CN104618353A - Computer security network - Google Patents

Computer security network Download PDF

Info

Publication number
CN104618353A
CN104618353A CN201510022008.2A CN201510022008A CN104618353A CN 104618353 A CN104618353 A CN 104618353A CN 201510022008 A CN201510022008 A CN 201510022008A CN 104618353 A CN104618353 A CN 104618353A
Authority
CN
China
Prior art keywords
security
network
computer
intranet
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510022008.2A
Other languages
Chinese (zh)
Inventor
徐立新
李庆亮
戚新波
于琨
孙冬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Henan Mechanical and Electrical Engineering College
Original Assignee
Henan Mechanical and Electrical Engineering College
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan Mechanical and Electrical Engineering College filed Critical Henan Mechanical and Electrical Engineering College
Priority to CN201510022008.2A priority Critical patent/CN104618353A/en
Publication of CN104618353A publication Critical patent/CN104618353A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a computer security network to prevent the entire computer network from information leakage, information pollution, information control and the like. The computer security network comprises a physical isolation system, a desktop security system, an anti-virus system, an identity recognition system, an access control system, a security audit system, an intrusion detection system and a security management system, wherein the physical isolation system is used for realizing isolation of intranet and extranet of an organization on a physical line; the desktop security system is used for encrypting important information of a user through a file mode and storing on a disk of a computer; the anti-virus system is used for realizing virus security protection of the whole network; the identity recognition system can be used for performing security certification of different degrees for login personnel; the access control system is used for performing access control over the personnel who pass the identity recognition system; the security audit system is used for performing comprehensive audit on the intranet in the organization; the intrusion detection system is used for monitoring events occurring in the intranet of the organization and analyzing the events to recognize intrusion behaviors which endanger the intranet information security of the organization; the security management system is used for performing centralized management and configuration on the network and the computers in the organization.

Description

A kind of computer security network
Technical field
The present invention relates to field of computer technology, particularly relate to a kind of computer security network.
Background technology
Along with going deep into of IT application process and developing rapidly of network, there is huge change in work, the studying and living mode of people, efficiency greatly improves, and information resources are farthest shared.But, while Informatization Development, some problems also produced, such as: information leakage, information pollution, information are uncontrolled, serious harm national interests, social benefit and individual or group interest.The problems referred to above need solution badly.
Summary of the invention
For solving the technical problem existed in background technology, the present invention proposes a kind of available protecting computer network not by the computer security network of information leakage, pollution, control etc.
A kind of computer security network that the present invention proposes, comprising:
Physical Disconnection System, it realizes unit Intranet and the isolation of outer net on physical circuit;
Desktop security system, the important information of user is encrypted by the mode of file and is stored on the disk of computer by it;
Virus protection system, it is configured on server and unit, realizes the virus safe protection of the whole network;
Identification system, the personnel logging in computer network are divided into keeper, Authorized operation person, unauthorized operator by it, when there is personnel's request and logging in computer network, its safety certification can carrying out in various degree respectively to keeper and Authorized operation person, makes unauthorized operator to log in use;
Access control system, it to conduct interviews control to the personnel by identification system, and be subject to access rights restriction when making keeper and authorized person access unit Intranet respectively, wherein, the access rights of keeper are better than the access rights of authorized person;
Safety auditing system, it carries out the audit of Comprehensive to unit Intranet, makes the behavior of stealing identity network internal resource obtain complete record;
Intruding detection system, it monitors event in unit Intranet and analyzes it, to identify the intrusion behavior jeopardizing unit Intranet information security, and sends alarm signal in time;
Safety management system, its management of concentrating the network in unit and computer, configuration, ensure the configuration safety of whole computer network.
Preferably, unit Intranet and outer net separate cabling.
Preferably, identification system adopts static password to carry out authentication.
Preferably, safety management system can carry out safety management to the software of described computer security network, system.
The computer security network that the present invention proposes, propose and comprise Physical Disconnection System, desktop security system, virus protection system, identification system, access control system, safety auditing system, intruding detection system, safety management system, achieve the security protection multi-level to computer network, whole information security of computer network is protected, and it is not by information leakage, information pollution, information control etc.
Accompanying drawing explanation
Fig. 1 is the structural representation of a kind of computer security network that the present invention proposes.
Embodiment
As shown in Figure 1, Fig. 1 is the structural representation of a kind of computer security network that the present invention proposes.
With reference to Fig. 1, the present invention proposes a kind of computer security network, comprising:
Physical Disconnection System realizes unit Intranet and the isolation of outer net on physical circuit by separate cabling, for the computer of outer net, selects special plane to surf the Net when number is more, by circuit isolation online time fewer in number.
The important information of user is all generally be stored on computer disk by the form of file; user can be searched easily, revise and other operations; but the information that also result in user is easily revealed simultaneously; particularly all the more so in the situation of mobile office; for this problem; ad hoc meter desktop security system, the important information of user is encrypted by the mode of file and is stored on the disk of computer by it, protects the safety of user file information.
Along with the raising of scientific and technological level, digital technology and Internet technology are also growing, but simultaneously, virus technology also day by day develops, and its propagation velocity is faster, and the scope worked the mischief is also larger, almost arrive all-pervasive stage, in order to avoid user computer is by the infection of virus, server and unit configure virus protection system, to realize protecting the virus safe of the whole network.
Information security is a three-dimensional multi-level safety problem, and it not only relates to the impact of virus, hacker and security breaches, also relates to the leakage problem of internal information.Research shows, the problem that great majority relate to information security is not that external staff does, but internal staff does.For this reason, design a kind of identification system, the personnel logging in computer network are divided into keeper, Authorized operation person, unauthorized operator by it, when there is personnel's request and logging in computer network, its safety certification can carrying out in various degree respectively to keeper and Authorized operation person, makes unauthorized operator to log in use.
Fire compartment wall is basic, the most important and the most most economical security means ensureing network security, when some networks relate to information security, configurable access control system, it to conduct interviews control to the personnel by identification system, access rights restriction is subject to respectively when making keeper and authorized person access unit Intranet, wherein, the access rights of keeper are better than the access rights of authorized person.
Network security is not only simple resist external and inner invasion, more to the tracking of invasion, and will carry out complete record to endanger network security behavior, to hit endanger network security behavior and to retain the evidence of endanger network security behavior.For this reason, design safety auditing system, it carries out the audit of Comprehensive to unit Intranet, makes the behavior of stealing identity network internal resource obtain complete record;
Although fire compartment wall can control access, it is not omnipotent, is limited to the level of control of self, and the behavior of some endanger network securities still can not get controlling.For this reason, design intruding detection system, it can monitor event in unit, and the time occurred is analyzed, when after the behavior that notes abnormalities after it is analyzed, send alarm signal immediately to keeper, and provide the security threat existed in computer or networking, keeper is helped to diagnose Problems existing in current computer or network, to repair in time.
Computer network day by day expands, and the practicality of computer is also more and more extensive, in order to the safety of maintenance calculations machine network and computer, just needs management and the configuration of computer network and computer being carried out to centralization, to ensure the controllability of whole informatization and network.For this reason, design safety management system, it can make above-mentioned safe practice manage, and above-mentioned safe practice is performed, and makes safety measure to have given play to effect.
In such scheme, unit Intranet and outer net separate cabling, achieve unit Intranet and peripheral isolation; Identification system adopts static password to carry out authentication; Safety management system can carry out safety management to the software of described computer security network, system.
The computer security network that the present invention proposes, propose and comprise Physical Disconnection System, desktop security system, virus protection system, identification system, access control system, safety auditing system, intruding detection system, safety management system, achieve the security protection multi-level to computer network, whole information security of computer network is protected, and it is not by information leakage, information pollution, information control etc.
The above; be only the present invention's preferably embodiment; but protection scope of the present invention is not limited thereto; anyly be familiar with those skilled in the art in the technical scope that the present invention discloses; be equal to according to technical scheme of the present invention and inventive concept thereof and replace or change, all should be encompassed within protection scope of the present invention.

Claims (4)

1. a computer security network, is characterized in that, comprising:
Physical Disconnection System, it realizes unit Intranet and the isolation of outer net on physical circuit;
Desktop security system, the important information of user is encrypted by the mode of file and is stored on the disk of computer by it;
Virus protection system, it is configured on server and unit, realizes the virus safe protection of the whole network;
Identification system, the personnel logging in computer network are divided into keeper, Authorized operation person, unauthorized operator by it, when there is personnel's request and logging in computer network, its safety certification can carrying out in various degree respectively to keeper and Authorized operation person, makes unauthorized operator to log in use;
Access control system, it to conduct interviews control to the personnel by identification system, and be subject to access rights restriction when making keeper and authorized person access unit Intranet respectively, wherein, the access rights of keeper are better than the access rights of authorized person;
Safety auditing system, it carries out the audit of Comprehensive to unit Intranet, makes the behavior of stealing identity network internal resource obtain complete record;
Intruding detection system, it monitors event in unit Intranet and analyzes it, to identify the intrusion behavior jeopardizing unit Intranet information security, and sends alarm signal in time;
Safety management system, its management of concentrating the network in unit and computer, configuration, ensure the configuration safety of whole computer network.
2. computer security network according to claim 1, is characterized in that, unit Intranet and outer net separate cabling.
3. computer security network according to claim 1, is characterized in that, identification system adopts static password to carry out authentication.
4. computer security network according to claim 1, is characterized in that, safety management system can carry out safety management to the software of described computer security network, system.
CN201510022008.2A 2015-01-16 2015-01-16 Computer security network Pending CN104618353A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510022008.2A CN104618353A (en) 2015-01-16 2015-01-16 Computer security network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510022008.2A CN104618353A (en) 2015-01-16 2015-01-16 Computer security network

Publications (1)

Publication Number Publication Date
CN104618353A true CN104618353A (en) 2015-05-13

Family

ID=53152628

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510022008.2A Pending CN104618353A (en) 2015-01-16 2015-01-16 Computer security network

Country Status (1)

Country Link
CN (1) CN104618353A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106055978A (en) * 2016-05-03 2016-10-26 武珍珍 Novel computer information safety protection lock
CN106302387A (en) * 2016-07-14 2017-01-04 淮南师范学院 A kind of management system of computer network security
CN106503524A (en) * 2016-10-31 2017-03-15 辽东学院 A kind of computer network security guard system
CN108111503A (en) * 2017-12-15 2018-06-01 安徽长泰信息安全服务有限公司 Based on the information safety protection host machine for accessing limitation
CN108205421A (en) * 2016-12-20 2018-06-26 李炳吉 A kind of built-in storage device of novel computer
CN108664777A (en) * 2018-03-16 2018-10-16 济宁医学院 A kind of secure information storage method
CN109376542A (en) * 2018-09-30 2019-02-22 苏州浪潮智能软件有限公司 A kind of security hardening system schema for embedded financial terminal
CN109934010A (en) * 2019-03-15 2019-06-25 温州职业技术学院 A kind of computer information safe stocking system
CN109951471A (en) * 2019-03-13 2019-06-28 郑州轻工业学院 A kind of information security of computer network control device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090165106A1 (en) * 2007-12-21 2009-06-25 International Business Machines Corporation Network Security Management for Ambiguous User Names
CN101582883A (en) * 2009-06-26 2009-11-18 西安电子科技大学 System and method for managing security of general network
KR20120028029A (en) * 2010-09-14 2012-03-22 주식회사 엔씨소프트 Network security management system based on access control request and method thereof
CN103227797A (en) * 2013-05-08 2013-07-31 上海电机学院 Distributive management system of information network security for power enterprises
CN104063756A (en) * 2014-05-23 2014-09-24 国网辽宁省电力有限公司本溪供电公司 Electric power utilization information remote control system
CN203968148U (en) * 2014-06-24 2014-11-26 乐山师范学院 A kind of network security management system with intrusion detection

