CN102752286A - Network isolation system - Google Patents
Network isolation system Download PDFInfo
- Publication number
- CN102752286A CN102752286A CN2012101863358A CN201210186335A CN102752286A CN 102752286 A CN102752286 A CN 102752286A CN 2012101863358 A CN2012101863358 A CN 2012101863358A CN 201210186335 A CN201210186335 A CN 201210186335A CN 102752286 A CN102752286 A CN 102752286A
- Authority
- CN
- China
- Prior art keywords
- data
- monitoring unit
- network
- data monitoring
- transmission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a network isolation system. The network isolation system comprises a data processing system used for transmitting data between an internal network and an external network, wherein the internal network is provided with a memory and transmission certificate; the external network is provided with access certificate; the data processing system consists of a data monitoring unit a and a data monitoring unit b; the transmission certificate performs one-way data transmission with the data monitoring unit b and the external network in sequence; the access certificate performs one-way data transmission with the data monitoring unit a and the internal network in sequence; the information of an internal network user is certificated by utilizing the transmission certificate; the information of an external network user is certificated by utilizing the access certificate; the memory of the internal network automatically records the information such as transmission data and user; a series of safe processing is performed by utilizing the data monitoring unit a and the data monitoring unit b; the potential safety hazard such as hacker attack, infiltration of malice code and virus and information leakage can be prevented effectively; and the safe isolation and the safe information exchange of the internal network and the external network are realized.
Description
Technical field
The present invention relates to a kind of network isolation system.
Background technology
At present, the classified network of domestic most government bodies and army all carrying out physical isolation, in addition also has a large amount of important departments, all physical isolation is had increasing demand like industry networks such as finance, electric power, telecommunications, medical treatment, traffic.But the absolute isolation between the intranet and extranet makes can't carry out information interchange between the network, has formed " information island " of many mutual isolation, has brought a lot of inconvenience for the application of carrying out with the industrial application of information technology of " E-Government ".How to accomplish that safety is isolated between trustable network (Intranet) and the unreliable network (outer net), realize the reliable exchange of information again, become a problem demanding prompt solution.
Summary of the invention
Potential safety hazards such as technical problem to be solved by this invention provides and a kind ofly can effectively prevent hacker attacks, the infiltration of malicious code and virus, information leakage have realized that intranet and extranet safety is isolated and the network isolation system of the secure exchange of information.
The present invention realizes through following technical scheme: a kind of network isolation system; Comprise and be used for the data handling system that in-house network and extranets carry out transfer of data; Said in-house network is provided with memory and certified transmission; Said extranets are provided with the entering authentication; Said data handling system is made up of data monitoring unit a and data monitoring unit b, and said certified transmission carries out the one-way data transmission with data monitoring unit b and extranets successively, and said entering authentication is carried out the one-way data transmission with data monitoring unit a and in-house network successively.
As preferably, the monitoring flow process of said data monitoring unit a is: parsing, reduction, scanning, filtration, anti-virus, intrusion detection, audit and disconnection.
As preferably, the monitoring flow process of said data monitoring unit b is: parsing, reduction, key search, audit and disconnection.
Beneficial effect of the present invention: utilize certified transmission that the in-house network user is carried out authentification of message; Get into authentication the extranets user is carried out authentification of message; When carrying out transfer of data with extranets; The memory of in-house network writes down the information such as user of transmission data, in-house network and extranets automatically; Carry out a series of safe handlings through data monitoring unit a and data monitoring unit b, can effectively prevent hacker attacks, the potential safety hazards such as infiltration, information leakage of malicious code and virus, realized that intranet and extranet safety is isolated and the secure exchange of information.
Description of drawings
In order to be easy to explanation, the present invention is done to describe in detail by following specific embodiment and accompanying drawing.
Fig. 1 is the connection sketch map of network isolation system of the present invention;
Fig. 2 is the flow chart of the data monitoring unit a of networking of the present invention shielding system;
Fig. 3 is the flow chart of the data monitoring unit b of networking of the present invention shielding system.
Embodiment
Like Fig. 1, Fig. 2 and shown in Figure 3; The present invention is a kind of network isolation system; Comprise and be used for the data handling system that in-house network and extranets carry out transfer of data; Said in-house network is provided with memory and certified transmission, and said extranets are provided with the entering authentication, and said data handling system is made up of data monitoring unit a and data monitoring unit b; Said certified transmission carries out the one-way data transmission with data monitoring unit b and extranets successively, and said entering authentication is carried out the one-way data transmission with data monitoring unit a and in-house network successively.
Wherein, the monitoring flow process of said data monitoring unit a is: parsing, reduction, scanning, filtration, anti-virus, intrusion detection, audit and disconnection; The monitoring flow process of said data monitoring unit b is: parsing, reduction, key search, audit and disconnection.
Beneficial effect of the present invention: utilize certified transmission that the in-house network user is carried out authentification of message; Get into authentication the extranets user is carried out authentification of message; When carrying out transfer of data with extranets; The memory of in-house network writes down the information such as user of transmission data, in-house network and extranets automatically; Carry out a series of safe handlings through data monitoring unit a and data monitoring unit b, can effectively prevent hacker attacks, the potential safety hazards such as infiltration, information leakage of malicious code and virus, realized that intranet and extranet safety is isolated and the secure exchange of information.
The above is merely embodiment of the present invention, but protection scope of the present invention is not limited thereto, and any variation or replacement of expecting without creative work all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range that claims were limited.
Claims (3)
1. network isolation system; It is characterized in that: comprise being used for the data handling system that in-house network and extranets carry out transfer of data; Said in-house network is provided with memory and certified transmission, and said extranets are provided with the entering authentication, and said data handling system is made up of data monitoring unit a and data monitoring unit b; Said certified transmission carries out the one-way data transmission with data monitoring unit b and extranets successively, and said entering authentication is carried out the one-way data transmission with data monitoring unit a and in-house network successively.
2. network isolation system according to claim 1 is characterized in that: the monitoring flow process of said data monitoring unit a is: parsing, reduction, scanning, filtration, anti-virus, intrusion detection, audit and disconnection.
3. network isolation system according to claim 1 is characterized in that: the monitoring flow process of said data monitoring unit b is: parsing, reduction, key search, audit and disconnection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012101863358A CN102752286A (en) | 2012-06-05 | 2012-06-05 | Network isolation system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012101863358A CN102752286A (en) | 2012-06-05 | 2012-06-05 | Network isolation system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102752286A true CN102752286A (en) | 2012-10-24 |
Family
ID=47032186
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012101863358A Pending CN102752286A (en) | 2012-06-05 | 2012-06-05 | Network isolation system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102752286A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103559614A (en) * | 2013-02-05 | 2014-02-05 | 毛翔 | Method of bearer payment |
| CN104243442A (en) * | 2014-05-06 | 2014-12-24 | 周宏斌 | Network access system, network protective equipment and terminal server |
| CN105141364A (en) * | 2015-09-17 | 2015-12-09 | 中国电子科技集团公司第八研究所 | Network isolation unidirectional fiber transmission system |
| CN106713286A (en) * | 2016-12-07 | 2017-05-24 | 广东电网有限责任公司电力科学研究院 | Electric power data transmission system based on multilevel authentication and suspected attack isolation |
| CN108769076A (en) * | 2018-07-06 | 2018-11-06 | 北京绪水互联科技有限公司 | Data collecting system, method and device with network isolation function |
| GB2570914A (en) * | 2018-02-09 | 2019-08-14 | Stratford Ken | Secure data storage |
