CN103546478A - Internal and external network secure access method and system - Google Patents
Internal and external network secure access method and system Download PDFInfo
- Publication number
- CN103546478A CN103546478A CN201310528337.5A CN201310528337A CN103546478A CN 103546478 A CN103546478 A CN 103546478A CN 201310528337 A CN201310528337 A CN 201310528337A CN 103546478 A CN103546478 A CN 103546478A
- Authority
- CN
- China
- Prior art keywords
- intranet
- extranet
- client
- pattern
- outer net
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The invention provides an internal and external network secure access method. The method includes the first step of entering an internal and external network selection interface and the second step of entering an external network system when a client-side selects an external network mode and cutting off the connection between the external network system and an internal network system, and entering the internal network system when the client-side selects an internal network mode and cutting off the connection between the internal network system and the external network system. The internal and external network secure access method and system are used for realizing the isolation and safety protection of the internal network system and the external network system, and can effectively protect the information safety of the internal network system.
Description
Technical field
The present invention relates to a kind of internet arena, particularly a kind of intranet and extranet safety access method and system.
Background technology
Along with developing rapidly of internet (Internet), each office and enterprises and institutions utilize the Internet to carry out the work becomes irreversible trend.In recent years, the carrying out of " enterprise online " and government accessing Internet project, the particularly construction of " E-Government " system, the existing a large amount of computer of constituent parts and all departments is connected into internet by variety of way.But because internet is the network system of an opening, the computer of any networking all may suffer hacker's attack, in this computer, canned data has possibility stolen or that be tampered.Internet is also the main path of Computer Virus Spread in addition.At present, common security precautions technology, as software cryptography, fire compartment wall etc., its core technology all rests in foreign corporation's hand, can not reach the relevant security stipulation of country.Therefore, National Administration for the Protection of State Secrets is used the Internet to provide as follows to national confidential departments: " computer information system that relates to state secret, must not be direct or indirect be connected with Internet or other public information networks, must carry out " physical isolation ".So-called " physical isolation " just really protected if refer to that enterprises lan does not exist at any time with the network security of the Internet direct physical connection ,Ze enterprise.
Although existing, guarantee that safe method is a lot, as: fire compartment wall multiple filtration, passage are controlled, invasion and attack are reported to the police etc., but because these technology are all a kind of control methods based on software, exist and handled the possibility of controlling, can not guarantee absolute safety, therefore, need to guarantee by " physical isolation " the real safety of the confidential departments such as army, government, finance, media.
In informatization in a government office, ' country has proposed the concept in construction " three net one storehouses ".Wherein " three nets " refers to Intranet (internal office work net), outer net (network being connected with internet) and private network (for the computer network of the special-purposes such as the superior and the subordinate unit's networking).Between internal, external network, require to carry out row physical isolation, to guarantee being perfectly safe of classified information.
In the face of this specific demand of national confidential departments to network security, some producers release the products such as physical isolation terminal computer and physical isolation card one after another at present.
1. two physical isolation terminal computers access respectively intranet and extranet as the most direct intranet and extranet isolation way of realization, fail safe is the strongest, but it needs two station terminal computers, this has increased the input of hardware cost undoubtedly, also cost increase of the maintenance of terminal computer and configuration expense simultaneously, two station terminal computers take up room and have tightened especially greatly user's working space, and user needs artificial differentiation intranet and extranet terminal computer in use at every turn, uses inconvenient.
2. physical isolation card is on a computer, to increase a hard disk, by controlling hard disk and switching netting twine, only a corresponding network is effective in the environment of intranet and extranet, to make a hard disk, on its network physical line, be completely separated and do not have common memory information, thereby realize unit real physical isolation between two networks.Physical isolation card is physically-isolated rudimentary way of realization, and physical isolation card can only Guan Yitai personal computer, need to be configured every computer, and each switching all needs switching on and shutting down once, uses very inconvenience.The hardware platform management of two hard disks is very loaded down with trivial details, also can make setting up with maintenance cost of whole network significantly raise.In addition, with the network of isolation card design, to there is the duplicate network of two covers (double line, the double network equipment), on every machine, want two network interface cards, two hard disks.Not only installation and maintenance are extremely inconvenient, and maintenance cost is also high, and the expense of upgrading and expansion is multiplied more.
No matter be that two station terminal computers are realized physical isolation, still use physical isolation card, this series products scheme has following shortcoming:
Computer has single mainboard, two independent hard disks, two of the connection intranet and extranet that provide on two slots network ports independently, instant handoff functionality after starting by intranet and extranet built-in in Bios, two kinds of different operating states are provided, can connect respectively internal office work net and external the Internet.
