CN111371741A - Method and device for transmitting data of external network to internal network, computer equipment and storage medium - Google Patents
Method and device for transmitting data of external network to internal network, computer equipment and storage medium Download PDFInfo
- Publication number
- CN111371741A CN111371741A CN202010101099.XA CN202010101099A CN111371741A CN 111371741 A CN111371741 A CN 111371741A CN 202010101099 A CN202010101099 A CN 202010101099A CN 111371741 A CN111371741 A CN 111371741A
- Authority
- CN
- China
- Prior art keywords
- extranet
- address
- data
- external network
- intranet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000005540 biological transmission Effects 0.000 claims abstract description 27
- 238000002955 isolation Methods 0.000 claims abstract description 21
- 241000700605 Viruses Species 0.000 claims description 26
- 230000001360 synchronised effect Effects 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 7
- 238000013507 mapping Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 description 28
- 238000007689 inspection Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 8
- 239000003795 chemical substances by application Substances 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000010992 reflux Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- 208000001613 Gambling Diseases 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 238000002513 implantation Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000002574 poison Substances 0.000 description 1
- 231100000614 poison Toxicity 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 230000008054 signal transmission Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
Abstract
The embodiment of the application belongs to the technical field of information security, and relates to a method for transmitting extranet data to an intranet, which comprises the steps of setting a network object storage server in a security isolation area, wherein the network object storage server provides a first address and a second address, the first address is exposed to the extranet, and the second address is set in the intranet; providing the first address to an external network to receive the external network data transmitted by an external network system; and when receiving the extranet data acquisition request sent by the intranet system, providing the second address for the intranet system, and transmitting the extranet data to the intranet system through the second address. The application also provides an external network data transmission to the internal network device, the computer equipment and a storage medium. According to the method and the system, addresses respectively positioned in the extranet and the intranet are provided through the network object storage server, so that extranet data of the extranet system are written into the intranet system; and meanwhile, the information safety in the intranet system is ensured.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a method and an apparatus for transmitting data from an external network to an internal network, a computer device, and a storage medium.
Background
Enterprise Wechat is one of the current important mobile internet social tools, and is also an important channel after relaying a call for enterprise publicity and promotion. With the continuous development of the breadth and depth of the mobile internet, the role of the mobile internet as a communication channel is more and more prominent. In addition to being more efficient, it has become essential today for the attendance agent to communicate with the customer through enterprise WeChat.
However, many information records of enterprise WeChat, such as communication records of a housekeeping agent and a client through the enterprise WeChat, are stored in an external network system; when the intranet system wants to check related information records, the problem that the communication records of an internal office seat and a client are not local, and the data of the extranet system is not written into the intranet system effectively under the condition of ensuring the information safety of the intranet, so that the quality inspection of the communication records is inconvenient is solved.
Disclosure of Invention
An embodiment of the present application provides a method, an apparatus, a computer device, and a storage medium for transmitting extranet data to an intranet. The writing-in of the extranet data of the extranet system into the intranet system is achieved, quality inspection is conveniently conducted on the internal communication records stored in the extranet, and meanwhile information safety in the intranet system is guaranteed.
In order to solve the above technical problem, an embodiment of the present application provides a method for transmitting extranet data to an intranet, which adopts the following technical scheme:
a method for transmitting data of an external network to an internal network comprises the following steps:
setting a network object storage server in a safe isolation area, wherein the network object storage server provides a first address and a second address, and exposes the first address to an extranet, and the second address is set in an intranet;
providing the first address to the external network to receive the external network data transmitted by an external network system; and
and when the extranet data acquisition request sent by the intranet system is received, providing the second address for the intranet system, and transmitting the extranet data to the intranet system through the second address.
Further, the step of exposing the first address to an external network comprises:
mapping the first address to an external network outlet address through NAT;
providing the first address mapped to the extranet exit address to the extranet system in the form of a uniform resource locator.
Further, the step of providing the first address to the extranet to receive the extranet data transmitted by the extranet system comprises:
and sending a data writing request carrying the first address to the external network system so as to provide the first address to the external network system.
Further, the step of sending a data write request carrying the first address to the extranet system to provide the first address to the extranet system includes:
and deploying a synchronous service in the safety isolation area, periodically driving the synchronous service to call a recording interface of the external network system, and sending the data writing request to the external network system by the synchronous service through the recording interface.
Further, after the step of receiving the extranet data transmitted by the extranet system by providing the first address to the extranet, the method includes:
after receiving the extranet data written by the extranet system through the first address, storing the extranet data in the network object storage server;
scanning and detecting the extranet data stored in the network object storage server for multiple times to determine whether the extranet data contains computer viruses or harmful data;
and if computer viruses or harmful data are detected, isolating or deleting the external network data.
