CN106506540A - A kind of intranet data transmission method of attack resistance and system - Google Patents

A kind of intranet data transmission method of attack resistance and system Download PDF

Info

Publication number
CN106506540A
CN106506540A CN201611163025.9A CN201611163025A CN106506540A CN 106506540 A CN106506540 A CN 106506540A CN 201611163025 A CN201611163025 A CN 201611163025A CN 106506540 A CN106506540 A CN 106506540A
Authority
CN
China
Prior art keywords
intranet
gateway
outer net
data
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611163025.9A
Other languages
Chinese (zh)
Inventor
范希骏
张玉国
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Sansec Technology Development Co Ltd
Original Assignee
Beijing Sansec Technology Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Sansec Technology Development Co Ltd filed Critical Beijing Sansec Technology Development Co Ltd
Priority to CN201611163025.9A priority Critical patent/CN106506540A/en
Publication of CN106506540A publication Critical patent/CN106506540A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels

Abstract

The present invention relates to a kind of intranet data transmission method of attack resistance and system, are related to the information communications field.Solve the problems, such as the safety in the presence of existing information transmitting procedure and practicality.Methods described includes:Local Intranet gateway is encrypted to the intranet data in local internal lan;Intranet data after by encryption is sent to local outer net gateway by dedicated channel, and local outer net gateway sends encryption data to outer net;Long-range outer net gateway obtains encryption data from outer net, issues long-range Intranet gateway by dedicated channel after checking to the encryption data;The intranet data that long-range Intranet gateway is obtained in local internal lan after being decrypted to encryption data.Data are transmitted by way of outer net is transferred between the internal lan of zones of different by the present invention, simultaneously transmission information is encrypted, both Information Security had been improve, and the benefit that can be brought using outer net again, anti-attack ability substantially exceed traditional virtual private network system.

