CN111031109B - Method for network safety equipment backup and synchronous management - Google Patents

Method for network safety equipment backup and synchronous management Download PDF

Info

Publication number
CN111031109B
CN111031109B CN201911204680.8A CN201911204680A CN111031109B CN 111031109 B CN111031109 B CN 111031109B CN 201911204680 A CN201911204680 A CN 201911204680A CN 111031109 B CN111031109 B CN 111031109B
Authority
CN
China
Prior art keywords
backup
special debugging
network security
management server
files
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911204680.8A
Other languages
Chinese (zh)
Other versions
CN111031109A (en
Inventor
蒋婷
李和先
肖平
零颖俏
徐超强
范耀波
刘新杰
梁策
邓倩兰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fangchenggang Power Supply Bureau of Guangxi Power Grid Co Ltd
Original Assignee
Fangchenggang Power Supply Bureau of Guangxi Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fangchenggang Power Supply Bureau of Guangxi Power Grid Co Ltd filed Critical Fangchenggang Power Supply Bureau of Guangxi Power Grid Co Ltd
Priority to CN201911204680.8A priority Critical patent/CN111031109B/en
Publication of CN111031109A publication Critical patent/CN111031109A/en
Application granted granted Critical
Publication of CN111031109B publication Critical patent/CN111031109B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a method for backing up and synchronously managing network safety equipment, which comprises the following steps: (1) Establishing a file directory in a special debugging notebook according to the device type and name of the network security equipment, accessing the special debugging notebook into the network security equipment to export a configuration file, and carrying out encryption compression after capturing a picture to the specified directory in detail; (2) The method comprises the steps that a backup management server and a plurality of special debugging notebooks are networked through a switch, and backup files are uploaded to the backup management server through accessing a specified service webpage in the special debugging notebooks; (3) The backup management server automatically reminds the network safety equipment needing backup in the near future according to the uploading time of the backup file and the set backup period; (4) The user can download the backup files from the backup management server to the special debugging notebook computer, and can also automatically synchronize the appointed directories of a plurality of special debugging notebook computers, thereby realizing the backup and synchronous management of the network security equipment.

