CN106856481B - A kind of Network Isolation method, system, network interface card and application based on lucidification disposal - Google Patents
A kind of Network Isolation method, system, network interface card and application based on lucidification disposal Download PDFInfo
- Publication number
- CN106856481B CN106856481B CN201710161594.8A CN201710161594A CN106856481B CN 106856481 B CN106856481 B CN 106856481B CN 201710161594 A CN201710161594 A CN 201710161594A CN 106856481 B CN106856481 B CN 106856481B
- Authority
- CN
- China
- Prior art keywords
- lucidification disposal
- network
- information
- terminal
- lucidification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Abstract
The invention discloses a kind of Network Isolation method, system, network interface card and application based on lucidification disposal, method includes:S1. obtain the first information in the first operation phase of lucidification disposal terminal, the first information for lucidification disposal terminal first operation phase transparent service device in a network information;S2. obtain the second information in the second operation phase of lucidification disposal terminal, second information for lucidification disposal terminal second operation phase transparent service device in a network information;S3. when the first information and second information are inconsistent, the lucidification disposal terminal is resetted.The present invention have it is safe, can effectively reduce the risk of divulging a secret that lucidification disposal terminal may occur when connect heterogeneous networks, the advantages that guarantee lucidification disposal terminal operating is safe.
Description
Technical field
The present invention relates to computer network control field, more particularly to a kind of Network Isolation method based on lucidification disposal,
System, network interface card and application.
Background technology
With the maturation and high speed development of Internet technology, Internet technology has incorporated production, the every aspect of life.
Internet threatens safe also day while the facility of fast acquisition information is brought caused by its network to user
Benefit turns into popular the problem of worrying.Especially government, public institution, their private data is after leakage, to caused by it
Influence will be unable to imagine.Lucidification disposal terminal has the advantages that open good, strong applicability, safe, and application is more and more wider
It is general.But due to lucidification disposal it is natural there is dependence to network, it is necessary to rely on network and load resource from transparent service device
(Including example operation system and runs software), can only be run when network interruption on the basis of resource has been loaded.Thus, thoroughly
Bright computing terminal needs more preferable protection to network insertion situation, to ensure the safe operation of lucidification disposal terminal.It is and existing
In the lucidification disposal terminal of technology, in example operation bootstrap process, during leading into example operation system, with
And in the running of example operation system, without extra protection is carried out, only according to the characteristic of lucidification disposal, in net
When network accesses heterogeneous networks after interrupting, false alarm is sent when lucidification disposal terminal can not obtain resource from transparent service device
Alert, guiding operator recovers network.Therefore, the Network Isolation guard method to lucidification disposal field carries out research with reality
Meaning.
The content of the invention
The technical problem to be solved in the present invention is that:For technical problem existing for prior art, the present invention provides one
It is kind safe, prevent lucidification disposal terminal run in heterogeneous networks generation divulge a secret risk based on the network of lucidification disposal every
From method, system, network interface card and application.
In order to solve the above technical problems, technical scheme proposed by the present invention is:A kind of Network Isolation based on lucidification disposal
Method, it is characterised in that:Including:
S1. the first information is obtained in the first operation phase of lucidification disposal terminal, the first information is that lucidification disposal is whole
Hold first operation phase transparent service device in a network information;
S2. the second information is obtained in the second operation phase of lucidification disposal terminal, second information is that lucidification disposal is whole
Hold second operation phase transparent service device in a network information;
S3. when the first information and second information are inconsistent, the lucidification disposal terminal is resetted.
As a further improvement on the present invention, first operation phase and the second operation phase are according to default segmentation
Operation rank of the lucidification disposal terminal determined by Node Events after terminating before the spliting node event occurs with event
Section.
As a further improvement on the present invention, the default spliting node event is led into including lucidification disposal terminal
Node Events, the lucidification disposal terminal network in example operation system operation of example operation system disconnect the node joined again
Event.
As a further improvement on the present invention, the information of the transparent service device includes the IP address and UUID of server
Code.
As a further improvement on the present invention, described step S1, S2 and S3 are by independently of lucidification disposal terminal operating system
Computing device.
As a further improvement on the present invention, after the step S1, when the default spliting node event starts,
Isolate the connection of lucidification disposal terminal and network;After the default spliting node event terminates, the step S2 is performed;
In the step S3, when the first information is consistent with second information, it is whole to recover the lucidification disposal
End and the connection of network.
As a further improvement on the present invention, the specific steps bag of the lucidification disposal terminal is resetted described in step S3
Include:Hot reset instruction is sent to lucidification disposal terminal, and monitors lucidification disposal terminal hot reset state, when lucidification disposal terminal exists
When hot reset is unsuccessful in the default time, cold reset signal, lucidification disposal described in forced resetting are sent to lucidification disposal terminal
Terminal.
A kind of network isolation system based on lucidification disposal, including:
Data obtaining module:For obtaining the first information, first letter in the first operation phase of lucidification disposal terminal
Cease for lucidification disposal terminal first operation phase transparent service device in a network information;It is additionally operable in lucidification disposal
Second operation phase of terminal obtains the second information, and second information is lucidification disposal terminal in the second operation phase institute
The information of transparent service device in a network;
Reset processing module:For when the first information and second information are inconsistent, resetting the diaphanometer
Calculate terminal.
As a further improvement on the present invention, the reset processing module includes hot reset unit and cold reset unit, institute
State hot reset unit to be used to send hot reset instruction to lucidification disposal terminal, and monitor lucidification disposal terminal hot reset state;Institute
State cold reset unit to be used for when hot reset is unsuccessful within the default time for bright computing terminal, sent to lucidification disposal terminal cold
Reset signal, lucidification disposal terminal described in forced resetting.
As a further improvement on the present invention, in addition to isolation processing module:For being opened when default spliting node event
During the beginning, isolate the connection of lucidification disposal terminal and network;When the first information is consistent with second information, described in recovery
The connection of lucidification disposal terminal and network.
A kind of Network Isolation network interface card based on lucidification disposal, including it is processor, memory, Network Interface Module, serial logical
Believe interface module and bus interface module;
The memory, Network Interface Module, serial communication interface module are connected with the processor respectively, the bus
Interface module is connected with the Network Interface Module;
The memory is used to store the information of transparent service device and the acquisition program of the information;
The processor obtains lucidification disposal terminal by the serial communication interface module and leads into example operation system
The Node Events information of system, network is obtained by monitoring network interface module state and disconnects the Node Events information joined again;It is described
Processor obtains the information of transparent service device by Network Interface Module, according to described transparent by running the acquisition program
Reset instruction is sent by the serial communication interface module when server info judges to need to reset.
As a further improvement on the present invention, in addition to isolation controller, the processor pass through the isolation controller
It is connected with the Network Interface Module, the bus interface module is connected by the isolation controller and the Network Interface Module
Connect;The isolation controller is used to the Network Interface Module and the bus are disconnected or recovered according to the control of the processor
Connection between interface module.
As a further improvement on the present invention, in addition to cold reset interface module, the cold reset interface module with it is described
Processor connects, for sending cold reset signal.
A kind of lucidification disposal mainboard, including mainboard body and isolation network interface card as described above.
A kind of lucidification disposal terminal, including mainboard as described above.
Compared with prior art, the advantage of the invention is that:
1st, partition method of the invention, system and isolation network interface card can effectively prevent lucidification disposal terminal inter-network from running,
Produced when finding lucidification disposal terminal inter-network and lucidification disposal terminal is resetted, prevent lucidification disposal terminal because of across a network
Run and produce risk of divulging a secret.
2nd, the partition method of further optimization of the invention, system and isolation network interface card can also be realized to lucidification disposal terminal
The physical isolation of across a network, so as to fundamentally prevent the same operating system of lucidification disposal terminal from accessing two different networks,
The physical isolation between heterogeneous networks is realized, it is safe.
3rd, separation net card structure of the invention is simple, and cost is low.
4th, lucidification disposal mainboard of the invention has simple in construction, and cost is low, and effectively heterogeneous networks can be isolated, and protects
The advantages that demonstrate,proving the security of system operation.
5th, lucidification disposal terminal of the invention has that simple in construction, cost is low, effectively heterogeneous networks can be isolated,
The advantages that ensureing the security of system operation.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of the partition method of the specific embodiment of the invention.
Fig. 2 is the shielding system structural representation of the specific embodiment of the invention.
Fig. 3 is the separation net card structure schematic diagram one of the specific embodiment of the invention.
Fig. 4 is the structural representation two of the isolation network interface card of the specific embodiment of the invention.
Embodiment
Below in conjunction with Figure of description and specific preferred embodiment, the invention will be further described, but not therefore and
Limit the scope of the invention.
Embodiment one:
As shown in figure 1, the Network Isolation method based on lucidification disposal of the present embodiment, including:S1. it is whole in lucidification disposal
First operation phase at end obtains the first information, and the first information is saturating in a network in the first operation phase for lucidification disposal terminal
The information of prescribed server;S2. the second information is obtained in the second operation phase of lucidification disposal terminal, the second information is the diaphanometer
Calculate terminal the second operation phase transparent service device in a network information;S3. when the first information and the second information are inconsistent
When, reset lucidification disposal terminal.
In the present embodiment, the first operation phase and the second operation phase are determined according to default spliting node event
Lucidification disposal terminal spliting node event generation before and event terminate after operation phase.Default spliting node thing
Part leads into the Node Events of example operation system including lucidification disposal terminal, lucidification disposal terminal is transported in example operation system
Network disconnects the Node Events joined again during row.The information of transparent service device includes the IP address and UUID codes of server.
In the present embodiment, the specific steps of lucidification disposal terminal are resetted in step S3 to be included:Sent out to lucidification disposal terminal
Send hot reset to instruct, and monitor lucidification disposal terminal hot reset state, when lucidification disposal terminal within the default time hot reset
When unsuccessful, cold reset signal, forced resetting lucidification disposal terminal are sent to lucidification disposal terminal.
In the present embodiment, to carry out the partition method of the present invention with one complete start-up course of lucidification disposal terminal
Explanation.After the power-up of lucidification disposal terminal, super operation system is led into, super operation system is managed in lucidification disposal terminal
The operating system of example operation system, it can be a Linux system or with such as operating system such as Meta OS.It is transparent
, can be from Network Capture IP address after computing terminal launches into super operation system, and obtain the transparent service device in network
Information, including the IP address of transparent service device and UUID codes(General unique identifier).In the present embodiment, due to the first operation
Stage and the second operation phase are divided according to default spliting node event, transparent before the generation of spliting node event
Computing terminal operated in for the first operation phase, and after spliting node event terminates, lucidification disposal terminal operating runs rank second
Section.Therefore, in the present embodiment, after lucidification disposal terminal launches into super operation system, operated in for the first operation phase.This
When, lucidification disposal terminal can load example operation system from transparent service device, in the process, in the event of network interruption,
I.e. default spliting node event triggering, until network recovery, the spliting node event terminates, and lucidification disposal terminal enters second
Operation phase, break in a network after recovering again, lucidification disposal terminal reacquires the information of transparent service device in network, including IP
Address and UUID codes, lucidification disposal terminal is by comparing the first operation phase and the transparent service device acquired in the second operation phase
Information, if the information obtained twice is consistent, then it is assumed that after network interruption is recovered again, network that lucidification disposal terminal is accessed
The network before interrupting is remained as, the network is trusty, and lucidification disposal terminal continues to run with, and is loaded from transparent service device real
Example operating system.If the information obtained twice is inconsistent, then it is assumed that after network interruption is recovered again, the network accessed becomes
Change, it is believed that the network currently accessed is unsafe, then terminates the loading of example operation system, resets lucidification disposal terminal.
Because lucidification disposal terminal, which does not possess, memory, resource required for operation is all to be loaded directly into internal memory from transparent service device
In, as long as and the data dead electricity in internal memory is then irrecoverable, so as to by resetting lucidification disposal terminal, it is ensured that lucidification disposal
The safety of data, resource in terminal.
In the present embodiment, by the first operation phase and the second operation phase are according to default spliting node event institute
Division, therefore, in the present embodiment, the information of network interruption transparent service device acquired after recovering is spliting node next time
The transparent service device information of the first operation phase when event occurs.
In the present embodiment, the super operation system of lucidification disposal terminal has loaded example operation system from transparent service device
, it is necessary to guide lucidification disposal terminal to enter example operation system after system, led into so as to trigger default lucidification disposal terminal
The Node Events of example operation system, after lucidification disposal terminal is introduced and enters example operation system, the spliting node event knot
Beam.It it was the first operation phase before spliting node event triggering, after the spliting node event terminates, into the second operation
Stage.In the second operation phase, lucidification disposal the terminal IP address from Network Capture transparent service device and UUID addresses again will
The transparent service device information of first operation phase and the second operation phase are compared, and when both are consistent, illustrate lucidification disposal
The network that terminal is accessed before and after spliting node event is consolidated network, the network be it is trusty, lucidification disposal terminal after
Reforwarding row, when both are inconsistent, the network that illustrates to be accessed before and after the spliting node event is not consolidated network, current institute
The network of access may be insecure network, therefore, terminate the operation of example operation system, reset lucidification disposal terminal.
In the present embodiment, network does not become during lucidification disposal terminal leads into example operation system
Change, lucidification disposal terminal enters normal operation in the example operation system.In the running of example operation system, it is also possible to
Network occurs and disconnects the Node Events joined again, is second for the first operation phase before being occurred with event, after being terminated with event similarly
Operation phase.Obtained in the second operation phase lucidification disposal terminal transparent service device in a network information, by first
The information of transparent service device acquired in operation phase and the second operation phase is compared, after unanimously then explanation disconnects connection again
Network is consolidated network with the network before disconnecting, and is secure network trusty, then continues the operation of example operation system, if
The network that explanation disconnects join again after inconsistent then is insecure network, then resets lucidification disposal terminal.
In the present embodiment, when resetting lucidification disposal terminal, hot reset mode preferentially is used, i.e., is entered by operating system
Row resets, and when the running status by monitoring lucidification disposal terminal, finds within the default period, and lucidification disposal terminal heat is multiple
When position is unsuccessful, then force to reset lucidification disposal terminal by way of cold reset, so as to ensure lucidification disposal terminal
Network security.
In the present embodiment, by obtaining before and after spliting node event transparent service device in network residing for lucidification disposal terminal
Information, come judge network whether safety, it is dangerous then reset lucidification disposal terminal, so as to ensure that lucidification disposal terminal will not
Across a network is run, and ensure that the data safety of lucidification disposal terminal.
As shown in Fig. 2 the network isolation system based on lucidification disposal of the present embodiment, including:Data obtaining module:For
The first information is obtained in the first operation phase of lucidification disposal terminal, the first information is lucidification disposal terminal in the first operation phase
Transparent service device in a network information;It is additionally operable to obtain the second information in the second operation phase of lucidification disposal terminal, the
Two information for lucidification disposal terminal the second operation phase transparent service device in a network information;Reset processing module:With
When the first information and inconsistent the second information, lucidification disposal terminal is resetted.Reset processing module include hot reset unit and
Cold reset unit, hot reset unit is used to send hot reset instruction to lucidification disposal terminal, and it is multiple to monitor lucidification disposal terminal heat
Position state;Cold reset unit is used for when hot reset is unsuccessful within the default time for bright computing terminal, to lucidification disposal terminal
Send cold reset signal, forced resetting lucidification disposal terminal.
Partition method in the present embodiment, it can be realized by existing network interface card.
Embodiment two:
The partition method of the present embodiment and embodiment one are essentially identical, and difference is:Step S1, S2 and S3 are by independence
In the computing device of lucidification disposal terminal operating system.After step S1, when default spliting node event starts, isolation
The connection of lucidification disposal terminal and network;After default spliting node event terminates, step S2 is performed;In step s3,
When the first information is consistent with the second information, recover the connection of lucidification disposal terminal and network.
In the present embodiment, due to the operating system of step S1, S2 and S3 independent of lucidification disposal terminal, including it is super
Level operating system and example operation system, there is information of the independent processor from Network Capture transparent service device, including IP address
With UUID codes.Therefore, when there is default spliting node event to trigger, the connection of lucidification disposal terminal and network is isolated, i.e.,
The operating system of lucidification disposal terminal(Including super operation system and example operation system)Network can not be accessed, in segmented section
After point event terminates, as lucidification disposal terminal has been successfully booted up into example operation system, or network interruption joins again again after,
Now, operating system still can not access network, but be obtained by independent processor current(Second operation phase)In network
The information of transparent service device, when independent processor judges that the first information is consistent with the second information, illustrate to run rank second
Section, the network that lucidification disposal terminal is accessed is identical with the network that the first operation phase was accessed, and is trusted network, then recovers
The connection of lucidification disposal terminal and network, the operating system of lucidification disposal terminal can access network, normal operation.Otherwise dividing
After cut node event, the network being connected with lucidification disposal terminal changes, and current connected network is insecure network, then
Lucidification disposal terminal is resetted, the data resource stored in lucidification disposal terminal internal memory is removed by resetting, ensures that lucidification disposal is whole
Hold the safety of operation.
In the present embodiment, by performing step S1, S2 and S3 independent of operating system, it is ensured that lucidification disposal is whole
The physical isolation of end between the different networks, ensure that the safe operation of lucidification disposal terminal, prevents wind of divulging a secret to greatest extent
Danger.
The present embodiment it is essentially identical based on the network isolation system of lucidification disposal and embodiment one, difference be also
Including isolation processing module:For when default spliting node event starts, isolating the connection of lucidification disposal terminal and network;
When the first information is consistent with the second information, recover the connection of lucidification disposal terminal and network.
As shown in figure 3, the Network Isolation network interface card based on lucidification disposal of the present embodiment, including processor, memory, network
Interface module, serial communication interface module and bus interface module;Memory, Network Interface Module, serial communication interface module
It is connected respectively with processor, bus interface module is connected with Network Interface Module;Memory is used for the letter for storing transparent service device
The acquisition program of breath and the information;Processor obtains lucidification disposal terminal by serial communication interface module and leads into example
The Node Events information of operating system, network is obtained by monitoring network interface module state and disconnects the Node Events joined again letter
Breath;Processor obtains program by running, and the information of transparent service device is obtained by Network Interface Module, according to transparent service device
Reset instruction is sent by serial communication interface module when information judges to need to reset.
The isolation network interface card of the present embodiment, serial communication interface are connected with the mainboard of lucidification disposal terminal, are received default
Bright computing terminal leads into the Node Events information of example operation system, and the information includes the super operation of lucidification disposal terminal
The opening flag information that system is sent before example operation system is led into, and after leading into example operation system, then
The successful flag information of startup that example operation system is sent, the two flag informations represent the beginning of Node Events respectively
With end.Meanwhile the processor for isolating network interface card may thereby determine that network disconnects what is joined again by the state of monitoring network interface
Node Events information, including network disconnect the information with network recovery.Bus interface module is pci interface module, can be with master
The pci bus connection of plate.
In the present embodiment, it can be pre- that what is stored in memory, which is used to obtain the acquisition program of transparent service device information,
Be first stored in memory or sent by operating system by serial communication interface to store into memory.
In the present embodiment, in addition to cold reset interface module, cold reset interface module is connected with processor, for sending
Cold reset signal.Hot reset is sent during hot reset to lucidification disposal terminal by serial communication interface module to instruct, so as to control
Lucidification disposal terminal carries out hot reset, when lucidification disposal terminal hot reset fails, then by cold reset interface module to transparent
The mainboard of computing terminal sends cold reset signal, forces to carry out cold reset to lucidification disposal terminal.
By the isolation network interface card of the present embodiment, it can timely determine whether the network that lucidification disposal terminal is accessed occurs
Change, if accessed insecure network, when accessing insecure network, lucidification disposal terminal can have timely been resetted, so as to drop
The risk that low lucidification disposal terminal is divulged a secret.
The lucidification disposal mainboard of the present embodiment, including mainboard body and isolation network interface card as described above.
The lucidification disposal terminal of the present embodiment, including mainboard as described above.Specifically, lucidification disposal terminal includes display
Equipment, power supply, mainboard etc..Display device and main analysis, power supply are that mainboard and display device are powered.
Embodiment three:
The partition method of the present embodiment is identical with embodiment two, and the shielding system of the present embodiment is identical with embodiment two.This
The isolation network interface card and embodiment two of embodiment are substantially different, and difference is:As shown in figure 4, isolation network interface card also includes isolation
Controller, processor are connected by isolation controller with Network Interface Module, and bus interface module passes through isolation controller and net
Network interface module connects;Isolation controller is used to Network Interface Module and EBI are disconnected or recovered according to the control of processor
Connection between module.
In the present embodiment, by isolation controller, can be disconnected in time saturating after the triggering of default spliting node event
The connection of bright computing terminal and network, and after network recovery, isolate the processor of network interface card by obtaining transparent clothes again
Be engaged in device information, by the network that judges currently to be accessed as safety, trusted network when, recovery lucidification disposal terminal and network
Connection, when the network accessed is insecure network, then lucidification disposal terminal is resetted, so as to realize lucidification disposal terminal not
With the data safety of the physical isolation between network, to greatest extent guarantee lucidification disposal terminal, risk of not divulging a secret.
The lucidification disposal mainboard of the present embodiment includes the isolation network interface card in mainboard body and the present embodiment.In the present embodiment
Lucidification disposal terminal includes the lucidification disposal mainboard in the present embodiment.
Above-mentioned simply presently preferred embodiments of the present invention, not makees any formal limitation to the present invention.It is although of the invention
It is disclosed above with preferred embodiment, but it is not limited to the present invention.Therefore, it is every without departing from technical solution of the present invention
Content, according to the technology of the present invention essence to any simple modifications, equivalents, and modifications made for any of the above embodiments, it all should fall
In the range of technical solution of the present invention protection.
Claims (15)
- A kind of 1. Network Isolation method based on lucidification disposal, it is characterised in that:Including:S1. the first information is obtained in the first operation phase of lucidification disposal terminal, the first information is that lucidification disposal terminal exists First operation phase transparent service device in a network information;S2. the second information is obtained in the second operation phase of lucidification disposal terminal, second information is that lucidification disposal terminal exists Second operation phase transparent service device in a network information;S3. when the first information and second information are inconsistent, the lucidification disposal terminal is resetted.
- 2. the Network Isolation method according to claim 1 based on lucidification disposal, it is characterised in that:The first operation rank Section and the second operation phase be according to determined by default spliting node event lucidification disposal terminal in the spliting node thing Operation phase after terminating before part generation with event.
- 3. the Network Isolation method according to claim 2 based on lucidification disposal, it is characterised in that:The default segmentation Node Events lead into the Node Events of example operation system, lucidification disposal terminal in example operation including lucidification disposal terminal Network disconnects the Node Events joined again in system operation.
- 4. the Network Isolation method according to claim 3 based on lucidification disposal, it is characterised in that:The transparent service device Information include the IP address and UUID codes of server.
- 5. the Network Isolation method according to claim 4 based on lucidification disposal, it is characterised in that:Step S1, S2 With S3 by the computing device independently of lucidification disposal terminal operating system.
- 6. the Network Isolation method according to claim 5 based on lucidification disposal, it is characterised in that:The step S1 it Afterwards, when the default spliting node event starts, the connection of lucidification disposal terminal and network is isolated;In the default segmentation After Node Events terminate, the step S2 is performed;In the step S3, when the first information is consistent with second information, recover the lucidification disposal terminal with The connection of network.
- 7. the Network Isolation method according to claim 6 based on lucidification disposal, it is characterised in that multiple described in step S3 The specific steps of the position lucidification disposal terminal include:Hot reset instruction is sent to lucidification disposal terminal, and monitors lucidification disposal Terminal hot reset state, when hot reset is unsuccessful within the default time for lucidification disposal terminal, sent to lucidification disposal terminal Cold reset signal, lucidification disposal terminal described in forced resetting.