| CN112926070A (en) * | 2021-03-02 | 2021-06-08 | 浪潮云信息技术股份公司 | Domestic CPU and operating system based non-secret-related domain and secret-related domain official document exchange method and system |
| US11941130B2 (en) | 2020-08-14 | 2024-03-26 | Ken STRATFORD | Secure data storage |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101277308A (en) * | 2008-05-23 | 2008-10-01 | 杭州华三通信技术有限公司 | Method for insulating inside and outside networks, authentication server and access switch |
| CN102006246A (en) * | 2010-11-26 | 2011-04-06 | 中国航天科工集团第二研究院七○六所 | Trusted separate gateway |
| CN102208982A (en) * | 2011-04-28 | 2011-10-05 | 广州汇智通信技术有限公司 | Isolation gateway |
-
2012
- 2012-06-05 CN CN2012101863358A patent/CN102752286A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101277308A (en) * | 2008-05-23 | 2008-10-01 | 杭州华三通信技术有限公司 | Method for insulating inside and outside networks, authentication server and access switch |
| CN102006246A (en) * | 2010-11-26 | 2011-04-06 | 中国航天科工集团第二研究院七○六所 | Trusted separate gateway |
| CN102208982A (en) * | 2011-04-28 | 2011-10-05 | 广州汇智通信技术有限公司 | Isolation gateway |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103559614A (en) * | 2013-02-05 | 2014-02-05 | 毛翔 | Method of bearer payment |
| CN104243442A (en) * | 2014-05-06 | 2014-12-24 | 周宏斌 | Network access system, network protective equipment and terminal server |
| CN105141364A (en) * | 2015-09-17 | 2015-12-09 | 中国电子科技集团公司第八研究所 | Network isolation unidirectional fiber transmission system |
| CN106713286A (en) * | 2016-12-07 | 2017-05-24 | 广东电网有限责任公司电力科学研究院 | Electric power data transmission system based on multilevel authentication and suspected attack isolation |
| GB2570914A (en) * | 2018-02-09 | 2019-08-14 | Stratford Ken | Secure data storage |
| GB2570914B (en) * | 2018-02-09 | 2023-08-16 | Stratford Ken | Secure data storage |
| CN108769076A (en) * | 2018-07-06 | 2018-11-06 | 北京绪水互联科技有限公司 | Data collecting system, method and device with network isolation function |
| CN108769076B (en) * | 2018-07-06 | 2023-12-05 | 北京绪水互联科技有限公司 | Data acquisition system, method and device with network isolation function |
| US11941130B2 (en) | 2020-08-14 | 2024-03-26 | Ken STRATFORD | Secure data storage |
| CN112926070A (en) * | 2021-03-02 | 2021-06-08 | 浪潮云信息技术股份公司 | Domestic CPU and operating system based non-secret-related domain and secret-related domain official document exchange method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102752286A (en) | Network isolation system | |
| Zhou et al. | The effect of IoT new features on security and privacy: New threats, existing solutions, and challenges yet to be solved | |
| Hou et al. | A survey on internet of things security from data perspectives | |
| Xiaohui | Study on security problems and key technologies of the internet of things | |
| Gou et al. | Construction and strategies in IoT security system | |
| Li | Study on security architecture in the Internet of Things | |
| Zhao et al. | A survey on the internet of things security | |
| Al-Shareeda et al. | Replay-attack detection and prevention mechanism in industry 4.0 landscape for secure SECS/GEM communications | |
| CN101827102A (en) | Data prevention method based on content filtering | |
| CN101925060A (en) | Entity identification method and system of energy-constrained network | |
| Alhammadi et al. | A review of IoT applications, attacks and its recent defense methods | |
| CN105763574A (en) | Firewall system based on big data analysis | |
| CN202713377U (en) | Wireless communication network applicable to electric information acquisition system | |
| CN104468591A (en) | Power dependable safety communication system based on dependable computing module | |
| Sun et al. | A survey of iot privacy security: Architecture, technology, challenges, and trends | |
| Peng et al. | Security technology analysis of IoT | |
| Ahmadzadegan et al. | A multi-purpose triangular framework for M2M communication security | |
| Perti et al. | Security risks and challenges in IoT-based applications | |
| Bertino | Security threats: protecting the new cyberfrontier | |
| Park et al. | A Study on Trend and Detection Technology for Cyber Threats in Mobile Environment | |
| CN103336931A (en) | Computer-networking information-safety application system | |
| Sheikh et al. | Lightweight De-authentication DoS attack detection methodology for 802.11 networks using sniffer | |
| CN207623968U (en) | A kind of data communication apparatus | |
| Hong | Technology trends and policies for IoT security | |
| CN103530161B (en) | A kind of wireless messages security equipment system and security protection method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20121024 |