CN101022482A - Dialing security gateway device - Google Patents
Dialing security gateway device Download PDFInfo
- Publication number
- CN101022482A CN101022482A CN 200710026465 CN200710026465A CN101022482A CN 101022482 A CN101022482 A CN 101022482A CN 200710026465 CN200710026465 CN 200710026465 CN 200710026465 A CN200710026465 A CN 200710026465A CN 101022482 A CN101022482 A CN 101022482A
- Authority
- CN
- China
- Prior art keywords
- dialing
- security gateway
- gateway device
- serial ports
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 claims abstract description 7
- 238000012550 audit Methods 0.000 claims abstract description 6
- 238000004891 communication Methods 0.000 claims description 16
- 230000003068 static effect Effects 0.000 claims description 11
- 238000010079 rubber tapping Methods 0.000 claims description 5
- 238000012795 verification Methods 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 5
- 238000012423 maintenance Methods 0.000 description 5
- 238000000034 method Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- QFTYEBTUFIFTHD-UHFFFAOYSA-N 1-[6,7-dimethoxy-1-[1-(6-methoxynaphthalen-2-yl)ethyl]-3,4-dihydro-1H-isoquinolin-2-yl]-2-piperidin-1-ylethanone Chemical compound C1=CC2=CC(OC)=CC=C2C=C1C(C)C(C1=CC(OC)=C(OC)C=C1CC1)N1C(=O)CN1CCCCC1 QFTYEBTUFIFTHD-UHFFFAOYSA-N 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000005641 tunneling Effects 0.000 description 1
Images
Abstract
A safe gateway device of dialing consists of modem, computer host board, network card interface, external serial interface, USB interface, telephone line interface, power supply, management and configuration module, PPP network access module, status verification module, VPN module, firewall module, journal and audit module.
Description
Technical field
The present invention relates to a kind of dialing security gateway device, particularly require and the dialing security gateway device of design at electric power system high security, low rate.
Background technology
At present, IPSec-VPN occupies an leading position in the middle of VPN technologies, but most of IPSec-VPN product department connects by Internet, relatively telephone network, security threat on the Internet is much bigger, and data, transmission of Information be also easier to be found and then to be attacked.Also there is the mode that adopts dialing to connect, but the distribution of its PPP dialup ip address comes dynamic assignment by telecommunication public network, its each dialing IP address that is obtained that connects is all different, communication is just very inconvenient like this, the more important thing is that the IP address that is obtained can be exposed on the public Internet, this just constitutes a threat to overall system safety, for attack provides chance.Therefore prior art exists not enough: communication is inconvenient, uses dangerously, is attacked easily.
Summary of the invention
Technical problem to be solved by this invention is to overcome the deficiencies in the prior art, provides a kind of communication convenient, safe in utilization, does not subject to the dialing security gateway device of attacking.
The technical solution adopted in the present invention is: the present invention includes one or more modulator-demodulator, computer motherboard, network interface card interface, USB external tapping, telephone line interface, power supply, device has CPU, memory bar, storage card, network interface card, USB interface, serial ports on the described computer motherboard, described telephone line interface is connected with described modulator-demodulator, described modulator-demodulator is connected with described computer motherboard by described serial ports, described network interface card is connected with in-house network by described network interface card interface, and described USB interface is connected with described USB external tapping.
It also comprises management and configuration module device, is used to dispose described dialing security gateway device and each dialing user's static IP, and each dialing user's user name, password and static IP are bound; PPP network access module device is used for telephone number and described dialing security gateway device that Terminal Server Client dials described dialing security gateway device by telephone wire and sets up communication link; The authentication module device is used for the mutual authentication of Terminal Server Client and described dialing security gateway device; The VPN modular device is used to provide the encryption of communication data between described dialing security gateway device and the Terminal Server Client, is used for the multiple host of the in-house network that remote client access is connected with described dialing security gateway device.
The present invention also comprises external serial ports, and described external serial ports is connected with described computer motherboard by described serial ports, and described external serial ports also is connected with described modulator-demodulator.
The present invention also comprises the FWSM device, is used to control Terminal Server Client and can visits the main frame that described in-house network is connected.
The present invention also comprises daily record and audit modular device, is used for the communication of Terminal Server Client is write down, inquired about, and provides foundation for trace in the future.
The invention has the beneficial effects as follows: the present invention is owing to be provided with PPP network access module device, this device adopts the PPP dial-up connection that directly is connected dial mode with phone, by distributing IP address, manual static ground, and the IP address can not be exposed on the Internet, so safe in utilization; Again owing to be provided with management and configuration module device, authentication module device and VPN modular device, reduced the possibility of being attacked when data are transmitted by Internet, solved the limitation of IP address dynamic assignment and IP address and problem such as on Internet, exposed, and having solved network, to change serial ports be the remote configuration and maintenance problem that the network equipment passes through serial ports, so communication is convenient, safe in utilization, do not subject to attack; Owing to be provided with external serial ports, can carry out long-range configuration and maintenance to some network equipments by serial ports, so communication is convenient; Owing to be provided with the FWSM device, so use safer; Owing to be provided with daily record and audit modular device, so inquiry and communicate by letter conveniently.
Description of drawings
Fig. 1 is the schematic diagram of hardware device of the present invention;
Fig. 2 is a software module schematic representation of apparatus of the present invention;
Fig. 3 is that the present invention uses the embodiment schematic diagram.
Embodiment
As shown in Figure 1 and Figure 2, the present invention includes two modulator-demodulator 1, computer motherboard 2, network interface card interface 3, external serial ports 4, USB external tapping 5, telephone line interface 6, power supply 7, management and configuration module device 8, PPP network access module device 9, authentication module device 10, VPN modular device 11, FWSM device 12, daily record and audit modular device 13.Described computer motherboard 2 is provided with serial ports 20, USB interface 21, network interface card 22, CPU23, storage card 24, memory bar 25, described telephone line interface 6 is connected with described modulator-demodulator 1, described modulator-demodulator 1 is connected with computer motherboard 2 by serial ports 20 with described external serial ports 4, described network interface card interface 3, a described USB interface 5 are connected with USB interface 21, network interface card 22 respectively, and described power supply 7 is connected with described computer motherboard 2 with described modulator-demodulator 1 respectively.Management is used to dispose described dialing security gateway device and each dialing user's static IP with configuration module device 8, and each dialing user's user name, password and static IP are bound; PPP network access module device 9 provides the function of direct-connected dialup server, Terminal Server Client is by dialing the telephone number of dialing security gateway device, the modulator-demodulator 1 of security gateway device responds, CPU sends instruction or data by Serial Port Line to modulator-demodulator 1, just can set up communication link by ordinary telephone line; Authentication module device 10 is used for the authentication function, dialing security gateway and Terminal Server Client must show the digital certificates of oneself to the other side, verify separately the other side by own trusted could begin to send data, and the data that send are encrypted, digital certificates are stored in the smart card, and CPU obtains this certificate by usb line; VPN modular device 11 provides the ability of cryptographic services and remote client access in-house network multiple host, and the communication data from network interface card is received will be sent to Terminal Server Client by modulator-demodulator 1 after this module encrypt; The data of receiving from modulator-demodulator 1 are with the decrypted main frame that sends to in-house network then from network interface card by the network interface card interface; FWSM device 12 is used to control Terminal Server Client can visit those in-house network main frames; Daily record is used for the communication of Terminal Server Client is write down, inquired about with audit modular device 13, provides foundation for trace in the future.
Because the PPP network access module device of the telephone number of Terminal Server Client by dialing described dialing security gateway device, PPP network access module device adopts the PPP dial-up connection that directly is connected dial mode with phone, by distributing IP address, manual static ground, and the IP address can not be exposed on the Internet, so safe in utilization; Because being used to dispose the management and the configuration module device of dialing security gateway parameter manages related parameter is arranged, what adopt is the telephone network dial-up connection, before setting up the PPP dial-up connection, earlier this dialing security gateway device is configured, distribute server and each dial user's static IP this moment, user name with each dial user, password and static IP are bound, when setting up the PPP dial-up connection, adopt the mode of the direct-connected dialing of phone, username and password by the dial user be identified at the static ip address that acquisition has been distributed on the server, the VPN modular device that the authentication module device and being used to that is used for authentication provides cryptographic services and remote client access in-house network multiple host the username and password of setting up dialing usefulness not with clear-text way be recorded in file/etc/ppp/pap-secrets or/etc/ppp/chap-secrets, and be to use operating system checking local user's method that the dial user is verified, both stored behind the password process shadow coding encrypting, and this dial user can not be from local login system, can only obtain network by dialing connects, this user institute IP address allocated is kept at ~/.ppprc under, each dial user uses different .ppprc files, to distribute different IP addresses, creating the dial user finishes by script vpnuser, this script reads and uses standard commands useradd order to create a local user, login shell is/sbin/nologin, promptly can not use the shell login local, useradd order and the encryption storage vpnuser script of finishing user cipher are created the .ppprc file under this user's home catalogue, write the ppp IP address that to distribute to this user, this user is in the process of dialing like this, username and password by input, the ppp IP address that just can obtain to have distributed, so communication is convenient, safe in utilization, because the utility model also provides network to change the serial ports technology, can carry out long-range configuration and maintenance to some network equipments by serial ports, so communication is convenient.Generally speaking, the present invention can more effective its fail safe of raising when using the IPSec-VPN technology to carry out transfer of data and communicate by letter, and has reduced the possibility of being attacked when data are transmitted by Internet; Solved problems such as the limitation of IP address dynamic assignment and IP address expose on Internet, and having solved network, to change serial ports be the remote configuration and maintenance problem that the network equipment passes through serial ports.
As shown in Figure 3, use embodiment of the present invention: in-house network 30, dialing security gateway of the present invention 31, ordinary PC 32, wait the network equipment 33, the Terminal Server Client 34 debugging or safeguard, be configured by the logical 32 pairs of dialing security gateways 31 of PC of a Daepori.In the process of configuration, except network interface, route, firewall rule etc. are provided with, the user name of also pre-set each Terminal Server Client 34, password and ppp IP also bind together it, when Terminal Server Client 34 carries out dialing, input own legal users name and password, promptly can be connected on the dialing security gateway 31 and obtain ppp IP.After by two-way authentication, the vpn tunneling of setting up a safety between Terminal Server Client 34 and dialing security gateway 31 is connected, all packets all will be through the detection of FWSM, and legal packet will be through between transmission after the processing of VPN module.After the VPN secure tunnel was set up, Terminal Server Client 34 had promptly invented a computer in the in-house network 30, can realize the resource-sharing in the local area network (LAN).Can also be connected a Serial Port Line between dialing security gateway 31 and the network equipment 33 of waiting to debug or safeguarding, change the serial ports technology by network, Terminal Server Client 34 can be treated debugging or the network equipment 33 safeguarded carries out remote maintenance.
Claims (4)
1, a kind of dialing security gateway device, comprise one or more modulator-demodulator (1), computer motherboard (2), network interface card interface (3), USB external tapping (5), telephone line interface (6), power supply (7), described computer motherboard (2) is gone up device CPU (23), memory bar (25), storage card (24), network interface card (22), USB interface (21), serial ports (20), described telephone line interface (6) is connected with described modulator-demodulator (1), described modulator-demodulator (1) is connected with described computer motherboard (2) by described serial ports (20), described network interface card (22) is connected with in-house network by described network interface card interface (3), described USB interface (21) is connected with described USB external tapping (5), and it is characterized in that: it also comprises
Management and configuration module device (8) are used to dispose described dialing security gateway device and each dialing user's static IP, and each dialing user's user name, password and static IP are bound;
PPP network access module device (9) is used for telephone number and described dialing security gateway device that Terminal Server Client dials described dialing security gateway device by telephone wire and sets up communication link;
Authentication module device (10) is used for the mutual authentication of Terminal Server Client and described dialing security gateway device;
VPN modular device (11) is used to provide the encryption of communication data between described dialing security gateway device and the Terminal Server Client, is used for the multiple host of the in-house network that remote client access is connected with described dialing security gateway device.
2, a kind of dialing security gateway device according to claim 1, it is characterized in that: it also comprises external serial ports (4), described external serial ports (4) is connected with described computer motherboard (2) by described serial ports, and described external serial ports (4) also is connected with described modulator-demodulator (1).
3, a kind of dialing security gateway device according to claim 1 and 2 is characterized in that: it also comprises FWSM device (12), is used to control Terminal Server Client and can visits the main frame that is connected with described in-house network.
4, a kind of dialing security gateway device according to claim 1 and 2 is characterized in that: it also comprises daily record and audit modular device (13), is used for the communication of Terminal Server Client is write down, inquired about, and provides foundation for trace in the future.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007100264654A CN100559820C (en) | 2007-01-22 | 2007-01-22 | A kind of dialing security gateway device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007100264654A CN100559820C (en) | 2007-01-22 | 2007-01-22 | A kind of dialing security gateway device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101022482A true CN101022482A (en) | 2007-08-22 |
| CN100559820C CN100559820C (en) | 2009-11-11 |
Family
ID=38710131
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2007100264654A Expired - Fee Related CN100559820C (en) | 2007-01-22 | 2007-01-22 | A kind of dialing security gateway device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100559820C (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101494624B (en) * | 2008-10-22 | 2010-12-29 | 珠海市鸿瑞信息技术有限公司 | Electric force special public network communication secure gateway |
| CN102137153A (en) * | 2011-02-16 | 2011-07-27 | 大唐移动通信设备有限公司 | Method, equipment and system of remote-control communication equipment |
| CN102349061A (en) * | 2009-03-12 | 2012-02-08 | 惠普开发有限公司 | Dynamic remote peripheral binding |
| CN102487328A (en) * | 2010-12-02 | 2012-06-06 | 中兴通讯股份有限公司 | Method and system for communication between network manager and network element |
| CN101783791B (en) * | 2009-01-16 | 2012-10-10 | 深圳市维信联合科技有限公司 | System and method for realizing network access authentication, transmission encryption and UTM |
| CN102802275A (en) * | 2012-08-22 | 2012-11-28 | 汉柏科技有限公司 | Wireless encryption access method |
| CN109587165A (en) * | 2018-12-28 | 2019-04-05 | 深圳竹云科技有限公司 | A kind of IP address-based user authen method |
| CN110535979A (en) * | 2019-07-23 | 2019-12-03 | 深圳震有科技股份有限公司 | A kind of VPN private net address distribution method, intelligent terminal and storage medium |
-
2007
- 2007-01-22 CN CNB2007100264654A patent/CN100559820C/en not_active Expired - Fee Related
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101494624B (en) * | 2008-10-22 | 2010-12-29 | 珠海市鸿瑞信息技术有限公司 | Electric force special public network communication secure gateway |
| CN101783791B (en) * | 2009-01-16 | 2012-10-10 | 深圳市维信联合科技有限公司 | System and method for realizing network access authentication, transmission encryption and UTM |
| CN102349061A (en) * | 2009-03-12 | 2012-02-08 | 惠普开发有限公司 | Dynamic remote peripheral binding |
| CN102349061B (en) * | 2009-03-12 | 2014-04-16 | 惠普开发有限公司 | Method and system for authenticating a user |
| CN102487328A (en) * | 2010-12-02 | 2012-06-06 | 中兴通讯股份有限公司 | Method and system for communication between network manager and network element |
| CN102137153A (en) * | 2011-02-16 | 2011-07-27 | 大唐移动通信设备有限公司 | Method, equipment and system of remote-control communication equipment |
| CN102802275A (en) * | 2012-08-22 | 2012-11-28 | 汉柏科技有限公司 | Wireless encryption access method |
| CN102802275B (en) * | 2012-08-22 | 2015-11-25 | 汉柏科技有限公司 | A kind of wireless encryption cut-in method |
| CN109587165A (en) * | 2018-12-28 | 2019-04-05 | 深圳竹云科技有限公司 | A kind of IP address-based user authen method |
| CN109587165B (en) * | 2018-12-28 | 2021-06-25 | 深圳竹云科技有限公司 | User authentication method based on IP address |
| CN110535979A (en) * | 2019-07-23 | 2019-12-03 | 深圳震有科技股份有限公司 | A kind of VPN private net address distribution method, intelligent terminal and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100559820C (en) | 2009-11-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101494624B (en) | Electric force special public network communication secure gateway | |
| CN100559820C (en) | A kind of dialing security gateway device | |
| CN102546601B (en) | The servicing unit of cloud computing terminal for accessing virtual machine | |
| CN109274647B (en) | Distributed trusted memory exchange method and system | |
| JP2008299617A (en) | Information processing device, and information processing system | |
| CN101808077B (en) | Information security input processing system and method and smart card | |
| CN102811225B (en) | A kind of SSL middle-agent accesses method and the switch of WEB resource | |
| CN102201137A (en) | Network security terminal, and interaction system and method based on terminal | |
| CN103986717A (en) | Network data secure transmission and storage system and method | |
| CN103457736B (en) | A kind of official document receive-transmit system based on WEB and official document receiving/transmission method | |
| CN105119894A (en) | Communication system and communication method based on hardware safety module | |
| CN202652534U (en) | Mobile terminal safety access platform | |
| CN101369995A (en) | Dial-up gateway based on security credible connection technology | |
| CN201315596Y (en) | Dial safety gateway device | |
| CN211352206U (en) | IPSec VPN cryptographic machine based on quantum key distribution | |
| CN202206419U (en) | Network security terminal and interactive system based on terminal | |
| CN102111377A (en) | Network cipher machine | |
| CN103152328B (en) | A kind of conferencing information control system based on wireless network and control method thereof | |
| CN108809938B (en) | Remote control implementation method and system for password equipment | |
| CN103269301A (en) | Desktop type IPSecVPN cryptographic machine and networking method | |
| CN103036901A (en) | ETS remote programming method | |
| CN202004770U (en) | Safety dial system supporting client environment credibility analysis and decision technology | |
| CN202535389U (en) | Internet dial-up security gateway apparatus | |
| CN202713368U (en) | Network security architecture applicable to electric information acquisition system | |
| KR100926028B1 (en) | System for managing information resources |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: ZHANG ZIAI ZHU YUZHEN XU XIAOLI Effective date: 20111208 Owner name: LIU ZHIYONG Free format text: FORMER OWNER: HONGRUI SOFWARE TECHNOLOGY CO., LTD., ZHUHAI CITY Effective date: 20111208 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20111208 Address after: 519080 Tsinghua Science Park A606, 101 Tang Cheng Road, Zhuhai, Guangdong Co-patentee after: Zhang Ziai Patentee after: Liu Zhiyong Co-patentee after: Zhu Yuzhen Co-patentee after: Xu Xiaochi Address before: 519080 Tsinghua Science Park A606, 101 Tang Cheng Road, Zhuhai, Guangdong Patentee before: Zhuhai Hongrui Software Technology Co., Ltd. |
|
| ASS | Succession or assignment of patent right |
Owner name: HONGRUI SOFWARE TECHNOLOGY CO., LTD., ZHUHAI CITY Free format text: FORMER OWNER: LIU ZHIYONG Effective date: 20120221 Free format text: FORMER OWNER: ZHANG ZIAI ZHU YUZHEN XU XIAOLI Effective date: 20120221 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20120221 Address after: 519080 Tsinghua Science Park A606, 101 Tang Cheng Road, Zhuhai, Guangdong Patentee after: Zhuhai Hongrui Software Technology Co., Ltd. Address before: 519080 Tsinghua Science Park A606, 101 Tang Cheng Road, Zhuhai, Guangdong Co-patentee before: Zhang Ziai Patentee before: Liu Zhiyong Co-patentee before: Zhu Yuzhen Co-patentee before: Xu Xiaochi |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091111 Termination date: 20210122 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |