CN202111721U - Network information security assurance system - Google Patents
Network information security assurance system Download PDFInfo
- Publication number
- CN202111721U CN202111721U CN2011202452804U CN201120245280U CN202111721U CN 202111721 U CN202111721 U CN 202111721U CN 2011202452804 U CN2011202452804 U CN 2011202452804U CN 201120245280 U CN201120245280 U CN 201120245280U CN 202111721 U CN202111721 U CN 202111721U
- Authority
- CN
- China
- Prior art keywords
- server
- network
- switch
- information security
- network information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The utility model disclose a network information security assurance system, which comprises a switch, a user data server, an SSO (Single Sign On) server, a log analyzing server, a data base operating server, a monitoring workstation, a storage device, a bastion host and an equipment security management server, wherein the switch is connected with the user data server, the SSO server, the log analyzing server, the data base operating server, the monitoring workstation, the storage device, the bastion host and the equipment security management server; the switch is further connected with a client device via an IP communication network; the bastion host is connected with the client device; and the equipment security management server is also connected with the monitoring workstation, and is connected with the client device via the IP communication network. The network information security assurance system provided by the utility model has the advantages that the network security of enterprises is ensured, the work processes of the network security in present enterprises is improved, the early risk is prevented and monitored, the later data analysis is realized, and the operation risk of the enterprises is greatly reduced.
Description
Technical field
The utility model relates to the security assurance information field, particularly a kind of safe-guard system of To enterprises information safety protection.
Background technology
At present, along with the continuous development of computer networking technology, Internet and Intranet technology constantly be tending towards improvement, enterprise is also storing a large amount of secret informations and sensitive information in computer and the network into step by step.Though it is convenient, fast and efficient that these The application of new technique have been brought to enterprise, also brought very important potential safety hazard simultaneously.Enterprise for the reply various risks, has disposed a lot of safety systems, for example technical measures such as fire compartment wall, intrusion detection, vulnerability scanning, anti-virus, authentication for a long time; But as preceding said; Enterprise network is in continuous expansion, and new application system is constantly reached the standard grade, and new threat is also constantly occurring thereupon; Make original a lot of safety system no longer can bring into play its due effect along with the variation of extraneous factor, result of use is unsatisfactory.
According to the statistics of world security circle, attack that annual global computer network suffers and destruction, the 80%th, the internal staff does.Harm stolen and that destruction is caused is higher than outside hacker's attack far away from the data of inside; Traditional product based on the external network safety theory; For example fire compartment wall, IDS and vulnerability scanning etc.; Only only solved an aspect of information security, for internal user attack and the threat incident then powerless, therefore how on the basis that solves external network safety; Go to reduce or stop that internal user is attacked and the generation of the time of threat, become present information security field problem demanding prompt solution.
The utility model content
The main purpose of the utility model is to provide a kind of enterprise network security assurance information that is specifically designed to, and can reduce the enterprise operation risk, when guaranteeing external network safety, also can guarantee the network information security safeguards system of enterprises information security.
In order to achieve the above object, the utility model has adopted following technical proposals:
Said network information security safeguards system comprises provides switch, user data server, single logging-on server, log analysis server and database operation server; Wherein, Said switch is connected to user data server, single logging-on server, log analysis server and database operation server, and links to each other with ustomer premises access equipment through the IP communication network.
Further, the utility model also comprises monitor workstation and the memory device that links to each other with switch respectively.
Further, the utility model also comprises Bastion Host, and this Bastion Host is connected with ustomer premises access equipment through switch.
Further, the utility model also is provided with the equipment safety management server, and this equipment safety management server links to each other with switch with monitor workstation respectively, and is connected with ustomer premises access equipment through the IP communication network.
The advantage of the said network information security safeguards system of the utility model is, through adopting the pattern of user's single-sign-on authentication, both has been very easy to the network user's operation; Guaranteed the fail safe of user password again, and, further guaranteed the fail safe of enterprise network through monitoring analysis to device therefor daily record and customer data base operation in the network; And through the setting of monitor workstation and the utilization of memory device; Further improved the network security workflow of existing enterprise again, both realized early stage prevention of risk and monitoring, can realize afterwards analysis again data; Greatly reduce the risk of enterprise operation, have practical value.
Description of drawings
Fig. 1 is the structured flowchart of the said network information security safeguards system of the utility model.
The realization of the utility model purpose, functional characteristics and advantage will combine embodiment, further specify with reference to accompanying drawing.
Embodiment
Should be appreciated that specific embodiment described herein only in order to explanation the utility model, and be not used in qualification the utility model.
With reference to shown in Figure 1; Said network information security safeguards system comprises provides switch 1, user data server 2, single logging-on server 3, log analysis server 4 and database operation server 5; Wherein, said switch 1 is connected to user data server 2, single logging-on server 3, log analysis server 4 and database operation server 5.
In addition, said switch 1 links to each other with ustomer premises access equipment 7 through IP communication network 6.
Wherein, store user data in the said user data server 2, when specifically using, it can be used as the information centre of unified authentification of user, password centralized management and Certificate Authority.
Further; For the more convenient information such as user's operation, equipment running status and the network information security that monitor in real time of network security management personnel; The utility model also is provided with monitor workstation 8 and the memory device 9 that links to each other with switch 1 respectively; Said monitor workstation 8 is in order to provide the directly perceived and Real Time Observation of network security management personnel to information such as above-mentioned user's operation, equipment running status and the network information securitys; Said memory device 9 is then in order to information such as storage user operation, equipment running status and the network information securitys, so that manual type is transferred data analysis in the future.
During practical implementation, said monitor workstation 8 can be made up of host computer and display.
Said single logging-on server 3 is in order to provide an identity authentication, password management and the Certificate Authority of system during through ustomer premises access equipment 7 access enterprise networks networks the user; Promptly; In visit the time be that the user distributes a unified password automatically, has avoided the user when logining several application, need use different passwords to carry out authentication, mandate and login respectively, and it has convenience; And, then also made things convenient for management to user password owing to provide unified password.
Said log analysis server 4 is in order to receive and to analyze the device log in the enterprise network and the device log and the analysis result that receive are stored in the memory device 9.
Said database operation server 5 in order to user's data storehouse operation is carried out concurrent tracking and analysis and with analysis result with follow the tracks of the database manipulation message that obtains and be stored in the memory device 9; So that the security breaches of network security management man analysis network are further gone to authorize, are controlled or the blocking-up telex network according to security strategy.
In addition; In order further to guarantee the fail safe of network; Prevent user's non-safety operation, in the utility model network information security safeguards system, also be provided with Bastion Host 10, this Bastion Host 10 is connected with ustomer premises access equipment 7 through switch 1; During concrete the application, it is in order to manage concentratedly, to authorize and to control all user rights, user's operation in the network.
In addition; During concrete the application, said Bastion Host 10 also provides real-time operation monitoring and process playback function, promptly; During practical operation; The network security management personnel can choose one or more online conversation procedures in real time through this Bastion Host 10, monitor its operational order and operating result, in the display control interface of monitor workstation 8, occur and the identical display interface of practical operation; When finding illegal operation, the network security management personnel can send control command and block current session; The process playback is meant that then system can call the initial data of one or more communications through this Bastion Host 10, in monitor workstation 8 display control interfaces, shows at that time operating process and server response condition again.This function particularly is applicable to carries out ex-post analysis and location to the reason of safety problem appearance.
Again further; In order to solve large batch of equipment safety management problem better, the utility model also is provided with equipment safety management server 11, and this equipment safety management server 11 links to each other with switch 1 with monitor workstation 8 respectively; And seeing through IP communication network 6 is connected with ustomer premises access equipment 7; During concrete the application, it mainly in order to all meter ustomer premises access equipment 7 access networks of network internal are carried out access control, realizes measures such as asset management, anti-virus management, patch management to all devices in the network; And the safety that realizes the terminal inserts; And then guarantee the fail safe of system, certainly, the network security management personnel view the safety management state of equipment in also can the display control interface through monitor workstation 8.
The above is merely the preferred embodiment of the utility model; Be not thus the restriction the utility model claim; Every equivalent structure or equivalent flow process conversion that utilizes the utility model specification and accompanying drawing content to be done; Or directly or indirectly be used in other relevant technical fields, all in like manner be included in the scope of patent protection of the utility model.
Claims (4)
1. network information security safeguards system; It is characterized in that; Comprise switch, user data server, single logging-on server, log analysis server and database operation server are provided; Wherein, said switch is connected to user data server, single logging-on server, log analysis server and database operation server, and links to each other with ustomer premises access equipment through the IP communication network.
2. according to the said a kind of network information security safeguards system of claim 1, it is characterized in that, also comprise the monitor workstation and the memory device that link to each other with switch respectively.
3. according to the said a kind of network information security safeguards system of claim 1, it is characterized in that, also comprise Bastion Host, this Bastion Host is connected with ustomer premises access equipment through switch.
4. according to claim 1 or 2 said a kind of network information security safeguards systems; It is characterized in that; Also be provided with the equipment safety management server, this equipment safety management server links to each other with switch with monitor workstation respectively, and is connected with ustomer premises access equipment through the IP communication network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011202452804U CN202111721U (en) | 2011-07-12 | 2011-07-12 | Network information security assurance system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011202452804U CN202111721U (en) | 2011-07-12 | 2011-07-12 | Network information security assurance system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN202111721U true CN202111721U (en) | 2012-01-11 |
Family
ID=45437172
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011202452804U Expired - Lifetime CN202111721U (en) | 2011-07-12 | 2011-07-12 | Network information security assurance system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN202111721U (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104394153A (en) * | 2014-11-27 | 2015-03-04 | 成都远为天胜科技有限公司 | Separate item type security network platform |
| CN107563713A (en) * | 2017-06-20 | 2018-01-09 | 华迪计算机集团有限公司 | A kind of electronic document system and its method for operation monitoring |
-
2011
- 2011-07-12 CN CN2011202452804U patent/CN202111721U/en not_active Expired - Lifetime
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104394153A (en) * | 2014-11-27 | 2015-03-04 | 成都远为天胜科技有限公司 | Separate item type security network platform |
| CN107563713A (en) * | 2017-06-20 | 2018-01-09 | 华迪计算机集团有限公司 | A kind of electronic document system and its method for operation monitoring |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105656903B (en) | A kind of user safety management system of Hive platforms and application | |
| CN109729180A (en) | Entirety is intelligence community platform | |
| Li et al. | Research on the architecture of trusted security system based on the internet of things | |
| CN104184735A (en) | Electric marketing mobile application safe protection system | |
| CN105430000A (en) | Cloud computing security management system | |
| CN102195991A (en) | Terminal security management and authentication method and system | |
| CN106657011A (en) | Business server authorized secure access method | |
| CN106992984A (en) | A kind of method of the mobile terminal safety access information Intranet based on electric power acquisition net | |
| CN113783871B (en) | Micro-isolation protection system adopting zero trust architecture and protection method thereof | |
| CN204465588U (en) | A kind of host monitor based on server architecture and auditing system | |
| CN106603488A (en) | Safety system based on power grid statistical data searching method | |
| CN110033174A (en) | A kind of industrial information efficient public security system building method | |
| CN103780584A (en) | Cloud computing-based identity authentication fusion method | |
| CN109636971A (en) | A kind of intelligent Community safety entrance guard management method and system | |
| CN114866346B (en) | Password service platform based on decentralization | |
| CN108449354A (en) | A kind of reinforcing server log safety method, device and server based on agreement of knocking at the door | |
| CN202111721U (en) | Network information security assurance system | |
| CN109600395A (en) | A kind of device and implementation method of terminal network access control system | |
| CN106713234A (en) | Smart power grid mobile terminal dynamic state authorization system | |
| CN112214772A (en) | Privilege certificate centralized management and control and service system | |
| CN107465688B (en) | Method for identifying network application permission of state monitoring and evaluating system | |
| CN111652454A (en) | Supervision quality and safety production management evaluation management system | |
| CN104580997A (en) | Video monitoring management system | |
| CN104581006A (en) | Video monitoring management method | |
| CN203911973U (en) | Expansible network system suitably used for large-scale local area network security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term |
Granted publication date: 20120111 |
|
| CX01 | Expiry of patent term |