- A kind of 8. network isolation system based on lucidification disposal, it is characterised in that including:Data obtaining module:The first information is obtained for the first operation phase in lucidification disposal terminal, the first information is Lucidification disposal terminal first operation phase transparent service device in a network information;It is additionally operable in lucidification disposal terminal The second operation phase obtain the second information, second information is lucidification disposal terminal net where second operation phase The information of transparent service device in network;Reset processing module:For when the first information and second information are inconsistent, it is whole to reset the lucidification disposal End.
- 9. the network isolation system according to claim 8 based on lucidification disposal, it is characterised in that:The reset processing Module includes hot reset unit and cold reset unit, and the hot reset unit is used to refer to lucidification disposal terminal transmission hot reset Order, and monitor lucidification disposal terminal hot reset state;The cold reset unit is used for when bright computing terminal is within the default time When hot reset is unsuccessful, cold reset signal, lucidification disposal terminal described in forced resetting are sent to lucidification disposal terminal.
- 10. the network isolation system according to claim 9 based on lucidification disposal, it is characterised in that:Also include at isolation Manage module:For when default spliting node event starts, isolating the connection of lucidification disposal terminal and network;When described first When information is consistent with second information, recover the connection of the lucidification disposal terminal and network.
- 11. a kind of Network Isolation network interface card based on lucidification disposal for realizing the partition method as described in any one of claim 1 to 7, It is characterized in that:Including processor, memory, Network Interface Module, serial communication interface module and bus interface module;The memory, Network Interface Module, serial communication interface module are connected with the processor respectively, the EBI Module is connected with the Network Interface Module;The memory is used to store the information of transparent service device and the acquisition program of the information;The processor obtains lucidification disposal terminal by the serial communication interface module and leads into example operation system Node Events information, network is obtained by monitoring network interface module state and disconnects the Node Events information joined again;The processing Device obtains the information of transparent service device by Network Interface Module, according to the transparent service by running the acquisition program Reset instruction is sent by the serial communication interface module when device information judges to need to reset.
- 12. the Network Isolation network interface card according to claim 11 based on lucidification disposal, it is characterised in that:Also include isolation control Device processed, the processor are connected by the isolation controller with the Network Interface Module, and the bus interface module passes through The isolation controller is connected with the Network Interface Module;The isolation controller is used to be broken according to the control of the processor Open or recover the connection between the Network Interface Module and the bus interface module.
- 13. the Network Isolation network interface card according to claim 12 based on lucidification disposal, it is characterised in that:Also include cold reset Interface module, the cold reset interface module is connected with the processor, for sending cold reset signal.
- A kind of 14. lucidification disposal mainboard, it is characterised in that:Including mainboard body and as described in any one of claim 11 to 13 Isolate network interface card.
- A kind of 15. lucidification disposal terminal, it is characterised in that:Including mainboard as claimed in claim 14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710161594.8A CN106856481B (en) | 2017-03-17 | 2017-03-17 | A kind of Network Isolation method, system, network interface card and application based on lucidification disposal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710161594.8A CN106856481B (en) | 2017-03-17 | 2017-03-17 | A kind of Network Isolation method, system, network interface card and application based on lucidification disposal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106856481A CN106856481A (en) | 2017-06-16 |
| CN106856481B true CN106856481B (en) | 2017-12-26 |
Family
ID=59125216
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710161594.8A Active CN106856481B (en) | 2017-03-17 | 2017-03-17 | A kind of Network Isolation method, system, network interface card and application based on lucidification disposal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106856481B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107609605B (en) * | 2017-09-15 | 2020-09-25 | 湖南新云网科技有限公司 | Medical terminal card issuing method and system based on transparent computing |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106485150A (en) * | 2015-08-31 | 2017-03-08 | 哈尔滨光凯科技开发有限公司 | A kind of foundation for security system of credible and secure simulation computer |
