet in the organization; the intrusion detection system is used for monitoring events occurring in the intranet of the organization and analyzing the events to recognize intrusion behaviors which endanger the intranet information security of the organization; the security management system is used for performing centralized management and configuration on the network and the computers in the organization.
Description
Technical field
The present invention relates to field of computer technology, particularly relate to a kind of computer security network.
Background technology
Along with going deep into of IT application process and developing rapidly of network, there is huge change in work, the studying and living mode of people, efficiency greatly improves, and information resources are farthest shared.But, while Informatization Development, some problems also produced, such as: information leakage, information pollution, information are uncontrolled, serious harm national interests, social benefit and individual or group interest.The problems referred to above need solution badly.
Summary of the invention
For solving the technical problem existed in background technology, the present invention proposes a kind of available protecting computer network not by the computer security network of information leakage, pollution, control etc.
A kind of computer security network that the present invention proposes, comprising:
Physical Disconnection System, it realizes unit Intranet and the isolation of outer net on physical circuit;
Desktop security system, the important information of user is encrypted by the mode of file and is stored on the disk of computer by it;
Virus protection system, it is configured on server and unit, realizes the virus safe protection of the whole network;
Identification system, the personnel logging in computer network are divided into keeper, Authorized operation person, unauthorized operator by it, when there is personnel's request and logging in computer network, its safety certification can carrying out in various degree respectively to keeper and Authorized operation person, makes unauthorized operator to log in use;
Access control system, it to conduct interviews control to the personnel by identification system, and be subject to access rights restriction when making keeper and authorized person access unit Intranet respectively, wherein, the access rights of keeper are better than the access rights of authorized person;
Safety auditing system, it carries out the audit of Comprehensive to unit Intranet, makes the behavior of stealing identity network internal resource obtain complete record;
Intruding detection system, it monitors event in unit Intranet and analyzes it, to identify the intrusion behavior jeopardizing unit Intranet information security, and sends alarm signal in time;
Safety management system, its management of concentrating the network in unit and computer, configuration, ensure the configuration safety of whole computer network.
Preferably, unit Intranet and outer net separate cabling.
Preferably, identification system adopts static password to carry out authentication.
Preferably, safety management system can carry out safety management to the software of described computer security network, system.
The computer security network that the present invention proposes, propose and comprise Physical Disconnection System, desktop security system, virus protection system, identification system, access control system, safety auditing system, intruding detection system, safety management system, achieve the security protection multi-level to computer network, whole information security of computer network is protected, and it is not by information leakage, information pollution, information control etc.
Accompanying drawing explanation
Fig. 1 is the structural representation of a kind of computer security network that the present invention proposes.
Embodiment
As shown in Figure 1, Fig. 1 is the structural representation of a kind of computer security network that the present invention proposes.
With reference to Fig. 1, the present invention proposes a kind of computer security network, comprising:
Physical Disconnection System realizes unit Intranet and the isolation of outer net on physical circuit by separate cabling, for the computer of outer net, selects special plane to surf the Net when number is more, by circuit isolation online time fewer in number.
The important information of user is all generally be stored on computer disk by the form of file; user can be searched easily, revise and other operations; but the information that also result in user is easily revealed simultaneously; particularly all the more so in the situation of mobile office; for this problem; ad hoc meter desktop security system, the important information of user is encrypted by the mode of file and is stored on the disk of computer by it, protects the safety of user file information.
Along with the raising of scientific and technological level, digital technology and Internet technology are also growing, but simultaneously, virus technology also day by day develops, and its propagation velocity is faster, and the scope worked the mischief is also larger, almost arrive all-pervasive stage, in order to avoid user computer is by the infection of virus, server and unit configure virus protection system, to realize protecting the virus safe of the whole network.
Information security is a three-dimensional multi-level safety problem, and it not only relates to the impact of virus, hacker and security breaches, also relates to the leakage problem of internal information.Research shows, the problem that great majority relate to information security is not that external staff does, but internal staff does.For this reason, design a kind of identification system, the personnel logging in computer network are divided into keeper, Authorized operation person, unauthorized operator by it, when there is personnel's request and logging in computer network, its safety certification can carrying out in various degree respectively to keeper and Authorized operation person, makes unauthorized operator to log in use.
Fire compartment wall is basic, the most important and the most most economical security means ensureing network security, when some networks relate to information security, configurable access control system, it to conduct interviews control to the personnel by identification system, access rights restriction is subject to respectively when making keeper and authorized person access unit Intranet, wherein, the access rights of keeper are better than the access rights of authorized person.
Network security is not only simple resist external and inner invasion, more to the tracking of invasion, and will carry out complete record to endanger network security behavior, to hit endanger network security behavior and to retain the evidence of endanger network security behavior.For this reason, design safety auditing system, it carries out the audit of Comprehensive to unit Intranet, makes the behavior of stealing identity network internal resource obtain complete record;
Although fire compartment wall can control access, it is not omnipotent, is limited to the level of control of self, and the behavior of some endanger network securities still can not get controlling.For this reason, design intruding detection system, it can monitor event in unit, and the time occurred is analyzed, when after the behavior that notes abnormalities after it is analyzed, send alarm signal immediately to keeper, and provide the security threat existed in computer or networking, keeper is helped to diagnose Problems existing in current computer or network, to repair in time.