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090165106A1 (en) * 2007-12-21 2009-06-25 International Business Machines Corporation Network Security Management for Ambiguous User Names
CN101582883A (en) * 2009-06-26 2009-11-18 西安电子科技大学 System and method for managing security of general network
KR20120028029A (en) * 2010-09-14 2012-03-22 주식회사 엔씨소프트 Network security management system based on access control request and method thereof
CN103227797A (en) * 2013-05-08 2013-07-31 上海电机学院 Distributive management system of information network security for power enterprises
CN104063756A (en) * 2014-05-23 2014-09-24 国网辽宁省电力有限公司本溪供电公司 Electric power utilization information remote control system
CN203968148U (en) * 2014-06-24 2014-11-26 乐山师范学院 A kind of network security management system with intrusion detection

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
常艳: "校园网统一身份认证设计及实现", 《网络安全技术与应用》 *
程玲 等: "校园无线网络信息安全综合防御系统研究", 《科技资讯》 *
陈卓 等: "多种身份认证技术在信息系统中的研究与应用", 《网络安全技术与应用》 *
陈琪: "网络安全管理系统的研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106055978A (en) * 2016-05-03 2016-10-26 武珍珍 Novel computer information safety protection lock
CN106302387A (en) * 2016-07-14 2017-01-04 淮南师范学院 A kind of management system of computer network security
CN106503524A (en) * 2016-10-31 2017-03-15 辽东学院 A kind of computer network security guard system
CN106503524B (en) * 2016-10-31 2019-03-15 辽东学院 A kind of computer network security guard system
CN108205421A (en) * 2016-12-20 2018-06-26 李炳吉 A kind of built-in storage device of novel computer
CN108111503A (en) * 2017-12-15 2018-06-01 安徽长泰信息安全服务有限公司 Based on the information safety protection host machine for accessing limitation
CN108664777A (en) * 2018-03-16 2018-10-16 济宁医学院 A kind of secure information storage method
CN109376542A (en) * 2018-09-30 2019-02-22 苏州浪潮智能软件有限公司 A kind of security hardening system schema for embedded financial terminal
CN109951471A (en) * 2019-03-13 2019-06-28 郑州轻工业学院 A kind of information security of computer network control device
CN109934010A (en) * 2019-03-15 2019-06-25 温州职业技术学院 A kind of computer information safe stocking system

Similar Documents

Publication Publication Date Title
CN104618353A (en) Computer security network
Rubio et al. Current cyber-defense trends in industrial control systems
JP6364547B2 (en) System and method for classifying security events as targeted attacks
Nicholson et al. SCADA security in the light of Cyber-Warfare
CN104283889B (en) APT attack detectings and early warning system inside electric system based on the network architecture
Bashir et al. Intrusion detection and prevention system: Challenges & opportunities
CN107888609A (en) A kind of information security of computer network system
CN105229612A (en) Use the detection that the abnormal program of hardware based microarchitecture data performs
Akutota et al. Big data security challenges: An overview and application of user behavior analytics
Rawat et al. Cyber threat exploitation and growth during COVID-19 times
Salama et al. Network security, trust & privacy in a wiredwireless Environments–An Overview
Thilakarathne et al. An overview of security and privacy in smart cities
CN110493200B (en) Industrial control system risk quantitative analysis method based on threat map
Szychter et al. The impact of artificial intelligence on security: a dual perspective
CN106302387A (en) A kind of management system of computer network security
Shaikh et al. A probabilistic model checking (PMC) approach to solve security issues in digital twin (DT)
Thapliyal et al. Security Threats in Healthcare Big Data: A Comparative Study
Asante et al. DIGITAL FORENSIC READINESS FRAMEWORK BASED ON HONEYPOT AND HONEYNET FOR BYOD
Wei et al. Zero Trust Framework In Financial Sector: The Handling Of Machine Learning Based Trust Management
Al-Jarrah et al. Hierarchical detection of insider attacks in cloud computing systems
Manikandan et al. Cyberwar is coming
Asante et al. Digital Forensic Readiness Framework Based on Honeypot Technology for BYOD
Ali et al. Mitis-an insider threats mitigation framework for information systems
Singh et al. Innovative empirical approach for intrusion detection using ANN
Francia III et al. Critical infrastructure protection and security benchmarks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20150513