Description

Method for network safety equipment backup and synchronous management
Technical Field
The invention belongs to the field of network security, and particularly relates to a method for backing up and synchronously managing network security equipment.
Background
According to the requirements of safety protection regulations of power monitoring systems, business systems based on computers and network technologies in power generation enterprises and power grid enterprises are divided into a production control area and a management information area in principle. The production control large area can be divided into a control area and a non-control area. A special electric power longitudinal encryption authentication device or an encryption authentication gateway and corresponding facilities which are subjected to detection and authentication by a national specified department are arranged at the longitudinal connection position of a production control large area and a wide area network of a power plant and a transformer substation with important protection, so that bidirectional identity authentication, data encryption and access control are realized. A special transverse one-way safety isolation device for electric power, which is detected and authenticated by a national specified department, is arranged between a production control area and a management information area, and the isolation strength is close to or reaches physical isolation. The network equipment with access control function, firewall or equivalent facility should be adopted between the safety zones in the production control area to realize logic isolation.
Therefore, the network security devices of the power monitoring system are various in types and large in number, such as a power-dedicated longitudinal encryption authentication device, a power-dedicated transverse one-way security isolation device and a firewall, and the backup and change operations of the devices need to be matched with a dedicated debugging notebook, and different operators have inconsistent backup modes and paths when maintaining the devices, so that backup files of a plurality of dedicated debugging notebooks are not synchronous, once a network security device fails, the latest available backup files cannot be found immediately for recovery operations, and the backup files are stored in the dedicated debugging notebooks sporadically, so that the requirements of security and confidentiality of backup file storage are not met.
Disclosure of Invention
The invention aims to provide a method for backing up and synchronously managing network safety equipment, aiming at the problems that the regular backing up of the network safety equipment of a power monitoring system and the backup files for changing the backing up are difficult to synchronize in the prior art. The special debugging notebooks automatically carry out backup file synchronization on the appointed directories in a mode of combining timing synchronization and change synchronization, the backup files of any special debugging notebook are ensured to be the same, the backup management server stores complete backup files, and the phenomenon that the latest backup is not carried out for recovery when the network safety equipment fails is avoided.
The scheme of the invention is realized by the following steps:
a method for backing up and synchronously managing network safety equipment comprises the following steps:
step (1) file backup of network security equipment: establishing a corresponding file directory in a special debugging notebook according to the device type and name of the network security equipment, accessing the special debugging notebook into the network security equipment, exporting the configuration file of the network security equipment according to the use instruction of the network security equipment, capturing the configuration file into the directory specified by the special debugging notebook in detail, and encrypting and compressing the backup file;
and (2) uploading and synchronizing the backup files: the backup management server and the special debugging notebooks are set with appointed IP addresses and then are networked through the switchboard, backup files in the special debugging notebooks are perfected by accessing appointed service webpages, the perfected contents comprise equipment names, equipment types, IP addresses, installation positions, backup reasons, operations (backup, modification, deletion) and the like, and then the backup files are uploaded to the backup management server. The backup management server automatically records the uploading time, so that the configuration file synchronization from the special debugging notebook to the backup management server is realized;
and (3) downloading and synchronizing the backup files: after the special debugging notebook uploads the backup files, the backup management server automatically reminds the network security equipment needing backup recently according to the uploading time of the backup files and the set backup period, a user downloads the backup files from the backup management server to the specified directories of other special debugging notebooks for synchronization by accessing the specified service webpage, or automatically synchronizes the backup files of the specified directories of a plurality of networking special debugging notebooks by adopting a mode of combining timing synchronization and change synchronization, so that the backup files of any special debugging notebook are the same, and the backup and synchronous management of the network security equipment is realized.
As a further description of the present invention, the dedicated debugging notebook accesses the network security device through a network cable or a serial port cable. Different access modes are adopted according to different types, manufacturers and models of the network security equipment.
As a further explanation of the present invention, the dedicated debugging notebook uploads the backup file to the backup management server by accessing the specified service web page.
As a further illustration of the present invention, the configuration files include policies, certificates, tunnels, and the like.
As a further explanation of the invention, the device types comprise a firewall, a longitudinal encryption authentication device special for electric power, a transverse one-way safety isolation device special for electric power and the like. And performing backup according to options of setting equipment name, equipment type, IP address, installation position, backup reason, operation (backup, modification, deletion) and the like of each equipment.
The invention has the following good effects:
1. the backup files in the special debugging notebook are uploaded to the backup management server in a web page friendly interaction mode, and meanwhile, a downloading service is provided to download the backup files to the designated equipment and the directory, so that the backup management server is ensured to store the complete backup files, and the different-computer storage and the safe and uniform management of the backup files are realized. Meanwhile, the backup management server automatically reminds the network security equipment needing backup in the near future according to the uploading time of the backup file and the backup period set manually.
2. The method can realize the automatic synchronization of the backup files of a plurality of special debugging notebooks, automatically carry out the backup file synchronization of the appointed catalogue by adopting the mode of combining the timing synchronization and the change synchronization, ensure that the backup files of any special debugging notebooks are the same, and further ensure the consistency of the backup files of the special debugging notebooks.
Drawings
Fig. 1 is a schematic diagram of a connection manner between a dedicated debugging notebook and a network security device according to the present invention.
Fig. 2 is a schematic diagram of a backup management server and a plurality of special debugging notebooks networking according to the present invention.
Detailed Description
The method for backup and synchronization management of network security devices according to the present invention is described below with reference to the following embodiments, which are not intended to limit the present invention further.
Example (b):
a method for network security device backup and synchronous management comprises the following steps:
step (1) file backup of network security equipment: establishing a corresponding file directory in a special debugging notebook according to the device type and the specific name of the network security equipment, wherein the device type is a firewall, a special longitudinal encryption authentication device for electric power, a special transverse one-way security isolation device for electric power and the like, the special debugging notebook is accessed into the network security equipment in a network wire or serial port wire mode, the access mode is different according to the type, the manufacturer and the model of the network security equipment, configuration files (such as strategies, certificates, tunnels and the like) of the network security equipment are exported and captured in detail into the file directory specified by the special debugging notebook according to the use specification of the network security equipment, and meanwhile, backup files are encrypted and compressed.
And (2) uploading and synchronizing the backup files: the backup management server and the special debugging notebooks are set with the appointed IP addresses and then are networked through the switchboard, backup files in the special debugging notebooks are perfected by accessing the appointed service webpage, the filled contents comprise equipment names, equipment types, IP addresses, installation positions, backup reasons, operations (backup, modification, deletion) and the like, and then the backup files are uploaded to the backup management server. The backup management server automatically records the uploading time, so that the configuration files of the special debugging notebook and the backup management server are synchronized.
And (3) downloading and synchronizing the backup files: after the special debugging notebook uploads the backup files, the backup management server automatically reminds the network security equipment needing backup recently according to the uploading time of the backup files and the set backup period, a user downloads the backup files from the backup management server to the specified directories of other special debugging notebooks for synchronization by accessing the specified service webpage, or automatically synchronizes the backup files of the specified directories of a plurality of special debugging notebooks by combining timing synchronization and change synchronization, so that the backup files of any special debugging notebook are ensured to be the same, and the phenomenon that the network security equipment is failed and has no latest backup for recovery is avoided.
The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications or additions may be made to the described embodiments or alternatives may be employed by those skilled in the art without departing from the spirit or ambit of the invention as defined in the appended claims.