| CN106502927A (en) * | 2016-10-26 | 2017-03-15 | 北京德普信科技有限公司 | Trusted end-user is calculated and data inactivity security system and method |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2000187600A (en) * | 1998-12-22 | 2000-07-04 | Nec Corp | Watchdog timer system |
| CN1333339C (en) * | 2005-04-06 | 2007-08-22 | 清华大学 | Transparent computing based computing apparatus and method |
| US7467293B2 (en) * | 2004-11-12 | 2008-12-16 | Tsinghua University | Method and computing system for transparence computing on the computer network |
| CN106250139B (en) * | 2016-07-28 | 2019-09-13 | 湖南新云网科技有限公司 | Starting method, system and intelligent self-service system based on lucidification disposal intelligent terminal |
| CN106339278A (en) * | 2016-08-24 | 2017-01-18 | 浪潮电子信息产业股份有限公司 | Data backup and recovery method for network file system |
-
2017
- 2017-03-17 CN CN201710161594.8A patent/CN106856481B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106485150A (en) * | 2015-08-31 | 2017-03-08 | 哈尔滨光凯科技开发有限公司 | A kind of foundation for security system of credible and secure simulation computer |
| CN106502927A (en) * | 2016-10-26 | 2017-03-15 | 北京德普信科技有限公司 | Trusted end-user is calculated and data inactivity security system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106856481A (en) | 2017-06-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106412909B (en) | A kind of method and device of equipment connection | |
| CN102289622B (en) | Trusted startup method based on authentication policy file and hardware information collection | |
| CN106850260A (en) | A kind of dispositions method and device of virtual resources management platform | |
| CN112506702B (en) | Disaster recovery method, device, equipment and storage medium for data center | |
| CN106528097A (en) | Version synchronization method for two pieces of BIOS (Basic Input/ Output System) firmware, and electronic equipment | |
| CN109670319A (en) | A kind of server flash method for managing security and its system | |
| US10007785B2 (en) | Method and apparatus for implementing virtual machine introspection | |
| CN109063489A (en) | A kind of starting method and device | |
| CN106488394A (en) | A kind of method and device of equipment connection | |
| CN104081311A (en) | Apparatus and method for managing operation of a mobile device | |
| TW202013226A (en) | Webpage content self-protection method and associated server | |
| CN106856481B (en) | A kind of Network Isolation method, system, network interface card and application based on lucidification disposal | |
| CN107623581B (en) | Service list generation method, device and system, and acquisition and reporting method and device | |
| CN114090174A (en) | City rail edge cloud integration equipment based on super integration | |
| CN111090537A (en) | Cluster starting method and device, electronic equipment and readable storage medium | |
| CN102752365B (en) | The method and apparatus of information processing | |
| CN105912929A (en) | Domestic TCM based dynamic measurement method | |
| CN111488306A (en) | Attack and defense architecture system and construction method thereof | |
| CN105740040A (en) | Virtual machine data loading method and system | |
| CN112035295A (en) | Virtual machine crash event processing method, system, terminal and storage medium | |
| CN104680307A (en) | Method and device for processing item transaction | |
| KR20160100626A (en) | Computing device executing malicious code with using actual resources, server system managing information of malicious code, and electronic system including the same | |
| CN113094109B (en) | Electronic device and control method | |
| CN114584328B (en) | API interface access method, computer device and computer storage medium | |
| CN107967190A (en) | A kind of disaster recovery test method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder |
Address after: 410000 Yuelu District Yuelu street, Changsha, Hunan Province, 5 left 101 rooms of R & D headquarters of Central South University Science Park. Patentee after: HUNAN NEW CLOUDNET TECHNOLOGY CO., LTD. Address before: 410001 18 floor, block A, Yun Da Central Plaza, Yuhua District, Changsha, Hunan. Patentee before: HUNAN NEW CLOUDNET TECHNOLOGY CO., LTD. |
|
| CP02 | Change in the address of a patent holder | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Network isolation method based on transparent computing, system, network card and application Effective date of registration: 20200602 Granted publication date: 20171226 Pledgee: Pudong Development Bank of Shanghai Limited by Share Ltd. Changsha branch Pledgor: HUNAN NEW CLOUDNET TECHNOLOGY Co.,Ltd. Registration number: Y2020980002707 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20210915 Granted publication date: 20171226 Pledgee: Pudong Development Bank of Shanghai Limited by Share Ltd. Changsha branch Pledgor: HUNAN NEW CLOUDNET TECHNOLOGY Co.,Ltd. Registration number: Y2020980002707 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right |