CN103532977A - Secure access equipment for intranet and extranet - Google Patents

Secure access equipment for intranet and extranet Download PDF

Info

Publication number
CN103532977A
CN103532977A CN201310521944.9A CN201310521944A CN103532977A CN 103532977 A CN103532977 A CN 103532977A CN 201310521944 A CN201310521944 A CN 201310521944A CN 103532977 A CN103532977 A CN 103532977A
Authority
CN
China
Prior art keywords
intranet
unit
extranet
switch
interface unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201310521944.9A
Other languages
Chinese (zh)
Inventor
李新友
董振培
王玉佺
王子鹏
王昂哲
田凯
邢晓莎
刘蓓
付宏燕
程浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
STATE INFORMATION CENTER
Beijing Ai Simeng Science And Technology Ltd
Original Assignee
STATE INFORMATION CENTER
Beijing Ai Simeng Science And Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by STATE INFORMATION CENTER, Beijing Ai Simeng Science And Technology Ltd filed Critical STATE INFORMATION CENTER
Priority to CN201310521944.9A priority Critical patent/CN103532977A/en
Publication of CN103532977A publication Critical patent/CN103532977A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Small-Scale Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides secure access equipment for an intranet and an extranet. An input-end interface unit is connected with a first control unit and a second control unit respectively; when a client selects an extranet mode, a processing unit controls a two-channel switch unit to gate the second control unit, switches on a second power control switch to enter an extranet system and switches off a first power control switch to cut off connection with an intranet system at the moment; and when the client selects an intranet mode, the processing unit controls the two-channel switch unit to gate the first control unit, switches on the first power control switch to enter the intranet system and switches off the second power control switch to cut off connection with the extranet system at the moment. The secure access equipment for the intranet and the extranet is used for realizing isolation and safety protection of the intranet and extranet systems, and information security of the intranet system can be protected effectively.

Description

The safe access device of intranet and extranet
Technical field
The present invention relates to a kind of internet arena, particularly the safe access device of a kind of intranet and extranet.
Background technology
Along with developing rapidly of internet (Internet), each office and enterprises and institutions utilize the Internet to carry out the work becomes irreversible trend.In recent years, the carrying out of " enterprise online " and government accessing Internet project, the particularly construction of " E-Government " system, the existing a large amount of computer of constituent parts and all departments is connected into internet by variety of way.But because internet is the network system of an opening, the computer of any networking all may suffer hacker's attack, in this computer, canned data has possibility stolen or that be tampered.Internet is also the main path of Computer Virus Spread in addition.At present, common security precautions technology, as software cryptography, fire compartment wall etc., its core technology all rests in foreign corporation's hand, can not reach the relevant security stipulation of country.Therefore, National Administration for the Protection of State Secrets is used the Internet to provide as follows to national confidential departments: " computer information system that relates to state secret, must not be direct or indirect be connected with Internet or other public information networks, must carry out " physical isolation ".So-called " physical isolation " just really protected if refer to that enterprises lan does not exist at any time with the network security of the Internet direct physical connection ,Ze enterprise.
Although existing, guarantee that safe method is a lot, as: fire compartment wall multiple filtration, passage are controlled, invasion and attack are reported to the police etc., but because these technology are all a kind of control methods based on software, exist and handled the possibility of controlling, can not guarantee absolute safety, therefore, need to guarantee by " physical isolation " the real safety of the confidential departments such as army, government, finance, media.
In informatization in a government office, ' country has proposed the concept in construction " three net one storehouses ".Wherein " three nets " refers to Intranet (internal office work net), outer net (network being connected with internet) and private network (for the computer network of the special-purposes such as the superior and the subordinate unit's networking).Between internal, external network, require to carry out row physical isolation, to guarantee being perfectly safe of classified information.
In the face of this specific demand of national confidential departments to network security, some producers release the products such as physical isolation terminal computer and physical isolation card one after another at present.
1. two physical isolation terminal computers access respectively intranet and extranet as the most direct intranet and extranet isolation way of realization, fail safe is the strongest, but it needs two station terminal computers, this has increased the input of hardware cost undoubtedly, also cost increase of the maintenance of terminal computer and configuration expense simultaneously, two station terminal computers take up room and have tightened especially greatly user's working space, and user needs artificial differentiation intranet and extranet terminal computer in use at every turn, uses inconvenient.
2. physical isolation card is on a computer, to increase a hard disk, by controlling hard disk and switching netting twine, only a corresponding network is effective in the environment of intranet and extranet, to make a hard disk, on its network physical line, be completely separated and do not have common memory information, thereby realize unit real physical isolation between two networks.Physical isolation card is physically-isolated rudimentary way of realization, and physical isolation card can only Guan Yitai personal computer, need to be configured every computer, and each switching all needs switching on and shutting down once, uses very inconvenience.The hardware platform management of two hard disks is very loaded down with trivial details, also can make setting up with maintenance cost of whole network significantly raise.In addition, with the network of isolation card design, to there is the duplicate network of two covers (double line, the double network equipment), on every machine, want two network interface cards, two hard disks.Not only installation and maintenance are extremely inconvenient, and maintenance cost is also high, and the expense of upgrading and expansion is multiplied more.
No matter be that two station terminal computers are realized physical isolation, still use physical isolation card, this series products scheme has following shortcoming:
Computer has single mainboard, two independent hard disks, two of the connection intranet and extranet that provide on two slots network ports independently, instant handoff functionality after starting by intranet and extranet built-in in Bios, two kinds of different operating states are provided, can connect respectively internal office work net and external the Internet.
The all desktop computers of online that need of enterprise are changed or upgraded to " physical isolation " computer, and every of computer cost increases by 20% left and right.
Enterprises comprehensive wiring will be set up inside and outside dual net physical framework, and switching equipment also will provide inside and outside double, and intranet data is stored in local disk, and data are dangerous.
Network security is achieved, but that engineering cost in implementation process, cost of equipment drop into is higher, and technological service amount is larger, and system maintenance is loaded down with trivial details.
Summary of the invention
The invention provides the safe access device of a kind of intranet and extranet, for realizing isolation and the security protection of Intranet system and outer net system, can effectively protect the information security of Intranet system.
For addressing the above problem, the invention provides the safe access device of a kind of intranet and extranet, described equipment comprises:
Input end interface unit, either-or switch unit, the first power control switch, second source control switch, Intranet interface unit and outer net interface unit, the first control unit, the second control unit;
Described input end interface unit is directly or indirectly connected with computer equipment, by described either-or switch unit, is connected respectively with described the first control unit, the second control unit; Described the first control unit is connected with described Intranet interface unit, and described the second control unit is connected with described outer net interface unit; Described Intranet interface unit is connected with described the first power control switch, and described outer net interface unit is connected with described second source control switch;
When client is selected outer net pattern, described either-or switch one-cell switching the second control unit, controls described second source control switch and closes, for described the second control unit power supply, enter outer net system, and now control described the first power control switch disconnection, cut off and be connected with Intranet system; When client is selected Intranet pattern, described either-or switch one-cell switching the first control unit, controlling described the first power control switch closes, for described the first control unit power supply, enter Intranet system, and now control described second source control switch and disconnect, now cut off and be connected with outer net system.
Preferably, described equipment further comprises that 1 turns the interface unit of multichannel;
Described 1 interface unit that turns multichannel comprises a Upstream Interface being connected with computer equipment, and a plurality of downstream interface, and described input end interface unit is connected with a described downstream interface.
Preferably, described 1 interface unit that turns multichannel is 1 to turn 4USB Hub, or 1 turns 7USB Hub.
Preferably, described input end interface unit is USB interface, by usb bus, is directly or indirectly connected with computer equipment.
Preferably, described either-or switch unit is electromagnetic relay mechanical switch.
Preferably, Intranet interface unit and outer net interface unit are RJ45 interface.
Compared with prior art, the safe access device of intranet and extranet described in the embodiment of the present invention, when client is selected outer net pattern, described either-or switch one-cell switching the second control unit, control described second source control switch and close, for described the second control unit power supply, enter outer net system, and now control described the first power control switch and disconnect, cut off and be connected with Intranet system; When client is selected Intranet pattern, described either-or switch one-cell switching the first control unit, controlling described the first power control switch closes, for described the first control unit power supply, enter Intranet system, and now control described second source control switch and disconnect, now cut off and be connected with outer net system.So just can realize isolation and the security protection of Intranet system and outer net system, can effectively protect the information security of Intranet system.
Accompanying drawing explanation
Fig. 1 is safe access device the first example structure block diagrams of the concrete described intranet and extranet of the present invention;
Fig. 2 is safe access device the second example structure block diagrams of the concrete described intranet and extranet of the present invention;
Fig. 3 is the safe access device application of the concrete described intranet and extranet of the present invention schematic diagram.
Embodiment
The invention provides the safe access device of a kind of intranet and extranet, for realizing isolation and the security protection of Intranet system and outer net system, can effectively protect the information security of Intranet system.
For the ease of those skilled in the art's understanding, below in conjunction with Fig. 1 and Fig. 3, illustrate applied environment and the concrete structure of the safe access device of intranet and extranet of the present invention.
Please refer to shown in Fig. 1 and Fig. 3, this figure is safe access device the first example structure block diagrams of the concrete described intranet and extranet of the present invention, and Fig. 3 is the safe access device application of the concrete described intranet and extranet of the present invention schematic diagram.
Described in first embodiment of the invention, the safe access device of intranet and extranet comprises input end interface unit 11, either-or switch unit 12, the first power control switch 13, second source control switch 14, Intranet interface unit 15 and outer net interface unit 16, the first control unit 17, the second control units 18.
Described input end interface unit 11 is directly or indirectly connected with computer equipment (not shown), by described either-or switch unit 12, is connected respectively with described the first control unit 17, the second control unit 18; Described the first control unit 17 is connected with described Intranet interface unit 15, and described the second control unit 18 is connected with described outer net interface unit 16; Described Intranet interface unit 15 is connected with described the first power control switch 13, and described outer net interface unit 16 is connected with described second source control switch 14.
Described input end interface unit 11 can be the various interface forms such as USB, when described input end interface unit 11 is USB interface, can directly or indirectly be connected with computer equipment by usb bus.
In order to guarantee the physical isolation of interior network, electromagnetic relay mechanical switch is preferably selected in described either-or switch unit 12.
When client is selected outer net pattern, described either-or switch unit 12 gating the second control units 18, controlling described second source control switch 14 closes, for described the second control unit 18 power supplies, enter outer net system, and now control described the first power control switch 13 and disconnect, cut off and be connected with Intranet system.
When client is selected Intranet pattern, described either-or switch unit 12 gating the first control units 17, controlling described the first power control switch 13 closes, for described the first control unit 17 power supplies, enter Intranet system, and now control described second source control switch 14 and disconnect, now cut off and be connected with outer net system.
Intranet and extranet safety means can comprise one the one intranet and extranet safety means that enter two interface shapes that go out, " one enters " is that security terminal input port can be USB interface, " two go out " is that the output port of security terminal can be two RJ45 interfaces (interior network interface, an outer network interface), it is terminal computer that the input port of intranet and extranet safety means can be connected in client by USB line, the output of intranet and extranet safety means connects respectively Inside and outside network netting twine, intranet and extranet safety means just can not need external power supply like this, employing low-power consumption power supply, power-off or from PC end pulls out data just lose, prevented from greatly stealing storage.And installation process is simple to operate and easily capable, only need on intranet and extranet safety means, patch 1 data lines and 2 grid lines.
It is larger that the USB of intranet and extranet safety means turns Eth network interface card power dissipation ratio, need to consider low power dissipation design, described the first control unit 17, the second control unit 18 specifically can adopt low-power consumption USB2.0 To 10/100Fast Ethernet Controller chip, the first power control switch 13, second source control switch 14 adopts mains switch MIC2406-1BM to control the power supply of two-way network card chip, synchronization Zhi Gei mono-road network card chip power supply, thus realize low-power consumption.
The safe access device of intranet and extranet can adopt bus-powered mode, or two kinds of modes of self-powered, also can adopt bus-powered and self-powered mode.
The safe access device of intranet and extranet, under bus-powered mode, is used for the convenience of the user, simplifies the installation process that intranet and extranet access terminal safely, does not need to patch externally fed power supply.
Referring to Fig. 2, this figure is safe access device the second example structure block diagrams of the concrete described intranet and extranet of the present invention.
The safe access device of intranet and extranet described in second embodiment of the invention, may further include 1 interface unit 3 that turns multichannel.
Described 1 interface unit 3 that turns multichannel comprises a Upstream Interface being connected with computer equipment 31, and a plurality of downstream interface, and the input end interface unit 11 of described intranet and extranet safety means is connected with described downstream interface.
1 interface unit 3 that turns multichannel is specifically as follows 1 and turns multichannel USB Hub, Upstream Interface 31 is that upstream USB port (interface of main frame and USB Hub) is one, be connected with terminal computer USB port, feature based on USB device plug and play, intranet and extranet access terminal safely and have effectively avoided the numerous and diverse drawback of physical isolation card installation steps, have given full play to the feature that operating procedure is simple and easy to use.1 turns multichannel USB Hub downstream USB port (interface of equipment and USB Hub) for a plurality of, can connect all kinds of USB device.
1 interface unit 3 that turns multichannel can be selected according to USB peripheral functionality.1 interface unit 3 that turns multichannel specifically can adopt 1 to turn 4USB Hub, or 1 turns 7USB Hub.In order to consider low power dissipation design, can adopt the chip of SMSC company, USB2517 has low-power consumption characteristic and OEM configuration.OEM configuration adopts SMBUS bus to arrange, and SMBUS bus is connected in processing unit (CPU), and after powering on, CPU completes the layoutprocedure to USB2517 by SMBUS bus.
The computer center that client enters under the operation preferable case after Intranet pattern all beyond the clouds completes, and in order to guarantee data security, the result that stops described computer center to complete downloads to client.
When user has selected Intranet system, like this, terminal computer starts to guide Intranet operating system, specifically for example Intranet uClinux operating system code can be copied to, after client (notebook) internal memory, starts to start the operating system.Can switch USB network by either-or switch unit 12 is that Intranet is powered Intranet network card chip simultaneously.
The safe access device of intranet and extranet described in the embodiment of the present invention, when client is selected outer net pattern, described either-or switch unit 12 gating the second control units 18, controlling described second source control switch 14 closes, for described the second control unit 18 power supplies, enter outer net system, and now control described the first power control switch 13 disconnections, cut off and be connected with Intranet system; When client is selected Intranet pattern, described either-or switch unit 12 gating the first control units 17, controlling described the first power control switch 13 closes, for described the first control unit 17 power supplies, enter Intranet system, and now control described second source control switch 14 and disconnect, now cut off and be connected with outer net system.Described in the embodiment of the present invention, the safe access device of intranet and extranet only has a road network network conducting---only Intranet system conducting; or only outer net system conducting; so just can realize isolation and the security protection of Intranet system and outer net system, can effectively protect the information security of Intranet system.
Described in the embodiment of the present invention, the safe access device installation and maintenance of intranet and extranet are simple, user oneself just can Operation and Maintenance, saved equipment budgets for operation, this loaded down with trivial details specialized disassembly and assembly process with physical isolation card is compared, maximized time and the cost saved.
Described in the embodiment of the present invention, the safe access device of intranet and extranet is compared with the scheme of two physical isolation computers, the combination of one station terminal computer and a patent terminal equipment, on the basis of the safe access device of intranet and extranet of only dropping into little cost, saved the cost of an expensive physical isolation terminal computer, the small and exquisite portable feature of the while safe access device of intranet and extranet, facilitate office, saved working space.
Therefore, embodiments of the invention are only unrestricted the present invention for the present invention is described, any those of ordinary skill in the art are not departing from the change of having done in protection scope of the present invention, within all should being encompassed in the scope of claim restriction of the present invention.

Claims (6)

1. the safe access device of intranet and extranet, is characterized in that, described equipment comprises:
Input end interface unit, either-or switch unit, the first power control switch, second source control switch, Intranet interface unit and outer net interface unit, the first control unit, the second control unit;
Described input end interface unit is directly or indirectly connected with computer equipment, by described either-or switch unit, is connected respectively with described the first control unit, the second control unit; Described the first control unit is connected with described Intranet interface unit, and described the second control unit is connected with described outer net interface unit; Described Intranet interface unit is connected with described the first power control switch, and described outer net interface unit is connected with described second source control switch;
When client is selected outer net pattern, described either-or switch one-cell switching the second control unit, controls described second source control switch and closes, for described the second control unit power supply, enter outer net system, and now control described the first power control switch disconnection, cut off and be connected with Intranet system; When client is selected Intranet pattern, described either-or switch one-cell switching the first control unit, controlling described the first power control switch closes, for described the first control unit power supply, enter Intranet system, and now control described second source control switch and disconnect, now cut off and be connected with outer net system.
2. the safe access device of intranet and extranet according to claim 1, is characterized in that, described equipment further comprises that 1 turns the interface unit of multichannel;
Described 1 interface unit that turns multichannel comprises a Upstream Interface being connected with computer equipment, and a plurality of downstream interface, and described input end interface unit is connected with a described downstream interface.
3. the safe access device of intranet and extranet according to claim 2, is characterized in that, described 1 interface unit that turns multichannel is 1 to turn 4USB Hub, or 1 turns 7USB Hub.
4. according to the arbitrary described safe access device of intranet and extranet of claims 1 to 3, it is characterized in that, described input end interface unit is USB interface, by usb bus, is directly or indirectly connected with computer equipment.
5. according to the arbitrary described safe access device of intranet and extranet of claims 1 to 3, it is characterized in that, described either-or switch unit is electromagnetic relay mechanical switch.
6. according to the arbitrary described safe access device of intranet and extranet of claims 1 to 3, it is characterized in that, Intranet interface unit and outer net interface unit are RJ45 interface.
CN201310521944.9A 2013-10-30 2013-10-30 Secure access equipment for intranet and extranet Pending CN103532977A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310521944.9A CN103532977A (en) 2013-10-30 2013-10-30 Secure access equipment for intranet and extranet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310521944.9A CN103532977A (en) 2013-10-30 2013-10-30 Secure access equipment for intranet and extranet

Publications (1)

Publication Number Publication Date
CN103532977A true CN103532977A (en) 2014-01-22

Family

ID=49934656

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310521944.9A Pending CN103532977A (en) 2013-10-30 2013-10-30 Secure access equipment for intranet and extranet

Country Status (1)

Country Link
CN (1) CN103532977A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103916391A (en) * 2014-03-28 2014-07-09 国网山西省电力公司信息通信分公司 Method and system for preventing illegal external connection
CN105991561A (en) * 2015-02-05 2016-10-05 联想(上海)信息技术有限公司 Implementation method and apparatus of dual-network isolation, and electronic equipment
CN107846401A (en) * 2017-10-26 2018-03-27 北京知道创宇信息技术有限公司 Anonymous equipment for surfing the net and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1281190A (en) * 2000-08-23 2001-01-24 深圳市宏网实业有限公司 Network security computer with single motherboard
CN101083669A (en) * 2007-07-10 2007-12-05 梁雁文 Computer network isolated system and its control and switch method
CN101924766A (en) * 2010-08-20 2010-12-22 河南省电力公司 Double-network communication method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1281190A (en) * 2000-08-23 2001-01-24 深圳市宏网实业有限公司 Network security computer with single motherboard
CN101083669A (en) * 2007-07-10 2007-12-05 梁雁文 Computer network isolated system and its control and switch method
CN101924766A (en) * 2010-08-20 2010-12-22 河南省电力公司 Double-network communication method

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103916391A (en) * 2014-03-28 2014-07-09 国网山西省电力公司信息通信分公司 Method and system for preventing illegal external connection
CN103916391B (en) * 2014-03-28 2018-07-13 国网山西省电力公司信息通信分公司 A kind of method and system preventing illegal external connection
CN105991561A (en) * 2015-02-05 2016-10-05 联想(上海)信息技术有限公司 Implementation method and apparatus of dual-network isolation, and electronic equipment
CN107846401A (en) * 2017-10-26 2018-03-27 北京知道创宇信息技术有限公司 Anonymous equipment for surfing the net and system
CN107846401B (en) * 2017-10-26 2020-04-07 北京知道创宇信息技术股份有限公司 Anonymous internet surfing device and system

Similar Documents

Publication Publication Date Title
CN103532978A (en) Secure access mode for intranet and extranet
CN103532980A (en) Secure access terminal for intranet and extranet
CN103546478A (en) Internal and external network secure access method and system
EP3710975B1 (en) Secure red-black air-gapped portable computer
CN203618020U (en) Internal and external network security access mode
CN203618018U (en) Internal and external network security access terminal
CN102346818B (en) Computer network environment isolation system implemented by using software
CN101901559B (en) Safety control method for USB (Universal Serial Bus) interface
CN202939611U (en) Internal and external network physical isolation computer host machine
US11425102B2 (en) Air gap system and method using out of band signaling
US7409563B2 (en) Method and apparatus for preventing un-authorized attachment of computer peripherals
CN103532977A (en) Secure access equipment for intranet and extranet
US20090165139A1 (en) Secure Computer System and Method
CN112367327B (en) Power secondary equipment debugging safety access communication device and method
KR101150797B1 (en) The Monitor whose Ubiquitous security is strengthened and operating in a row
CN203618019U (en) Internal and external network security access device
CN101924766A (en) Double-network communication method
CN2785015Y (en) Network safe system based on NC system
CN210629540U (en) Safety isolation control computer system
WO2015127831A1 (en) Anti-intrusion method and access device
CN202103700U (en) Double network isolation system
CN204859202U (en) Information security type intelligence house gateway
CN105589659B (en) Data processing system with multiple subsystems and method
CN101149769A (en) Device and method for limiting and managing computer information transmission
CN209086826U (en) A kind of processing equipment and system of data

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20140122