Computer network day by day expands, and the practicality of computer is also more and more extensive, in order to the safety of maintenance calculations machine network and computer, just needs management and the configuration of computer network and computer being carried out to centralization, to ensure the controllability of whole informatization and network.For this reason, design safety management system, it can make above-mentioned safe practice manage, and above-mentioned safe practice is performed, and makes safety measure to have given play to effect.
In such scheme, unit Intranet and outer net separate cabling, achieve unit Intranet and peripheral isolation; Identification system adopts static password to carry out authentication; Safety management system can carry out safety management to the software of described computer security network, system.
The computer security network that the present invention proposes, propose and comprise Physical Disconnection System, desktop security system, virus protection system, identification system, access control system, safety auditing system, intruding detection system, safety management system, achieve the security protection multi-level to computer network, whole information security of computer network is protected, and it is not by information leakage, information pollution, information control etc.
The above; be only the present invention's preferably embodiment; but protection scope of the present invention is not limited thereto; anyly be familiar with those skilled in the art in the technical scope that the present invention discloses; be equal to according to technical scheme of the present invention and inventive concept thereof and replace or change, all should be encompassed within protection scope of the present invention.
Claims (4)
1. a computer security network, is characterized in that, comprising:
Physical Disconnection System, it realizes unit Intranet and the isolation of outer net on physical circuit;
Desktop security system, the important information of user is encrypted by the mode of file and is stored on the disk of computer by it;
Virus protection system, it is configured on server and unit, realizes the virus safe protection of the whole network;
Identification system, the personnel logging in computer network are divided into keeper, Authorized operation person, unauthorized operator by it, when there is personnel's request and logging in computer network, its safety certification can carrying out in various degree respectively to keeper and Authorized operation person, makes unauthorized operator to log in use;
Access control system, it to conduct interviews control to the personnel by identification system, and be subject to access rights restriction when making keeper and authorized person access unit Intranet respectively, wherein, the access rights of keeper are better than the access rights of authorized person;
Safety auditing system, it carries out the audit of Comprehensive to unit Intranet, makes the behavior of stealing identity network internal resource obtain complete record;
Intruding detection system, it monitors event in unit Intranet and analyzes it, to identify the intrusion behavior jeopardizing unit Intranet information security, and sends alarm signal in time;
Safety management system, its management of concentrating the network in unit and computer, configuration, ensure the configuration safety of whole computer network.
2. computer security network according to claim 1, is characterized in that, unit Intranet and outer net separate cabling.
3. computer security network according to claim 1, is characterized in that, identification system adopts static password to carry out authentication.
4. computer security network according to claim 1, is characterized in that, safety management system can carry out safety management to the software of described computer security network, system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510022008.2A CN104618353A (en) | 2015-01-16 | 2015-01-16 | Computer security network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510022008.2A CN104618353A (en) | 2015-01-16 | 2015-01-16 | Computer security network |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104618353A true CN104618353A (en) | 2015-05-13 |
Family
ID=53152628
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510022008.2A Pending CN104618353A (en) | 2015-01-16 | 2015-01-16 | Computer security network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104618353A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106055978A (en) * | 2016-05-03 | 2016-10-26 | 武珍珍 | Novel computer information safety protection lock |
CN106302387A (en) * | 2016-07-14 | 2017-01-04 | 淮南师范学院 | A kind of management system of computer network security |
CN106503524A (en) * | 2016-10-31 | 2017-03-15 | 辽东学院 | A kind of computer network security guard system |
CN108111503A (en) * | 2017-12-15 | 2018-06-01 | 安徽长泰信息安全服务有限公司 | Based on the information safety protection host machine for accessing limitation |
CN108205421A (en) * | 2016-12-20 | 2018-06-26 | 李炳吉 | A kind of built-in storage device of novel computer |
CN108664777A (en) * | 2018-03-16 | 2018-10-16 | 济宁医学院 | A kind of secure information storage method |
CN109376542A (en) * | 2018-09-30 | 2019-02-22 | 苏州浪潮智能软件有限公司 | A kind of security hardening system schema for embedded financial terminal |
CN109934010A (en) * | 2019-03-15 | 2019-06-25 | 温州职业技术学院 | A kind of computer information safe stocking system |
CN109951471A (en) * | 2019-03-13 | 2019-06-28 | 郑州轻工业学院 | A kind of information security of computer network control device |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090165106A1 (en) * | 2007-12-21 | 2009-06-25 | International Business Machines Corporation | Network Security Management for Ambiguous User Names |
CN101582883A (en) * | 2009-06-26 | 2009-11-18 | 西安电子科技大学 | System and method for managing security of general network |
KR20120028029A (en) * | 2010-09-14 | 2012-03-22 | 주식회사 엔씨소프트 | Network security management system based on access control request and method thereof |
CN103227797A (en) * | 2013-05-08 | 2013-07-31 | 上海电机学院 | Distributive management system of information network security for power enterprises |
CN104063756A (en) * | 2014-05-23 | 2014-09-24 | 国网辽宁省电力有限公司本溪供电公司 | Electric power utilization information remote control system |
CN203968148U (en) * | 2014-06-24 | 2014-11-26 | 乐山师范学院 | A kind of network security management system with intrusion detection |
-
2015
- 2015-01-16 CN CN201510022008.2A patent/CN104618353A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090165106A1 (en) * | 2007-12-21 | 2009-06-25 | International Business Machines Corporation | Network Security Management for Ambiguous User Names |
CN101582883A (en) * | 2009-06-26 | 2009-11-18 | 西安电子科技大学 | System and method for managing security of general network |
KR20120028029A (en) * | 2010-09-14 | 2012-03-22 | 주식회사 엔씨소프트 | Network security management system based on access control request and method thereof |
CN103227797A (en) * | 2013-05-08 | 2013-07-31 | 上海电机学院 | Distributive management system of information network security for power enterprises |
CN104063756A (en) * | 2014-05-23 | 2014-09-24 | 国网辽宁省电力有限公司本溪供电公司 | Electric power utilization information remote control system |
CN203968148U (en) * | 2014-06-24 | 2014-11-26 | 乐山师范学院 | A kind of network security management system with intrusion detection |
Non-Patent Citations (4)
Title |
---|
常艳: "校园网统一身份认证设计及实现", 《网络安全技术与应用》 * |
程玲 等: "校园无线网络信息安全综合防御系统研究", 《科技资讯》 * |
陈卓 等: "多种身份认证技术在信息系统中的研究与应用", 《网络安全技术与应用》 * |
陈琪: "网络安全管理系统的研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106055978A (en) * | 2016-05-03 | 2016-10-26 | 武珍珍 | Novel computer information safety protection lock |
CN106302387A (en) * | 2016-07-14 | 2017-01-04 | 淮南师范学院 | A kind of management system of computer network security |
CN106503524A (en) * | 2016-10-31 | 2017-03-15 | 辽东学院 | A kind of computer network security guard system |
CN106503524B (en) * | 2016-10-31 | 2019-03-15 | 辽东学院 | A kind of computer network security guard system |
CN108205421A (en) * | 2016-12-20 | 2018-06-26 | 李炳吉 | A kind of built-in storage device of novel computer |
CN108111503A (en) * | 2017-12-15 | 2018-06-01 | 安徽长泰信息安全服务有限公司 | Based on the information safety protection host machine for accessing limitation |
CN108664777A (en) * | 2018-03-16 | 2018-10-16 | 济宁医学院 | A kind of secure information storage method |
CN109376542A (en) * | 2018-09-30 | 2019-02-22 | 苏州浪潮智能软件有限公司 | A kind of security hardening system schema for embedded financial terminal |
CN109951471A (en) * | 2019-03-13 | 2019-06-28 | 郑州轻工业学院 | A kind of information security of computer network control device |
CN109934010A (en) * | 2019-03-15 | 2019-06-25 | 温州职业技术学院 | A kind of computer information safe stocking system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104618353A (en) | Computer security network | |
Rubio et al. | Current cyber-defense trends in industrial control systems | |
JP6364547B2 (en) | System and method for classifying security events as targeted attacks | |
Nicholson et al. | SCADA security in the light of Cyber-Warfare | |
CN104283889B (en) | APT attack detectings and early warning system inside electric system based on the network architecture | |
Bashir et al. | Intrusion detection and prevention system: Challenges & opportunities | |
CN107888609A (en) | A kind of information security of computer network system | |
CN105229612A (en) | Use the detection that the abnormal program of hardware based microarchitecture data performs | |
Akutota et al. | Big data security challenges: An overview and application of user behavior analytics | |
Rawat et al. | Cyber threat exploitation and growth during COVID-19 times | |
Salama et al. | Network security, trust & privacy in a wiredwireless Environments–An Overview | |
Thilakarathne et al. | An overview of security and privacy in smart cities | |
CN110493200B (en) | Industrial control system risk quantitative analysis method based on threat map | |
Szychter et al. | The impact of artificial intelligence on security: a dual perspective | |
CN106302387A (en) | A kind of management system of computer network security | |
Shaikh et al. | A probabilistic model checking (PMC) approach to solve security issues in digital twin (DT) | |
Thapliyal et al. | Security Threats in Healthcare Big Data: A Comparative Study | |
Asante et al. | DIGITAL FORENSIC READINESS FRAMEWORK BASED ON HONEYPOT AND HONEYNET FOR BYOD | |
Wei et al. | Zero Trust Framework In Financial Sector: The Handling Of Machine Learning Based Trust Management | |
Al-Jarrah et al. | Hierarchical detection of insider attacks in cloud computing systems | |
Manikandan et al. | Cyberwar is coming | |
Asante et al. | Digital Forensic Readiness Framework Based on Honeypot Technology for BYOD | |
Ali et al. | Mitis-an insider threats mitigation framework for information systems | |
Singh et al. | Innovative empirical approach for intrusion detection using ANN | |
Francia III et al. | Critical infrastructure protection and security benchmarks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150513 |