CN110324319A - A kind of network data security management-control method based on one-way transmission - Google Patents

A kind of network data security management-control method based on one-way transmission Download PDF

Info

Publication number
CN110324319A
CN110324319A CN201910500516.5A CN201910500516A CN110324319A CN 110324319 A CN110324319 A CN 110324319A CN 201910500516 A CN201910500516 A CN 201910500516A CN 110324319 A CN110324319 A CN 110324319A
Authority
CN
China
Prior art keywords
data
processing unit
intranet
outer net
way transmission
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910500516.5A
Other languages
Chinese (zh)
Inventor
陈志中
郭赐华
钟伟威
郭景祥
卢婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Yian Intelligent Technology Co Ltd
Original Assignee
Fujian Yian Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Yian Intelligent Technology Co Ltd filed Critical Fujian Yian Intelligent Technology Co Ltd
Priority to CN201910500516.5A priority Critical patent/CN110324319A/en
Publication of CN110324319A publication Critical patent/CN110324319A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention provides a kind of network data security management-control method based on one-way transmission, including outer net processing unit, data exchange unit and Intranet processing unit, outer net processing unit is unidirectionally connect by data exchange unit with Intranet processing unit, outer net processing unit outer end is equipped with outer network interface and connects outer net equipment, Intranet processing unit is equipped with interior network interface and connects Intranet equipment, the present invention is on the basis of ensureing internal proprietary network data safety, solves the intercommunication demand for realizing data, it realizes and is not connected to forever outside Intranet, one-way data transfer, the data safety of internet malicious attack influence Intranet is evaded, it is realized by uplink short message channel and is interacted with downlink data simultaneously.

Description

A kind of network data security management-control method based on one-way transmission
Technical field
The present invention relates to technical field of network information safety, specially a kind of network data security pipe based on one-way transmission Prosecutor method.
Background technique
Network one-way road technology is similar to firewall technology, and the difference with firewall is while IP is subcontracted to IP packet Processing, network one-way road belong to isolation technology, and there is no the data packet forwardings according to agreement, only to the no-protocol of data file Ferry-boat;The link channel between network is cut off by hardware device, realizes the order of " reading " and " writing " to storage medium, but number According to being carried out with unidirectional delivery, interactivity will have drawback, and data feedback channel sends short message, and downstream service receives will There can be latency issue, while upstream service end receives data failure or because of other problems, short message caused to send failure, downlink Service just can not understand the transmission situation of upstream data, and service will can be only in wait state.
Summary of the invention
Technical problem solved by the invention is to provide a kind of network data security management-control method based on one-way transmission, To solve the problems mentioned in the above background technology.
Technical problem solved by the invention is realized using following technical scheme: a kind of network number based on one-way transmission Pass through number according to security control method, including outer net processing unit, data exchange unit and Intranet processing unit, outer net processing unit It is unidirectionally connect according to crosspoint with Intranet processing unit, outer net processing unit outer end is equipped with outer network interface connection outer net and sets Standby, Intranet processing unit is equipped with interior network interface and connects Intranet equipment;Intranet processing unit is mainly responsible for the connection with Intranet, logarithm It is detected according to being filtered property, separates " clear data " storage to buffer area, data exchange is waited to prepare;Outer net processing unit function It is identical as Intranet;Software mainly carries out ferry-boat control to data, controls the open and close of data channel, in conjunction with physics original part, Change communication mode, interrupts and be directly connected to outside Intranet, using data buffer zone as the terminal for exchanging data.
Preferably, the outer net processing unit is visited with outer net equipment direct communication and to the communication data of outer net equipment Ask control, outer net processing unit is connect by file memory with data exchange unit.
Preferably, the data exchange unit includes banister server and isolation firewall, is situated between based on one-way transmission physics Matter forms independent data isolation region, and carries out independent access control, is made of multiple isolation firewalls.
Preferably, the data exchange unit is responsible for data from uplink isolation firewall to outer net processing unit and downlink The one-way transmission that firewall arrives Intranet processing unit is isolated, the banister server forms the data buffering being isolated in firewall Area is responsible for the data that buffering uplink isolation firewall transmission comes, and banister server is responsible for the control that accesses to data, and refusal is not Authorized request or response, intranet and extranet form boundary isolation, data exchange state.
Preferably, the disengaging of configuration data is regular in the banister server, and such as A-> B, the end A is by data with storage medium Form is transferred to banister, and banister filtering separates " clear data " and stored afterwards to buffer area, and the data in buffer area are in the form of queue B end data interface is accessed to be sent to the end B, while native file being deleted, and the end B is disappeared by uplink short message channel with short The form of breath informs the end A server.
Preferably, the overall process of configuration data is one-way transmission in the banister server, and the end A can not request the end B number According to B end data can not also be sent to the end A.
Preferably, it needs to carry out login authentication first in the outer net equipment, after authenticating successfully, acquisition needs to send data Path, send thread and constantly read queue to be sent and send target to be sent to outer net processing unit.
Compared with prior art, the beneficial effects of the present invention are: the present invention is ensureing internal proprietary network data safety On the basis of, it solves the intercommunication demand for realizing data, realizes and be not connected to forever outside Intranet, one-way data transfer has been evaded mutually Malicious attack of networking influences the data safety of Intranet, while being realized by uplink short message channel and being interacted with downlink data.
Detailed description of the invention
Fig. 1 is the principle of the present invention flow chart.
Specific embodiment
In order to make implement technical means of the invention, creation characteristic, reach purpose and effect is easy to understand, tie below Conjunction is specifically illustrating, and the present invention is further explained.
As shown in Figure 1,
A kind of network data security management-control method based on one-way transmission, including outer net processing unit, data exchange unit With Intranet processing unit, outer net processing unit is unidirectionally connect by data exchange unit with Intranet processing unit, at the outer net It manages unit outer end and is equipped with outer network interface connection outer net equipment, Intranet processing unit is equipped with interior network interface and connects Intranet equipment;Intranet Processing unit is mainly responsible for the connection with Intranet, detects to being filtered property of data, separates " clear data " and stores to buffer area, Data exchange is waited to prepare;Outer net processing unit function is identical as Intranet;Software mainly carries out ferry-boat control to data, controls number According to the open and close in channel, interrupts and be directly connected to outside Intranet to change communication mode in conjunction with physics original part, it is slow with data Rush terminal of the area as exchange data.
It the outer net processing unit and outer net equipment direct communication and accesses control to the communication data of outer net equipment, Outer net processing unit is connect by file memory with data exchange unit.
The data exchange unit includes banister server and isolation firewall, is formed solely based on one-way transmission physical medium Vertical data isolation region, and independent access control is carried out, it is made of multiple isolation firewalls.
It is anti-from uplink isolation firewall to outer net processing unit and downlink isolation that the data exchange unit is responsible for data For wall with flues to the one-way transmission of Intranet processing unit, the banister server forms the data buffer zone in isolation firewall, responsible The data that uplink isolation firewall transmission comes are buffered, banister server is responsible for the control that accesses to data, and refusal is without permission Request or response, intranet and extranet formed boundary isolation, data exchange state.
The disengaging rule of configuration data in the banister server, such as A-> B, the end A passes data in the form of storage medium It is handed to banister, banister filtering separates " clear data " and stored afterwards to buffer area, and the data in buffer area access the end B in the form of queue Data-interface deletes native file to be sent to the end B, and the end B passes through uplink short message channel, in the form of short message Inform the end A server.
The overall process of configuration data is one-way transmission in the banister server, and the end A can not request B end data, the end B number According to can not also send to the end A.
It needs to carry out login authentication first in the outer net equipment, after authenticating successfully, obtains the path for needing to send data, It sends thread and constantly reads queue transmission to be sent target to be sent to outer net processing unit.
The above shows and describes the basic principles and main features of the present invention and the advantages of the present invention.The technology of the industry Personnel are it should be appreciated that the present invention is not limited to the above embodiments, and the above embodiments and description only describe this The principle of invention, without departing from the spirit and scope of the present invention, various changes and improvements may be made to the invention, these changes Change and improvement all fall within the protetion scope of the claimed invention.Claimed range of the invention by appended claims and Its equivalent thereof.

