CN106506540A - A kind of intranet data transmission method of attack resistance and system - Google Patents
A kind of intranet data transmission method of attack resistance and system Download PDFInfo
- Publication number
- CN106506540A CN106506540A CN201611163025.9A CN201611163025A CN106506540A CN 106506540 A CN106506540 A CN 106506540A CN 201611163025 A CN201611163025 A CN 201611163025A CN 106506540 A CN106506540 A CN 106506540A
- Authority
- CN
- China
- Prior art keywords
- intranet
- gateway
- outer net
- data
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
Abstract
The present invention relates to a kind of intranet data transmission method of attack resistance and system, are related to the information communications field.Solve the problems, such as the safety in the presence of existing information transmitting procedure and practicality.Methods described includes:Local Intranet gateway is encrypted to the intranet data in local internal lan;Intranet data after by encryption is sent to local outer net gateway by dedicated channel, and local outer net gateway sends encryption data to outer net;Long-range outer net gateway obtains encryption data from outer net, issues long-range Intranet gateway by dedicated channel after checking to the encryption data;The intranet data that long-range Intranet gateway is obtained in local internal lan after being decrypted to encryption data.Data are transmitted by way of outer net is transferred between the internal lan of zones of different by the present invention, simultaneously transmission information is encrypted, both Information Security had been improve, and the benefit that can be brought using outer net again, anti-attack ability substantially exceed traditional virtual private network system.
Description
Technical field
The present invention relates to the information communications field.
Background technology
With the relation of developing rapidly for the Internet and information technology, network and people's life more and more closer, a lot of living
Move and be also transferred to carry out on the Internet (or Internet of Things, Metropolitan Area Network (MAN) and other wide area networks), such as shopping online, the Internet bank, electricity
Sub- commercial affairs, E-Government etc..Simultaneously as the opening of the Internet itself, also faces a lot of safety problems.
Among these, some activities are related to the information of particular importance.Such as E-Government, information therein may
Have influence on national economy.Financial sector, can be related to a huge sum of money for another example.
For this kind of activity, a kind of solution is physical isolation, and information is stored in Intranet, and Intranet and outer net be from
Physically disconnect, without communication channel, naturally also avoid to attack.But, although do so can improve the peace of information
Whole degree, but the cost that pays is the various benefits that cannot utilize the Internet (or other wide area networks) and modern information technologies.
Content of the invention
The present invention proposes a kind of intranet data transmission method of attack resistance and system, it is therefore intended that solves existing information and passes
The problem of existing safety and practicality during defeated.
The technical scheme that the present invention solves above-mentioned technical problem is as follows:A kind of intranet data transmission method of attack resistance, institute
The method of stating includes:
Local Intranet gateway is encrypted to the intranet data in local internal lan;
Intranet data after by encryption is sent to local outer net gateway by dedicated channel, and local outer net gateway will encrypt number
According to transmission to outer net;
Long-range outer net gateway obtains encryption data from outer net, is sent out by dedicated channel after checking to the encryption data
Give long-range Intranet gateway;
The intranet data that long-range Intranet gateway is obtained in local internal lan after being decrypted to encryption data.
The invention has the beneficial effects as follows:Transmission method of the present invention can by data by way of outer net is transferred
Be transmitted between the internal lan of zones of different, during information transfer being carried out between outer net and LAN, pass through
The mode of dedicated channel switching makes to produce between outer net and LAN isolates, and is totally different from traditional Intranet and directly connects with outer net
The mode for connecing, attack tolerant are greatly enhanced, while the outer net gateway corresponding with long-range internal lan can be carried out to data
Check, filter out illegal packet, isolate polytype attack.Information to transmitting is encrypted simultaneously, both carries
The high safety of information, the benefit that can be brought using outer net again, and the ability of its attack resistance substantially exceeds traditional void
Intend private network system.
On the basis of above-mentioned technical proposal, the present invention can also do following improvement.
Further, described to the process that intranet data is encrypted it is:
Identity is carried out to the communication party of local internal lan and long-range internal lan to be authenticated;
Data message in intranet data is encrypted;
Integrity protection is carried out to intranet data.
Using the beneficial effect of above-mentioned further scheme it is:Such scheme is protected by authentication, encryption and integrity
Shield, has carried out sufficient protection to intranet data, has been prevented from the personation to information, eavesdrops and distort.
Further, the long-range outer net gateway is carried out to the encryption data obtained from outer net using the hardware logic of solidification
Check.
Using the beneficial effect of above-mentioned further scheme it is:Cause hacker pass through modification by the hardware logic for solidifying
Check logic itself and invade Intranet gateway, eliminate the leak brought by software inspection, improve safety.
In order to solve above-mentioned technical problem, the invention allows for a kind of intranet data Transmission system of attack resistance, described
System includes:Local Intranet gateway, long-range Intranet gateway, local outer net gateway and long-range outer net gateway,
The local Intranet gateway, for carrying out protocol processes and encryption to the intranet data in local internal lan
Process, and by encryption after intranet data sent to local outer net gateway by dedicated channel;
The local outer net gateway, transfers for the intranet data after to encryption, and by switching after encryption Intranet
Data is activation is to outer net;
The long-range outer net gateway, for by dedicated channel obtain outer net in encryption intranet data, and to outer net in
Encryption intranet data checked that then the encryption intranet data after dedicated channel is by inspection is sent to long-range Intranet net
Close;
The long-range Intranet gateway, is decrypted process for the encryption intranet data after to inspection, and by decryption after
Intranet data is sent to long-range internal lan.
Beneficial effects of the present invention:Transmission system of the present invention can by data by way of outer net is transferred not
With being transmitted between the internal lan in region, during carrying out information transfer between outer net and LAN, by turning
The mode for connecing makes to produce between outer net and LAN isolates, and is totally different from the mode that traditional Intranet is directly connected to outer net,
Attack tolerant is greatly enhanced, while the outer net gateway corresponding with long-range internal lan can be checked to data, is filtered
Fall illegal packet, isolate polytype attack.Information to transmitting is encrypted simultaneously, has both improve information
Safety, the benefit that can be brought using outer net again, and the ability of its attack resistance substantially exceeds traditional VPN system.
Further, the local Intranet gateway is identical with long-range Intranet gateway internal structure and mutually can change.
Further, the local Intranet gateway includes Intranet network interface card and processing module,
The Intranet network interface card, for receiving the intranet data of local internal lan, and by the intranet data send to
Processing module;When local Intranet gateway is long-range Intranet gateway, the intranet data after the decryption that receiving processing module sends, and
Intranet data after the decryption is sent to long-range internal lan;
The processing module, for carrying out protocol processes and encryption to intranet data, then by interior for encryption netting index
According to transmission into local outer net gateway;When local Intranet gateway is long-range Intranet gateway, receive what long-range outer net gateway sent
The encryption intranet data of switching, and to its be decrypted process after send to Intranet network interface card.
Using the beneficial effect of above-mentioned further scheme it is:Using Intranet network interface card and processing module and dedicated channel, make interior
Portion's LAN generates sealing coat with outer net, and intranet data is encrypted, it is ensured that the safety of data.
Further, the processing module includes:
Authentication module, for recognizing to the identity of local internal lan and long-range internal lan communication party
Card;
Data encryption module, is encrypted for the data message in intranet data;
Integrity protection module, for carrying out integrity protection to intranet data.
Using the beneficial effect of above-mentioned further scheme it is:Such scheme is protected by authentication, encryption and integrity
Shield, has carried out sufficient protection to intranet data, has been prevented from the personation to information, eavesdrops and distort.
Further, the local outer net gateway is identical with long-range outer net intra-gateway structure and mutually can change.
Further, the local outer net gateway includes outer net network interface card and interconnecting module;
The interconnecting module, for receiving that local Intranet gateway sends through protocol processes and the interior netting index of encryption
According to, and by encryption after intranet data send to outer net network interface card;When local outer net gateway is long-range outer net gateway, outer net is received
The encryption intranet data obtained from outer net that network interface card sends, and send to long-range after the encryption intranet data is checked
Intranet gateway;
The outer net network interface card, for sending the intranet data through protocol processes and encryption for receiving to outer net
In, when local outer net gateway is long-range outer net gateway, encryption intranet data is obtained from outer net, and by netting index in the encryption
According to transmission to interconnecting module.
Using the beneficial effect of above-mentioned further scheme it is:Realized between outer net and internal lan by signaling transfer point
Isolation, can defend the attack of hacker, improve the security performance of gateway.
Further, the interconnecting module include solidify hardware logic module, the hardware logic module be used for from
The encryption intranet data obtained in outer net is checked.
Using the beneficial effect of above-mentioned further scheme it is:Hacker cannot be passed through by the hardware logic module for solidifying
Modification checks logic itself and invades Intranet gateway, eliminates the leak brought by software inspection, improve safety.
Description of the drawings
Fig. 1 is the flow chart of the intranet data transmission method of the attack resistance described in the embodiment of the present invention one;
Fig. 2 is the principle schematic of the intranet data Transmission system of the attack resistance described in the embodiment of the present invention two;
Fig. 3 is the application schematic diagram of the intranet data Transmission system of the attack resistance described in the embodiment of the present invention two;
Fig. 4 is the principle schematic of the processing module described in the embodiment of the present invention two;
Fig. 5 is the principle schematic of the interconnecting module described in the embodiment of the present invention two.
Specific embodiment
The principle and feature of the present invention are described below in conjunction with accompanying drawing, example is served only for explaining the present invention, and
Non- for limiting the scope of the present invention.
Embodiment 1
As shown in figure 1, the present embodiment proposes a kind of intranet data transmission method of attack resistance, methods described includes:
S1, local Intranet gateway are encrypted to the intranet data in local internal lan;
S2, by encryption after intranet data sent to local outer net gateway by dedicated channel, local outer net gateway will plus
Ciphertext data is sent to outer net;
S3, long-range outer net gateway obtain encryption data from outer net, pass through proprietary letter to the encryption data after checking
Issue long-range Intranet gateway in road;
S4, long-range Intranet gateway obtain the intranet data in local internal lan to encryption data after being decrypted.
The present embodiment splits the network into in-house network and extranets, and in-house network is a unit or organizes privately owned network,
Used in its important information internally can only be netted, as the difference of each user's Location is classified as local internal lan
With long-range internal lan, outer net can be multiple different latticed forms such as the Internet, Internet of Things.
For the important information in in-house network, security work is the most important thing in fact, in order to guarantee the peace of information
Quan Xing, the present embodiment adopt three-layer protection mode, i.e. authentication, encryption and integrity protection, specifically, by digital certificate
Authentication is carried out with asymmetric arithmetic (such as RSA, ECC, SM2 etc.), to ensure the legitimacy of communicating pair identity.Attacker takes
Less than digital certificate and private key, authentication is can't pass just, will be filtered, it is impossible to implement further attack.Using right
Algorithm (such as AES, 3DES, SM4 etc.) is claimed to be encrypted the data that transmits, after encryption, attacker can only see mess code, and see not
Clear data is arrived, to ensure that data are not ravesdropping.Digital digest is calculated using hash algorithm to transmission data, and uses asymmetric calculation
Method is signed to data summarization.Or completed and above-mentioned Hash+asymmetric arithmetic identical function using MAC algorithms.Work as transmission
Data be tampered after, when receiving terminal does checking computing it can be found that.It was found that after, user just can according to oneself
Level of security and security strategy, the subsequent treatment such as abandoned, retransmitted and reported to the police.Processed by this layer, protect data
Integrity.
Above three layers of processing mode ensure that the safety of data, specifically can be depended on the circumstances using which kind of algorithm, only
Disclosure satisfy that the effect to authentication, encryption and integrity protection.
Generally only one layer of traditional VPN gateway, and be directly connected to outer net, therefore, if its place
Reason encryption, integrity protection and the part of procotol is processed, and the software such as operating system has leak, such as relief area
The leak of spilling etc, it is possible to by the assault from outer net.Once gateway is broken, then whole in-house network will
It is exposed under the attack of hacker.
Therefore, the present embodiment fully takes into account the problems referred to above, and the intranet data after by encryption is sent to the process of outer net
In, first by encryption after intranet data send in the outer net gateway corresponding to local internal lan by dedicated channel
Row switching, corresponding with the local internal lan outer net gateway again by switching after encryption intranet data send to outer net.
Switching is carried out by dedicated channel, and the data transfer mode of dedicated channel can be realized for modes such as optical transport, electrical transmissions, its
It is characterized in that and ensure that outer net cannot find and access dedicated channel, isolates the attack from outer net with this.
Simultaneously during the intranet data that long-range internal lan obtains in local internal lan, and pass through first
The outer net gateway corresponding with long-range internal lan to outer net in encryption intranet data transfer.
Further, check to encrypting intranet data during switching, filter out illegal packet, isolate
Attack, in long-range internal lan by inspection after encryption intranet data be decrypted process after obtain local internal lan
In intranet data.Thus, even if operating system or network protocol stack have leak, also cannot directly carry out from the middle of outer net
Access.The point of attack cannot be also found in assault.Substantially increase the safety of system.
Embodiment 2
As shown in Fig. 2 the present embodiment proposes a kind of intranet data Transmission system of attack resistance, the system includes:This
Ground Intranet gateway, long-range Intranet gateway, local outer net gateway and long-range outer net gateway,
The local Intranet gateway, for carrying out protocol processes and encryption to the intranet data in local internal lan
Process, and by encryption after intranet data sent to local outer net gateway by dedicated channel;
The local outer net gateway, transfers for the intranet data after to encryption, and by switching after encryption Intranet
Data is activation is to outer net;
The long-range outer net gateway, for obtaining the encryption intranet data in outer net, and to outer net in encryption in netting index
According to being checked, then the encryption intranet data after dedicated channel is by inspection is sent to long-range Intranet gateway;
The long-range Intranet gateway, is decrypted process for the encryption intranet data after to inspection, and by decryption after
Intranet data is sent to long-range internal lan.
In the present embodiment, local Intranet gateway and long-range Intranet gateway only due to the beginning and end of information transfer not
With so as to be nominally distinguish between, substantially local Intranet gateway can be used as long-range Intranet gateway, long-range Intranet net
Pass can be used as local Intranet gateway, in the same manner, local outer net gateway with long-range outer net gateway be also as mutually can carry out
Conversion.In order to operation principle of the system understood described in the present embodiment definitely in practical application, with reference to Fig. 3
Shown, the present embodiment splits the network into in-house network and extranets, and in-house network is a unit or organizes privately owned network, and which is heavy
Used in wanting information internally can only net, as the difference of each user's Location is classified as local internal lan and remote
Journey internal lan.
Specifically, the local Intranet gateway includes Intranet network interface card and processing module,
The Intranet network interface card, for receiving the intranet data of local internal lan, and by the intranet data send to
Processing module;When local Intranet gateway is long-range Intranet gateway, the intranet data after the decryption that receiving processing module sends, and
Intranet data after the decryption is sent to long-range internal lan;
The processing module, for carrying out protocol processes and encryption to intranet data, then by interior for encryption netting index
According to transmission into local outer net gateway;When local Intranet gateway for long-range Intranet gateway is, receive what long-range outer net gateway sent
The encryption intranet data of switching, and to its be decrypted process after send to Intranet network interface card.
Wherein, the processing module includes:
Authentication module, for recognizing to the identity of local internal lan and long-range internal lan communication party
Card;
Data encryption module, is encrypted for the data message in intranet data;
Integrity protection module, for carrying out integrity protection to intranet data.
Make internal lan and outer net generate sealing coat using Intranet network interface card and processing module, and intranet data is carried out plus
Close process, it is ensured that the safety of data, the present embodiment are protected using three-layer protection mode, i.e. authentication, encryption and integrity
Shield, specifically, carries out authentication by digital certificate and asymmetric arithmetic (such as RSA, ECC, SM2 etc.), to ensure that communication is double
The legitimacy of square identity.Attacker does not get digital certificate and private key, just can't pass authentication, will be filtered, it is impossible to
Implement further attack.The data that transmits are encrypted using symmetry algorithm (such as AES, 3DES, SM4 etc.), after encryption, are attacked
The person of hitting can only see mess code, and can't see clear data, to ensure that data are not ravesdropping.Using hash algorithm or MAC algorithms pair
Transmission data calculates digital digest, and data summarization is signed with asymmetric arithmetic.After the data of transmission are tampered,
When receiving terminal does checking computing it can be found that.It was found that after, user just can be according to the level of security of oneself and safe plan
Slightly, the subsequent treatment such as abandoned, retransmitted and reported to the police.That is, processing by this layer, the integrity of data is protected.
Above three layers of processing mode ensure that the safety of data, specifically can be depended on the circumstances using which kind of algorithm, only
Disclosure satisfy that the effect to authentication, encryption and integrity protection.The internal logic structure of processing module such as Fig. 4 institutes
Show.
Specifically, the local outer net gateway includes outer net network interface card and interconnecting module;
The interconnecting module, for receiving that local Intranet gateway sends through protocol processes and the interior netting index of encryption
According to, and by encryption after intranet data send to outer net network interface card;When local outer net gateway is long-range outer net gateway, outer net is received
The encryption intranet data obtained from outer net that network interface card sends, and send to long-range after the encryption intranet data is checked
Intranet gateway;
The outer net network interface card, for sending the intranet data through protocol processes and encryption for receiving to outer net
In, when local outer net gateway is long-range outer net gateway, encryption intranet data is obtained from outer net, and by netting index in the encryption
According to transmission to interconnecting module.
Traditional VPN gateway only has one layer, and is directly connected to outer net, and therefore, its process adds
Close, integrity protection and process the part of procotol, and if the software such as operating system leaky, such as relief area is overflow
The leak for going out etc, it is possible to by the assault from outer net.Once gateway is broken, then whole Intranet is exposed to
Under the attack of hacker.
And the gateway of system described in the present embodiment is divided into two-layer, above-mentioned process encryption, integrity protection and process network
The softwares such as agreement are between Intranet gateway, and outer net and directly do not connect, and there is one layer of isolation centre.
Therefore, for the present embodiment system, even if there is leak in operating system or network protocol stack, but due to being place
In Intranet gateway, directly cannot access from outer net.There was only a dedicated channel between intranet and extranet, even if hacker knows Intranet net
The leak of pass, also cannot be touched the software of Intranet, therefore remove the leak using software without approach by dedicated channel.Outward
Net gateway only does the inspection and forwarding of encryption data bag, and this part logic is solidificated in fpga chip, as shown in figure 5, from hard
The aspect of part ensure that cannot change this part logic by software.This part logic is except with FPGA, it is also possible to use other
Mode realize, such as ASIC, read-only ROM, the erasable programming device of fuse type or ultraviolet etc..Its principal character
It is cannot to be modified by software.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all spirit in the present invention and
Within principle, any modification, equivalent substitution and improvements that is made etc. should be included within the scope of the present invention.
Claims (10)
1. the intranet data transmission method of a kind of attack resistance, it is characterised in that methods described includes:
Local Intranet gateway is encrypted to the intranet data in local internal lan;
Intranet data after by encryption is sent to local outer net gateway by dedicated channel, and encryption data is sent out by local outer net gateway
Deliver to outer net;
Long-range outer net gateway obtains encryption data from outer net, is issued far by dedicated channel after checking to the encryption data
Journey Intranet gateway;
The intranet data that long-range Intranet gateway is obtained in local internal lan after being decrypted to encryption data.
2. a kind of intranet data transmission method of attack resistance according to claim 1, it is characterised in that the internal netting index
According to the process being encrypted it is:
The communication party identity of local internal lan and long-range internal lan is authenticated;
Data message in intranet data is encrypted;
Integrity protection is carried out to intranet data.
3. the intranet data transmission method of a kind of attack resistance according to claim 1 and 2, it is characterised in that described long-range
Outer net gateway is checked to the encryption data obtained from outer net using the hardware logic of solidification.
4. the intranet data Transmission system of a kind of attack resistance, it is characterised in that the system includes:Local Intranet gateway, long-range
Intranet gateway, local outer net gateway and long-range outer net gateway,
The local Intranet gateway, for carrying out at protocol processes and encryption to the intranet data in local internal lan
Reason, and by encryption after intranet data sent to local outer net gateway by dedicated channel;
The local outer net gateway, transfers for the intranet data after to encryption, and by switching after encryption intranet data
Send to outer net;
The long-range outer net gateway, for by dedicated channel obtain outer net in encryption intranet data, and to outer net in plus
Close intranet data is checked that then the encryption intranet data after dedicated channel is by inspection is sent to long-range Intranet gateway;
The long-range Intranet gateway, is decrypted process for the encryption intranet data after to inspection, and by decryption after Intranet
Data is activation is to long-range internal lan.
5. a kind of intranet data Transmission system of attack resistance according to claim 4, it is characterised in that the local Intranet
Gateway is identical with long-range Intranet gateway internal structure and mutually can change.
6. a kind of intranet data Transmission system of attack resistance according to claim 5, it is characterised in that the local Intranet
Gateway includes Intranet network interface card and processing module,
The Intranet network interface card, for receiving the intranet data of local internal lan, and the intranet data is sent to process
Module;When local Intranet gateway is long-range Intranet gateway, the intranet data after the decryption that receiving processing module sends, and by institute
State the intranet data after decryption to send to long-range internal lan;
Encryption intranet data, for carrying out protocol processes and encryption to intranet data, is then sent out by the processing module
Deliver in local outer net gateway;When local Intranet gateway is long-range Intranet gateway, the switching that long-range outer net gateway sends is received
Encryption intranet data, and to its be decrypted process after send to Intranet network interface card.
7. a kind of intranet data Transmission system of attack resistance according to claim 6, it is characterised in that the processing module
Including:
Authentication module, for being authenticated to the identity of local internal lan and long-range internal lan communication party;
Data encryption module, is encrypted for the data message in intranet data;
Integrity protection module, for carrying out integrity protection to intranet data.
8. a kind of intranet data Transmission system of attack resistance according to claim 4, it is characterised in that the local outer net
Gateway is identical with long-range outer net intra-gateway structure and mutually can change.
9. the VPN gateway Transmission system of a kind of attack resistance according to claim 8, it is characterised in that described local
Outer net gateway includes outer net network interface card and interconnecting module;
The interconnecting module, for receiving that local Intranet gateway sends through protocol processes and the intranet data of encryption,
And by encryption after intranet data send to outer net network interface card;When local outer net gateway is long-range outer net gateway, outer net net is received
The encryption intranet data obtained from outer net that card sends, and send after the encryption intranet data is checked in long-range
Net gateway;
The outer net network interface card, in the intranet data through protocol processes and encryption for receiving is sent to outer net,
When local outer net gateway is long-range outer net gateway, encryption intranet data is obtained from outer net, and by the encryption intranet data
Send to interconnecting module.
10. the VPN gateway Transmission system of a kind of attack resistance according to claim 9, it is characterised in that described turn
Connection module includes that the hardware logic module for solidifying, the hardware logic module are used for netting index in the encryption of acquisition from outer net
According to being checked.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611163025.9A CN106506540A (en) | 2016-12-15 | 2016-12-15 | A kind of intranet data transmission method of attack resistance and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611163025.9A CN106506540A (en) | 2016-12-15 | 2016-12-15 | A kind of intranet data transmission method of attack resistance and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106506540A true CN106506540A (en) | 2017-03-15 |
Family
ID=58331094
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611163025.9A Pending CN106506540A (en) | 2016-12-15 | 2016-12-15 | A kind of intranet data transmission method of attack resistance and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106506540A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107094137A (en) * | 2017-04-07 | 2017-08-25 | 山东超越数控电子有限公司 | A kind of VPN security gateways |
CN108400967A (en) * | 2018-01-12 | 2018-08-14 | 深圳壹账通智能科技有限公司 | A kind of method for authenticating and right discriminating system |
CN109067709A (en) * | 2018-07-06 | 2018-12-21 | 北京知道创宇信息技术有限公司 | A kind of Vulnerability Management method, apparatus, electronic equipment and storage medium |
CN109218308A (en) * | 2018-09-14 | 2019-01-15 | 上海赋华网络科技有限公司 | A kind of data high-speed secure exchange method based on intelligent network adapter |
CN110492994A (en) * | 2019-07-25 | 2019-11-22 | 北京笛卡尔盾科技有限公司 | A kind of trustable network cut-in method and system |
CN115022325A (en) * | 2022-06-07 | 2022-09-06 | 深圳市和讯华谷信息技术有限公司 | Kafka inter-cluster data transmission method and related equipment |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050111380A1 (en) * | 2003-11-25 | 2005-05-26 | Farid Adrangi | Method, apparatus and system for mobile nodes to dynamically discover configuration information |
CN101277308A (en) * | 2008-05-23 | 2008-10-01 | 杭州华三通信技术有限公司 | Method for insulating inside and outside networks, authentication server and access switch |
CN102710638A (en) * | 2012-05-31 | 2012-10-03 | 广东电网公司电力科学研究院 | Device and method for isolating data by adopting non-network manner |
CN102843352A (en) * | 2012-05-15 | 2012-12-26 | 广东电网公司茂名供电局 | Cross-physical isolation data transparent transmission system and method between intranet and extranet |
CN102882828A (en) * | 2011-07-11 | 2013-01-16 | 上海可鲁系统软件有限公司 | Information safe transmission control method between inside network and outside network and gateway thereof |
CN102882850A (en) * | 2012-09-03 | 2013-01-16 | 广东电网公司电力科学研究院 | Cryptographic device and method thereof for isolating data by employing non-network way |
-
2016
- 2016-12-15 CN CN201611163025.9A patent/CN106506540A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050111380A1 (en) * | 2003-11-25 | 2005-05-26 | Farid Adrangi | Method, apparatus and system for mobile nodes to dynamically discover configuration information |
CN101277308A (en) * | 2008-05-23 | 2008-10-01 | 杭州华三通信技术有限公司 | Method for insulating inside and outside networks, authentication server and access switch |
CN102882828A (en) * | 2011-07-11 | 2013-01-16 | 上海可鲁系统软件有限公司 | Information safe transmission control method between inside network and outside network and gateway thereof |
CN102843352A (en) * | 2012-05-15 | 2012-12-26 | 广东电网公司茂名供电局 | Cross-physical isolation data transparent transmission system and method between intranet and extranet |
CN102710638A (en) * | 2012-05-31 | 2012-10-03 | 广东电网公司电力科学研究院 | Device and method for isolating data by adopting non-network manner |
CN102882850A (en) * | 2012-09-03 | 2013-01-16 | 广东电网公司电力科学研究院 | Cryptographic device and method thereof for isolating data by employing non-network way |
Non-Patent Citations (1)
Title |
---|
耿杰: "《计算机网络安全技术案例教程》", 31 October 2013, 北京:清华大学出版社 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107094137A (en) * | 2017-04-07 | 2017-08-25 | 山东超越数控电子有限公司 | A kind of VPN security gateways |
CN108400967A (en) * | 2018-01-12 | 2018-08-14 | 深圳壹账通智能科技有限公司 | A kind of method for authenticating and right discriminating system |
CN108400967B (en) * | 2018-01-12 | 2020-12-22 | 深圳壹账通智能科技有限公司 | Authentication method and authentication system |
CN109067709A (en) * | 2018-07-06 | 2018-12-21 | 北京知道创宇信息技术有限公司 | A kind of Vulnerability Management method, apparatus, electronic equipment and storage medium |
CN109067709B (en) * | 2018-07-06 | 2021-08-06 | 北京知道创宇信息技术股份有限公司 | Vulnerability management method and device, electronic equipment and storage medium |
CN109218308A (en) * | 2018-09-14 | 2019-01-15 | 上海赋华网络科技有限公司 | A kind of data high-speed secure exchange method based on intelligent network adapter |
CN110492994A (en) * | 2019-07-25 | 2019-11-22 | 北京笛卡尔盾科技有限公司 | A kind of trustable network cut-in method and system |
CN115022325A (en) * | 2022-06-07 | 2022-09-06 | 深圳市和讯华谷信息技术有限公司 | Kafka inter-cluster data transmission method and related equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106506540A (en) | A kind of intranet data transmission method of attack resistance and system | |
Rathore et al. | Real-time secure communication for Smart City in high-speed Big Data environment | |
CN108965215B (en) | Dynamic security method and system for multi-fusion linkage response | |
CN103491072B (en) | A kind of border access control method based on double unidirection insulation network brakes | |
CN103441839B (en) | Application method and system of a kind of quantum cryptography in IP secure communications | |
CN101662359B (en) | Security protection method of communication data of special electricity public network | |
CN107172020A (en) | A kind of network data security exchange method and system | |
Lopez et al. | Cyber security analysis of the European train control system | |
Wang et al. | NOTSA: Novel OBU with three-level security architecture for internet of vehicles | |
CN106209883A (en) | Based on link selection and the multi-chain circuit transmission method and system of broken restructuring | |
CN109194656A (en) | A kind of method of distribution wireless terminal secure accessing | |
CN108712364A (en) | A kind of safety defense system and method for SDN network | |
Sivasangari et al. | Security and privacy in wireless body sensor networks using lightweight cryptography scheme | |
Kadhim et al. | Security threats in wireless network communication-status, challenges, and future trends | |
CN102790775A (en) | Method and system for enhancing network safety performance | |
CN109150906A (en) | A kind of real-time data communication safety method | |
CN102882859B (en) | A kind of safety protecting method based on public network data transmission information system | |
CN109951286A (en) | A kind of encrypted authentication system and method for medical treatment block chain communication system | |
Luo et al. | Security mechanisms design for in-vehicle network gateway | |
CN112019481A (en) | Block chain equipment management and data transmission system based on directed acyclic graph architecture | |
KR20210087000A (en) | The one-way-ring/two-way-ring network QRN KEY distribution way adopted to hybrid-quantum channel and The hybrid quantum communication unit and The hybrid quantum communication closure net system distributing different kinds of key | |
CN103167489A (en) | Wireless public network communication method with security protection in power system | |
CN109120619A (en) | A kind of computer network communications system | |
CN103581191A (en) | Data safe transmitting method adapted to Internet of Things | |
Zhong et al. | Security technologies in ad-hoc networks: a survey |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170315 |