Description

A kind of intranet data transmission method of attack resistance and system
Technical field
The present invention relates to the information communications field.
Background technology
With the relation of developing rapidly for the Internet and information technology, network and people's life more and more closer, a lot of living Move and be also transferred to carry out on the Internet (or Internet of Things, Metropolitan Area Network (MAN) and other wide area networks), such as shopping online, the Internet bank, electricity Sub- commercial affairs, E-Government etc..Simultaneously as the opening of the Internet itself, also faces a lot of safety problems.
Among these, some activities are related to the information of particular importance.Such as E-Government, information therein may Have influence on national economy.Financial sector, can be related to a huge sum of money for another example.
For this kind of activity, a kind of solution is physical isolation, and information is stored in Intranet, and Intranet and outer net be from Physically disconnect, without communication channel, naturally also avoid to attack.But, although do so can improve the peace of information Whole degree, but the cost that pays is the various benefits that cannot utilize the Internet (or other wide area networks) and modern information technologies.
Content of the invention
The present invention proposes a kind of intranet data transmission method of attack resistance and system, it is therefore intended that solves existing information and passes The problem of existing safety and practicality during defeated.
The technical scheme that the present invention solves above-mentioned technical problem is as follows:A kind of intranet data transmission method of attack resistance, institute The method of stating includes:
Local Intranet gateway is encrypted to the intranet data in local internal lan;
Intranet data after by encryption is sent to local outer net gateway by dedicated channel, and local outer net gateway will encrypt number According to transmission to outer net;
Long-range outer net gateway obtains encryption data from outer net, is sent out by dedicated channel after checking to the encryption data Give long-range Intranet gateway;
The intranet data that long-range Intranet gateway is obtained in local internal lan after being decrypted to encryption data.
The invention has the beneficial effects as follows:Transmission method of the present invention can by data by way of outer net is transferred Be transmitted between the internal lan of zones of different, during information transfer being carried out between outer net and LAN, pass through The mode of dedicated channel switching makes to produce between outer net and LAN isolates, and is totally different from traditional Intranet and directly connects with outer net The mode for connecing, attack tolerant are greatly enhanced, while the outer net gateway corresponding with long-range internal lan can be carried out to data Check, filter out illegal packet, isolate polytype attack.Information to transmitting is encrypted simultaneously, both carries The high safety of information, the benefit that can be brought using outer net again, and the ability of its attack resistance substantially exceeds traditional void Intend private network system.
On the basis of above-mentioned technical proposal, the present invention can also do following improvement.
Further, described to the process that intranet data is encrypted it is:
Identity is carried out to the communication party of local internal lan and long-range internal lan to be authenticated;
Data message in intranet data is encrypted;
Integrity protection is carried out to intranet data.
Using the beneficial effect of above-mentioned further scheme it is:Such scheme is protected by authentication, encryption and integrity Shield, has carried out sufficient protection to intranet data, has been prevented from the personation to information, eavesdrops and distort.
Further, the long-range outer net gateway is carried out to the encryption data obtained from outer net using the hardware logic of solidification Check.
Using the beneficial effect of above-mentioned further scheme it is:Cause hacker pass through modification by the hardware logic for solidifying Check logic itself and invade Intranet gateway, eliminate the leak brought by software inspection, improve safety.
In order to solve above-mentioned technical problem, the invention allows for a kind of intranet data Transmission system of attack resistance, described System includes:Local Intranet gateway, long-range Intranet gateway, local outer net gateway and long-range outer net gateway,
The local Intranet gateway, for carrying out protocol processes and encryption to the intranet data in local internal lan Process, and by encryption after intranet data sent to local outer net gateway by dedicated channel;
The local outer net gateway, transfers for the intranet data after to encryption, and by switching after encryption Intranet Data is activation is to outer net;
The long-range outer net gateway, for by dedicated channel obtain outer net in encryption intranet data, and to outer net in Encryption intranet data checked that then the encryption intranet data after dedicated channel is by inspection is sent to long-range Intranet net Close;
The long-range Intranet gateway, is decrypted process for the encryption intranet data after to inspection, and by decryption after Intranet data is sent to long-range internal lan.
Beneficial effects of the present invention:Transmission system of the present invention can by data by way of outer net is transferred not With being transmitted between the internal lan in region, during carrying out information transfer between outer net and LAN, by turning The mode for connecing makes to produce between outer net and LAN isolates, and is totally different from the mode that traditional Intranet is directly connected to outer net, Attack tolerant is greatly enhanced, while the outer net gateway corresponding with long-range internal lan can be checked to data, is filtered Fall illegal packet, isolate polytype attack.Information to transmitting is encrypted simultaneously, has both improve information Safety, the benefit that can be brought using outer net again, and the ability of its attack resistance substantially exceeds traditional VPN system.
Further, the local Intranet gateway is identical with long-range Intranet gateway internal structure and mutually can change.
Further, the local Intranet gateway includes Intranet network interface card and processing module,
The Intranet network interface card, for receiving the intranet data of local internal lan, and by the intranet data send to Processing module;When local Intranet gateway is long-range Intranet gateway, the intranet data after the decryption that receiving processing module sends, and Intranet data after the decryption is sent to long-range internal lan;
The processing module, for carrying out protocol processes and encryption to intranet data, then by interior for encryption netting index According to transmission into local outer net gateway;When local Intranet gateway is long-range Intranet gateway, receive what long-range outer net gateway sent The encryption intranet data of switching, and to its be decrypted process after send to Intranet network interface card.
Using the beneficial effect of above-mentioned further scheme it is:Using Intranet network interface card and processing module and dedicated channel, make interior Portion's LAN generates sealing coat with outer net, and intranet data is encrypted, it is ensured that the safety of data.
Further, the processing module includes:
Authentication module, for recognizing to the identity of local internal lan and long-range internal lan communication party Card;
Data encryption module, is encrypted for the data message in intranet data;
Integrity protection module, for carrying out integrity protection to intranet data.
Using the beneficial effect of above-mentioned further scheme it is:Such scheme is protected by authentication, encryption and integrity Shield, has carried out sufficient protection to intranet data, has been prevented from the personation to information, eavesdrops and distort.
Further, the local outer net gateway is identical with long-range outer net intra-gateway structure and mutually can change.
Further, the local outer net gateway includes outer net network interface card and interconnecting module;
The interconnecting module, for receiving that local Intranet gateway sends through protocol processes and the interior netting index of encryption According to, and by encryption after intranet data send to outer net network interface card;When local outer net gateway is long-range outer net gateway, outer net is received The encryption intranet data obtained from outer net that network interface card sends, and send to long-range after the encryption intranet data is checked Intranet gateway;
The outer net network interface card, for sending the intranet data through protocol processes and encryption for receiving to outer net In, when local outer net gateway is long-range outer net gateway, encryption intranet data is obtained from outer net, and by netting index in the encryption According to transmission to interconnecting module.
Using the beneficial effect of above-mentioned further scheme it is:Realized between outer net and internal lan by signaling transfer point Isolation, can defend the attack of hacker, improve the security performance of gateway.
Further, the interconnecting module include solidify hardware logic module, the hardware logic module be used for from The encryption intranet data obtained in outer net is checked.
Using the beneficial effect of above-mentioned further scheme it is:Hacker cannot be passed through by the hardware logic module for solidifying Modification checks logic itself and invades Intranet gateway, eliminates the leak brought by software inspection, improve safety.
Description of the drawings
Fig. 1 is the flow chart of the intranet data transmission method of the attack resistance described in the embodiment of the present invention one;
Fig. 2 is the principle schematic of the intranet data Transmission system of the attack resistance described in the embodiment of the present invention two;
Fig. 3 is the application schematic diagram of the intranet data Transmission system of the attack resistance described in the embodiment of the present invention two;
Fig. 4 is the principle schematic of the processing module described in the embodiment of the present invention two;
Fig. 5 is the principle schematic of the interconnecting module described in the embodiment of the present invention two.
Specific embodiment
The principle and feature of the present invention are described below in conjunction with accompanying drawing, example is served only for explaining the present invention, and Non- for limiting the scope of the present invention.
Embodiment 1
As shown in figure 1, the present embodiment proposes a kind of intranet data transmission method of attack resistance, methods described includes:
S1, local Intranet gateway are encrypted to the intranet data in local internal lan;
S2, by encryption after intranet data sent to local outer net gateway by dedicated channel, local outer net gateway will plus Ciphertext data is sent to outer net;
S3, long-range outer net gateway obtain encryption data from outer net, pass through proprietary letter to the encryption data after checking Issue long-range Intranet gateway in road;
S4, long-range Intranet gateway obtain the intranet data in local internal lan to encryption data after being decrypted.
The present embodiment splits the network into in-house network and extranets, and in-house network is a unit or organizes privately owned network, Used in its important information internally can only be netted, as the difference of each user's Location is classified as local internal lan With long-range internal lan, outer net can be multiple different latticed forms such as the Internet, Internet of Things.
For the important information in in-house network, security work is the most important thing in fact, in order to guarantee the peace of information Quan Xing, the present embodiment adopt three-layer protection mode, i.e. authentication, encryption and integrity protection, specifically, by digital certificate Authentication is carried out with asymmetric arithmetic (such as RSA, ECC, SM2 etc.), to ensure the legitimacy of communicating pair identity.Attacker takes Less than digital certificate and private key, authentication is can't pass just, will be filtered, it is impossible to implement further attack.Using right Algorithm (such as AES, 3DES, SM4 etc.) is claimed to be encrypted the data that transmits, after encryption, attacker can only see mess code, and see not Clear data is arrived, to ensure that data are not ravesdropping.Digital digest is calculated using hash algorithm to transmission data, and uses asymmetric calculation Method is signed to data summarization.Or completed and above-mentioned Hash+asymmetric arithmetic identical function using MAC algorithms.Work as transmission Data be tampered after, when receiving terminal does checking computing it can be found that.It was found that after, user just can according to oneself Level of security and security strategy, the subsequent treatment such as abandoned, retransmitted and reported to the police.Processed by this layer, protect data Integrity.
Above three layers of processing mode ensure that the safety of data, specifically can be depended on the circumstances using which kind of algorithm, only Disclosure satisfy that the effect to authentication, encryption and integrity protection.
Generally only one layer of traditional VPN gateway, and be directly connected to outer net, therefore, if its place Reason encryption, integrity protection and the part of procotol is processed, and the software such as operating system has leak, such as relief area The leak of spilling etc, it is possible to by the assault from outer net.Once gateway is broken, then whole in-house network will It is exposed under the attack of hacker.
Therefore, the present embodiment fully takes into account the problems referred to above, and the intranet data after by encryption is sent to the process of outer net In, first by encryption after intranet data send in the outer net gateway corresponding to local internal lan by dedicated channel Row switching, corresponding with the local internal lan outer net gateway again by switching after encryption intranet data send to outer net. Switching is carried out by dedicated channel, and the data transfer mode of dedicated channel can be realized for modes such as optical transport, electrical transmissions, its It is characterized in that and ensure that outer net cannot find and access dedicated channel, isolates the attack from outer net with this.
Simultaneously during the intranet data that long-range internal lan obtains in local internal lan, and pass through first The outer net gateway corresponding with long-range internal lan to outer net in encryption intranet data transfer.
Further, check to encrypting intranet data during switching, filter out illegal packet, isolate Attack, in long-range internal lan by inspection after encryption intranet data be decrypted process after obtain local internal lan In intranet data.Thus, even if operating system or network protocol stack have leak, also cannot directly carry out from the middle of outer net Access.The point of attack cannot be also found in assault.Substantially increase the safety of system.
Embodiment 2
As shown in Fig. 2 the present embodiment proposes a kind of intranet data Transmission system of attack resistance, the system includes:This Ground Intranet gateway, long-range Intranet gateway, local outer net gateway and long-range outer net gateway,
The local Intranet gateway, for carrying out protocol processes and encryption to the intranet data in local internal lan Process, and by encryption after intranet data sent to local outer net gateway by dedicated channel;
The local outer net gateway, transfers for the intranet data after to encryption, and by switching after encryption Intranet Data is activation is to outer net;
The long-range outer net gateway, for obtaining the encryption intranet data in outer net, and to outer net in encryption in netting index According to being checked, then the encryption intranet data after dedicated channel is by inspection is sent to long-range Intranet gateway;
The long-range Intranet gateway, is decrypted process for the encryption intranet data after to inspection, and by decryption after Intranet data is sent to long-range internal lan.
In the present embodiment, local Intranet gateway and long-range Intranet gateway only due to the beginning and end of information transfer not With so as to be nominally distinguish between, substantially local Intranet gateway can be used as long-range Intranet gateway, long-range Intranet net Pass can be used as local Intranet gateway, in the same manner, local outer net gateway with long-range outer net gateway be also as mutually can carry out Conversion.In order to operation principle of the system understood described in the present embodiment definitely in practical application, with reference to Fig. 3 Shown, the present embodiment splits the network into in-house network and extranets, and in-house network is a unit or organizes privately owned network, and which is heavy Used in wanting information internally can only net, as the difference of each user's Location is classified as local internal lan and remote Journey internal lan.
Specifically, the local Intranet gateway includes Intranet network interface card and processing module,
The Intranet network interface card, for receiving the intranet data of local internal lan, and by the intranet data send to Processing module;When local Intranet gateway is long-range Intranet gateway, the intranet data after the decryption that receiving processing module sends, and Intranet data after the decryption is sent to long-range internal lan;
The processing module, for carrying out protocol processes and encryption to intranet data, then by interior for encryption netting index According to transmission into local outer net gateway;When local Intranet gateway for long-range Intranet gateway is, receive what long-range outer net gateway sent The encryption intranet data of switching, and to its be decrypted process after send to Intranet network interface card.
Wherein, the processing module includes:
Authentication module, for recognizing to the identity of local internal lan and long-range internal lan communication party Card;
Data encryption module, is encrypted for the data message in intranet data;
Integrity protection module, for carrying out integrity protection to intranet data.
Make internal lan and outer net generate sealing coat using Intranet network interface card and processing module, and intranet data is carried out plus Close process, it is ensured that the safety of data, the present embodiment are protected using three-layer protection mode, i.e. authentication, encryption and integrity Shield, specifically, carries out authentication by digital certificate and asymmetric arithmetic (such as RSA, ECC, SM2 etc.), to ensure that communication is double The legitimacy of square identity.Attacker does not get digital certificate and private key, just can't pass authentication, will be filtered, it is impossible to Implement further attack.The data that transmits are encrypted using symmetry algorithm (such as AES, 3DES, SM4 etc.), after encryption, are attacked The person of hitting can only see mess code, and can't see clear data, to ensure that data are not ravesdropping.Using hash algorithm or MAC algorithms pair Transmission data calculates digital digest, and data summarization is signed with asymmetric arithmetic.After the data of transmission are tampered, When receiving terminal does checking computing it can be found that.It was found that after, user just can be according to the level of security of oneself and safe plan Slightly, the subsequent treatment such as abandoned, retransmitted and reported to the police.That is, processing by this layer, the integrity of data is protected.
Above three layers of processing mode ensure that the safety of data, specifically can be depended on the circumstances using which kind of algorithm, only Disclosure satisfy that the effect to authentication, encryption and integrity protection.The internal logic structure of processing module such as Fig. 4 institutes Show.
Specifically, the local outer net gateway includes outer net network interface card and interconnecting module;
The interconnecting module, for receiving that local Intranet gateway sends through protocol processes and the interior netting index of encryption According to, and by encryption after intranet data send to outer net network interface card;When local outer net gateway is long-range outer net gateway, outer net is received The encryption intranet data obtained from outer net that network interface card sends, and send to long-range after the encryption intranet data is checked Intranet gateway;
The outer net network interface card, for sending the intranet data through protocol processes and encryption for receiving to outer net In, when local outer net gateway is long-range outer net gateway, encryption intranet data is obtained from outer net, and by netting index in the encryption According to transmission to interconnecting module.
Traditional VPN gateway only has one layer, and is directly connected to outer net, and therefore, its process adds Close, integrity protection and process the part of procotol, and if the software such as operating system leaky, such as relief area is overflow The leak for going out etc, it is possible to by the assault from outer net.Once gateway is broken, then whole Intranet is exposed to Under the attack of hacker.
And the gateway of system described in the present embodiment is divided into two-layer, above-mentioned process encryption, integrity protection and process network The softwares such as agreement are between Intranet gateway, and outer net and directly do not connect, and there is one layer of isolation centre.
Therefore, for the present embodiment system, even if there is leak in operating system or network protocol stack, but due to being place In Intranet gateway, directly cannot access from outer net.There was only a dedicated channel between intranet and extranet, even if hacker knows Intranet net The leak of pass, also cannot be touched the software of Intranet, therefore remove the leak using software without approach by dedicated channel.Outward Net gateway only does the inspection and forwarding of encryption data bag, and this part logic is solidificated in fpga chip, as shown in figure 5, from hard The aspect of part ensure that cannot change this part logic by software.This part logic is except with FPGA, it is also possible to use other Mode realize, such as ASIC, read-only ROM, the erasable programming device of fuse type or ultraviolet etc..Its principal character It is cannot to be modified by software.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all spirit in the present invention and Within principle, any modification, equivalent substitution and improvements that is made etc. should be included within the scope of the present invention.

Claims (10)

1. the intranet data transmission method of a kind of attack resistance, it is characterised in that methods described includes:
Local Intranet gateway is encrypted to the intranet data in local internal lan;
Intranet data after by encryption is sent to local outer net gateway by dedicated channel, and encryption data is sent out by local outer net gateway Deliver to outer net;
Long-range outer net gateway obtains encryption data from outer net, is issued far by dedicated channel after checking to the encryption data Journey Intranet gateway;
The intranet data that long-range Intranet gateway is obtained in local internal lan after being decrypted to encryption data.
2. a kind of intranet data transmission method of attack resistance according to claim 1, it is characterised in that the internal netting index According to the process being encrypted it is:
The communication party identity of local internal lan and long-range internal lan is authenticated;
Data message in intranet data is encrypted;
Integrity protection is carried out to intranet data.
3. the intranet data transmission method of a kind of attack resistance according to claim 1 and 2, it is characterised in that described long-range Outer net gateway is checked to the encryption data obtained from outer net using the hardware logic of solidification.
4. the intranet data Transmission system of a kind of attack resistance, it is characterised in that the system includes:Local Intranet gateway, long-range Intranet gateway, local outer net gateway and long-range outer net gateway,
The local Intranet gateway, for carrying out at protocol processes and encryption to the intranet data in local internal lan Reason, and by encryption after intranet data sent to local outer net gateway by dedicated channel;
The local outer net gateway, transfers for the intranet data after to encryption, and by switching after encryption intranet data Send to outer net;
The long-range outer net gateway, for by dedicated channel obtain outer net in encryption intranet data, and to outer net in plus Close intranet data is checked that then the encryption intranet data after dedicated channel is by inspection is sent to long-range Intranet gateway;
The long-range Intranet gateway, is decrypted process for the encryption intranet data after to inspection, and by decryption after Intranet Data is activation is to long-range internal lan.
5. a kind of intranet data Transmission system of attack resistance according to claim 4, it is characterised in that the local Intranet Gateway is identical with long-range Intranet gateway internal structure and mutually can change.
6. a kind of intranet data Transmission system of attack resistance according to claim 5, it is characterised in that the local Intranet Gateway includes Intranet network interface card and processing module,
The Intranet network interface card, for receiving the intranet data of local internal lan, and the intranet data is sent to process Module;When local Intranet gateway is long-range Intranet gateway, the intranet data after the decryption that receiving processing module sends, and by institute State the intranet data after decryption to send to long-range internal lan;
Encryption intranet data, for carrying out protocol processes and encryption to intranet data, is then sent out by the processing module Deliver in local outer net gateway;When local Intranet gateway is long-range Intranet gateway, the switching that long-range outer net gateway sends is received Encryption intranet data, and to its be decrypted process after send to Intranet network interface card.
7. a kind of intranet data Transmission system of attack resistance according to claim 6, it is characterised in that the processing module Including:
Authentication module, for being authenticated to the identity of local internal lan and long-range internal lan communication party;
Data encryption module, is encrypted for the data message in intranet data;
Integrity protection module, for carrying out integrity protection to intranet data.
8. a kind of intranet data Transmission system of attack resistance according to claim 4, it is characterised in that the local outer net Gateway is identical with long-range outer net intra-gateway structure and mutually can change.
9. the VPN gateway Transmission system of a kind of attack resistance according to claim 8, it is characterised in that described local Outer net gateway includes outer net network interface card and interconnecting module;
The interconnecting module, for receiving that local Intranet gateway sends through protocol processes and the intranet data of encryption, And by encryption after intranet data send to outer net network interface card;When local outer net gateway is long-range outer net gateway, outer net net is received The encryption intranet data obtained from outer net that card sends, and send after the encryption intranet data is checked in long-range Net gateway;
The outer net network interface card, in the intranet data through protocol processes and encryption for receiving is sent to outer net, When local outer net gateway is long-range outer net gateway, encryption intranet data is obtained from outer net, and by the encryption intranet data Send to interconnecting module.
10. the VPN gateway Transmission system of a kind of attack resistance according to claim 9, it is characterised in that described turn Connection module includes that the hardware logic module for solidifying, the hardware logic module are used for netting index in the encryption of acquisition from outer net According to being checked.
CN201611163025.9A 2016-12-15 2016-12-15 A kind of intranet data transmission method of attack resistance and system Pending CN106506540A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611163025.9A CN106506540A (en) 2016-12-15 2016-12-15 A kind of intranet data transmission method of attack resistance and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611163025.9A CN106506540A (en) 2016-12-15 2016-12-15 A kind of intranet data transmission method of attack resistance and system

Publications (1)

Publication Number Publication Date
CN106506540A true CN106506540A (en) 2017-03-15

Family

ID=58331094

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611163025.9A Pending CN106506540A (en) 2016-12-15 2016-12-15 A kind of intranet data transmission method of attack resistance and system

Country Status (1)

Country Link
CN (1) CN106506540A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107094137A (en) * 2017-04-07 2017-08-25 山东超越数控电子有限公司 A kind of VPN security gateways
CN108400967A (en) * 2018-01-12 2018-08-14 深圳壹账通智能科技有限公司 A kind of method for authenticating and right discriminating system
CN109067709A (en) * 2018-07-06 2018-12-21 北京知道创宇信息技术有限公司 A kind of Vulnerability Management method, apparatus, electronic equipment and storage medium
CN109218308A (en) * 2018-09-14 2019-01-15 上海赋华网络科技有限公司 A kind of data high-speed secure exchange method based on intelligent network adapter
CN110492994A (en) * 2019-07-25 2019-11-22 北京笛卡尔盾科技有限公司 A kind of trustable network cut-in method and system
CN115022325A (en) * 2022-06-07 2022-09-06 深圳市和讯华谷信息技术有限公司 Kafka inter-cluster data transmission method and related equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050111380A1 (en) * 2003-11-25 2005-05-26 Farid Adrangi Method, apparatus and system for mobile nodes to dynamically discover configuration information
CN101277308A (en) * 2008-05-23 2008-10-01 杭州华三通信技术有限公司 Method for insulating inside and outside networks, authentication server and access switch
CN102710638A (en) * 2012-05-31 2012-10-03 广东电网公司电力科学研究院 Device and method for isolating data by adopting non-network manner
CN102843352A (en) * 2012-05-15 2012-12-26 广东电网公司茂名供电局 Cross-physical isolation data transparent transmission system and method between intranet and extranet
CN102882828A (en) * 2011-07-11 2013-01-16 上海可鲁系统软件有限公司 Information safe transmission control method between inside network and outside network and gateway thereof
CN102882850A (en) * 2012-09-03 2013-01-16 广东电网公司电力科学研究院 Cryptographic device and method thereof for isolating data by employing non-network way

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050111380A1 (en) * 2003-11-25 2005-05-26 Farid Adrangi Method, apparatus and system for mobile nodes to dynamically discover configuration information
CN101277308A (en) * 2008-05-23 2008-10-01 杭州华三通信技术有限公司 Method for insulating inside and outside networks, authentication server and access switch
CN102882828A (en) * 2011-07-11 2013-01-16 上海可鲁系统软件有限公司 Information safe transmission control method between inside network and outside network and gateway thereof
CN102843352A (en) * 2012-05-15 2012-12-26 广东电网公司茂名供电局 Cross-physical isolation data transparent transmission system and method between intranet and extranet
CN102710638A (en) * 2012-05-31 2012-10-03 广东电网公司电力科学研究院 Device and method for isolating data by adopting non-network manner
CN102882850A (en) * 2012-09-03 2013-01-16 广东电网公司电力科学研究院 Cryptographic device and method thereof for isolating data by employing non-network way

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
耿杰: "《计算机网络安全技术案例教程》", 31 October 2013, 北京:清华大学出版社 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107094137A (en) * 2017-04-07 2017-08-25 山东超越数控电子有限公司 A kind of VPN security gateways
CN108400967A (en) * 2018-01-12 2018-08-14 深圳壹账通智能科技有限公司 A kind of method for authenticating and right discriminating system
CN108400967B (en) * 2018-01-12 2020-12-22 深圳壹账通智能科技有限公司 Authentication method and authentication system
CN109067709A (en) * 2018-07-06 2018-12-21 北京知道创宇信息技术有限公司 A kind of Vulnerability Management method, apparatus, electronic equipment and storage medium
CN109067709B (en) * 2018-07-06 2021-08-06 北京知道创宇信息技术股份有限公司 Vulnerability management method and device, electronic equipment and storage medium
CN109218308A (en) * 2018-09-14 2019-01-15 上海赋华网络科技有限公司 A kind of data high-speed secure exchange method based on intelligent network adapter
CN110492994A (en) * 2019-07-25 2019-11-22 北京笛卡尔盾科技有限公司 A kind of trustable network cut-in method and system
CN115022325A (en) * 2022-06-07 2022-09-06 深圳市和讯华谷信息技术有限公司 Kafka inter-cluster data transmission method and related equipment

Similar Documents

Publication Publication Date Title
CN106506540A (en) A kind of intranet data transmission method of attack resistance and system
Rathore et al. Real-time secure communication for Smart City in high-speed Big Data environment
CN108965215B (en) Dynamic security method and system for multi-fusion linkage response
CN103491072B (en) A kind of border access control method based on double unidirection insulation network brakes
CN103441839B (en) Application method and system of a kind of quantum cryptography in IP secure communications
CN101662359B (en) Security protection method of communication data of special electricity public network
CN107172020A (en) A kind of network data security exchange method and system
Lopez et al. Cyber security analysis of the European train control system
Wang et al. NOTSA: Novel OBU with three-level security architecture for internet of vehicles
CN106209883A (en) Based on link selection and the multi-chain circuit transmission method and system of broken restructuring
CN109194656A (en) A kind of method of distribution wireless terminal secure accessing
CN108712364A (en) A kind of safety defense system and method for SDN network
Sivasangari et al. Security and privacy in wireless body sensor networks using lightweight cryptography scheme
Kadhim et al. Security threats in wireless network communication-status, challenges, and future trends
CN102790775A (en) Method and system for enhancing network safety performance
CN109150906A (en) A kind of real-time data communication safety method
CN102882859B (en) A kind of safety protecting method based on public network data transmission information system
CN109951286A (en) A kind of encrypted authentication system and method for medical treatment block chain communication system
Luo et al. Security mechanisms design for in-vehicle network gateway
CN112019481A (en) Block chain equipment management and data transmission system based on directed acyclic graph architecture
KR20210087000A (en) The one-way-ring/two-way-ring network QRN KEY distribution way adopted to hybrid-quantum channel and The hybrid quantum communication unit and The hybrid quantum communication closure net system distributing different kinds of key
CN103167489A (en) Wireless public network communication method with security protection in power system
CN109120619A (en) A kind of computer network communications system
CN103581191A (en) Data safe transmitting method adapted to Internet of Things
Zhong et al. Security technologies in ad-hoc networks: a survey

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170315