Claims (1)

1. A method for network security device backup and synchronous management is characterized by comprising the following steps:
step 1, file backup of the network security equipment: establishing a corresponding file directory in a special debugging notebook according to the device type and name of the network security equipment, accessing the special debugging notebook into the network security equipment, exporting the configuration file of the network security equipment according to the use instruction of the network security equipment, capturing the configuration file into the directory specified by the special debugging notebook in detail, and encrypting and compressing the backup file;
step 2, uploading and synchronizing the backup files: setting specified IP addresses for a backup management server and a plurality of special debugging notebooks, then networking through a switch, and perfecting backup files in the special debugging notebooks by accessing specified service webpages, wherein the perfected contents comprise equipment names, equipment types, IP addresses, installation positions, backup reasons and operations; then uploading the backup file to a backup management server; the backup management server automatically records the uploading time, so that the configuration file synchronization from the special debugging notebook to the backup management server is realized;
and step 3, downloading and synchronizing the backup files: after the special debugging notebook uploads the backup files, the backup management server automatically reminds the network security equipment needing backup recently according to the uploading time of the backup files and the set backup period, a user downloads the backup files from the backup management server to the specified directories of other special debugging notebooks for synchronization by accessing the specified service webpage downloading mode, or automatically synchronizes the backup files of the specified directories of a plurality of networking special debugging notebooks by adopting a mode of combining timing synchronization and change synchronization, and ensures that the backup files of any special debugging notebook are the same, thereby realizing the backup and synchronous management of the network security equipment;
the special debugging notebook is accessed to the network security equipment in a network cable or serial port cable mode;
the special debugging notebook carries out backup file uploading and downloading service with the backup management server in a webpage friendly interaction mode.
CN201911204680.8A 2019-11-29 2019-11-29 Method for network safety equipment backup and synchronous management Active CN111031109B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911204680.8A CN111031109B (en) 2019-11-29 2019-11-29 Method for network safety equipment backup and synchronous management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911204680.8A CN111031109B (en) 2019-11-29 2019-11-29 Method for network safety equipment backup and synchronous management

Publications (2)

Publication Number Publication Date
CN111031109A CN111031109A (en) 2020-04-17
CN111031109B true CN111031109B (en) 2022-12-06

Family

ID=70207287

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911204680.8A Active CN111031109B (en) 2019-11-29 2019-11-29 Method for network safety equipment backup and synchronous management

Country Status (1)

Country Link
CN (1) CN111031109B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113766031B (en) * 2021-09-13 2023-04-28 杭州安恒信息技术股份有限公司 Method and device for storing note resources and related equipment
CN116414439B (en) * 2023-01-05 2023-11-21 上海弘积信息科技有限公司 Configuration file management method and system in load balancing equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101494651A (en) * 2009-02-11 2009-07-29 江苏敏捷科技股份有限公司 Method for active backup of data
CN101729595A (en) * 2009-11-26 2010-06-09 世导数据通讯(杭州)有限公司 Network backup device and backup method thereof
CN102414657A (en) * 2009-05-01 2012-04-11 微软公司 Shared job scheduling in electronic notebook

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101494651A (en) * 2009-02-11 2009-07-29 江苏敏捷科技股份有限公司 Method for active backup of data
CN102414657A (en) * 2009-05-01 2012-04-11 微软公司 Shared job scheduling in electronic notebook
CN101729595A (en) * 2009-11-26 2010-06-09 世导数据通讯(杭州)有限公司 Network backup device and backup method thereof

Also Published As

Publication number Publication date
CN111031109A (en) 2020-04-17

Similar Documents

Publication Publication Date Title
CN104252500B (en) The fault repairing method and device of a kind of database management platform
CN106250270B (en) A kind of data back up method under cloud computing platform
CN106997306B (en) Method, device and system for migrating physical machine data to cloud
CN111031109B (en) Method for network safety equipment backup and synchronous management
CN104023085A (en) Security cloud storage system based on increment synchronization
CN104348914A (en) Tamper-proofing system file synchronizing system and tamper-proofing system file synchronizing method
CN103226612B (en) A kind of Content Management System based on memory database
CN103873519B (en) A kind of method of data synchronization, client, server, terminal and system
CN106341371A (en) Cloud storage data encryption method and cloud storage system
CN112817791A (en) Mobile terminal monitoring method for mining state of working face cluster
CN102930216B (en) Based on the encrypt file management method of wireless U-disc
CN105677507A (en) Cloud backup system and method for enterprise data
CN102651746A (en) Point-to-point information transmission method, system and device
CN105306216A (en) Power distribution network equipment maintenance system based on mobile network security authentication
CN109917761B (en) Method and system for improving safety protection of power plant distributed control system
CN109286615A (en) A kind of efficiently across LAN data synchronous method
CN110995739A (en) Industry internet control cloud platform
CN113114777B (en) Disaster recovery method and device for multi-node high-availability cluster
CN102546806A (en) Method and system for controlling terminal unit
CN204559620U (en) Remote support system, remote access system and remote assisting system
CN107770030B (en) Stage equipment control system, control method and control device based on VPN technology
EP3407571A1 (en) Method for providing network-based services to user of network storage server, associated network storage server and associated storage system
CN105279454B (en) secure synchronization device and method
CN106992970B (en) Method and system for acquiring power grid fault recording data
CN103970624A (en) Backup method and restoration method for identity authentication all-in-one machine

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant