CN113489727A - Information security management platform system - Google Patents
Information security management platform system Download PDFInfo
- Publication number
- CN113489727A CN113489727A CN202110766083.5A CN202110766083A CN113489727A CN 113489727 A CN113489727 A CN 113489727A CN 202110766083 A CN202110766083 A CN 202110766083A CN 113489727 A CN113489727 A CN 113489727A
- Authority
- CN
- China
- Prior art keywords
- module
- circuit
- level conversion
- management platform
- channel mos
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000006243 chemical reaction Methods 0.000 claims description 50
- 239000003990 capacitor Substances 0.000 claims description 33
- 238000004891 communication Methods 0.000 claims description 19
- 238000002955 isolation Methods 0.000 claims description 12
- 238000012544 monitoring process Methods 0.000 claims description 9
- 238000000034 method Methods 0.000 claims description 4
- 238000012545 processing Methods 0.000 claims description 4
- 238000001914 filtration Methods 0.000 claims description 3
- 238000007667 floating Methods 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 abstract description 6
- 230000007123 defense Effects 0.000 abstract description 5
- 238000007726 management method Methods 0.000 description 36
- 238000013461 design Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 230000010354 integration Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/42—Bus transfer protocol, e.g. handshake; Synchronisation
- G06F13/4282—Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The invention discloses an information security management platform system, in particular to the technical field of multiple platforms, which comprises an information security management center, a wide area network, a plurality of security gateways and a local area network, wherein the local area network is connected with the security gateways in a one-to-one correspondence manner; the associated security gateways are managed in a centralized manner by the network security management center, so that the maintenance difficulty of the security gateways when the network is complicated can be effectively reduced, the network security management center can monitor the running states of all the security gateways in the network in real time, when a certain point is attacked, the purpose of active defense of other points of the network can be realized, and the operation and maintenance cost of an enterprise can be effectively reduced.
Description
Technical Field
The invention relates to the technical field of the Internet of things field, in particular to an information security management platform system.
Background
The big data era has been entered today. Besides the links of data collection and analysis, the exchange and sharing of data become more and more important. At present, databases with detailed data are usually established in various fields, but databases in various industries of society and even databases in different units of the same industry are often customized according to business requirements of the databases, so that great differences exist between system environments, data platforms and the like, and the design of data exchange and sharing is usually lacked at the beginning of construction, thereby forming a 'barrier' to data exchange.
In the application process of multiple platforms, the establishment of a data sharing platform can promote the communication and development of the technology, the data sharing platform is inconvenient to manage after information is published, and is inconvenient to modify when wrong information occurs, so that misleading of a technical scheme is caused, people generate misdistricts, and in addition, the information is published to cause information confusion.
The SI seven-layer protocol and the TCP/IP network protocol aim to construct a reliable interconnection large-scale network, but the initial design of the protocols does not consider the security of the network, and although some encryption security communication protocols can be provided along with the development and the expansion of the network protocols, the network itself is still vulnerable to attacks, such as DDOS attack, port scanning and the like.
The traditional network security protection is passive, and a security policy is preset on a security device to resist network attacks so as to realize the security protection of the network. Although this approach may also be somewhat resistant to network attacks, it does not spread such attack forewarning over larger networks, and thus the network itself cannot dynamically actively resist certain network attacks.
The security of a large network is a system engineering, the network security of the large network should implement centralized policy management and unified deployment, while the prior art security technology is distributed management, and is difficult to implement centralized management and unified deployment.
At present, in the network security protection of the general industrial control system, fewer technical protection measures are adopted, the overall protection is carried out in a system-free mode, the industrial control system is communicated with the traditional IT management system and the Internet along with the management and control integration of the industrial control system, general software, general hardware and general protocols are adopted inside more and more, various threats from the outside are directly faced, and the potential safety hazard of industrial control network information is increased. Meanwhile, the safety consciousness of users in the industrial control industry is insufficient, the overall safety design of the system is not considered in the system design, the phenomenon that only function realization and safety are emphasized exists, and the safety management is also inadequately emphasized in operation and maintenance, so that the possibility that the industrial control system is attacked by viruses and trojans is increased. In the same layer network, unstable factors may also be generated, resulting in network failure.
Disclosure of Invention
In order to overcome the above defects in the prior art, embodiments of the present invention provide an information security management platform system, where a network security management center centrally manages associated security gateways, so as to effectively reduce the difficulty in maintaining the security gateways when a network is complex, and the network security management center can monitor the operating states of all security gateways in the network in real time, so that when a certain point is attacked, the purpose of active defense can be achieved at other points in the network, and the operation and maintenance cost of an enterprise can be effectively reduced.
In order to achieve the purpose, the invention provides the following technical scheme:
an information security management platform system comprises an information security management center, a wide area network, a plurality of security gateways and local area networks which are correspondingly connected with the security gateways one by one, wherein the information security management center is connected with the wide area network, and the wide area network is connected with the local area network through the security gateways;
the information security management center comprises a management platform module, a configuration server module, a log server module, a microcontroller module, a multi-channel serial communication interface module and a data display module; the management platform module, the configuration server module and the log server module are respectively connected with the microcontroller module, and the multi-path serial communication interface module and the data display module are respectively connected with corresponding interfaces of the microcontroller module;
the multi-channel serial communication interface module comprises a control circuit and an interface circuit connected with the control circuit and used for realizing multi-channel serial communication;
the control circuit comprises a memory, a reset circuit, a clock circuit, a power circuit, a JTAG auxiliary circuit and a DSP processor, wherein the memory, the reset circuit, the clock circuit, the power circuit and the JTAG auxiliary circuit are respectively connected with the DSP processor;
the interface circuit comprises a protocol processor, a decoder, an isolation circuit and a level conversion circuit, wherein the decoder is connected with the protocol processor, and the protocol processor is connected with the level conversion circuit through the isolation circuit.
As a further preferable solution of the information security management platform system of the present invention, the level shift circuit includes a signal input terminal, a signal output terminal, a first level shift module for converting a high level signal input by the signal input terminal into a low level signal, and a second level shift module for converting a low level signal output by the first level shift module into a high level signal; the level of the high level signal output by the second level conversion module after conversion is lower than that of the high level signal input by the signal input end;
the input end of the first level conversion module is connected with the signal input end, the output end of the first level conversion module is connected with the input end of the second level conversion module, and the output end of the second level conversion module is connected with the signal output end;
the first level conversion module comprises a first power supply, a first N-channel MOS tube, a first resistor and a first capacitor, wherein the grid electrode of the first N-channel MOS tube is connected with the input end of the first level conversion module, the source electrode of the first N-channel MOS tube is grounded, the drain electrode of the first N-channel MOS tube is connected with one end of the first resistor, the other end of the first resistor is connected with the first power supply, the anode of the first capacitor is connected with the drain electrode of the first N-channel MOS tube and the output end of the first level conversion module, and the cathode of the first capacitor is grounded;
the second level conversion module comprises a second power supply, a second N-channel MOS tube, a second resistor and a second capacitor, the grid electrode of the second N-channel MOS tube is connected with the input end of the second level conversion module, the source electrode of the second N-channel MOS tube is grounded, the drain electrode of the second N-channel MOS tube is connected with one end of the second resistor, the other end of the second resistor is connected with the second power supply, the anode of the second capacitor is connected with the drain electrode of the second N-channel MOS tube and the output end of the second level conversion module, and the cathode of the second capacitor is grounded.
As a further preferable scheme of the information security management platform system of the present invention, the management platform comprises an administrator user access module, a configuration editing module and a status display module; the administrator user access module is responsible for authenticating the identity of the login user; the configuration editing module is used for defining a security policy; and the state display module is used for displaying the configuration data and the running state of all the security gateways managed by the current management center and acquiring the log information of the network through the module.
As a further preferred scheme of the information security management platform system of the present invention, the configuration server module comprises a configuration issuing module, a configuration database module, an event processing module and a state monitoring and analyzing module; the configuration database module is used for storing configuration data issued by the management platform; the state monitoring and analyzing module is used for periodically acquiring the running state of the security gateway in the network through a get method of a netconf protocol, monitoring the running condition of the network in real time and dynamically adjusting the security policy.
As a further preferable scheme of the information security management platform system of the present invention, the log server includes a log collection module and a log storage module, the log collection module is responsible for collecting system log information uploaded by the security gateway, the log storage module is used for storing log information of the security gateway, and the log storage module is used for storing log information of the security gateway according to host and log grades in a classified manner
As a further preferable scheme of the information security management platform system, the DSP processor selects a TI floating point operation low-power consumption chip TMS320C6748, the dominant frequency of the chip TMS is 456 MHz, and the DSP processor has the operation capability of 3648 MIPS and 2756 MFLOPS.
As a further preferable scheme of the information security management platform system, the power supply circuit adopts an integrated power supply mode, namely, the core voltage and the I/O voltage are supplied by the same power supply module, the core voltage is 1.2V, the I/O voltage is 1.8V and 3.3V, and a power supply management chip TPS650061RUK is adopted.
As a further preferable scheme of the information security management platform system of the present invention, the level shift circuit further includes a third capacitor for filtering, one end of a negative electrode of the third capacitor is grounded, and one end of a positive electrode of the third capacitor is connected to a middle position between the signal input terminal and the input terminal of the first level shift module, and is respectively connected in parallel to the first N-channel MOS transistor, the first capacitor, the second N-channel MOS transistor, and the second capacitor.
As a further preferable scheme of the information security management platform system of the present invention, the memory includes a RAM memory and a Flash memory, the RAM memory and the Flash memory are respectively connected to the DSP processor, the RAM memory employs a TI low-power-consumption high-speed RAM mt47H64M16 chip, and the Flash memory employs a span corporation S29GL128N chip.
As a further preferable scheme of the information security management platform system of the present invention, the isolation circuit employs a six-channel digital isolator ADuM7643 of ADI corporation, for implementing digital isolation of the interface circuit.
The invention has the technical effects and advantages that:
1. the invention relates to an information security management platform system, which comprises an information security management center, a wide area network, a plurality of security gateways and local area networks which are correspondingly connected with the security gateways one by one, wherein the associated security gateways are managed in a centralized manner by the network security management center, so that the maintenance difficulty of the security gateways when the network is complicated can be effectively reduced, the network security management center can monitor the running states of all the security gateways in the network in real time, when a certain point is attacked, the purpose of active defense of other points in the network can be realized, and the operation and maintenance cost of enterprises can be effectively reduced;
2. in order to meet the requirements of miniaturization and integration, a plurality of serial ports are required to be controlled to communicate with external equipment, TMS320C6748 is used as a core processor, parallel communication with an asynchronous communication protocol chip TL16C754 is realized through an EMIF bus, a 3-8 decoder 74LS138 is used for expanding multi-bit chip selection signals, the function of integrally expanding a multi-path serial communication interface is realized, a bottom layer driver is developed based on a TI real-time operating system kernel SYS/BIOS, the design difficulty can be reduced, the development period is shortened, complete receiving of multi-path data can be realized, and data transmission is complete and reliable;
3. the invention adopts the EMIF control mode of the DSP to complete the data transmission, realizes the integration and the expansion of the interface through the asynchronous communication protocol chip and the decoder, solves the speed problem of the data transmission between the internal memory of the DSP and the peripheral equipment, lightens the operation load of the DSP, and improves the real-time performance and the reliability of serial traffic;
4. when the high-power-consumption device is applied to the low-power-consumption electronic equipment to work, the power consumption of the high-power-consumption device is controlled, and the working stability of the low-power-consumption electronic equipment is improved.
