CN107438082A - A kind of network safety system based on intranet and extranet separation - Google Patents

A kind of network safety system based on intranet and extranet separation Download PDF

Info

Publication number
CN107438082A
CN107438082A CN201710786527.5A CN201710786527A CN107438082A CN 107438082 A CN107438082 A CN 107438082A CN 201710786527 A CN201710786527 A CN 201710786527A CN 107438082 A CN107438082 A CN 107438082A
Authority
CN
China
Prior art keywords
file
gateway
intranet
transmission
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710786527.5A
Other languages
Chinese (zh)
Inventor
李让剑
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Love Her Fruit Agel Ecommerce Ltd
Original Assignee
Anhui Love Her Fruit Agel Ecommerce Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Love Her Fruit Agel Ecommerce Ltd filed Critical Anhui Love Her Fruit Agel Ecommerce Ltd
Priority to CN201710786527.5A priority Critical patent/CN107438082A/en
Publication of CN107438082A publication Critical patent/CN107438082A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/102Gateways

Abstract

The invention discloses a kind of network safety system based on intranet and extranet separation, it is related to technical field of network security.Including checking gateway, confidential data storehouse, recording unit, administrator terminal;Checking gateway is used to internal lan being connected with external network, and screens the file by verifying gateway;Checking gateway is connected with recording unit;Recording unit is used for log file transmission log, and in real time transmits record to administrator terminal.The present invention verifies gateway by setting; intranet and extranet are separated; prevent hacker attacks; the network security of internal lan is protected, and verifies whether file is classified papers and transmits the authority of file user, protects Company Confidential; prevent file outflow from causing corporate assets to be damaged; and by recording unit records file transmission log, real-time Transmission to administrator terminal, keeper is facilitated to understand corporate networks safety in real time.

Description

A kind of network safety system based on intranet and extranet separation
Technical field
The invention belongs to technical field of network security, more particularly to a kind of network security system based on intranet and extranet separation System.
Background technology
From the perspective of from the network operation and manager's angle, it is desirable to which the operation such as access, read-write to local network information is protected And control, avoid the occurrence of " trapdoor ", virus, illegal access, refusal service and Internet resources and illegally occupy and the prestige such as illegally control The side of body, prevent the attack with defending against network hacker.For safe and secret department, they are wished to illegal, harmful or be related to The information of state secret carry out filtering and it is anti-blocking, avoid confidential information leakage, avoid to society produce harm, country is caused huge Big loss.
With developing rapidly for computer technology, the business handled on computers also by the mathematical operation based on unit, File process, interior business processing, office automation based on the internal network simply connected etc. is developed into based in complexity Portion's net (Intranet), extranet (Extranet), the enterprise-class computers processing system of Global Internet (Internet) System and worldwide information sharing and business processing.
Therefore computer security issue, it should as the fire-proof and theft-proof problem of every household, accomplish to be preventive from possible trouble.Very When will not extremely expecting that yourself can also turn into target, threat has just occurred, once occurring, is usually caught unprepared, makes Into great loss.
Security work is the basic guarantee for promoting enterprise's orderly development concerning the safety and interests of enterprise, the life with enterprise Extremely live or die closely bound up.For enterprise, the security of whole system depends on the security intensity of weakest link, occurs once The leakage of a state or party secret will cause all safe and secret work all to be fallen short of success for lack of final effort, and the leakage of a state or party secret is also to estimate to the loss that enterprise brings Amount.So enterprise strengthens security work to improving its self-protection ability, ensureing that core competitiveness etc. plays an important role.
Now in order to prevent enterprise from causing secret leakage by hacker attacks or corporate espionage, design one kind is based on intranet and extranet The network safety system of separation, separated by internal lan with external network, the file machine transmitted by verifying gateway authentication Close grade, protect enterprise secret.
The content of the invention
It is an object of the invention to provide a kind of network safety system based on intranet and extranet separation, and net is verified by setting Close, intranet and extranet are separated, prevent hacker attacks, protect the network security of internal lan, and verify file whether be Classified papers and the authority for transmitting file user, protect Company Confidential, prevent file outflow from causing corporate assets to be damaged, and By recording unit records file transmission log, real-time Transmission to administrator terminal, keeper is facilitated to understand corporate networks in real time Safety.
In order to solve the above technical problems, the present invention is achieved by the following technical solutions:
The present invention is a kind of network safety system based on intranet and extranet separation, including verifies gateway, confidential data storehouse, record Unit, administrator terminal;The checking gateway is used to internal lan being connected with external network, and screens by verifying gateway File;The checking gateway is connected with recording unit;The recording unit is used for log file transmission log, and in real time will note Record is transmitted to administrator terminal;The checking gateway includes file comparing unit, Authority Verification unit and virus detection element;Its In, the file in file and confidential data storehouse that the file comparing unit is used to send internal lan contrasted whether For classified papers;Wherein, the Authority Verification unit is used to verify that file transmits user right, and the Authority Verification unit includes Account login module and fingerprint authentication gateway;Wherein, the virus detection element is for the file for detecting external network transmission It is no to contain virus.
Further, the file comparison unit is by the way that internal lan is believed toward character in the file of outside network transmission Breath is contrasted with the file character information in confidential data storehouse, if central more than 10 characters of file are identical and the phase that puts in order It is same then be judged as classified papers, then need the laggard style of writing part transmission of verifying authorization;If the character of 10 is not above among file It is identical and put in order, then Authority Verification is not needed, directly carries out file transmission.
Further, the Authority Verification unit includes account login module and fingerprint authentication gateway, and the account logs in Module is used to transmit file user login account, and the fingerprint authentication gateway is used for authentic administrator fingerprint.
Further, the Authority Verification unit the result includes lack of competence, temporary authority and had permission;The authority Authentication unit verifies whether user account has permission transmission file by account login module, will prohibit if user account lack of competence Only file transmits;Keeper is needed to be transmitted by the laggard style of writing part of fingerprint authentication gateway authentication if user is temporary authority.
Further, whether the file of the virus detection element detection external network toward internal lan contains virus, Forbid file to transmit if containing virus and transmit record to administrator terminal.
Further, the recording unit be used for log file transmission user and transmission file, and by record transmit to Administrator terminal.
Further, the administrator terminal includes computer, and keeper understands file by terminal and transmits situation.
The invention has the advantages that:
The present invention verifies gateway by setting, and intranet and extranet are separated, prevent hacker attacks, protect internal lan Network security, and verify file whether be classified papers and transmit file user authority, protect Company Confidential, prevent File outflow causes corporate assets to be damaged, and by recording unit records file transmission log, real-time Transmission to administrator terminal, Keeper is facilitated to understand corporate networks safety in real time.
Certainly, any product for implementing the present invention it is not absolutely required to reach all the above advantage simultaneously.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, used required for being described below to embodiment Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for ability For the those of ordinary skill of domain, on the premise of not paying creative work, it can also be obtained according to these accompanying drawings other attached Figure.
Fig. 1 is a kind of system block diagram of the network safety system based on intranet and extranet separation.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained all other under the premise of creative work is not made Embodiment, belong to the scope of protection of the invention.
Refer to shown in Fig. 1, the present invention for it is a kind of based on intranet and extranet separation network safety system, including checking gateway, Confidential data storehouse, recording unit, administrator terminal;Checking gateway is used to internal lan being connected with external network, and screens By the file for verifying gateway;Checking gateway is connected with recording unit;Recording unit is used for log file transmission log, and in real time Record is transmitted to administrator terminal;Checking gateway includes file comparing unit, Authority Verification unit and virus detection element;Its In, whether it is machine that file comparing unit is used to be contrasted the file that internal lan is sent with the file in confidential data storehouse Ciphertext part;Wherein, Authority Verification unit is used to verify that file transmits user right, and Authority Verification unit includes account login module With fingerprint authentication gateway;Wherein, whether the file that virus detection element is used to detect external network transmission is containing virus.
Further, file comparison unit by by internal lan toward character information in the file of outside network transmission with File character information in confidential data storehouse is contrasted, among the file more than 10 characters it is identical and put in order it is identical if It is judged as classified papers, then needs the laggard style of writing part transmission of verifying authorization;It is identical that if the character of 10 is not above among file And put in order, then Authority Verification is not needed, directly carries out file transmission.
Further, Authority Verification unit includes account login module and fingerprint authentication gateway, and account login module is used for File user login account is transmitted, fingerprint authentication gateway is used for authentic administrator fingerprint.
Further, Authority Verification unit the result includes lack of competence, temporary authority and had permission;Authority Verification unit Verify whether user account has permission transmission file by account login module, file will be forbidden to pass if user account lack of competence It is defeated;Keeper is needed to be transmitted by the laggard style of writing part of fingerprint authentication gateway authentication if user is temporary authority.
Further, whether virus detection element detects external network toward the file of internal lan containing virus, if containing There is virus then to forbid file to transmit and transmit record to administrator terminal.
Further, recording unit is used for the file of log file transmission user and transmission, and record is transmitted to management Member's terminal.
Further, administrator terminal includes computer, and keeper understands file by terminal and transmits situation.
In the description of this specification, the description of reference term " one embodiment ", " example ", " specific example " etc. means At least one implementation of the present invention is contained in reference to specific features, structure, material or the feature that the embodiment or example describe In example or example.In this manual, identical embodiment or example are not necessarily referring to the schematic representation of above-mentioned term. Moreover, specific features, structure, material or the feature of description can close in any one or more embodiments or example Suitable mode combines.
Present invention disclosed above preferred embodiment is only intended to help and illustrates the present invention.Preferred embodiment is not detailed All details are described, it is only described embodiment also not limit the invention.Obviously, according to the content of this specification, It can make many modifications and variations.This specification is chosen and specifically describes these embodiments, is to preferably explain the present invention Principle and practical application so that skilled artisan can be best understood by and utilize the present invention.The present invention is only Limited by claims and its four corner and equivalent.

Claims (7)

  1. A kind of 1. network safety system based on intranet and extranet separation, it is characterised in that:Including checking gateway, confidential data storehouse, note Record unit, administrator terminal;
    The checking gateway is used to internal lan being connected with external network, and screens the file by verifying gateway;
    The checking gateway is connected with recording unit;The recording unit is used for log file transmission log, and in real time will record Transmit to administrator terminal;
    The checking gateway includes file comparing unit, Authority Verification unit and virus detection element;
    Wherein, the file in the file comparing unit is used to send internal lan file and confidential data storehouse is carried out pair Than whether being classified papers;
    Wherein, the Authority Verification unit is used to verify that file transmits user right, and the Authority Verification unit is stepped on including account Record module and fingerprint authentication gateway;
    Wherein, whether the file that the virus detection element is used to detect external network transmission is containing virus.
  2. A kind of 2. network safety system based on intranet and extranet separation according to claim 1, it is characterised in that the file Comparison unit by by internal lan toward the file word in character information in the file of outside network transmission and confidential data storehouse Symbol information is contrasted, among the file more than 10 characters it is identical and put in order it is identical if be judged as classified papers, need Want the laggard style of writing part transmission of verifying authorization;, need not if the character that 10 are not above among file is identical and puts in order Authority Verification, directly carry out file transmission.
  3. A kind of 3. network safety system based on intranet and extranet separation according to claim 1, it is characterised in that the authority Authentication unit includes account login module and fingerprint authentication gateway, and the account login module is used to transmit file user login account Number, the fingerprint authentication gateway is used for authentic administrator fingerprint.
  4. 4. a kind of network safety system based on intranet and extranet separation according to claim 1 or 3, it is characterised in that described Authority Verification unit the result includes lack of competence, temporary authority and had permission;The Authority Verification unit is logged in by account Whether module verification user account has permission transmission file, file will be forbidden to transmit if user account lack of competence;If user is Temporary authority then needs keeper to be transmitted by the laggard style of writing part of fingerprint authentication gateway authentication.
  5. A kind of 5. network safety system based on intranet and extranet separation according to claim 1, it is characterised in that the virus Whether detection unit detects external network toward the file of internal lan containing virus, forbids file transmission if containing virus simultaneously Record is transmitted to administrator terminal.
  6. A kind of 6. network safety system based on intranet and extranet separation according to claim 1, it is characterised in that the record Unit is used for the file of log file transmission user and transmission, and record is transmitted to administrator terminal.
  7. A kind of 7. network safety system based on intranet and extranet separation according to claim 1, it is characterised in that the management Member's terminal includes computer.
CN201710786527.5A 2017-09-04 2017-09-04 A kind of network safety system based on intranet and extranet separation Pending CN107438082A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710786527.5A CN107438082A (en) 2017-09-04 2017-09-04 A kind of network safety system based on intranet and extranet separation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710786527.5A CN107438082A (en) 2017-09-04 2017-09-04 A kind of network safety system based on intranet and extranet separation

Publications (1)

Publication Number Publication Date
CN107438082A true CN107438082A (en) 2017-12-05

Family

ID=60461125

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710786527.5A Pending CN107438082A (en) 2017-09-04 2017-09-04 A kind of network safety system based on intranet and extranet separation

Country Status (1)

Country Link
CN (1) CN107438082A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101340290A (en) * 2008-08-27 2009-01-07 张树新 Method, system and transmission card for safe data transmission between internal and external networks
CN202374295U (en) * 2011-12-16 2012-08-08 四川久远新方向智能科技有限公司 Data share and exchange system for emergency command platform
CN104363221A (en) * 2014-11-10 2015-02-18 青岛微智慧信息有限公司 Network safety isolation file transmission control method
CN104702415A (en) * 2015-03-31 2015-06-10 北京奇艺世纪科技有限公司 Account number permission control method and device
CN104811446A (en) * 2015-04-18 2015-07-29 湖南涉外经济学院 Novel network safety protection system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101340290A (en) * 2008-08-27 2009-01-07 张树新 Method, system and transmission card for safe data transmission between internal and external networks
CN202374295U (en) * 2011-12-16 2012-08-08 四川久远新方向智能科技有限公司 Data share and exchange system for emergency command platform
CN104363221A (en) * 2014-11-10 2015-02-18 青岛微智慧信息有限公司 Network safety isolation file transmission control method
CN104702415A (en) * 2015-03-31 2015-06-10 北京奇艺世纪科技有限公司 Account number permission control method and device
CN104811446A (en) * 2015-04-18 2015-07-29 湖南涉外经济学院 Novel network safety protection system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李宁: "安全高效的OA系统的设计及实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 *

Similar Documents

Publication Publication Date Title
US7890612B2 (en) Method and apparatus for regulating data flow between a communications device and a network
KR101744631B1 (en) Network security system and a method thereof
US20180089429A1 (en) Deriving a security profile for session-based security in data centers
CN114584343B (en) Data protection method and system for cloud computing center and readable storage medium
Buch et al. World of cyber security and cybercrime
CN106899561A (en) A kind of TNC authority control methods and system based on ACL
CN107563221A (en) A kind of certification decoding security management system for encrypting database
Gugelmann et al. Can content-based data loss prevention solutions prevent data leakage in Web traffic?
AL-Hawamleh Predictions of cybersecurity experts on future cyber-attacks and related cybersecurity measures
Patil Madhubala Survey on security concerns in Cloud computing
CA2587867C (en) Network security device
Jenani Network security, a challenge
Mack Cyber security
CN107438082A (en) A kind of network safety system based on intranet and extranet separation
VJTI E-commerce applications: Vulnerabilities, attacks and countermeasures
CN113094663A (en) Process forced control method based on security marker
Parekh et al. Approach for intrusion detection system using data mining
Banday et al. A study of Indian approach towards cyber security
Sowrirajan A literature based study on cyber security vulnerabilities
Shadmanov et al. Summarization of various security aspects and attacks in distributed systems: A review
McGee et al. How to counter cybercrime intrusions
KR20030080412A (en) method of preventing intrusion from an exterior network and interior network
Nikolskaia et al. The Main Directions of Ensuring Cybersecurity in Russia and the World
Stoleriu et al. Modern Cyber Security Attacks, Detection Strategies, and Countermeasures Procedures
Frantti et al. Security Controls for Smart Buildings with Shared Space

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171205