The all desktop computers of online that need of enterprise are changed or upgraded to " physical isolation " computer, and every of computer cost increases by 20% left and right.
Enterprises comprehensive wiring will be set up inside and outside dual net physical framework, and switching equipment also will provide inside and outside double, and intranet data is stored in local disk, and data are dangerous.
Network security is achieved, but that engineering cost in implementation process, cost of equipment drop into is higher, and technological service amount is larger, and system maintenance is loaded down with trivial details.
Summary of the invention
The invention provides a kind of intranet and extranet safety access method and system, for realizing isolation and the security protection of Intranet system and outer net system, can effectively protect the information security of Intranet system.
For addressing the above problem, the invention provides a kind of intranet and extranet safety access method, described method comprises:
1) enter intranet and extranet and select interface;
2) when client is selected outer net pattern, enter outer net system, and now cut off and be connected with Intranet system; When client is selected Intranet pattern, enter Intranet pattern, and now cut off and be connected with outer net system.
Preferably, described step 1) be specially: after FTP client FTP powers on, directly enter the intranet and extranet selection interface in conjunction with the virtual desktop of cloud application.
When preferably, described step 2), client enters Intranet pattern, guiding scheduled operation system, to local host internal memory, is moved described scheduled operation system in described internal memory, and intranet data is directly lost when power-off or suspension.
Preferably, described client enter operation after Intranet pattern all computer center beyond the clouds complete, and the result that stops described computer center to complete downloads to client.
When client is selected Intranet pattern preferably, described step 2), also comprise the step of authentication;
The step of described authentication specifically comprises:
Described scheduled operation system is sent to client by the command code of encryption, after client decryption command code, the control switch that terminal authentication and/or user are authenticated is opened, for the power supply of Intranet network card chip, carry out authorization terminal whether checking, after terminal authentication is correct, carry out authentication and log in, enter Intranet pattern.
Preferably, described step 1), also comprise:
11) when entering intranet and extranet selection interface, start timing; When user does not make a choice while entering Intranet or outer net pattern in the given time, directly enter outer net pattern, and now cut off and be connected with Intranet system.
When client is selected outer net pattern preferably, described step 2), also comprise the step of monitoring;
The step of described monitoring specifically comprises:
Monitor when there is illegal access to netwoks, directly close circuit network.
Preferably, described pass circuit network simultaneously or afterwards, by alarm or the illegal operation of warning picture prompting client.
The present invention also provides a kind of intranet and extranet safety access system, and described system comprises:
Intranet and extranet are selected interface generation unit, for generating intranet and extranet, select interface, and make client computer system enter described intranet and extranet selection interface;
Intranet and extranet selected cell, when client selects interface to select outer net pattern according to described intranet and extranet, enters outer net system, and now cuts off and be connected with Intranet system; When client selects interface to select Intranet pattern according to described intranet and extranet, enter Intranet pattern, and now cut off and be connected with outer net system.
Preferably, described intranet and extranet select interface to be specially the intranet and extranet selection interface in conjunction with the virtual desktop of cloud application.
Preferably, described system also comprises scheduled operation system running unit, and when described client enters Intranet pattern, guiding scheduled operation system is to local host internal memory, in described internal memory, move described scheduled operation system, and intranet data is directly lost when power-off or suspension.
Preferably, described client enter operation after Intranet pattern all computer center beyond the clouds complete, and the result that stops described computer center to complete downloads to client.
Preferably, described system also comprises authenticating unit, for the command code of encryption being sent to client in described scheduled operation system, after client decryption command code, the control switch that terminal authentication and/or user are authenticated is opened, and for the power supply of Intranet network card chip, carries out authorization terminal whether checking, after terminal authentication is correct, carry out authentication and log in, enter Intranet pattern.
Preferably, described system also comprises timing unit, while selecting interface for enter intranet and extranet in client, starts timing; When user does not make a choice while entering Intranet or outer net pattern in the given time, directly enter outer net pattern, and now cut off and be connected with Intranet system.
Preferably, described system also comprises monitoring unit, for monitoring whether there is illegal access to netwoks, when there is illegal access to netwoks, directly closes circuit network.
Preferably, described system also comprises alarm unit, for when closing circuit network when there is illegal access to netwoks or afterwards, by alarm or the illegal operation of warning picture prompting client.