Drawings
FIG. 1 is a schematic diagram of the overall structure of the system of the present invention;
FIG. 2 is a schematic structural diagram of an information security management center according to the present invention;
FIG. 3 is a schematic structural diagram of a multi-channel serial communication interface module according to the present invention;
FIG. 4 is a circuit diagram of a level shift circuit according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An information security management platform system, as shown in fig. 1, includes an information security management center, a wide area network, a plurality of security gateways, and a local area network connected to the security gateways in a one-to-one correspondence manner, the information security management center is connected to the wide area network, and the wide area network is connected to the local area network through the security gateways;
as shown in fig. 2, the information security management center includes a management platform module, a configuration server module, a log server module, a microcontroller module, a multi-channel serial communication interface module, and a data display module; the management platform module, the configuration server module and the log server module are respectively connected with the microcontroller module, and the multi-path serial communication interface module and the data display module are respectively connected with corresponding interfaces of the microcontroller module;
the management platform is responsible for showing the running state, the attacked condition and the user use condition of each security gateway in real time; the configuration server is responsible for issuing the security policy configured by the management platform to each security gateway or gateway group; and the log server is used for collecting system log information uploaded by all the security gateways.
As shown in fig. 3, the multi-channel serial communication interface module includes a control circuit and an interface circuit connected to the control circuit for implementing multi-channel serial communication;
the control circuit comprises a memory, a reset circuit, a clock circuit, a power circuit, a JTAG auxiliary circuit and a DSP processor, wherein the memory, the reset circuit, the clock circuit, the power circuit and the JTAG auxiliary circuit are respectively connected with the DSP processor;
the interface circuit comprises a protocol processor, a decoder, an isolation circuit and a level conversion circuit, wherein the decoder is connected with the protocol processor, and the protocol processor is connected with the level conversion circuit through the isolation circuit;
as shown in fig. 4, the level shift circuit includes a signal input terminal, a signal output terminal, a first level shift module for converting a high level signal input by the signal input terminal into a low level signal, and a second level shift module for converting a low level signal output by the first level shift module into a high level signal; the level of the high level signal output by the second level conversion module after conversion is lower than that of the high level signal input by the signal input end;
the input end of the first level conversion module is connected with the signal input end, the output end of the first level conversion module is connected with the input end of the second level conversion module, and the output end of the second level conversion module is connected with the signal output end;
the first level conversion module comprises a first power supply, a first N-channel MOS tube, a first resistor and a first capacitor, wherein the grid electrode of the first N-channel MOS tube is connected with the input end of the first level conversion module, the source electrode of the first N-channel MOS tube is grounded, the drain electrode of the first N-channel MOS tube is connected with one end of the first resistor, the other end of the first resistor is connected with the first power supply, the anode of the first capacitor is connected with the drain electrode of the first N-channel MOS tube and the output end of the first level conversion module, and the cathode of the first capacitor is grounded;
the second level conversion module comprises a second power supply, a second N-channel MOS tube, a second resistor and a second capacitor, the grid electrode of the second N-channel MOS tube is connected with the input end of the second level conversion module, the source electrode of the second N-channel MOS tube is grounded, the drain electrode of the second N-channel MOS tube is connected with one end of the second resistor, the other end of the second resistor is connected with the second power supply, the anode of the second capacitor is connected with the drain electrode of the second N-channel MOS tube and the output end of the second level conversion module, and the cathode of the second capacitor is grounded.
The management platform comprises an administrator user access module, a configuration editing module and a state display module; the administrator user access module is responsible for authenticating the identity of the login user; the configuration editing module is used for defining a security policy; and the state display module is used for displaying the configuration data and the running state of all the security gateways managed by the current management center and acquiring the log information of the network through the module.
The configuration server module comprises a configuration issuing module, a configuration database module, an event processing module and a state monitoring and analyzing module; the configuration database module is used for storing configuration data issued by the management platform; the state monitoring and analyzing module is used for periodically acquiring the running state of the security gateway in the network through a get method of a netconf protocol, monitoring the running condition of the network in real time and dynamically adjusting the security policy.
The log server comprises a log collection module and a log storage module, the log collection module is responsible for collecting system log information uploaded by the security gateway, and the log storage module is used for storing the log information of the security gateway and storing the log information in a classified mode according to the host and the log grade.
An administrator logs in a management platform of a network security management center through a web to define a series of security policy rules, different security gateways or gateway groups can be associated with different security policies, and the policies are stored and then issued to a database of a configuration server.
The security gateway is on-line and is connected to a configuration server of the policy management center through a netconf protocol, and the configuration server issues the security policy to the on-line security gateway according to the security policy pre-configured by the administrator.
When a certain security gateway detects a certain attack, the security gateway reports the attack as an event to a configuration server of a network security management center, an event processing module in the configuration server searches a related security policy from a configuration database according to the event type, calls a configuration issuing module, issues the security policy to the security gateway reporting the event, and simultaneously issues the security policy corresponding to the event to the security gateway and all other gateways of the security gateway group, so that other security gateways can make defense policies in advance to achieve the purpose of active defense. And finally, storing the attack event into a database for an administrator to audit.
The security gateway uploads the system log to the log server in real time, and management can check the system operation condition of all the related security gateways in the network at the control platform.
The administrator logs in the network security management center, calls the configuration server through the web management platform to acquire the running states and data flow statistics of all the gateways, and can monitor the running state of the whole network in real time according to the statistical data, so as to dynamically make a more effective security strategy to achieve the purpose of network application control.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
The DSP processor selects a TI floating point operation low-power consumption chip TMS320C6748, the main frequency of the chip TMS is 456 MHz, and the DSP processor has the operation capability of 3648 MIPS and 2756 MFLOPS.
The power supply circuit adopts an integrated power supply mode, namely, the core voltage and the I/O voltage are supplied by the same power supply module, the core voltage is 1.2V, the I/O voltage is 1.8V and 3.3V, and a power supply management chip TPS650061RUK is adopted.
The reset circuit adopts a chip reset based on IPM 811.
The level conversion circuit further comprises a third capacitor for filtering, one end of the negative electrode of the third capacitor is grounded, and one end of the positive electrode of the third capacitor is connected to the middle of the signal input end and the input end of the first level conversion module and is respectively connected with the first N-channel MOS tube, the first capacitor, the second N-channel MOS tube and the second capacitor in parallel.
The memory comprises an RAM memory and a Flash memory, the RAM memory and the Flash memory are respectively connected with the DSP, the RAM memory adopts a low-power-consumption high-speed RAMMT47H64M16 chip of TI, and the Flash memory adopts an S29GL128N chip of SPANSION corporation.
The isolation circuit adopts a six-channel digital isolator ADuM7643 of ADI company for realizing digital isolation of the interface circuit.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The above embodiments are only for illustrating the technical idea of the present invention, and the protection scope of the present invention is not limited thereby, and any modifications made on the basis of the technical scheme according to the technical idea of the present invention fall within the protection scope of the present invention. While the embodiments of the present invention have been described in detail, the present invention is not limited to the above embodiments, and various changes can be made without departing from the spirit of the present invention within the knowledge of those skilled in the art.
Claims (10)
1. An information security management platform system, characterized in that: the system comprises an information security management center, a wide area network, a plurality of security gateways and local area networks which are correspondingly connected with the security gateways one by one, wherein the information security management center is connected with the wide area network, and the wide area network is connected with the local area network through the security gateways;
the information security management center comprises a management platform module, a configuration server module, a log server module, a microcontroller module, a multi-channel serial communication interface module and a data display module; the management platform module, the configuration server module and the log server module are respectively connected with the microcontroller module, and the multi-path serial communication interface module and the data display module are respectively connected with corresponding interfaces of the microcontroller module.
2. The information security management platform system according to claim 1, wherein the multi-channel serial communication interface module comprises a control circuit and an interface circuit connected thereto for implementing multi-channel serial communication;
the control circuit comprises a memory, a reset circuit, a clock circuit, a power circuit, a JTAG auxiliary circuit and a DSP processor, wherein the memory, the reset circuit, the clock circuit, the power circuit and the JTAG auxiliary circuit are respectively connected with the DSP processor;
the interface circuit comprises a protocol processor, a decoder, an isolation circuit and a level conversion circuit, wherein the decoder is connected with the protocol processor, and the protocol processor is connected with the level conversion circuit through the isolation circuit;
the level conversion circuit comprises a signal input end, a signal output end, a first level conversion module and a second level conversion module, wherein the first level conversion module is used for converting a high level signal input by the signal input end into a low level signal, and the second level conversion module is used for converting a low level signal output by the first level conversion module into a high level signal; the level of the high level signal output by the second level conversion module after conversion is lower than that of the high level signal input by the signal input end;
the input end of the first level conversion module is connected with the signal input end, the output end of the first level conversion module is connected with the input end of the second level conversion module, and the output end of the second level conversion module is connected with the signal output end;
the first level conversion module comprises a first power supply, a first N-channel MOS tube, a first resistor and a first capacitor, wherein the grid electrode of the first N-channel MOS tube is connected with the input end of the first level conversion module, the source electrode of the first N-channel MOS tube is grounded, the drain electrode of the first N-channel MOS tube is connected with one end of the first resistor, the other end of the first resistor is connected with the first power supply, the anode of the first capacitor is connected with the drain electrode of the first N-channel MOS tube and the output end of the first level conversion module, and the cathode of the first capacitor is grounded;
the second level conversion module comprises a second power supply, a second N-channel MOS tube, a second resistor and a second capacitor, the grid electrode of the second N-channel MOS tube is connected with the input end of the second level conversion module, the source electrode of the second N-channel MOS tube is grounded, the drain electrode of the second N-channel MOS tube is connected with one end of the second resistor, the other end of the second resistor is connected with the second power supply, the anode of the second capacitor is connected with the drain electrode of the second N-channel MOS tube and the output end of the second level conversion module, and the cathode of the second capacitor is grounded.
3. The information security management platform system according to claim 2, wherein the management platform comprises an administrator user access module, a configuration editing module and a status display module; the administrator user access module is responsible for authenticating the identity of the login user; the configuration editing module is used for defining a security policy; and the state display module is used for displaying the configuration data and the running state of all the security gateways managed by the current management center and acquiring the log information of the network through the module.
4. The information security management platform system according to claim 1, wherein the configuration server module comprises a configuration issuing module, a configuration database module, an event processing module and a state monitoring and analyzing module; the configuration database module is used for storing configuration data issued by the management platform; the state monitoring and analyzing module is used for periodically acquiring the running state of the security gateway in the network through a get method of a netconf protocol, monitoring the running condition of the network in real time and dynamically adjusting the security policy.
5. The information security management platform system according to claim 1, wherein the log server comprises a log collection module and a log storage module, the log collection module is responsible for collecting system log information uploaded by the security gateway, and the log storage module is used for storing the log information of the security gateway and storing the log information according to host and log levels in a classified manner.
6. The information security management platform system according to claim 1, wherein the DSP processor selects TI floating point operation low power consumption chip TMS320C6748 with a dominant frequency of 456 MHz, and has an operational capability up to 3648 MIPS and 2756 MFLOPS.
7. The information security management platform system according to claim 1, wherein the power circuit is powered by an integrated power supply, that is, a core voltage and an I/O voltage are powered by the same power module, the core voltage is 1.2V, the I/O voltage is 1.8V and 3.3V, and a power management chip TPS650061RUK is used.
8. The information security management platform system according to claim 1, wherein the level shift circuit further comprises a third capacitor for filtering, one end of a negative electrode of the third capacitor is grounded, and one end of a positive electrode of the third capacitor is connected to the middle of the signal input end and the input end of the first level shift module and is respectively connected in parallel with the first N-channel MOS transistor, the first capacitor, the second N-channel MOS transistor and the second capacitor.
9. The information security management platform system according to claim 1, wherein the memory comprises a RAM memory and a Flash memory, the RAM memory and the Flash memory are respectively connected with the DSP processor, the RAM memory adopts a TI low-power high-speed RAM mt47H64M16 chip, and the Flash memory adopts a span S29GL128N chip.
10. The information security management platform system according to claim 1, wherein the isolation circuit uses a six-channel digital isolator ADuM7643 of ADI corporation to implement digital isolation of the interface circuit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110766083.5A CN113489727A (en) | 2021-07-07 | 2021-07-07 | Information security management platform system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110766083.5A CN113489727A (en) | 2021-07-07 | 2021-07-07 | Information security management platform system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113489727A true CN113489727A (en) | 2021-10-08 |
Family
ID=77941567
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110766083.5A Pending CN113489727A (en) | 2021-07-07 | 2021-07-07 | Information security management platform system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113489727A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201910819U (en) * | 2011-01-07 | 2011-07-27 | 郑州优游网络科技有限公司 | Unified threat management gateway of wireless network |
| US8875223B1 (en) * | 2011-08-31 | 2014-10-28 | Palo Alto Networks, Inc. | Configuring and managing remote security devices |
| CN211046958U (en) * | 2020-03-04 | 2020-07-17 | 武汉市公安局视频侦查支队 | Smart community Internet of things gateway and smart community |
| CN111953587A (en) * | 2020-08-11 | 2020-11-17 | 深圳市蓝科迅通科技有限公司 | Intelligent Internet of things gateway, gateway equipment and management method |
| CN212259006U (en) * | 2020-07-15 | 2020-12-29 | 中创为(成都)量子通信技术有限公司 | Network security management equipment |
-
2021
- 2021-07-07 CN CN202110766083.5A patent/CN113489727A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201910819U (en) * | 2011-01-07 | 2011-07-27 | 郑州优游网络科技有限公司 | Unified threat management gateway of wireless network |
| US8875223B1 (en) * | 2011-08-31 | 2014-10-28 | Palo Alto Networks, Inc. | Configuring and managing remote security devices |
| CN211046958U (en) * | 2020-03-04 | 2020-07-17 | 武汉市公安局视频侦查支队 | Smart community Internet of things gateway and smart community |
| CN212259006U (en) * | 2020-07-15 | 2020-12-29 | 中创为(成都)量子通信技术有限公司 | Network security management equipment |
| CN111953587A (en) * | 2020-08-11 | 2020-11-17 | 深圳市蓝科迅通科技有限公司 | Intelligent Internet of things gateway, gateway equipment and management method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Huang et al. | Modeling cascading failures in smart power grid using interdependent complex networks and percolation theory | |
| CN212259006U (en) | Network security management equipment | |
| Mahadevan et al. | Energy proportionality of an enterprise network | |
| CN102150103A (en) | Architecture to enable energy savings in networked computers | |
| Chen et al. | Study on attack paths of cyber attack in cyber‐physical power systems | |
| CN107911387A (en) | Power information acquisition system account logs in the monitoring method with abnormal operation extremely | |
| Ma | Analysis of anomaly detection method for Internet of things based on deep learning | |
| CN111431914A (en) | Energy internet cloud platform safety protection method and system | |
| Widjaja et al. | Small versus large: Switch sizing in topology design of energy-efficient data centers | |
| CN113489727A (en) | Information security management platform system | |
| Widjaja et al. | Switch sizing for energy-efficient datacenter networks | |
| CN108540443A (en) | A kind of computer Traffic anomaly detection analysis system | |
| CN114900430B (en) | Container network optimization method, device, computer equipment and storage medium | |
| Reforgiato et al. | Exporting data-plane energy-aware capabilities from network devices toward the control plane: The green abstraction layer | |
| Ghiasian | Impact of TCAM size on power efficiency in a network of OpenFlow switches | |
| Zaghloul et al. | Green iot system architecture for applied autonomous network cybersecurity monitoring | |
| Çelenlioğlu et al. | Energy aware adaptive resource management model for software‐defined networking‐based service provider networks | |
| Niewiadomska-Szynkiewicz et al. | Control Framework For High Performance Energy Aware Backbone Network. | |
| Lin et al. | Mice flow aggregation approach for Green networking | |
| Gong et al. | Energy-efficient virtual network embedding for heterogeneous networks | |
| CN111723128A (en) | Energy internet data processing system | |
| CN110572353A (en) | Cloud computing network security service | |
| Karpowicz | On the design of energy-efficient service rate control mechanisms: Cpu frequency control for linux | |
| Xu et al. | Smartsec: A smart security mechanism for the new-flow attack in software-defined networking | |
| Storozhenko et al. | Modern problems of information systems and data networks: choice of network equipment, monitoring and detecting deviations and faults |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20211008 |
|
| WD01 | Invention patent application deemed withdrawn after publication |