Claims (7)

1. a kind of network data security management-control method based on one-way transmission, including outer net processing unit, data exchange unit and Intranet processing unit, it is characterised in that: outer net processing unit is unidirectionally connect by data exchange unit with Intranet processing unit, institute It states outer net processing unit outer end and connects outer net equipment equipped with outer network interface, Intranet processing unit is equipped with interior network interface connection Intranet and sets It is standby;Intranet processing unit is mainly responsible for the connection with Intranet, detects to being filtered property of data, separates clear data and stores to slow Area is rushed, data exchange is waited to prepare;Outer net processing unit function is identical as Intranet;Software mainly carries out ferry-boat control to data, The open and close for controlling data channel are interrupted and are directly connected to outside Intranet to change communication mode in conjunction with physics original part, with Terminal of the data buffer zone as exchange data.
2. a kind of network data security management-control method based on one-way transmission according to claim 1, it is characterised in that: outer It net processing unit and outer net equipment direct communication and accesses control to the communication data of outer net equipment, outer net processing unit leads to File memory is crossed to connect with data exchange unit.
3. a kind of network data security management-control method based on one-way transmission according to claim 2, it is characterised in that: number Include banister server and isolation firewall according to crosspoint, independent data isolation area is formed based on one-way transmission physical medium Domain, and independent access control is carried out, it is made of multiple isolation firewalls.
4. a kind of network data security management-control method based on one-way transmission according to claim 3, it is characterised in that: number It is responsible for data according to crosspoint and firewall is isolated to Intranet processing from uplink isolation firewall to outer net processing unit and downlink The one-way transmission of unit, the banister server form the data buffer zone in isolation firewall, and it is anti-to be responsible for buffering uplink isolation The data that wall with flues transmission comes, banister server is responsible for the control that accesses to data, refuses unwarranted request or response, interior Outer net forms boundary isolation, data exchange state.
5. a kind of network data security management-control method based on one-way transmission according to claim 4, it is characterised in that: road The disengaging rule of configuration data in lock server, such as A-> B, data are transferred to banister, banister mistake by the end A in the form of storage medium Filter separates after clear data storage to buffer area, and the data in buffer area access B end data interface in the form of queue to be sent to B End, while native file being deleted, and the end A server is informed by uplink short message channel in the end B in the form of short message.
6. a kind of network data security management-control method based on one-way transmission according to claim 5, it is characterised in that: road The overall process of configuration data is one-way transmission in lock server, and the end A can not request B end data, and B end data can not also be sent to A End.
7. a kind of network data security management-control method based on one-way transmission according to claim 2, it is characterised in that: outer It needs to carry out login authentication first in net equipment, after authenticating successfully, obtains the path for needing to send data, send thread and constantly read Queue to be sent is taken to send target to be sent to outer net processing unit.
CN201910500516.5A 2019-06-11 2019-06-11 A kind of network data security management-control method based on one-way transmission Pending CN110324319A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910500516.5A CN110324319A (en) 2019-06-11 2019-06-11 A kind of network data security management-control method based on one-way transmission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910500516.5A CN110324319A (en) 2019-06-11 2019-06-11 A kind of network data security management-control method based on one-way transmission

Publications (1)

Publication Number Publication Date
CN110324319A true CN110324319A (en) 2019-10-11

Family

ID=68119500

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910500516.5A Pending CN110324319A (en) 2019-06-11 2019-06-11 A kind of network data security management-control method based on one-way transmission

Country Status (1)

Country Link
CN (1) CN110324319A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111711674A (en) * 2020-06-05 2020-09-25 华南师范大学 Cloud computing method based on Internet of things
CN114095184A (en) * 2020-07-15 2022-02-25 中国航发上海商用航空发动机制造有限责任公司 Data transmission system and transmission method thereof
CN115065548A (en) * 2022-07-19 2022-09-16 西安热工研究院有限公司 Enhanced network security access area data management and control system and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103166933B (en) * 2011-12-15 2015-08-19 北京天行网安信息技术有限责任公司 A kind of data security switching system and method
CN106131067A (en) * 2016-08-27 2016-11-16 山东万博科技股份有限公司 A kind of data ferry device based on heterogeneous protocol passage and method
CN109698837A (en) * 2019-02-01 2019-04-30 重庆邮电大学 A kind of tertiary-structure network based on one-way transmission physical medium and DEU data exchange unit and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103166933B (en) * 2011-12-15 2015-08-19 北京天行网安信息技术有限责任公司 A kind of data security switching system and method
CN106131067A (en) * 2016-08-27 2016-11-16 山东万博科技股份有限公司 A kind of data ferry device based on heterogeneous protocol passage and method
CN109698837A (en) * 2019-02-01 2019-04-30 重庆邮电大学 A kind of tertiary-structure network based on one-way transmission physical medium and DEU data exchange unit and method

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111711674A (en) * 2020-06-05 2020-09-25 华南师范大学 Cloud computing method based on Internet of things
CN111711674B (en) * 2020-06-05 2023-03-14 华南师范大学 Cloud computing method based on Internet of things
CN114095184A (en) * 2020-07-15 2022-02-25 中国航发上海商用航空发动机制造有限责任公司 Data transmission system and transmission method thereof
CN115065548A (en) * 2022-07-19 2022-09-16 西安热工研究院有限公司 Enhanced network security access area data management and control system and method
CN115065548B (en) * 2022-07-19 2024-04-26 西安热工研究院有限公司 Enhanced network security access area data management and control system and method

Similar Documents

Publication Publication Date Title
CN110324319A (en) A kind of network data security management-control method based on one-way transmission
KR101685471B1 (en) Terminal, control device, communication method, communication system, communication module, computer readable storage medium for storing program, and information processing device
JP5594410B2 (en) Terminal, control apparatus, communication method, communication system, communication module, program, and information processing apparatus
US8201221B2 (en) Data transmission control on network
CN104426837B (en) The application layer message filtering method and device of FTP
US20180234460A1 (en) Network Application Security Policy Enforcement
CN103457878B (en) A kind of access control method based on stream
US9319429B2 (en) Network quarantine system, network quarantine method and program therefor
US20130151587A1 (en) Filtering system and filtering method
US7684339B2 (en) Communication control system
CN107864162B (en) fusion gateway dual system and communication safety protection method thereof
CN102255918A (en) DHCP (Dynamic Host Configuration Protocol) Option 82 based user accessing authority control method
CN101277308A (en) Method for insulating inside and outside networks, authentication server and access switch
US10601777B2 (en) Data inspection system and method
KR101252787B1 (en) Security management system with multiple gateway servers and method thereof
CN101296182A (en) Data transmission control method and data transmission control device
WO2016202007A1 (en) Device operation and maintenance method and system
CN101616131A (en) A kind of method of defensing attack of Arp virus
CN104539600B (en) A kind of industry control method of realizing fireproof wall for supporting to filter IEC104 agreements
CN103178969B (en) A kind of service authentication method and system
JP4602158B2 (en) Server equipment protection system
CN108881127A (en) A kind of method and system of control remote access permission
CN106790134A (en) The access control method and Security Policy Server of a kind of video monitoring system
JP2013034096A (en) Access control system, terminal device, relay device, and access control method
JP2003152806A (en) Switch connection control system for communication path

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191011