Further, the step of scanning and detecting the extranet data stored in the network object storage server for a plurality of times includes:
scanning the external network data, and if the external network data contains keywords which accord with harmful information, determining that the external network data is the harmful data, wherein the keywords of the harmful information are obtained from a preset harmful information table;
and detecting the external network data, and if the external network data contains virus characteristic codes in a virus database, determining that the external network data is a computer virus.
In order to solve the above technical problem, an embodiment of the present application further provides an apparatus for transmitting extranet data to an intranet, which adopts the following technical scheme:
an extranet data transmission to an intranet device comprising:
the deployment module is used for setting a network object storage server in a safe isolation area, wherein the network object storage server provides a first address and a second address, the first address is exposed to an extranet, and the second address is set in an intranet;
the receiving module is used for providing the first address for an external network so as to receive the external network data transmitted by an external network system;
and the transmission module is used for providing the second address for the intranet system when receiving the extranet data acquisition request sent by the intranet system, and transmitting the extranet data to the intranet system through the second address.
Further, the transmission of the extranet data to the intranet device further includes a storage module, configured to store the received extranet data written by the extranet system through the first address in a network object storage server.
In order to solve the above technical problem, an embodiment of the present application further provides a computer device, which adopts the following technical solutions:
a computer device comprising a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the method for transmitting extranet data to an intranet when executing the computer program.
In order to solve the above technical problem, an embodiment of the present application further provides a computer-readable storage medium, which adopts the following technical solutions:
a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the above-described method for transmitting extranet data to an intranet.
Compared with the prior art, the embodiment of the application mainly has the following beneficial effects:
for many companies, particularly for financial working companies, related laws and regulations of the state require convenient supervision and quality inspection mechanisms in daily life, information contents for regular quality inspection and communication are required, and the communicated information contents are mostly stored in an external network system, so that quality inspection of the internal network system is not convenient; according to the method and the system, the IP addresses respectively positioned in the outer network and the inner network are provided, so that the outer network data of the outer network system can be safely written into the inner network system, and an enterprise can timely acquire quality inspection information regulated by national laws and regulations on the premise of legal compliance; meanwhile, under the condition that the enterprise acquires the related extranet data, the information safety in the intranet system is guaranteed.
Drawings
In order to more clearly illustrate the solution of the present application, the drawings needed for describing the embodiments of the present application will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
FIG. 1 is an exemplary system architecture diagram in which the present application may be applied;
FIG. 2 is a flow diagram of one embodiment of a method for extranet data transmission to an intranet according to the present application;
fig. 3 is a flow chart of another embodiment of a method for transmitting extranet data to an intranet according to the present application;
FIG. 4 is a schematic diagram illustrating an embodiment of an extranet data transmission to an intranet device according to the present application;
FIG. 5 is a schematic diagram of one embodiment of the receiver module shown in FIG. 4;
FIG. 6 is a schematic block diagram of one embodiment of a computer device according to the present application.
Reference numerals: 200. a computer device; 201. a memory; 202. a processor; 203. a network interface; 300. transmitting the extranet data to the intranet device; 301. a deployment module; 302. a receiving module; 303. a transmission module; 3021. a first timing sub-module; 3022. a second synchronization sub-module; 3023. and a third sending submodule.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "including" and "having," and any variations thereof, in the description and claims of this application and the description of the above figures are intended to cover non-exclusive inclusions. The terms "first," "second," and the like in the description and claims of this application or in the above-described drawings are used for distinguishing between different objects and not for describing a particular order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings.
As shown in fig. 1, the system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have various communication client applications installed thereon, such as a web browser application, a shopping application, a search application, an instant messaging tool, a mailbox client, social platform software, and the like.
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, e-book readers, MP3 players (Moving picture experts Group Audio Layer III, mpeg compression standard Audio Layer 3), MP4 players (Moving picture experts Group Audio Layer IV, mpeg compression standard Audio Layer 4), laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background server providing support for pages displayed on the terminal devices 101, 102, 103.
It should be noted that the method for transmitting extranet data to an intranet provided in the embodiments of the present application is generally executed by a server/terminal device, and accordingly, the extranet data is generally transmitted to the intranet device and is generally disposed in the server/terminal device.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
With continued reference to fig. 2, a flow diagram of one embodiment of a method for transmitting extranet data to an intranet is shown, in accordance with the present application. The method for transmitting the data of the external network to the internal network comprises the following steps:
s1: and setting a network object storage server in the safety isolation area, wherein the network object storage server provides a first address and a second address, the first address is exposed to an outer network, and the second address is set in the inner network.
In this embodiment, a secure isolation Zone (DMZ) is a buffer Zone established between the insecure system and the secure system, and the secure isolation Zone is located in a small network area between the internal network and the external network. Data transmission all need pass through the safety isolation region, be equivalent to except that the protecting wall, the safety isolation region has added a defence line again to the intranet, has improved the protection level of intranet. A first network card and a second network card are arranged on an Internet Object storage (IOBS) server and respectively correspond to the first address and the second address. Wherein, the first address and the second address are distinguished by different network segments; for example, the first address is 172. x.x.x; the second address is: 10. x.x.x; in this way, the network object storage server has different IP addresses exposed to the external network and arranged in the internal network, and can receive and store data transmitted by the external network system and the internal network system respectively.
Wherein, in step S1, the step of exposing the first address to the extranet includes:
mapping the first address to an external network outlet address through NAT;
providing the first address mapped to the extranet exit address to the extranet system in the form of a uniform resource locator.
In this embodiment, the first network card is exposed to the external network through the NAT, and the second network card configures the internal network address. The same data can be accessed through different network domains. External data is written by a first address, and internal data is accessed by a second address. Network Address Translation (NAT) is a technology for translating an intranet IP Address into an extranet IP Address, and at least one of three implementation manners of NAT can be flexibly adopted according to actual needs, including but not limited to: static conversion (StaticNat), Dynamic conversion (dynamicnat) and port multiplexing (overlaad). After the first address is mapped to the external network outlet address through the NAT, the first address mapped to the external network outlet address is provided to an external network system in a Uniform Resource Locator (URL) mode. The uniform resource locator is easier to identify and remember, a user of the external network inputs the uniform resource locator into the external network according to needs, and the external network system converts the uniform resource locator into the first address so as to realize access to the first address.
S2: and providing the first address to an external network to receive the external network data transmitted by the external network system.
In this embodiment, the first address accessible to the extranet system for transmitting the extranet data is provided for facilitating the reception of the extranet data from the extranet. The application discloses the information content of communication between an internal office agent and an external network client through enterprise WeChat is the external network data. The internal service seats communicate with the external network clients through Tencent enterprise WeChat uniformly, the communicated information content is transmitted and stored in the external network system, and the information content is recorded and stored by a log in the external network system. According to the method and the system, the information content (namely, the extranet data) of the attendance agent communicated with the extranet client through the enterprise WeChat is returned, so that data backflow is realized, and subsequent compliance quality inspection is facilitated.
Specifically, in step S2, the step of providing the first address to the extranet to receive the extranet data transmitted by the extranet system includes: and sending a data writing request carrying the first address to the external network system so as to provide the first address to the external network system. The method comprises the steps that external network data exist in an external network system, when the internal network system needs external network data to flow back, a data writing request is sent to a corresponding external network in which the external network data are stored in advance, the data writing request carries a first address exposed to the external network, and after the external network system receives the data writing request, the data are transmitted through the provided first address.
Wherein, the step of sending a data write request carrying the first address to the external network system to provide the first address to the external network system comprises: and deploying a synchronous service in the safety isolation area, periodically driving the synchronous service to call a recording interface of the external network system, and sending the data writing request to the external network system by the synchronous service through the recording interface.
In this embodiment, after the synchronization service in the secure isolation area sends the backhaul request to the extranet system, the extranet system prepares to transmit the extranet data back to the intranet system, so that when the extranet system prepares to transmit the backhaul data, the network object storage server in the secure isolation area is ready to receive the extranet data of the extranet, and can ensure to quickly and safely receive and store the extranet data. Setting a recording interface of a synchronous service call external network system at fixed time according to actual needs to control the time and frequency of sending data writing requests, wherein the fixed time can be a period of one month, a period of one week or a period of one day; the time for driving the synchronous service at fixed time can be flexibly adjusted according to the frequency and the duration of communication between the staff using the intranet and the extranet client through the chat software; therefore, data backflow which is divided into batches and has stable backflow data volume every time is achieved, the situation that the data volume of single backflow is large and is inconvenient for personnel to check is avoided, and the burden of increasing storage data and transmission data of the network object storage server is avoided.
Further, the step of deploying a synchronization service in the secure enclave, and periodically driving the synchronization service to call a recording interface of the extranet system, where the step of sending the data write request to the extranet system by the synchronization service through the recording interface includes: and deploying a synchronization service in the safety isolation area, regularly driving the synchronization service to call a recording interface of the external network system, and sending a return signal to the external network system by the synchronization service through the recording interface so as to remind the external network system to transmit the external network data.
In this embodiment, the method and the device for transmitting the return signal remind the external network system to return the external network data in a return mode, so that the signal transmission speed is high, and the information can be transmitted quickly. The return signal can be sent to an external network system in a character string form; and the return signal is sent in a character string mode, so that the external network system can read and acquire the transmitted information more easily.
S3: and when the extranet data acquisition request sent by the intranet system is received, providing the second address for the intranet system, and transmitting the extranet data to the intranet system through the second address.
In this embodiment, the intranet system accesses the second address set in the intranet at regular time to actively acquire the extranet data stored in the network object storage server, and thus it is ensured that the information acquisition activity is in the intranet system, and further the information security in the intranet system is ensured.
Such as: the extranet data can be a communication record of the communication between the internal office seat and the client through enterprise WeChat. In the process that the internal office seat communicates with the client through enterprise WeChat, the communication record is stored in the external network system, the communication record is returned to the internal network system, the communication record is returned, the communication record is stored locally, the communication record can be consulted conveniently, and the communication record can be conveniently subjected to compliance quality inspection.
In this embodiment, the electronic device (for example, the server/terminal device shown in fig. 1) on which the extranet data transmission to the intranet method operates may receive the extranet data acquisition request of the intranet system through a wired connection manner or a wireless connection manner. It should be noted that the wireless connection means may include, but is not limited to, a 3G/4G connection, a WiFi connection, a bluetooth connection, a WiMAX connection, a Zigbee connection, a uwb (ultra wideband) connection, and other wireless connection means now known or developed in the future.
Fig. 3 is a flowchart of another embodiment of a method for transmitting extranet data to an intranet according to the present application, and as shown in fig. 3, in some alternative implementations of this embodiment, after step S2 and before step S3, that is, after the step of providing the first address to the extranet to receive the extranet data transmitted by the extranet system; before the step of providing the second address to the intranet system when receiving the extranet data acquisition request sent by the intranet system, and transmitting the extranet data to the intranet system through the second address, the electronic device may further perform the following steps:
s4: after receiving the extranet data written by the extranet system through the first address, storing the extranet data in a network object storage server;
s5: scanning and detecting the extranet data stored in the network object storage server for multiple times to determine whether the extranet data contains computer viruses or harmful data;
s6: and if computer viruses or harmful data are detected, isolating or deleting the external network data.
After S4 is executed, when the request for obtaining extranet data sent by the intranet system is received, the electronic device provides the second address to the intranet system, and transmits the extranet data to the intranet system through the second address.
Thus, the step of S3 further includes: and transmitting the extranet data in the network object storage server to the intranet system through the second address.
In this embodiment, the extranet data transmitted by the extranet system is received, and the extranet data is stored in the network object storage server disposed in the security isolation area, rather than being directly transmitted to the intranet system immediately, so that the security of the intranet system is further ensured. And in the time period when the external network data is stored in the network object storage server, the network object storage server scans and detects the external network data for multiple times in different detection modes so as to determine that the external network data does not contain viruses or harmful data.
Further, in step S6, the step of scanning and detecting the extranet data stored in the network object storage server for multiple times includes:
scanning the external network data, and if the external network data contains keywords which accord with harmful information, determining that the external network data is the harmful data, wherein the keywords of the harmful information are obtained from a preset harmful information table;
and detecting the external network data, and if the external network data contains virus characteristic codes in a virus database, determining that the external network data is a computer virus.
In this embodiment, the detection method includes: a characteristic code method. The signature code method is the simplest and least expensive method for detecting known viruses. The method is realized by collecting known virus samples and establishing a virus database. When virus detection starts, the detected file is opened, the file is searched, and whether the file contains virus characteristic codes in a virus database or not is checked. If the detected file has virus characteristic code, the characteristic code is corresponding to the virus one by one, so that it can be judged what kind of virus is existed in the file to be detected. Comparing the carried information with harmful information by scanning the external network data for multiple times to determine whether the harmful information is contained; the harmful information table includes contents related to yellow gambling poison and information jeopardizing national security.
Of course, the method and the system can also detect whether the external network data in the network object storage server contains computer viruses or not through the operation mode of the external network data, and immediately clear or isolate the external network data once the external network data is found.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the computer program is executed. The storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a Random Access Memory (RAM).
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
With further reference to fig. 4, as an implementation of the method shown in fig. 2, the present application provides an embodiment of transmitting extranet data to an intranet apparatus, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 2, and the apparatus may be specifically applied to various electronic devices.
As shown in fig. 4, the transmission of extranet data to intranet device 300 according to this embodiment includes: a deployment module 301, a reception module 202, and a transmission module 303. Wherein:
a deployment module 301, configured to set a network object storage server in a secure isolation area, where the network object storage server provides a first address and a second address, and exposes the first address to an extranet, and the second address is set in an intranet;
a receiving module 302, configured to provide the first address to an external network to receive the external network data transmitted by an external network system;
a transmission module 303, configured to provide the second address to the intranet system when receiving the extranet data acquisition request sent by the intranet system, and transmit the extranet data to the intranet system through the second address.
In this embodiment, the extranet data is a related communication record for the user of the intranet to communicate with the customer of the enterprise through enterprise wechat, personal wechat, Tencent QQ or other chat software. The communication content relates to information related to business secrets, such as information data, work content and expense quotation of enterprises, and the related communication records are stored in the cloud of the corresponding chat software. If the enterprise wants to obtain the related communication records, the enterprise needs to pass legal authorization and ensure that the intranet system is not subjected to actions such as malicious trojan implantation, information tampering and the like when the extranet chatting software returns the related communication records, namely, the safety of the intranet system is ensured. The secure quarantine area establishes a buffer between the insecure system and the secure system, the secure quarantine area being located within a small network area between the internal network and the external network. Data transmission needs to pass through a safety isolation area, namely a defense line is added to the intranet, and the protection degree of the intranet is improved. According to the method, the deployment module 301 is used for setting the network object storage server in the safety isolation area, so that different IP addresses exposed to the intranet and the extranet can be provided at the same time, and thus, data information written in the extranet system and/or the intranet system can be received and output, and the safety of the intranet system is guaranteed while data interaction and transmission are realized; this application provides to the extranet behind the first address, receive the extranet data of extranet system transmission through receiving module 302 to will according to the request of intranet system, will the extranet data transmit for the intranet through transmission module 303, realize data security transmission. Therefore, enterprises can safely obtain the relevant communication records, so that the quality inspection of the relevant communication records is realized, and the implementation of a series of measures such as responsibility tracing, rectification, reward and punishment is facilitated.
Further, the transmission of the extranet data to the intranet device 300 further includes a storage module, where the storage module is configured to store the received extranet data written by the extranet system through the first address in a network object storage server.
In this embodiment, after receiving the extranet data transmitted by the extranet system, the receiving module 302 does not transmit the extranet data to the intranet system through the transmitting module 303, but stores the extranet data in the network object storage server through the storage module. And only when an extranet data acquisition request of the intranet system is received, transmitting corresponding extranet data to the intranet system according to the extranet data acquisition request, and realizing data reflux.
In some optional implementations of this embodiment, the deployment module 301 is further configured to: and mapping the first address to an external network exit address through NAT, wherein the second address is arranged in an internal network. In this embodiment, the first network card is exposed to the external network through the NAT, and the second network card configures the internal network address. The same data can be accessed through different network domains. External data is written by a first address, and internal data is accessed by a second address. NAT (i.e., network address translation technology) is a technology that can translate an intranet IP address into an extranet IP address.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an embodiment of a receiving module 302, where the receiving module 302 includes a first timing sub-module 3021, a second synchronization sub-module 3022, and a third sending sub-module 3023. The first timing submodule 3021 is configured to drive the synchronization service at a fixed time to call a recording interface of the extranet system; the second synchronization submodule 3022 is configured to deploy a synchronization service in the secure enclave, and call a recording interface of the extranet system through the synchronization service to send the data write request to the extranet system; the third sending submodule 3023 is configured to send, according to the recording interface of the extranet system called by the synchronization service, a data write request carrying the first address to the extranet system, so as to provide the first address for the extranet system, and receive, through the first address, the extranet data transmitted by the extranet system.
In this embodiment, after the secure isolation area deploys the synchronization service, the first timing submodule 3021 drives the synchronization service at a fixed period of a certain duration according to a preset setting; when the synchronization service is driven, the second synchronization submodule 3022 calls a recording interface of the extranet record through the synchronization service to provide a transmission channel of the data write request. The third sending submodule 3023 sends a data write request carrying the first address to the external network system through the recording interface. And after receiving the data writing request and acquiring the first address, the external network system transmits the external network data to the network object storage server through the first address to realize data reflux.
For many companies, particularly for financial working companies, related laws and regulations of the state require convenient supervision and quality inspection mechanisms in daily life, information contents for regular quality inspection and communication are required, and the communicated information contents are mostly stored in an external network system, so that quality inspection of the internal network system is not convenient; according to the method, the network object storage server is arranged in the security zone, and the IP addresses respectively positioned in the extranet and the intranet are provided, so that extranet data of the extranet system can be written into the intranet system, and quality inspection information specified by national laws and regulations can be timely acquired on the premise of legal compliance; and meanwhile, the information safety in the intranet system is ensured.
In order to solve the technical problem, an embodiment of the present application further provides a computer device. Referring to fig. 6, fig. 6 is a block diagram of a basic structure of a computer device according to the present embodiment.
The computer device 200 comprises a memory 201, a processor 202, a network interface 203 communicatively connected to each other via a system bus. It is noted that only computer device 200 having components 201 and 203 is shown, but it is understood that not all of the illustrated components are required and that more or fewer components may alternatively be implemented. As will be understood by those skilled in the art, the computer device is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction, and the hardware includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC), a Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), an embedded device, and the like.
The computer device can be a desktop computer, a notebook, a palm computer, a cloud server and other computing devices. The computer equipment can carry out man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch panel or voice control equipment and the like.
The memory 201 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the storage 201 may be an internal storage unit of the computer device 200, such as a hard disk or a memory of the computer device 200. In other embodiments, the memory 201 may also be an external storage device of the computer device 200, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like, provided on the computer device 200. Of course, the memory 201 may also include both internal and external storage devices of the computer device 200. In this embodiment, the memory 201 is generally used to store an operating system installed in the computer device 200 and various application software, such as program codes of a method for transmitting data from an external network to an internal network. Further, the memory 201 may also be used to temporarily store various types of data that have been output or are to be output.
The processor 202 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 202 is generally operative to control overall operation of the computer device 200. In this embodiment, the processor 202 is configured to run a program code stored in the memory 201 or process data, for example, a program code for running a method for transmitting the extranet data to the intranet.
The network interface 203 may comprise a wireless network interface or a wired network interface, and the network interface 203 is generally used for establishing communication connection between the computer device 200 and other electronic devices.
The present application further provides another embodiment, which is to provide a computer-readable storage medium storing an extranet data transmission to intranet program, which can be executed by at least one processor to cause the at least one processor to execute the steps of the extranet data transmission to intranet method as described above.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present application.
It is to be understood that the above-described embodiments are merely illustrative of some, but not restrictive, of the broad invention, and that the appended drawings illustrate preferred embodiments of the invention and do not limit the scope of the invention. This application is capable of embodiments in many different forms and is provided for the purpose of enabling a thorough understanding of the disclosure of the application. Although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to one skilled in the art that the present application may be practiced without modification or with equivalents of some of the features described in the foregoing embodiments. All equivalent structures made by using the contents of the specification and the drawings of the present application are directly or indirectly applied to other related technical fields and are within the protection scope of the present application.
Claims (10)
1. A method for transmitting data of an external network to an internal network is characterized by comprising the following steps:
setting a network object storage server in a safe isolation area, wherein the network object storage server provides a first address and a second address, and exposes the first address to an extranet, and the second address is set in an intranet;
providing the first address to the external network to receive the external network data transmitted by an external network system; and
and when the extranet data acquisition request sent by the intranet system is received, providing the second address for the intranet system, and transmitting the extranet data to the intranet system through the second address.
2. The extranet data transmission to the intranet method of claim 1 wherein the exposing the first address to the extranet comprises:
mapping the first address to an external network outlet address through NAT;
providing the first address mapped to the extranet exit address to the extranet system in the form of a uniform resource locator.
3. The method according to claim 1, wherein the step of providing the first address to the extranet to receive the extranet data transmitted from the extranet system comprises:
and sending a data writing request carrying the first address to the external network system so as to provide the first address to the external network system.
4. The method according to claim 3, wherein the step of sending a data write request carrying the first address to the extranet system to provide the extranet system with the first address comprises:
and deploying a synchronous service in the safety isolation area, periodically driving the synchronous service to call a recording interface of the external network system, and sending the data writing request to the external network system by the synchronous service through the recording interface.
5. The method for transmitting extranet data to an intranet according to any one of claims 1 to 4, wherein after the step of providing the first address to the extranet to receive the extranet data transmitted by the extranet system, the method comprises:
after receiving the extranet data written by the extranet system through the first address, storing the extranet data in the network object storage server;
scanning and detecting the extranet data stored in the network object storage server for multiple times to determine whether the extranet data contains computer viruses or harmful data;
and if computer viruses or harmful data are detected, isolating or deleting the external network data.
6. The method according to claim 5, wherein the step of scanning and detecting the extranet data stored in the network object storage server for a plurality of times comprises:
scanning the external network data, and if the external network data contains keywords which accord with harmful information, determining that the external network data is the harmful data, wherein the keywords of the harmful information are obtained from a preset harmful information table;
and detecting the external network data, and if the external network data contains virus characteristic codes in a virus database, determining that the external network data is a computer virus.
7. The utility model provides an extranet data transmission to intranet device which characterized in that includes:
the deployment module is used for setting a network object storage server in a safe isolation area, wherein the network object storage server provides a first address and a second address, the first address is exposed to an extranet, and the second address is set in an intranet;
the receiving module is used for providing the first address for an external network so as to receive the external network data transmitted by an external network system;
and the transmission module is used for providing the second address for the intranet system when receiving the extranet data acquisition request sent by the intranet system, and transmitting the extranet data to the intranet system through the second address.
8. The extranet data transmission to the intranet device according to claim 7, wherein the extranet data transmission to the intranet device further comprises a storage module, and the storage module is configured to store the received extranet data written by the extranet system through the first address in the network object storage server.
9. A computer device comprising a memory having stored therein a computer program and a processor which, when executed, carries out the steps of a method of transmitting extranet data to an intranet according to any one of claims 1 to 6.
10. A computer-readable storage medium, characterized in that a computer program is stored thereon, which, when being executed by a processor, carries out the steps of a method for transmitting extranet data to an intranet according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010101099.XA CN111371741A (en) | 2020-02-19 | 2020-02-19 | Method and device for transmitting data of external network to internal network, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010101099.XA CN111371741A (en) | 2020-02-19 | 2020-02-19 | Method and device for transmitting data of external network to internal network, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111371741A true CN111371741A (en) | 2020-07-03 |
Family
ID=71211386
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010101099.XA Pending CN111371741A (en) | 2020-02-19 | 2020-02-19 | Method and device for transmitting data of external network to internal network, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111371741A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112769809A (en) * | 2020-12-31 | 2021-05-07 | 广州中海云科技有限公司 | Maritime administration penalty data processing system, method, device and equipment |
| CN114039788A (en) * | 2021-11-15 | 2022-02-11 | 绿盟科技集团股份有限公司 | Strategy transmission method, network gate system, electronic equipment and storage medium |
| CN114039949A (en) * | 2021-12-24 | 2022-02-11 | 上海观安信息技术股份有限公司 | Cloud service floating IP binding method and system |
| CN114124867A (en) * | 2021-11-18 | 2022-03-01 | 大连九锁网络有限公司 | Group-sending instant message transmission method under two-layer and three-layer hybrid network structure |
| CN114499986A (en) * | 2021-12-29 | 2022-05-13 | 中软信息系统工程有限公司 | Data transmission method and device and electronic equipment |
| CN114745398A (en) * | 2021-01-07 | 2022-07-12 | 中国石油天然气股份有限公司 | Data acquisition and access system |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1571398A (en) * | 2004-04-29 | 2005-01-26 | 上海交通大学 | Network safety isolating and information exchanging system and method based on proxy mapping |
| CN101820449A (en) * | 2010-04-20 | 2010-09-01 | 江苏电力调度通信中心 | Cross-safety zone application service isolation platform |
| CN102394927A (en) * | 2011-10-31 | 2012-03-28 | 国云科技股份有限公司 | Method for storing and synchronizing data of internal and external networks |
| US20120124645A1 (en) * | 2010-11-17 | 2012-05-17 | Cardinalcommerce Corporation | System architecture for dmz external ip addresses |
| CN103118147A (en) * | 2013-01-24 | 2013-05-22 | 中国联合网络通信集团有限公司 | Method, equipment and system for accessing intranet server |
| US20140259177A1 (en) * | 2013-03-11 | 2014-09-11 | Sap Ag | Efficiently segregating data from externally accessible systems |
| CN104967609A (en) * | 2015-04-28 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Intranet development server access method, intranet development server access device and intranet development server access system |
| CN109428881A (en) * | 2017-09-05 | 2019-03-05 | 中国移动通信有限公司研究院 | Network safety protection method, network element device, system and computer storage medium |
| CN109688100A (en) * | 2018-09-07 | 2019-04-26 | 平安科技(深圳)有限公司 | NAT penetrating method, device, equipment and storage medium |
| CN110602149A (en) * | 2019-10-11 | 2019-12-20 | 北京字节跳动网络技术有限公司 | External network access method, system, shunt server and internal network equipment |
-
2020
- 2020-02-19 CN CN202010101099.XA patent/CN111371741A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1571398A (en) * | 2004-04-29 | 2005-01-26 | 上海交通大学 | Network safety isolating and information exchanging system and method based on proxy mapping |
| CN101820449A (en) * | 2010-04-20 | 2010-09-01 | 江苏电力调度通信中心 | Cross-safety zone application service isolation platform |
| US20120124645A1 (en) * | 2010-11-17 | 2012-05-17 | Cardinalcommerce Corporation | System architecture for dmz external ip addresses |
| CN102394927A (en) * | 2011-10-31 | 2012-03-28 | 国云科技股份有限公司 | Method for storing and synchronizing data of internal and external networks |
| CN103118147A (en) * | 2013-01-24 | 2013-05-22 | 中国联合网络通信集团有限公司 | Method, equipment and system for accessing intranet server |
| US20140259177A1 (en) * | 2013-03-11 | 2014-09-11 | Sap Ag | Efficiently segregating data from externally accessible systems |
| CN104967609A (en) * | 2015-04-28 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Intranet development server access method, intranet development server access device and intranet development server access system |
| CN109428881A (en) * | 2017-09-05 | 2019-03-05 | 中国移动通信有限公司研究院 | Network safety protection method, network element device, system and computer storage medium |
| CN109688100A (en) * | 2018-09-07 | 2019-04-26 | 平安科技(深圳)有限公司 | NAT penetrating method, device, equipment and storage medium |
| CN110602149A (en) * | 2019-10-11 | 2019-12-20 | 北京字节跳动网络技术有限公司 | External network access method, system, shunt server and internal network equipment |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112769809A (en) * | 2020-12-31 | 2021-05-07 | 广州中海云科技有限公司 | Maritime administration penalty data processing system, method, device and equipment |
| CN114745398A (en) * | 2021-01-07 | 2022-07-12 | 中国石油天然气股份有限公司 | Data acquisition and access system |
| CN114039788A (en) * | 2021-11-15 | 2022-02-11 | 绿盟科技集团股份有限公司 | Strategy transmission method, network gate system, electronic equipment and storage medium |
| CN114039788B (en) * | 2021-11-15 | 2023-05-26 | 绿盟科技集团股份有限公司 | Policy transmission method, gateway system, electronic equipment and storage medium |
| CN114124867A (en) * | 2021-11-18 | 2022-03-01 | 大连九锁网络有限公司 | Group-sending instant message transmission method under two-layer and three-layer hybrid network structure |
| CN114039949A (en) * | 2021-12-24 | 2022-02-11 | 上海观安信息技术股份有限公司 | Cloud service floating IP binding method and system |
| CN114039949B (en) * | 2021-12-24 | 2024-03-26 | 上海观安信息技术股份有限公司 | Cloud service floating IP binding method and system |
| CN114499986A (en) * | 2021-12-29 | 2022-05-13 | 中软信息系统工程有限公司 | Data transmission method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111371741A (en) | Method and device for transmitting data of external network to internal network, computer equipment and storage medium | |
| CN109936621B (en) | Information security multi-page message pushing method, device, equipment and storage medium | |
| US20140165199A1 (en) | Method and apparatus for determining malicious program | |
| EP3324325A1 (en) | Method, client, and system for testing application | |
| US20220291969A1 (en) | Intelligent cloud management based on profile | |
| CN112162965B (en) | Log data processing method, device, computer equipment and storage medium | |
| CN110472941A (en) | Schedule creation method and device, terminal, storage medium based on notification message | |
| AU2012315601A1 (en) | Techniques for managing and viewing followed content | |
| JP2019513260A (en) | Service execution method and device | |
| US20160132706A1 (en) | Method and apparatus for mobile terminal to process visual graphics code | |
| US20220385612A1 (en) | Mail processing method and apparatus, electronic device and storage medium | |
| US8407766B1 (en) | Method and apparatus for monitoring sensitive data on a computer network | |
| WO2013070815A1 (en) | Aggregate provider for social activity feeds and contact information | |
| EP2862338A1 (en) | Method, server, and client for pushing and displaying splash screen | |
| WO2023051740A1 (en) | Communication session management method and apparatus | |
| CN112328564A (en) | Special resource sharing method and device and electronic equipment | |
| CN111240847A (en) | Data processing method, device, medium and computing equipment | |
| CN110069760A (en) | A kind of document problem feedback method, device, medium and electronic equipment | |
| WO2022078397A1 (en) | Communication method and apparatus, device, and storage medium | |
| CN112861037B (en) | Data labeling method, device, system, electronic equipment and storage medium | |
| CN114265759A (en) | Tracing method and system after data information leakage and electronic equipment | |
| CN109981738B (en) | Cloud server suitable for application of narrow-band Internet of things | |
| CN109768921B (en) | Data transparent transmission method and corresponding instant communication terminal | |
| CN112347382A (en) | Product page sharing method and device and electronic equipment | |
| CN113157193A (en) | Online document change reminding method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |