CN109032281A - A kind of plug and play wireless network firewall device - Google Patents
A kind of plug and play wireless network firewall device Download PDFInfo
- Publication number
- CN109032281A CN109032281A CN201810988253.2A CN201810988253A CN109032281A CN 109032281 A CN109032281 A CN 109032281A CN 201810988253 A CN201810988253 A CN 201810988253A CN 109032281 A CN109032281 A CN 109032281A
- Authority
- CN
- China
- Prior art keywords
- data
- firewall
- module
- interface
- embedded
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001914 filtration Methods 0.000 claims abstract description 19
- 238000005516 engineering process Methods 0.000 claims abstract description 9
- 230000007246 mechanism Effects 0.000 claims description 22
- 238000006243 chemical reaction Methods 0.000 claims description 19
- 230000015654 memory Effects 0.000 claims description 18
- 238000000034 method Methods 0.000 claims description 18
- 238000004891 communication Methods 0.000 claims description 16
- 230000008569 process Effects 0.000 claims description 14
- 230000005540 biological transmission Effects 0.000 claims description 13
- 230000006870 function Effects 0.000 claims description 13
- 238000005538 encapsulation Methods 0.000 claims description 10
- 230000003993 interaction Effects 0.000 claims description 6
- 238000001816 cooling Methods 0.000 claims description 3
- 238000009434 installation Methods 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 3
- 239000006163 transport media Substances 0.000 claims description 3
- 230000006399 behavior Effects 0.000 claims description 2
- 206010022000 influenza Diseases 0.000 claims description 2
- 230000006855 networking Effects 0.000 claims description 2
- 238000011160 research Methods 0.000 abstract description 5
- 238000001514 detection method Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 9
- 238000013461 design Methods 0.000 description 8
- 238000003780 insertion Methods 0.000 description 2
- 230000037431 insertion Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 239000013078 crystal Substances 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
- G06F1/16—Constructional details or arrangements
- G06F1/18—Packaging or power distribution
- G06F1/183—Internal mounting support structures, e.g. for printed circuit boards, internal connecting means
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
- G06F1/16—Constructional details or arrangements
- G06F1/20—Cooling means
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Human Computer Interaction (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Power Engineering (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of plug and play wireless network firewall device, including general-purpose built-in type equipment, the shell two sides integrated setting of the general-purpose built-in type equipment has mounting plate;The general-purpose built-in type equipment is locked on erectting wall by several locking holes on mounting plate;The upper side of the general-purpose built-in type equipment is provided with usb data socket and power supply output socket;The two sides of the general-purpose built-in type equipment are vertically provided with two symmetrical sliding slots;Structure of the invention is simple, firewall module plug and play, convenient disassembly, the characteristics of for embedded system, the mentality of designing for using for reference network firewall acts on the embedded internet security fields using the technologies such as data filtering, state-detection, security strategy, embedded, the safety for researching and solving the embedded system in current network security research for access internet, the problems such as Information Security, network attack, system operational security.
Description
Technical field
The invention belongs to firewall field more particularly to a kind of plug and play wireless network firewall devices.
Background technique
Embedded system is applied under specific environment, is a kind of dedicated calculating in face of the application system of professional domain
Machine system.The personalization of embedded system is very strong, and software is close with combination of hardware, and whole system and concrete application organically combine
Together, therefore the life cycle of embedded system is generally very long, and the update of system is often using the entire product of replacement
Mode.
Therefore, in current network safety filed, for the embedded system for accessing network safety in terms of research
Seldom.Current network security research is mainly in the set of terminal such as a certain network or certain particular hosts, computer, server
At network security protection, and for the network safety guard technology of some specific embedded system research investment very
It is small, so if embedded system by network attack, is difficult to protect the normal work of data safety and system therein.
It is then directed to embedded system feature herein, using the technologies such as data filtering and data safety protection, designs one kind specifically for embedding
The firewall of embedded system.
Summary of the invention
Goal of the invention: in order to overcome the deficiencies in the prior art, the present invention provides a kind of plug and play wireless network
Firewall device.
Technical solution: to achieve the above object, a kind of plug and play wireless network firewall device of the invention, including it is logical
There is mounting plate with the shell two sides integrated setting of embedded device, the general-purpose built-in type equipment;The general-purpose built-in type is set
It is standby to be locked on erectting wall by several locking holes on mounting plate;The upper side of the general-purpose built-in type equipment is arranged
There are usb data socket and power supply output socket;The two sides of the general-purpose built-in type equipment are vertically provided with two symmetrical sliding slots;
Also detachably be provided with firewall module on the upside of the general-purpose built-in type equipment, the firewall bottom be provided with
The corresponding USB plug of usb data socket and power input connector corresponding with the power supply output socket;It is described anti-
Wall with flues module bottom two sides also integrated setting has the two limit slide bars extended downwardly;The two limit slide bars respectively correspond slide-in
In two sliding slots;
Firewall module is erected in general-purpose built-in type equipment under state, and USB plug is corresponding to be inserted into the usb data socket
In, power input connector is corresponding to be inserted into the power supply output socket.
Further, the shell of the general-purpose built-in type equipment is provided with several strip projected parts away from a face array of wall
The first cooling fin, the shell of the firewall module second dissipates away from what the side array of wall was provided with several strip projected parts
Backing.
Further, the cover top portion of the firewall module is provided with carrying handle, the side of the firewall module
It is provided with wireless receiving antenna.
Further, the data transmitted from wireless network are received via the radio receiving unit of firewall module, are passed through
The security strategy of firewall module is handled by the CPU that USB interface is sent to general-purpose built-in type equipment again after being verified.
Further, the security mechanism of the firewall module (2) be according to grouping packet sourcesink address, port numbers and
Protocol type, mark determine whether that message passes through;Institute according to information source from the packet header IP, TCP or UDP, using normal
The packet filtering technology in firewall is advised, the data packet for only meeting filter logic is just forwarded to corresponding destination outlet end,
Remaining ineligible data packet is then abandoned;And according to the rule of security strategy, encryption is carried out to the data of input and output,
Certification, digital signature, the safety measures such as completeness check guarantee the safety in data transmission.
Further, the access control safety strategy of the firewall module be by the monitoring to inputoutput data,
Its input and output is controlled, a part of attack can be stopped.According to preassigned safety regulation, inputoutput data is supervised
It surveys, satisfactory data allow to pass through, and otherwise mask the data packet, the network function often provided due to embedded device
It is relatively fewer, its disengaging can be controlled for unnecessary data;
The firewall module data confidentiality and integrity security strategy are encapsulated and recognize by the encryption to transmission data
The confidentiality to guarantee data is demonstrate,proved, so that the user of unauthorized can not obtain the information content.
Further, the functional module of the firewall module (2) includes memory and computing module, and is realized from safety
Strategy is to the rule module of rule conversion, and there are also the filtering module that legal judgement is made whether to data packet, Yi Jishi
Now with the data interface module of the data exchange of embedded device or network;Wherein data interface module is divided into two parts, and one
While being I/O mouthfuls of data for connecting embedded device, another side is the I/O mouth that data exchange is carried out with wireless network;According to difference
Embedded system take different communication interfaces, can support serial line interface, parallel interface and RJ45 cable interface;
General embedded system is after loading the firewall module, and data packet is from network transmission to firewall first
External wireless data-interface, communication protocol used by wireless communication technique need to carry out protocol conversion it could be executed it is subsequent
Operation, extracts corresponding rule by routing table after protocol conversion, carries out the judgement of security strategy rule, Ye Jishi to data packet
The packet filtering function of existing firewall.The data packet for not meeting security strategy rule wherein directly abandons, and will meet security strategy
Data packet is packaged, and protocol conversion and data encryption and certification work is carried out to it, after the completion of encapsulation, by embedded
Data-interface such as bus, serial ports etc. send it to CPU carry out operation, embedded system handle network transmission come in number
According to later, if desired external network sends data and first passes through internal data interface for data equally by process above
Firewall module is sent to from CPU and carries out protocol conversion and packet filtering, then is sent to processed data by external interface
Internet.
Further, the internal hardware configuration of the firewall module (2) includes carrying out regular operation and data encryption
The CPU module of operation;With the RAM memory module of storage security strategy rule;And provide the Flash flash memory mould of running memory
Block;Realize the asic chip module of Wireless Data Protocol conversion;There are also the data-interfaces that data interaction is carried out with embedded system
Module and power supply module;
The software section of the firewall module is respectively Bootloader, embedded OS, network interface driving
With regular ordo judiciorum;Using embedded OS as core, Bootloader is responsible for the initialization of hardware, network interface driving
Program realizes the interaction with physical transport medium, and regular ordo judiciorum realizes the various functions of firewall;
The data message process flow of the embedded system is as follows: registering one in operation for embedded system kernel first
Security mechanism interface, security mechanism interface and actual network interface correspond;Then increase in the routing table and be directed toward fire prevention
The entrance of wall security mechanism interface makes the data packet of all input and output be routed directly to safe handling mechanism interface;Then will divide
Group encapsulation process program is placed in safe handling mechanism, so that the source code of IP need not be modified, firewall security governance mechanism
In module include: policy database SPD inquiry, the encapsulation process of regular selection and grouping;Last data packet is sent
Toward the data-interface of embedded system, secure communication is realized.
The utility model has the advantages that structure of the invention is simple, and firewall module plug and play, convenient disassembly, for embedded system
The characteristics of, the mentality of designing of network firewall is used for reference, a kind of firewall specifically for wirelessly embedded system is designed;
Using the technologies such as data filtering, state-detection, security strategy, embedded, the embedded internet security fields are acted on, are ground
Study carefully the safety for solving the embedded system in current network security research for access internet, Information Security, network are attacked
Hit, system operational security the problems such as.
Detailed description of the invention
External structure schematic diagram when attached drawing 1 is general-purpose built-in type equipment and firewall module assembly;
External structure schematic diagram when attached drawing 2 is general-purpose built-in type equipment and firewall module disassembly;
Attached drawing 3 is the external structure schematic diagram of general-purpose built-in type equipment;
Attached drawing 4 is the external structure schematic diagram of firewall module;
Attached drawing 5 is that traditional embedded system accesses network diagram;
Attached drawing 6 is the Embedded System Firewall schematic diagram of the present apparatus;
Attached drawing 7 is firewall functionality module map;
Attached drawing 8 is firewall work flow diagram;
Attached drawing 9 is the information exchange structure chart of this programme;
Attached drawing 10 is firewall internal hardware schematic diagram.
Specific embodiment
The present invention will be further explained with reference to the accompanying drawing.
As shown in attached drawing 1 to 4, the embedded device (7) of the present apparatus and the external structure of firewall module (2) and assembly are closed
System is described below:
The shell two sides integrated setting of general-purpose built-in type equipment (7) has mounting plate (9);The general-purpose built-in type equipment
(7) it being locked on erectting wall by several locking holes (8) on mounting plate (9), the personalization of embedded device is very strong,
Software is close with combination of hardware, does not have to frequently upgrading, therefore the life cycle of embedded host structure is generally very long, and
In order to improve the structural soundness of embedded controller host, embedded host structure is needed using the immovable of this programme
Fixed installation mode;The upper side of the general-purpose built-in type equipment (7) is provided with usb data socket (11) and power supply output socket
(12);The two sides of general-purpose built-in type equipment (7) are vertically provided with two symmetrical sliding slots (13);The general-purpose built-in type equipment
(7) upside is also detachably provided with firewall module (2), and the firewall bottom is provided with and the usb data socket (11)
Corresponding USB plug (4) and power input connector (5) corresponding with power supply output socket (12);The firewall
Module (2) two sides of the bottom also integrated setting has the two limit slide bars (3) extended downwardly;The two limit slide bars (3) are right respectively
It should slide into two sliding slots (13);The limit rail structure of limit slide bar (3) formula is inserted convenient for USB plug (4) and usb data
The alignment of mouth (11) in cooperation, while also assuring that firewall module (2) is erected on general-purpose built-in type equipment (7) under state
Stability it is qualitative, only firewall module (2) is mentioned upwards in practical operation to limit slide bar (3) completely disengage sliding slot
(13) after, firewall module (2) can just be removed.
Firewall module (2) is erected on general-purpose built-in type equipment (7) under state, described in the corresponding insertion of USB plug (4)
In usb data socket (11), power input connector (5) is corresponding to be inserted into the power supply output socket (12);The present embodiment leads to
With life cycles such as controller host, the bank's built-in system hosts that embedded device (7) can be auto-control production line
Very long equipment, and firewall module generally requires the timely update replacement and disassembly upgrading, thus the design both can guarantee insertion
Immovable fixed installation mode of formula main machine structure, and it is able to satisfy a kind of knot that firewall module can be dismounted and be replaced immediately
Structure.
The cover top portion of the firewall module (2) is provided with carrying handle (1), conveniently lifts upwards convenient for user, institute
The side for stating firewall module 2 is provided with wireless receiving antenna 6.The data transmitted from wireless network are via firewall module 2
Radio receiving unit receive, be sent to again by USB interface after the security strategy of firewall module 2 is verified general
The CPU of embedded device 7 is handled.
The working method and process introduction of the firewall module:
Common embedded system directly receives data from network server, does not have when accessing network in existing market
Any security protection means, are highly prone to attack.The existing general embedded system diagram for wirelessly connecting network
Such as Fig. 5.As shown in Figure 5, information is directly transferred to the data-interface of embedded system from network, is then sent by data-interface
To CPU module;
The Embedded System Firewall design that the present embodiment proposes, loads in the embedded system of general-purpose built-in type equipment
One firewall module, the data transmitted from network are transmitted directly to firewall module via data interface module, by peace
Full policy validation is sent to CPU by data-interface again after passing through and is handled.It illustrates such as Fig. 6.
Wherein the data-interface of firewall and embedded device can use serial communication interface, as UART, SPT, USB,
Jtag interface etc. can also use parallel data grabbing card, the difference of different embedded systems is met such as SPP Epp interface
It needs, the present embodiment is using USB interface.And wireless data interface then can use phase according to different wireless communication techniques
Corresponding interface, such as 3G, 4G, Zigbee, WiFi, bluetooth, ultra wide band.
Since embedded device reservoir is smaller, processor processes data ability is poor, therefore uses independent external mould
Block loads on being usually embedded formula system, and the data exchange between embedded system and network is all needed through this external mould
The detection of block is filtered, and realizes firewall functionality with this.Embedded device function is relatively single, and suffered attack mode is generally
It is relatively simple.Embedded device is typically all to be directed to the exploitation of a certain particular requirement, it is therefore desirable to network function it is more single
One, other access modes can be thus limited, the chance attacked is reduced.The storage capacity of embedded system is relatively
It is weak, so that the more difficult presence of virus of some residence memories, while but also the attack of memory consumption is easy to go smoothly.
The characteristics of based on embedded system mentioned above, set forth herein a kind of Firewalls for embedded system
Scheme.This firewall provides encryption and authentication service in network layer.The main several points of the security mechanism of this firewall are as follows:
1 it according to grouping packet sourcesink address, port numbers and protocol type, mark determine whether that message passes through.
Institute according to information source from IP, the packet header TCP or UDP.Using the packet filtering technology in Conventional firewalls, only meet filtering
The data packet of logic is just forwarded to corresponding destination outlet end, remaining ineligible data packet is then abandoned.
2 carry out encryption, certification, digital signature, completeness check according to the rule of security strategy, to the data of input and output
Etc. safety measures, guarantee data transmission in safety.
The security policy analysis of built-in network:
For embedded system, it is confined to its unicity and specific aim, commonly used data add in PC communication
Close, data integrity certification, authentication and data source authentication be not all suitable for embedded system, for embedded networking
Specific firewall applications must be set up suitable cryptographic protocol and encryption measures.It is made decisions in routing table with this to determine
Specific rules.
1 access control safety strategy: by the monitoring to inputoutput data, its input and output is controlled, one can be stopped
Part is attacked.According to preassigned safety regulation, inputoutput data is monitored, satisfactory data allow to lead to
It crosses, otherwise masks the data packet, since the network function that embedded device often provides is relatively fewer, for unnecessary number
According to its disengaging can be controlled.
2 data confidentialities and integrity security strategy: by the encryption to transmission data, encapsulation is with certification to guarantee data
Confidentiality, so that the user of unauthorized can not obtain the information content.
The functional module of firewall such as Fig. 7 including necessary memory and computing module, and is realized from security strategy
To the rule module of rule conversion, there are also being made whether the filtering module of legal judgement to data packet, and realize and
The data interface module of the data exchange of embedded device or network.Wherein data interface module is divided into two parts, is on one side
I/O mouthfuls of data of embedded device are connected, another side is the I/O mouth that data exchange is carried out with wireless network.It can be according to difference
Embedded system take different communication interfaces, can support serial line interface, parallel interface and RJ45 cable interface.
Data exchange mistake of the general embedded system after being loaded with proposed firewall, between network
Journey is as shown in Figure 8.External wireless data-interface of the data packet from network transmission to firewall, wireless communication technique are used first
Communication protocol need to carry out protocol conversion and could execute subsequent operation to it, extracted after protocol conversion by routing table corresponding
Rule, to data packet carry out the judgement of security strategy rule, namely realize firewall packet filtering function.Safety is not met wherein
The data packet of policing rule directly abandons, and the data packet for meeting security strategy is packaged, it is carried out protocol conversion and
The a series of activities such as data encryption and certification, after the completion of encapsulation, by embedded data interface such as bus, serial ports etc. is sent out
It send to CPU and carries out operation.Embedded system is after having handled network and having sent the data come in, and if desired external network is sent
Data first pass through internal data interface data are sent to firewall module from CPU and assist equally by process above
View conversion and packet filtering, then processed data are sent to by internet by external interface.
The search efficiency of SPD Security Policy Database is an important factor for influencing fire wall performance, most of embedded
In system, firewall, which is likely to require, provides Packet Filtering for more than one equipment, will be in the library SPD for each data packet
It is middle to search corresponding rule, it is thus possible to the bottleneck of entire firewall data-handling capacity can be become.To solve this problem, first
The storage organization for first considering database, pays attention to for filtering rule, communication protocol, SPI, destination address uniquely determines one
Rule, we are used (agreement+SPI+ destination address) as querying condition, are inquired using Hash table structure.For strategy
Database, it is contemplated that the transmission of data packet is continuous, so saving most recently used peace using caching technology in internal layer
Full strategy, so that frequent query process is avoided, so as to improve system performance.
External Embedded System Firewall hardware uses modularized design, by following module composition:
1. processor module is realized for realizing the calculating of packet filtering function and data encryption and executes firewall security plan
Function slightly.
2. memory module for the rule set in Saving Safe Strategy, and provides the memory headroom of program operation.
3. data interface module, for receiving and sending the data packet from network to embedded system
4. debug circuit module is the channel of development platform and user interface, realizes the debugging of firewall system
5. peripheral circuit module, including power circuit, 3 part of crystal oscillating circuit and reset circuit.
The software configuration of Embedded System Firewall:
Since embedded system often exists, memory is small, the relatively poor feature of operational capability, therefore prevents fires in design
It is needed when wall in view of these factors.The modular constituent of Embedded System Firewall is 4 modules, respectively
Bootloader, embedded OS, network interface driving and regular ordo judiciorum.Using embedded OS as core,
Bootloader is responsible for the initialization of hardware, and Network Interface Driver realizes the interaction with physical transport medium, rule judgement
The various functions of program realization firewall.Fig. 9 is the information exchange structure chart of this 4 modules.
1Bootloader initializes hardware device, establishes the mapping graph of memory headroom, calls embedded system behaviour to be final
Make kernel and prepares the environment correctly started.
2 operating system load driver programs, enable firewall correctly to receive and send data packet.
3, by operating system calling rule ordo judiciorum, handle received data packet, and return to processing result.
4 according to the processing result of regular ordo judiciorum, operating system calling rule ordo judiciorum send allow by number
According to packet.
Since designed Embedded System Firewall has platform-neutral, we can select any technology flat
The implementation of platform and hardware device as this firewall.The code of protocol conversion and rule is realized in actual firewall
Transplanting is that theoretical conversion is actual committed step, could realize the data safety of embedded system in true equipment in this way
The ability of transmission.
Determine that the hardware configuration of Embedded System Firewall, hardware include that the regular operation of progress and data add first
The CPU module of close operation;With the RAM memory module of storage security strategy rule;And provide the Flash flash memory mould of running memory
Block;Realize the asic chip module of Wireless Data Protocol conversion;Data interaction is carried out with embedded system there are also most important
Data interface module;Power supply module.Its hardware configuration such as Figure 10.
Other than this minimal design scheme of the CPU+RAM+Flash+ bus used herein, it can also use
The modes such as FPGA, gate array, chip IC design design realization firewall.
The concept of the security mechanism interface of firewall, the following institute of data message process flow are introduced in embedded systems
Show:
1. registering a security mechanism interface in operation for embedded system kernel, security mechanism interface connects with actual network
Mouth corresponds.
2. increasing the entrance for being directed toward firewall security mechanism interface in the routing table, keep the data packet of all input and output straight
It picks toward safe handling mechanism interface.
3. it is inner that grouping encapsulation process program is placed on safe handling mechanism (i.e. firewall), so that need not modify IP's
Source code, the module in firewall security governance mechanism include: the inquiry of policy database SPD, regular selection and grouping
Encapsulation process (encryption and certification).
4. last data packet is sent to the data-interface of embedded system, secure communication is realized.
The above is only a preferred embodiment of the present invention, it should be pointed out that: for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
It is considered as protection scope of the present invention.
Claims (8)
1. a kind of plug and play wireless network firewall device, it is characterised in that: described logical including general-purpose built-in type equipment (7)
There are mounting plate (9) with the shell two sides integrated setting of embedded device (7);The general-purpose built-in type equipment (7) passes through installation
Several locking holes (8) on plate (9) are locked on erectting wall;The upper side of the general-purpose built-in type equipment (7) is arranged
There are usb data socket (11) and power supply output socket (12);The two sides of the general-purpose built-in type equipment (7) are vertically provided with two
Symmetrical sliding slot (13);
It is also detachably provided with firewall module (2) on the upside of the general-purpose built-in type equipment (7), the firewall bottom is provided with
USB plug (4) corresponding with usb data socket (11) and power supply corresponding with power supply output socket (12) are defeated
Enter connector (5);The limit slide bar (3) that firewall module (2) two sides of the bottom also integrated setting has two to extend downwardly;Two institutes
Limit slide bar (3) is stated to respectively correspond in two sliding slots (13) of slide-in;
Firewall module (2) is erected on general-purpose built-in type equipment (7) under state, and USB plug (4) is corresponding to be inserted into the USB number
It is inserted into the power supply output socket (12) according in socket (11), power input connector (5) is corresponding.
2. a kind of plug and play wireless network firewall device shown according to claim 1, it is characterised in that: described general embedding
The shell for entering formula equipment (7) is provided with the first cooling fin (15) of several strip projected parts away from a face array of wall, described anti-
The shell of wall with flues module (2) is provided with the second cooling fin (15) of several strip projected parts away from the side array of wall.
3. a kind of plug and play wireless network firewall device according to shown in claim 2, it is characterised in that: the firewall
The cover top portion of module (2) is provided with carrying handle (1), and the side of the firewall module (2) is provided with wireless receiving antenna
(6)。
4. a kind of plug and play wireless network firewall device according to shown in claim 3, it is characterised in that: from wireless network
In the data that transmit received via the radio receiving unit of firewall module (2), the security strategy by firewall module (2) is tested
Card is handled by the CPU that USB interface is sent to general-purpose built-in type equipment (7) again after passing through.
5. a kind of plug and play wireless network firewall device according to claim 4, it is characterised in that: the firewall
The security mechanism of module (2) is according to the sourcesink address of grouping packet, and port numbers and protocol type, mark determine whether to report
Text passes through;Institute according to information source from the packet header IP, TCP or UDP, using the packet filtering technology in Conventional firewalls, only
The data packet for meeting filter logic is just forwarded to corresponding destination outlet end, remaining ineligible data packet is then thrown
It abandons;And according to the rule of security strategy, encryption, certification, digital signature, completeness check etc. are carried out to the data of input and output
Safety measure guarantees the safety in data transmission.
6. a kind of plug and play wireless network firewall device according to claim 5, it is characterised in that: the firewall
The access control safety strategy of module is to control its input and output by the monitoring to inputoutput data, can stop one
Divide attack.According to preassigned safety regulation, inputoutput data is monitored, satisfactory data allow to pass through,
Otherwise the data packet is masked, since the network function that embedded device often provides is relatively fewer, for unnecessary data
Its disengaging can be controlled;
The firewall module data confidentiality and integrity security strategy are by the encryption to transmission data, and encapsulation comes with certification
The confidentiality for guaranteeing data, so that the user of unauthorized can not obtain the information content.
7. a kind of plug and play wireless network firewall device according to claim 6, it is characterised in that: the firewall
The functional module of module (2) includes memory and computing module, and realizes the rule module converted from security strategy to rule, also
There is the filtering module for being made whether legal judgement to data packet, and realizes the data with embedded device or network
The data interface module of exchange;Wherein data interface module is divided into two parts, is the data I/O for connecting embedded device on one side
Mouthful, another side is the I/O mouth that data exchange is carried out with wireless network;Different communication is taken to connect according to different embedded systems
Mouthful, it can support serial line interface, parallel interface and RJ45 cable interface;
General embedded system is after loading the firewall module, outside of the data packet from network transmission to firewall first
Wireless data interface, communication protocol used by wireless communication technique needs to carry out protocol conversion could execute subsequent behaviour to it
Make, corresponding rule is extracted by routing table after protocol conversion, the judgement of security strategy rule is carried out to data packet, namely realize
The packet filtering function of firewall.The data packet for not meeting security strategy rule wherein directly abandons, and will meet the number of security strategy
It is packaged according to packet, protocol conversion and data encryption and certification work is carried out to it, after the completion of encapsulation, pass through embedded number
According to interface such as bus, serial ports etc. send it to CPU carry out operation, embedded system handle network transmission come in data
Later, if desired external network send data, equally by process above, that is, first pass through internal data interface by data from
CPU is sent to firewall module and carries out protocol conversion and packet filtering, then is sent to processed data mutually by external interface
Networking network.
8. a kind of plug and play wireless network firewall device according to claim 7, it is characterised in that: the firewall
The internal hardware configuration of module (2) includes the CPU module for carrying out regular operation and data encryption operation;With storage security strategy
The RAM memory module of rule;And provide the Flash flash memory module of running memory;Realize the ASIC of Wireless Data Protocol conversion
Chip module;There are also data interface modules and power supply module that data interaction is carried out with embedded system;
The software section of the firewall module is respectively Bootloader, embedded OS, network interface driving and rule
Then ordo judiciorum;Using embedded OS as core, Bootloader is responsible for the initialization of hardware, Network Interface Driver
Realize the interaction with physical transport medium, regular ordo judiciorum realizes the various functions of firewall;
The data message process flow of the embedded system is as follows: a safety is registered first in operation for embedded system kernel
Mechanism interface, security mechanism interface and actual network interface correspond;Then increase in the routing table and be directed toward firewall peace
The entrance of full mechanism interface, makes the data packet of all input and output be routed directly to safe handling mechanism interface;Then grouping is sealed
Dress processing routine is placed in safe handling mechanism, so that the source code of IP need not be modified, in firewall security governance mechanism
Module includes: the encapsulation process of the inquiry of policy database SPD, regular selection and grouping;Last data packet is sent to embedding
The data-interface of embedded system, realizes secure communication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810988253.2A CN109032281A (en) | 2018-08-28 | 2018-08-28 | A kind of plug and play wireless network firewall device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810988253.2A CN109032281A (en) | 2018-08-28 | 2018-08-28 | A kind of plug and play wireless network firewall device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109032281A true CN109032281A (en) | 2018-12-18 |
Family
ID=64624864
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810988253.2A Pending CN109032281A (en) | 2018-08-28 | 2018-08-28 | A kind of plug and play wireless network firewall device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109032281A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022174509A1 (en) * | 2021-02-17 | 2022-08-25 | 黄策 | Method for designing firewall |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050108434A1 (en) * | 2003-11-13 | 2005-05-19 | Witchey Nicholas J. | In-band firewall for an embedded system |
| CN101860531A (en) * | 2010-04-21 | 2010-10-13 | 北京星网锐捷网络技术有限公司 | Filtering rule matching method of data packet and device thereof |
| CN201623727U (en) * | 2010-01-08 | 2010-11-03 | 山东大学 | Small single-unit firewall device based on network processor |
| CN204697108U (en) * | 2015-05-15 | 2015-10-07 | 北京握奇智能科技有限公司 | A kind of Portable movable fire compartment wall |
| CN107704762A (en) * | 2017-07-21 | 2018-02-16 | 肇庆胜尚知识产权服务有限公司 | A kind of computer fire proof wall safety monitoring assembly based on cloud database |
-
2018
- 2018-08-28 CN CN201810988253.2A patent/CN109032281A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050108434A1 (en) * | 2003-11-13 | 2005-05-19 | Witchey Nicholas J. | In-band firewall for an embedded system |
| CN201623727U (en) * | 2010-01-08 | 2010-11-03 | 山东大学 | Small single-unit firewall device based on network processor |
| CN101860531A (en) * | 2010-04-21 | 2010-10-13 | 北京星网锐捷网络技术有限公司 | Filtering rule matching method of data packet and device thereof |
| CN204697108U (en) * | 2015-05-15 | 2015-10-07 | 北京握奇智能科技有限公司 | A kind of Portable movable fire compartment wall |
| CN107704762A (en) * | 2017-07-21 | 2018-02-16 | 肇庆胜尚知识产权服务有限公司 | A kind of computer fire proof wall safety monitoring assembly based on cloud database |
Non-Patent Citations (5)
| Title |
|---|
| 匡晋湘 等: "基于IPSec的嵌入式网络安全的研究", 《科学技术与工程》 * |
| 张水平等: "《计算机网络及应用》", 西安交通大学出版社 * |
| 林楠;向春枝;: "基于Linux的嵌入式防火墙的设计与实现", 微计算机信息 * |
| 苏义鑫: "基于S3C2440的嵌入式IPv6防火墙设计", 《计算机系统应用》 * |
| 郑裕峰, 中国博士学位论文全文数据库 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022174509A1 (en) * | 2021-02-17 | 2022-08-25 | 黄策 | Method for designing firewall |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102280929B (en) | System for information safety protection of electric power supervisory control and data acquisition (SCADA) system | |
| CN102546624A (en) | Method and system for detecting and defending multichannel network intrusion | |
| CN107612679B (en) | Ethernet bridge scrambling terminal based on state cryptographic algorithm | |
| CN106127059B (en) | The realization of credible password module and method of servicing on a kind of ARM platform | |
| CN109032281A (en) | A kind of plug and play wireless network firewall device | |
| CN102316115A (en) | Security access control method oriented to transverse networking | |
| CN103186729B (en) | The method utilizing encryption lock to protect software and encryption lock | |
| CN101226571B (en) | Information safety computer | |
| CN108845638A (en) | The firewall device of embedded system | |
| CN201623727U (en) | Small single-unit firewall device based on network processor | |
| CN109274648A (en) | A kind of movable type cable firewall device | |
| HUE027444T2 (en) | Security module and method for controlling and monitoring the data traffic of a personal computer | |
| CN208999999U (en) | Data processing equipment | |
| CN109167777A (en) | A kind of cell phone intelligent terminal firewall device | |
| CN101226572B (en) | Information safety computer for protecting basic input/output system safety | |
| US11991146B2 (en) | Method and transmission device for data transmission between two or more networks | |
| CN111736770B (en) | Embedded secure memory | |
| CN204859202U (en) | Information security type intelligence house gateway | |
| CN109151274A (en) | A kind of network firewall of intelligent appliance camera | |
| CN103188264B (en) | Online network security processor and processing method | |
| CN207869401U (en) | A kind of safety-type power grid private radio communication module of wisdom based on linux system | |
| CN103795686B (en) | Internet of things service system and the exchange method for realizing virtual information | |
| Jiang et al. | Dependable integrated clinical system architecture with runtime verification | |
| CN215420319U (en) | Wisdom is irrigated with thing of safety control integration and allies oneself with gateway system | |
| CN201515395U (en) | Information safety equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181218 |
|
| RJ01 | Rejection of invention patent application after publication |