CN107438082A - A kind of network safety system based on intranet and extranet separation - Google Patents
A kind of network safety system based on intranet and extranet separation Download PDFInfo
- Publication number
- CN107438082A CN107438082A CN201710786527.5A CN201710786527A CN107438082A CN 107438082 A CN107438082 A CN 107438082A CN 201710786527 A CN201710786527 A CN 201710786527A CN 107438082 A CN107438082 A CN 107438082A
- Authority
- CN
- China
- Prior art keywords
- file
- gateway
- intranet
- transmission
- unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/102—Gateways
Abstract
The invention discloses a kind of network safety system based on intranet and extranet separation, it is related to technical field of network security.Including checking gateway, confidential data storehouse, recording unit, administrator terminal;Checking gateway is used to internal lan being connected with external network, and screens the file by verifying gateway;Checking gateway is connected with recording unit;Recording unit is used for log file transmission log, and in real time transmits record to administrator terminal.The present invention verifies gateway by setting; intranet and extranet are separated; prevent hacker attacks; the network security of internal lan is protected, and verifies whether file is classified papers and transmits the authority of file user, protects Company Confidential; prevent file outflow from causing corporate assets to be damaged; and by recording unit records file transmission log, real-time Transmission to administrator terminal, keeper is facilitated to understand corporate networks safety in real time.
Description
Technical field
The invention belongs to technical field of network security, more particularly to a kind of network security system based on intranet and extranet separation
System.
Background technology
From the perspective of from the network operation and manager's angle, it is desirable to which the operation such as access, read-write to local network information is protected
And control, avoid the occurrence of " trapdoor ", virus, illegal access, refusal service and Internet resources and illegally occupy and the prestige such as illegally control
The side of body, prevent the attack with defending against network hacker.For safe and secret department, they are wished to illegal, harmful or be related to
The information of state secret carry out filtering and it is anti-blocking, avoid confidential information leakage, avoid to society produce harm, country is caused huge
Big loss.
With developing rapidly for computer technology, the business handled on computers also by the mathematical operation based on unit,
File process, interior business processing, office automation based on the internal network simply connected etc. is developed into based in complexity
Portion's net (Intranet), extranet (Extranet), the enterprise-class computers processing system of Global Internet (Internet)
System and worldwide information sharing and business processing.
Therefore computer security issue, it should as the fire-proof and theft-proof problem of every household, accomplish to be preventive from possible trouble.Very
When will not extremely expecting that yourself can also turn into target, threat has just occurred, once occurring, is usually caught unprepared, makes
Into great loss.
Security work is the basic guarantee for promoting enterprise's orderly development concerning the safety and interests of enterprise, the life with enterprise
Extremely live or die closely bound up.For enterprise, the security of whole system depends on the security intensity of weakest link, occurs once
The leakage of a state or party secret will cause all safe and secret work all to be fallen short of success for lack of final effort, and the leakage of a state or party secret is also to estimate to the loss that enterprise brings
Amount.So enterprise strengthens security work to improving its self-protection ability, ensureing that core competitiveness etc. plays an important role.
Now in order to prevent enterprise from causing secret leakage by hacker attacks or corporate espionage, design one kind is based on intranet and extranet
The network safety system of separation, separated by internal lan with external network, the file machine transmitted by verifying gateway authentication
Close grade, protect enterprise secret.
The content of the invention
It is an object of the invention to provide a kind of network safety system based on intranet and extranet separation, and net is verified by setting
Close, intranet and extranet are separated, prevent hacker attacks, protect the network security of internal lan, and verify file whether be
Classified papers and the authority for transmitting file user, protect Company Confidential, prevent file outflow from causing corporate assets to be damaged, and
By recording unit records file transmission log, real-time Transmission to administrator terminal, keeper is facilitated to understand corporate networks in real time
Safety.
In order to solve the above technical problems, the present invention is achieved by the following technical solutions:
The present invention is a kind of network safety system based on intranet and extranet separation, including verifies gateway, confidential data storehouse, record
Unit, administrator terminal;The checking gateway is used to internal lan being connected with external network, and screens by verifying gateway
File;The checking gateway is connected with recording unit;The recording unit is used for log file transmission log, and in real time will note
Record is transmitted to administrator terminal;The checking gateway includes file comparing unit, Authority Verification unit and virus detection element;Its
In, the file in file and confidential data storehouse that the file comparing unit is used to send internal lan contrasted whether
For classified papers;Wherein, the Authority Verification unit is used to verify that file transmits user right, and the Authority Verification unit includes
Account login module and fingerprint authentication gateway;Wherein, the virus detection element is for the file for detecting external network transmission
It is no to contain virus.
Further, the file comparison unit is by the way that internal lan is believed toward character in the file of outside network transmission
Breath is contrasted with the file character information in confidential data storehouse, if central more than 10 characters of file are identical and the phase that puts in order
It is same then be judged as classified papers, then need the laggard style of writing part transmission of verifying authorization;If the character of 10 is not above among file
It is identical and put in order, then Authority Verification is not needed, directly carries out file transmission.
Further, the Authority Verification unit includes account login module and fingerprint authentication gateway, and the account logs in
Module is used to transmit file user login account, and the fingerprint authentication gateway is used for authentic administrator fingerprint.
Further, the Authority Verification unit the result includes lack of competence, temporary authority and had permission;The authority
Authentication unit verifies whether user account has permission transmission file by account login module, will prohibit if user account lack of competence
Only file transmits;Keeper is needed to be transmitted by the laggard style of writing part of fingerprint authentication gateway authentication if user is temporary authority.
Further, whether the file of the virus detection element detection external network toward internal lan contains virus,
Forbid file to transmit if containing virus and transmit record to administrator terminal.
Further, the recording unit be used for log file transmission user and transmission file, and by record transmit to
Administrator terminal.
Further, the administrator terminal includes computer, and keeper understands file by terminal and transmits situation.
The invention has the advantages that:
The present invention verifies gateway by setting, and intranet and extranet are separated, prevent hacker attacks, protect internal lan
Network security, and verify file whether be classified papers and transmit file user authority, protect Company Confidential, prevent
File outflow causes corporate assets to be damaged, and by recording unit records file transmission log, real-time Transmission to administrator terminal,
Keeper is facilitated to understand corporate networks safety in real time.
Certainly, any product for implementing the present invention it is not absolutely required to reach all the above advantage simultaneously.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, used required for being described below to embodiment
Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for ability
For the those of ordinary skill of domain, on the premise of not paying creative work, it can also be obtained according to these accompanying drawings other attached
Figure.
Fig. 1 is a kind of system block diagram of the network safety system based on intranet and extranet separation.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained all other under the premise of creative work is not made
Embodiment, belong to the scope of protection of the invention.
Refer to shown in Fig. 1, the present invention for it is a kind of based on intranet and extranet separation network safety system, including checking gateway,
Confidential data storehouse, recording unit, administrator terminal;Checking gateway is used to internal lan being connected with external network, and screens
By the file for verifying gateway;Checking gateway is connected with recording unit;Recording unit is used for log file transmission log, and in real time
Record is transmitted to administrator terminal;Checking gateway includes file comparing unit, Authority Verification unit and virus detection element;Its
In, whether it is machine that file comparing unit is used to be contrasted the file that internal lan is sent with the file in confidential data storehouse
Ciphertext part;Wherein, Authority Verification unit is used to verify that file transmits user right, and Authority Verification unit includes account login module
With fingerprint authentication gateway;Wherein, whether the file that virus detection element is used to detect external network transmission is containing virus.
Further, file comparison unit by by internal lan toward character information in the file of outside network transmission with
File character information in confidential data storehouse is contrasted, among the file more than 10 characters it is identical and put in order it is identical if
It is judged as classified papers, then needs the laggard style of writing part transmission of verifying authorization;It is identical that if the character of 10 is not above among file
And put in order, then Authority Verification is not needed, directly carries out file transmission.
Further, Authority Verification unit includes account login module and fingerprint authentication gateway, and account login module is used for
File user login account is transmitted, fingerprint authentication gateway is used for authentic administrator fingerprint.
Further, Authority Verification unit the result includes lack of competence, temporary authority and had permission;Authority Verification unit
Verify whether user account has permission transmission file by account login module, file will be forbidden to pass if user account lack of competence
It is defeated;Keeper is needed to be transmitted by the laggard style of writing part of fingerprint authentication gateway authentication if user is temporary authority.
Further, whether virus detection element detects external network toward the file of internal lan containing virus, if containing
There is virus then to forbid file to transmit and transmit record to administrator terminal.
Further, recording unit is used for the file of log file transmission user and transmission, and record is transmitted to management
Member's terminal.
Further, administrator terminal includes computer, and keeper understands file by terminal and transmits situation.
In the description of this specification, the description of reference term " one embodiment ", " example ", " specific example " etc. means
At least one implementation of the present invention is contained in reference to specific features, structure, material or the feature that the embodiment or example describe
In example or example.In this manual, identical embodiment or example are not necessarily referring to the schematic representation of above-mentioned term.
Moreover, specific features, structure, material or the feature of description can close in any one or more embodiments or example
Suitable mode combines.
Present invention disclosed above preferred embodiment is only intended to help and illustrates the present invention.Preferred embodiment is not detailed
All details are described, it is only described embodiment also not limit the invention.Obviously, according to the content of this specification,
It can make many modifications and variations.This specification is chosen and specifically describes these embodiments, is to preferably explain the present invention
Principle and practical application so that skilled artisan can be best understood by and utilize the present invention.The present invention is only
Limited by claims and its four corner and equivalent.
Claims (7)
- A kind of 1. network safety system based on intranet and extranet separation, it is characterised in that:Including checking gateway, confidential data storehouse, note Record unit, administrator terminal;The checking gateway is used to internal lan being connected with external network, and screens the file by verifying gateway;The checking gateway is connected with recording unit;The recording unit is used for log file transmission log, and in real time will record Transmit to administrator terminal;The checking gateway includes file comparing unit, Authority Verification unit and virus detection element;Wherein, the file in the file comparing unit is used to send internal lan file and confidential data storehouse is carried out pair Than whether being classified papers;Wherein, the Authority Verification unit is used to verify that file transmits user right, and the Authority Verification unit is stepped on including account Record module and fingerprint authentication gateway;Wherein, whether the file that the virus detection element is used to detect external network transmission is containing virus.
- A kind of 2. network safety system based on intranet and extranet separation according to claim 1, it is characterised in that the file Comparison unit by by internal lan toward the file word in character information in the file of outside network transmission and confidential data storehouse Symbol information is contrasted, among the file more than 10 characters it is identical and put in order it is identical if be judged as classified papers, need Want the laggard style of writing part transmission of verifying authorization;, need not if the character that 10 are not above among file is identical and puts in order Authority Verification, directly carry out file transmission.
- A kind of 3. network safety system based on intranet and extranet separation according to claim 1, it is characterised in that the authority Authentication unit includes account login module and fingerprint authentication gateway, and the account login module is used to transmit file user login account Number, the fingerprint authentication gateway is used for authentic administrator fingerprint.
- 4. a kind of network safety system based on intranet and extranet separation according to claim 1 or 3, it is characterised in that described Authority Verification unit the result includes lack of competence, temporary authority and had permission;The Authority Verification unit is logged in by account Whether module verification user account has permission transmission file, file will be forbidden to transmit if user account lack of competence;If user is Temporary authority then needs keeper to be transmitted by the laggard style of writing part of fingerprint authentication gateway authentication.
- A kind of 5. network safety system based on intranet and extranet separation according to claim 1, it is characterised in that the virus Whether detection unit detects external network toward the file of internal lan containing virus, forbids file transmission if containing virus simultaneously Record is transmitted to administrator terminal.
- A kind of 6. network safety system based on intranet and extranet separation according to claim 1, it is characterised in that the record Unit is used for the file of log file transmission user and transmission, and record is transmitted to administrator terminal.
- A kind of 7. network safety system based on intranet and extranet separation according to claim 1, it is characterised in that the management Member's terminal includes computer.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710786527.5A CN107438082A (en) | 2017-09-04 | 2017-09-04 | A kind of network safety system based on intranet and extranet separation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710786527.5A CN107438082A (en) | 2017-09-04 | 2017-09-04 | A kind of network safety system based on intranet and extranet separation |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107438082A true CN107438082A (en) | 2017-12-05 |
Family
ID=60461125
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710786527.5A Pending CN107438082A (en) | 2017-09-04 | 2017-09-04 | A kind of network safety system based on intranet and extranet separation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107438082A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101340290A (en) * | 2008-08-27 | 2009-01-07 | 张树新 | Method, system and transmission card for safe data transmission between internal and external networks |
CN202374295U (en) * | 2011-12-16 | 2012-08-08 | 四川久远新方向智能科技有限公司 | Data share and exchange system for emergency command platform |
CN104363221A (en) * | 2014-11-10 | 2015-02-18 | 青岛微智慧信息有限公司 | Network safety isolation file transmission control method |
CN104702415A (en) * | 2015-03-31 | 2015-06-10 | 北京奇艺世纪科技有限公司 | Account number permission control method and device |
CN104811446A (en) * | 2015-04-18 | 2015-07-29 | 湖南涉外经济学院 | Novel network safety protection system |
-
2017
- 2017-09-04 CN CN201710786527.5A patent/CN107438082A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101340290A (en) * | 2008-08-27 | 2009-01-07 | 张树新 | Method, system and transmission card for safe data transmission between internal and external networks |
CN202374295U (en) * | 2011-12-16 | 2012-08-08 | 四川久远新方向智能科技有限公司 | Data share and exchange system for emergency command platform |
CN104363221A (en) * | 2014-11-10 | 2015-02-18 | 青岛微智慧信息有限公司 | Network safety isolation file transmission control method |
CN104702415A (en) * | 2015-03-31 | 2015-06-10 | 北京奇艺世纪科技有限公司 | Account number permission control method and device |
CN104811446A (en) * | 2015-04-18 | 2015-07-29 | 湖南涉外经济学院 | Novel network safety protection system |
Non-Patent Citations (1)
Title |
---|
李宁: "安全高效的OA系统的设计及实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7890612B2 (en) | Method and apparatus for regulating data flow between a communications device and a network | |
KR101744631B1 (en) | Network security system and a method thereof | |
US20180089429A1 (en) | Deriving a security profile for session-based security in data centers | |
CN114584343B (en) | Data protection method and system for cloud computing center and readable storage medium | |
Buch et al. | World of cyber security and cybercrime | |
CN106899561A (en) | A kind of TNC authority control methods and system based on ACL | |
CN107563221A (en) | A kind of certification decoding security management system for encrypting database | |
Gugelmann et al. | Can content-based data loss prevention solutions prevent data leakage in Web traffic? | |
AL-Hawamleh | Predictions of cybersecurity experts on future cyber-attacks and related cybersecurity measures | |
Patil Madhubala | Survey on security concerns in Cloud computing | |
CA2587867C (en) | Network security device | |
Jenani | Network security, a challenge | |
Mack | Cyber security | |
CN107438082A (en) | A kind of network safety system based on intranet and extranet separation | |
VJTI | E-commerce applications: Vulnerabilities, attacks and countermeasures | |
CN113094663A (en) | Process forced control method based on security marker | |
Parekh et al. | Approach for intrusion detection system using data mining | |
Banday et al. | A study of Indian approach towards cyber security | |
Sowrirajan | A literature based study on cyber security vulnerabilities | |
Shadmanov et al. | Summarization of various security aspects and attacks in distributed systems: A review | |
McGee et al. | How to counter cybercrime intrusions | |
KR20030080412A (en) | method of preventing intrusion from an exterior network and interior network | |
Nikolskaia et al. | The Main Directions of Ensuring Cybersecurity in Russia and the World | |
Stoleriu et al. | Modern Cyber Security Attacks, Detection Strategies, and Countermeasures Procedures | |
Frantti et al. | Security Controls for Smart Buildings with Shared Space |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171205 |