Compared with prior art, intranet and extranet safety access method described in the embodiment of the present invention, when client is selected outer net pattern, enters outer net system, and now cuts off and be connected with Intranet system; When client is selected Intranet pattern, enter Intranet pattern, and now cut off and be connected with outer net system.So just can realize isolation and the security protection of Intranet system and outer net system, can effectively protect the information security of Intranet system.
Accompanying drawing explanation
Fig. 1 is intranet and extranet safety access method flow chart described in the specific embodiment of the invention;
Fig. 2 is intranet and extranet safety access system structure chart described in the specific embodiment of the invention.
Embodiment
The invention provides a kind of intranet and extranet safety access method and system, for realizing isolation and the security protection of Intranet system and outer net system, can effectively protect the information security of Intranet system.
Please refer to shown in Fig. 1, this figure is intranet and extranet safety access method flow chart described in the specific embodiment of the invention.
Intranet and extranet safety access method described in the specific embodiment of the invention, comprising:
S100, enter intranet and extranet and select interface;
Described step S100 is specifically as follows: after FTP client FTP powers on, directly enter the intranet and extranet selection interface in conjunction with the virtual desktop of cloud application.
In client, for example show on the display of notebook and select operation system interface, user can select by keyboard the system of startup Intranet dedicated system or local hard drive.
After described step S100, can also comprise:
When entering intranet and extranet selection interface, start timing; When user does not make a choice while entering Intranet or outer net pattern in the given time, directly enter outer net pattern, and now cut off and be connected with Intranet system.
The described scheduled time can be set according to user's needs, is specifically as follows 10 seconds, 20 seconds or 30 seconds etc.
When user presses client computer (also claiming terminal computer) power key, now computer CPU completes the initialization of whole system.
It is that intranet and extranet select interface to start that system the first startup item is set in terminal computer BIOS, terminal computer just can guidance system start intranet and extranet selection interface GRUB program, terminal computer display screen presents intranet and extranet and selects interface, gives tacit consent to the outer net system startup scheduled time (for example 20 seconds) countdown simultaneously and starts.
S200, when client is selected outer net pattern, enter outer net system, and now cut off and be connected with Intranet system; When client is selected Intranet pattern, enter Intranet pattern, and now cut off and be connected with outer net system.
When described in described step S200, client enters Intranet pattern, guiding scheduled operation system, to local host internal memory, is moved described scheduled operation system in described internal memory, and intranet data is directly lost when power-off or suspension.
Described scheduled operation system can be based on linux system, for security of system, requires kernel to be equipped with.
Scheduled operation system is mainly to forbid client (this locality) network equipment (as Ethernet, wireless network card, bluetooth etc.), forbids client (this locality) memory device (hard disk, CD etc.).
The computer center that described client enters under the operation preferable case after Intranet pattern all beyond the clouds completes, and in order to guarantee data security, the result that described scheduled operation system can stop described computer center to complete downloads to client.
Intranet and extranet safety access method described in the embodiment of the present invention, when client is selected outer net pattern, enters outer net system, and now cuts off and be connected with Intranet system; When client is selected Intranet pattern, enter Intranet pattern, and now cut off and be connected with outer net system.So just can realize isolation and the security protection of Intranet system and outer net system, can effectively protect the information security of Intranet system.
Intranet and extranet safety access method described in the embodiment of the present invention, in order to guarantee fail safe, when client described in described step S200 is selected Intranet pattern, can also comprise the step of authentication;
The step of described authentication specifically comprises:
Described scheduled operation system is sent to client by the command code of encryption, after client decryption command code, the control switch that terminal authentication and/or user are authenticated is opened, for the power supply of Intranet network card chip, carry out authorization terminal whether checking, after terminal authentication is correct, carry out authentication and log in, enter Intranet pattern.
For the ease of those skilled in the art's understanding, the process that intranet and extranet safety access method of the present invention is entered to Intranet system below in conjunction with concrete design details is described in detail:
When user has selected Intranet system, like this, terminal computer starts to guide Intranet operating system, specifically for example Intranet uClinux operating system code can be copied to, after client (notebook) internal memory, starts to start the operating system.When there is authentication interface, operating system can be passed through HID USB interface, the command code of encryption is sent to CPU, the control switch that terminal authentication and/or user is authenticated to USB-KEY after CPU decryption command is opened, can be specifically that Intranet is powered Intranet network card chip simultaneously by relay switch USB network, carry out authorization terminal whether checking, after terminal authentication is correct, can select username and password, also can select No. ID, USER-KEY and password to carry out authentication logs in, if there is netting twine disconnection under Intranet pattern, or user USB-KEY disconnects phenomenon, all the step that need to re-start authentication can be set.
Intranet and extranet safety access method described in the embodiment of the present invention, in order to guarantee fail safe, when client described in described step S200 is selected outer net pattern, also comprises the step of monitoring;
The step of described monitoring specifically comprises: monitor when there is illegal access to netwoks, directly close circuit network.
Described pass circuit network simultaneously or afterwards, can, by the alarms such as buzzer or the illegal operation of warning picture prompting client, can greatly guarantee the safety of whole network like this.
For the ease of those skilled in the art's understanding, the process that intranet and extranet safety access method of the present invention is entered to outer net system below in conjunction with concrete design details is described in detail:
After user has selected outer net system or the acquiescence scheduled time for example to arrive between countdown in 20 seconds, terminal computer starts guiding outer net operating system, after os starting, specifically can pass through HID USB interface, the command code of encryption is sent to CPU, after CPU decryption command, terminal authentication USB-KEY and USBHub are disconnected, user authenticates USB-KEY and is connected with USB Hub, relay USB network is switched to outer net outer net network card chip power supply simultaneously, system startup is connected on USB Hub, after outer net system starts, system starts monitoring self-starting software and starts to carry out.Monitoring self-starting software can be stored in storage Flash.Because terminal authentication USB-KEY and USB Hub, in disconnecting state, even if therefore access Intranet under outer net system, owing to cannot carrying out terminal authentication, cannot access Intranet at all, therefore guaranteed the safety of Intranet.
The function of step S200 mainly realizes by security terminal, between client and described security terminal, by predetermined protocol, realizes communication, and this agreement mainly completes the security control of client and security terminal, prevents that malice from obtaining intranet data.This agreement can be based on H I D agreement.
Main communication details can adopt following design:
The report descriptor input and output of this agreement can all be set to 8 bytes.Content can be self-defined as required.
The form of data: the 0th to the 3rd byte can be number of seconds (random number), and 4 to 7 bytes can be concrete control command.
The 4th control command to the 7th byte wherein, is defined as follows:
First use the lowest order of the 4th byte, " 0 " represents to close Intranet system, opens outer net system; " 1 " represents to close outer net system, opens Intranet system.
Other positions retain.
Whole 8 byte numbers can be used D E S to be encrypted.
Security terminal specifically can comprise one the one intranet and extranet safety means that enter two interface shapes that go out, " one enters " is that security terminal input port can be USB interface, " two go out " is that the output port of security terminal can be two RJ45 (interior network interface, an outer network interface), it is terminal computer that the input port of intranet and extranet safety means can be connected in client by USB line, the output of intranet and extranet safety means connects respectively Inside and outside network netting twine, intranet and extranet safety means just can not need external power supply like this, employing low-power consumption power supply, power-off or from PC end pulls out data just lose, prevented from greatly stealing storage.And installation process is simple to operate and easily capable, only need on intranet and extranet safety means, patch 1 data lines and 2 grid lines.
Security terminal can be to design based on USB equipment complex (compund) structure, and hardware can comprise according to USB function: 1 USB Hub, the system that turns multichannel starts storage USB Mass Storage Flash (USB flash disk), terminal authentication USB-Key, user authenticates USB-Key, 1 road USB and turns two-way Eth (Inside and outside network), limit switch control and HID equipment.
The 1 upstream USB port (interface of main frame and USB Hub) that turns multichannel USB Hub is one, be connected with terminal computer USB port, feature based on USB device plug and play, security terminal avoided the numerous and diverse drawback of physical isolation card installation steps effectively, given full play to the feature that operating procedure is simple and easy to use.1 turns multichannel USB Hub downstream USB port (interface of equipment and USB Hub) for a plurality of, can connect all kinds of USB device.
System starts storage USB (Mass Storage Flash, USB flash disk) and is directly connected in USB Hub downstream USB port, and system starts and the Intranet operating system program system that all can be stored in starts in storage USB.
Terminal authentication USB-Key is connected in USB Hub downstream USB port by control switch, and the open function of closing of control switch is controlled by CPU.
User authenticates USB-Key and is connected in USB Hub downstream USB port by control switch, and the open function of closing of control switch is controlled by CPU.
Intranet and extranet safety means can be the two-way outputs that two-way USB turns the USB end connection either-or switch of Eth equipment, the input of either-or switch is connected in the downstream USB port of USB Hub, the switching controls of either-or switch comes gating one road USB to turn Eth equipment access USB Hub by CPU, so just can realize the physical isolation of Inside and outside network.
The gating end of the control switch of each road USB device is all connected in CPU, CPU can be integrated USB Slave peripheral hardware, by USB Slave, be modeled to HID equipment, the USB end of HID equipment is connected in USB Hub, CPU receives network switching command by HID equipment, after CPU resolve command, be used for controlling USB device and when access USB Hub.
Security terminal adopts bus-powered, do not need external power source to supply with, realized low-power consumption, user's USB port can also be carried out current limliting design simultaneously, authentication USB-Key operating current is only provided, prevent outside hard disk storage devices connecting system, thereby guaranteed the safety of Intranet server resource under cloud application.
Under Intranet system pattern, can adopt the double authentication of terminal identity and user identity, suspension needs the mechanism of the authentication that again authenticates, has guaranteed greatly the safety of Intranet grid state.
If network server in access under outer net system pattern, the USB of intranet and extranet safety means turns Eth chip MAC-to-MAC function provides RMII interface connection CPU to monitor, constantly monitor the interior network server behavior of unauthorized access of outer net grid, prevented that user from substituting the action of inside and outside netting twine for another surreptitiously, by the illegal operation of buzzer warning reminding user.
Intranet and extranet safety means of the present invention specifically can adopt electromagnetic relay mechanical switch to make internal-external network physical isolation, be different from the Network Isolation mode of physical isolation card, by switching two-way USB, turn Eth and select wherein the road computer that accesses terminal, by terminal computer fuselage physical network port and USB port forbidding, thereby ensured the feasibility of patent terminal network port.
Referring to Fig. 2, this figure is intranet and extranet safety access system structure chart described in the specific embodiment of the invention.
Intranet and extranet safety access system described in the specific embodiment of the invention, described system comprises: intranet and extranet are selected interface generation unit 1 and intranet and extranet selected cell 2.
Intranet and extranet are selected interface generation unit 1, for generating intranet and extranet, select interface, and make client computer system enter described intranet and extranet selection interface;
Described intranet and extranet select interface to be specially the intranet and extranet selection interface in conjunction with the virtual desktop of cloud application.
In client, for example show on the display of notebook and select operation system interface, user can select by keyboard the system of startup Intranet dedicated system or local hard drive.
Described system can also comprise timing unit, while selecting interface for enter intranet and extranet in client, starts timing; When user does not make a choice while entering Intranet or outer net pattern in the given time, directly enter outer net pattern, and now cut off and be connected with Intranet system.
The described scheduled time can be set according to user's needs, is specifically as follows 10 seconds, 20 seconds or 30 seconds etc.
When user presses client computer (also claiming terminal computer) power key, now computer CPU completes the initialization of whole system.
It is that intranet and extranet select interface to start that system the first startup item is set in terminal computer BIOS, terminal computer just can guidance system start intranet and extranet selection interface GRUB program, terminal computer display screen presents intranet and extranet and selects interface, gives tacit consent to the outer net system startup scheduled time (for example 20 seconds) countdown simultaneously and starts.
Intranet and extranet selected cell 2, when client selects interface to select outer net pattern according to described intranet and extranet, enters outer net system, and now cuts off and be connected with Intranet system; When client selects interface to select Intranet pattern according to described intranet and extranet, enter Intranet pattern, and now cut off and be connected with outer net system.
Described system can also comprise scheduled operation system running unit, when described client enters Intranet pattern, guiding scheduled operation system, to local host internal memory, is moved described scheduled operation system in described internal memory, and intranet data is directly lost when power-off or suspension.
Described scheduled operation system can be based on linux system, for security of system, requires kernel to be equipped with.
Scheduled operation system is mainly to forbid client (this locality) network equipment (as Ethernet, wireless network card, bluetooth etc.), forbids client (this locality) memory device (hard disk, CD etc.).
The computer center that described client enters under the operation preferable case after Intranet pattern all beyond the clouds completes, and in order to guarantee data security, the result that described scheduled operation system can stop described computer center to complete downloads to client.
Intranet and extranet safety access system described in the embodiment of the present invention, when intranet and extranet selected cell 2 enters outer net system, and now cuts off and is connected with Intranet system; When intranet and extranet selected cell 2 enters Intranet pattern, and now cut off and be connected with outer net system.So just can realize isolation and the security protection of Intranet system and outer net system, can effectively protect the information security of Intranet system.
Intranet and extranet safety access system described in the embodiment of the present invention, in order to guarantee fail safe, described system also comprises authenticating unit, for the command code of encryption being sent to client in described scheduled operation system, after client decryption command code, the control switch that terminal authentication and/or user are authenticated is opened, for the power supply of Intranet network card chip, carry out authorization terminal whether checking, after terminal authentication is correct, carry out authentication and log in, enter Intranet pattern.
When user has selected Intranet system, like this, terminal computer starts to guide Intranet operating system, specifically for example Intranet uClinux operating system code can be copied to, after client (notebook) internal memory, starts to start the operating system.When there is authentication interface, operating system can be passed through HID USB interface, the command code of encryption is sent to CPU, the control switch that terminal authentication and/or user is authenticated to USB-KEY after CPU decryption command is opened, can be specifically that Intranet is powered Intranet network card chip simultaneously by relay switch USB network, carry out authorization terminal whether checking, after terminal authentication is correct, can select username and password, also can select No. ID, USER-KEY and password to carry out authentication logs in, if there is netting twine disconnection under Intranet pattern, or user USB-KEY disconnects phenomenon, all the step that need to re-start authentication can be set.
Intranet and extranet safety access system described in the embodiment of the present invention, in order to guarantee fail safe, described system can also comprise monitoring unit, for monitoring whether there is illegal access to netwoks, when there is illegal access to netwoks, directly closes circuit network.
Described system specifically can also comprise alarm unit, for when closing circuit network when there is illegal access to netwoks or afterwards, by the alarms such as buzzer or the illegal operation of warning picture prompting client.
System of the present invention can adopt any mode described in method above, specifically no longer describes in detail.
Therefore, embodiments of the invention are only unrestricted the present invention for the present invention is described, any those of ordinary skill in the art are not departing from the change of having done in protection scope of the present invention, within all should being encompassed in the scope of claim restriction of the present invention.
Claims (16)
1. an intranet and extranet safety access method, is characterized in that, described method comprises:
1) enter intranet and extranet and select interface;
2) when client is selected outer net pattern, enter outer net system, and now cut off and be connected with Intranet system; When client is selected Intranet pattern, enter Intranet pattern, and now cut off and be connected with outer net system.
2. intranet and extranet safety access method according to claim 1, is characterized in that, described step 1) be specially: after FTP client FTP powers on, directly enter the intranet and extranet selection interface in conjunction with the virtual desktop of cloud application.
3. intranet and extranet safety access method according to claim 1, it is characterized in that, when described step 2), client enters Intranet pattern, guiding scheduled operation system is to local host internal memory, in described internal memory, move described scheduled operation system, and intranet data is directly lost when power-off or suspension.
4. intranet and extranet safety access method according to claim 3, is characterized in that, described client enter operation after Intranet pattern all computer center beyond the clouds complete, and the result that stops described computer center to complete downloads to client.
5. intranet and extranet safety access method according to claim 3, is characterized in that, described step 2) described in client while selecting Intranet pattern, also comprise the step of authentication;
The step of described authentication specifically comprises:
Described scheduled operation system is sent to client by the command code of encryption, after client decryption command code, the control switch that terminal authentication and/or user are authenticated is opened, for the power supply of Intranet network card chip, carry out authorization terminal whether checking, after terminal authentication is correct, carry out authentication and log in, enter Intranet pattern.
6. intranet and extranet safety access method according to claim 1, is characterized in that, described step 1) after also comprise:
11) when entering intranet and extranet selection interface, start timing; When user does not make a choice while entering Intranet or outer net pattern in the given time, directly enter outer net pattern, and now cut off and be connected with Intranet system.
7. intranet and extranet safety access method according to claim 1, is characterized in that, described step 2) described in client while selecting outer net pattern, also comprise the step of monitoring;
The step of described monitoring specifically comprises:
Monitor when there is illegal access to netwoks, directly close circuit network.
8. intranet and extranet safety access method according to claim 7, is characterized in that, described pass circuit network simultaneously or afterwards, by alarm or the illegal operation of warning picture prompting client.
9. an intranet and extranet safety access system, is characterized in that, described system comprises:
Intranet and extranet are selected interface generation unit, for generating intranet and extranet, select interface, and make client computer system enter described intranet and extranet selection interface;
Intranet and extranet selected cell, when client selects interface to select outer net pattern according to described intranet and extranet, enters outer net system, and now cuts off and be connected with Intranet system; When client selects interface to select Intranet pattern according to described intranet and extranet, enter Intranet pattern, and now cut off and be connected with outer net system.
10. intranet and extranet safety access system according to claim 1, is characterized in that, described intranet and extranet select interface to be specially the intranet and extranet selection interface in conjunction with the virtual desktop of cloud application.
11. intranet and extranet safety access systems according to claim 9, it is characterized in that, described system also comprises scheduled operation system running unit, when described client enters Intranet pattern, guiding scheduled operation system is to local host internal memory, in described internal memory, move described scheduled operation system, and intranet data is directly lost when power-off or suspension.
12. intranet and extranet safety access systems according to claim 10, is characterized in that, described client enter operation after Intranet pattern all computer center beyond the clouds complete, and the result that stops described computer center to complete downloads to client.
13. intranet and extranet safety access systems according to claim 11, it is characterized in that, described system also comprises authenticating unit, for the command code of encryption being sent to client in described scheduled operation system, after client decryption command code, the control switch that terminal authentication and/or user are authenticated is opened, for the power supply of Intranet network card chip, carry out authorization terminal whether checking, after terminal authentication is correct, carry out authentication and log in, enter Intranet pattern.
14. intranet and extranet safety access systems according to claim 9, is characterized in that, described system also comprises timing unit, while selecting interface for enter intranet and extranet in client, start timing; When user does not make a choice while entering Intranet or outer net pattern in the given time, directly enter outer net pattern, and now cut off and be connected with Intranet system.
15. intranet and extranet safety access methods according to claim 9, is characterized in that, described system also comprises monitoring unit, for monitoring whether there is illegal access to netwoks, when there is illegal access to netwoks, directly close circuit network.
16. intranet and extranet safety access methods according to claim 15, it is characterized in that, described system also comprises alarm unit, for when closing circuit network when there is illegal access to netwoks or afterwards, by alarm or the illegal operation of warning picture prompting client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310528337.5A CN103546478A (en) | 2013-10-30 | 2013-10-30 | Internal and external network secure access method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310528337.5A CN103546478A (en) | 2013-10-30 | 2013-10-30 | Internal and external network secure access method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103546478A true CN103546478A (en) | 2014-01-29 |
Family
ID=49969525
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310528337.5A Pending CN103546478A (en) | 2013-10-30 | 2013-10-30 | Internal and external network secure access method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103546478A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106656982A (en) * | 2016-10-21 | 2017-05-10 | 国网黑龙江省电力有限公司信息通信公司 | Authentication module and method for double-computer switching device |
| CN106657000A (en) * | 2016-11-10 | 2017-05-10 | 深圳惠众联合科技有限责任公司 | WLAN internal and external network access framework |
| CN107294959A (en) * | 2017-06-06 | 2017-10-24 | 国家电网公司 | The method of inside and outside Network Communication, apparatus and system |
| CN108306758A (en) * | 2017-12-26 | 2018-07-20 | 三维通信股份有限公司 | A kind of implementation method that indoor distributed antenna system intranet and extranet access |
| CN109587127A (en) * | 2018-11-26 | 2019-04-05 | 南京博岛自动化科技有限公司 | The shared system and method for data information |
| CN111083104A (en) * | 2019-10-31 | 2020-04-28 | 中国船舶重工集团公司第七0九研究所 | Method and system for realizing simultaneous access of host to internal and external networks |
| CN111510304A (en) * | 2020-04-20 | 2020-08-07 | 中国人民解放军陆军勤务学院 | Information transmission method, information management method, system, device and electronic equipment |
| CN111581621A (en) * | 2020-05-07 | 2020-08-25 | 中芯集成电路(宁波)有限公司 | Data security processing method, device, system and storage medium |
| CN112448957A (en) * | 2020-11-27 | 2021-03-05 | 成都新希望金融信息有限公司 | Network isolation method, device, system, server and readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6182142B1 (en) * | 1998-07-10 | 2001-01-30 | Encommerce, Inc. | Distributed access management of information resources |
| CN101321061A (en) * | 2007-06-04 | 2008-12-10 | 北京北大众志微系统科技有限责任公司 | Dual-network isolation switching mechanism and method for network computer |
| CN101977179A (en) * | 2010-08-20 | 2011-02-16 | 河南省电力公司 | Dual-network dual-system computer communication method |
| CN102867158A (en) * | 2011-07-07 | 2013-01-09 | 联想(北京)有限公司 | Memory switching method, memory switching device and terminal with dual systems |
-
2013
- 2013-10-30 CN CN201310528337.5A patent/CN103546478A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6182142B1 (en) * | 1998-07-10 | 2001-01-30 | Encommerce, Inc. | Distributed access management of information resources |
| CN101321061A (en) * | 2007-06-04 | 2008-12-10 | 北京北大众志微系统科技有限责任公司 | Dual-network isolation switching mechanism and method for network computer |
| CN101977179A (en) * | 2010-08-20 | 2011-02-16 | 河南省电力公司 | Dual-network dual-system computer communication method |
| CN102867158A (en) * | 2011-07-07 | 2013-01-09 | 联想(北京)有限公司 | Memory switching method, memory switching device and terminal with dual systems |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106656982A (en) * | 2016-10-21 | 2017-05-10 | 国网黑龙江省电力有限公司信息通信公司 | Authentication module and method for double-computer switching device |
| CN106657000A (en) * | 2016-11-10 | 2017-05-10 | 深圳惠众联合科技有限责任公司 | WLAN internal and external network access framework |
| CN107294959A (en) * | 2017-06-06 | 2017-10-24 | 国家电网公司 | The method of inside and outside Network Communication, apparatus and system |
| CN107294959B (en) * | 2017-06-06 | 2021-05-14 | 国家电网公司 | Intranet and extranet communication method, device and system |
| CN108306758B (en) * | 2017-12-26 | 2020-10-13 | 三维通信股份有限公司 | Method for realizing access to internal network and external network of indoor distributed antenna system |
| CN108306758A (en) * | 2017-12-26 | 2018-07-20 | 三维通信股份有限公司 | A kind of implementation method that indoor distributed antenna system intranet and extranet access |
| CN109587127A (en) * | 2018-11-26 | 2019-04-05 | 南京博岛自动化科技有限公司 | The shared system and method for data information |
| CN111083104A (en) * | 2019-10-31 | 2020-04-28 | 中国船舶重工集团公司第七0九研究所 | Method and system for realizing simultaneous access of host to internal and external networks |
| CN111510304A (en) * | 2020-04-20 | 2020-08-07 | 中国人民解放军陆军勤务学院 | Information transmission method, information management method, system, device and electronic equipment |
| CN111510304B (en) * | 2020-04-20 | 2023-06-20 | 中国人民解放军陆军勤务学院 | Information transmission and information management method, system and device and electronic equipment |
| CN111581621A (en) * | 2020-05-07 | 2020-08-25 | 中芯集成电路(宁波)有限公司 | Data security processing method, device, system and storage medium |
| CN112448957A (en) * | 2020-11-27 | 2021-03-05 | 成都新希望金融信息有限公司 | Network isolation method, device, system, server and readable storage medium |
| CN112448957B (en) * | 2020-11-27 | 2023-04-25 | 成都新希望金融信息有限公司 | Network isolation method, device, system, server side and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103546478A (en) | Internal and external network secure access method and system | |
| CN103532978A (en) | Secure access mode for intranet and extranet | |
| CN103532980A (en) | Secure access terminal for intranet and extranet | |
| CA2799932C (en) | Computer motherboard having peripheral security functions | |
| EP2629234B1 (en) | Security-enhanced computer systems and methods | |
| EP3605475A1 (en) | Secure communication method based on smart door lock system and smart door lock system thereof | |
| EP2348451B1 (en) | Methods and apparatus for restoration of an anti-theft platform | |
| EP2624081B1 (en) | Configuration method, configuration device, computer program product and control system | |
| CN111742315B (en) | Safe red-black air gap portable computer | |
| CN107888609A (en) | A kind of information security of computer network system | |
| CN107563213B (en) | Safety secrecy control device for preventing data extraction of storage equipment | |
| CN203618020U (en) | Internal and external network security access mode | |
| CN202694329U (en) | Wireless storage equipment | |
| CN103002445A (en) | Safe mobile electronic equipment for providing application services | |
| CN101441601B (en) | Ciphering transmission method of hard disk ATA instruction and system | |
| CN107924365B (en) | Anti-hacker computer design | |
| CN203618018U (en) | Internal and external network security access terminal | |
| CN104320389A (en) | Fusion identify protection system and fusion identify protection method based on cloud computing | |
| US20090282265A1 (en) | Method and apparatus for preventing access to encrypted data in a node | |
| EP3494482B1 (en) | Systems and methods for storing administrator secrets in management controller-owned cryptoprocessor | |
| CN104680055A (en) | Control method for performing management on U disk after access into industrial control system network | |
| JP2023550960A (en) | Ransomware mitigation system and methods to mitigate ransomware attacks | |
| CN103051963A (en) | Safety control method of digital television terminal equipment | |
| CN103532977A (en) | Secure access equipment for intranet and extranet | |
| Varadharajan et al. | Techniques for Enhancing Security in Industrial Control Systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140129 |
|
| WD01 | Invention patent application deemed withdrawn after publication |