CN111371741B - Method, device, computer equipment and storage medium for transmitting external network data to internal network - Google Patents
Method, device, computer equipment and storage medium for transmitting external network data to internal network Download PDFInfo
- Publication number
- CN111371741B CN111371741B CN202010101099.XA CN202010101099A CN111371741B CN 111371741 B CN111371741 B CN 111371741B CN 202010101099 A CN202010101099 A CN 202010101099A CN 111371741 B CN111371741 B CN 111371741B
- Authority
- CN
- China
- Prior art keywords
- external network
- data
- address
- extranet
- network data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000002955 isolation Methods 0.000 claims abstract description 27
- 241000700605 Viruses Species 0.000 claims description 33
- 230000005540 biological transmission Effects 0.000 claims description 28
- 230000001360 synchronised effect Effects 0.000 claims description 20
- 238000004590 computer program Methods 0.000 claims description 8
- 238000001514 detection method Methods 0.000 claims description 5
- 238000013507 mapping Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 description 26
- 239000003795 chemical substances by application Substances 0.000 description 8
- 238000007689 inspection Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 238000010992 reflux Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000013519 translation Methods 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 230000007123 defense Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 208000001613 Gambling Diseases 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 238000002513 implantation Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008054 signal transmission Effects 0.000 description 1
- 239000003053 toxin Substances 0.000 description 1
- 231100000765 toxin Toxicity 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the application belongs to the technical field of information security, and relates to a method for transmitting extranet data to an intranet, which comprises the steps that a network object storage server is arranged in a security isolation area, the network object storage server provides a first address and a second address, the first address is exposed to the extranet, and the second address is arranged in the intranet; providing the first address to an external network to receive the external network data transmitted by an external network system; and when the external network data acquisition request sent by the internal network system is received, providing the second address for the internal network system, and transmitting the external network data to the internal network system through the second address. The application also provides a device for transmitting the extranet data to the intranet, computer equipment and a storage medium. According to the application, the addresses respectively positioned in the external network and the internal network are provided by the network object storage server, so that the writing of the external network data of the external network system into the internal network system is realized; meanwhile, the information security in the intranet system is ensured.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a method, an apparatus, a computer device, and a storage medium for transmitting external network data to an internal network.
Background
Enterprise WeChat is one of the currently important mobile interconnected social tools, and is also an important channel for enterprise propaganda and popularization, followed by telephone. With the continuous development of the breadth and the depth of the mobile internet, the effect of the mobile internet as a communication channel is also increasingly prominent. In addition to being more efficient, current internal service agents have become indispensable to communicate with customers through enterprise WeChat.
However, many information records of the enterprise WeChat, such as communication records between the internal service agent and the client through the enterprise WeChat, are stored in the extranet system; when the intranet system wants to check the related information records, the problem that the communication records between the internal service agents and the clients are not local, and the data of the extranet system are not effectively written into the intranet system under the condition of ensuring the safety of the intranet information, so that the quality inspection of the communication records is inconvenient is caused.
Disclosure of Invention
The embodiment of the application aims to provide a method, a device, computer equipment and a storage medium for transmitting extranet data to an intranet. The method and the device realize writing of the external network data of the external network system into the internal network system, facilitate quality inspection of the internal communication record stored in the external network, and ensure information security in the internal network system.
In order to solve the above technical problems, the embodiment of the present application provides a method for transmitting external network data to an internal network, which adopts the following technical scheme:
A method for transmitting extranet data to intranet includes the following steps:
Setting a network object storage server in a security isolation area, wherein the network object storage server provides a first address and a second address, the first address is exposed to an external network, and the second address is set in an internal network;
Providing the first address for the external network to receive the external network data transmitted by an external network system; and
When the external network data acquisition request sent by the internal network system is received, the second address is provided for the internal network system, and the external network data is transmitted to the internal network system through the second address.
Further, the step of exposing the first address to an external network includes:
mapping the first address to an external network outlet address through NAT;
the first address mapped to the foreign network exit address is provided to the foreign network system in the form of a uniform resource locator.
Further, the step of providing the first address to the external network to receive the external network data transmitted by the external network system includes:
and sending a data writing request carrying the first address to the external network system so as to provide the first address for the external network system.
Further, the step of sending a data writing request carrying the first address to the external network system to provide the first address to the external network system includes:
And deploying a synchronous service in the security isolation area, and driving the synchronous service to call a recording interface of the external network system at regular time, wherein the synchronous service sends the data writing request to the external network system through the recording interface.
Further, after the step of providing the first address to the external network to receive the external network data transmitted by the external network system, the method includes:
after receiving the external network data written by the external network system through the first address, storing the external network data in the network object storage server;
Scanning and detecting the external network data stored in the network object storage server for a plurality of times to determine whether the external network data contains computer viruses or harmful data;
And if the computer virus or the harmful data is detected, isolating or deleting the external network data.
Further, the step of scanning and detecting the external network data stored in the network object storage server for a plurality of times includes:
scanning the external network data, and if the external network data contains keywords conforming to harmful information, confirming that the external network data is harmful data, wherein the keywords of the harmful information are obtained from a preset harmful information table;
and detecting the external network data, and if the external network data contains virus feature codes in a virus database, confirming that the external network data is computer viruses.
In order to solve the above technical problems, the embodiment of the present application further provides an external network data transmission to an internal network device, which adopts the following technical scheme:
An extranet data transmission to intranet device, comprising:
the deployment module is used for setting a network object storage server in the security isolation area, the network object storage server provides a first address and a second address, the first address is exposed to the external network, and the second address is set in the internal network;
The receiving module is used for providing the first address for the external network so as to receive the external network data transmitted by the external network system;
And the transmission module is used for providing the second address for the intranet system when the extranet data acquisition request sent by the intranet system is received, and transmitting the extranet data to the intranet system through the second address.
Further, the external network data transmission to the internal network device further includes a storage module, configured to store the received external network data written by the external network system through the first address in a network object storage server.
In order to solve the above technical problems, the embodiment of the present application further provides a computer device, which adopts the following technical schemes:
The computer equipment comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the steps of the method for transmitting the external network data to the internal network when executing the computer program.
In order to solve the above technical problems, an embodiment of the present application further provides a computer readable storage medium, which adopts the following technical schemes:
A computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the method for transferring extranet data to intranet as described above.
Compared with the prior art, the embodiment of the application has the following main beneficial effects:
For many companies, especially for finance business companies, relevant laws and regulations of the country require convenient supervision and quality inspection mechanisms in daily life, and the communicated information content needs to be inspected regularly, and the communicated information content is stored in an external network system, so that the internal network system is inconvenient to inspect the quality; according to the application, by providing the IP addresses respectively positioned on the external network and the internal network, the external network data of the external network system can be safely written into the internal network system, and an enterprise can timely acquire quality inspection information specified by national laws and regulations on the premise of legal compliance; meanwhile, under the condition that the enterprise acquires the related external network data, the information security in the internal network system is ensured.
Drawings
In order to more clearly illustrate the solution of the present application, a brief description will be given below of the drawings required for the description of the embodiments of the present application, it being apparent that the drawings in the following description are some embodiments of the present application, and that other drawings may be obtained from these drawings without the exercise of inventive effort for a person of ordinary skill in the art.
FIG. 1 is an exemplary system architecture diagram in which the present application may be applied;
FIG. 2 is a flow chart of one embodiment of a method for transferring extranet data to an intranet in accordance with the present application;
FIG. 3 is a flow chart of another embodiment of a method for transferring extranet data to an intranet according to the present application;
FIG. 4 is a schematic diagram illustrating an embodiment of an extranet data transmission to an intranet device according to the present application;
FIG. 5 is a schematic diagram of an embodiment of the receiving module shown in FIG. 4;
FIG. 6 is a schematic structural diagram of one embodiment of a computer device in accordance with the present application.
Reference numerals: 200. a computer device; 201. a memory; 202. a processor; 203. a network interface; 300. the data of the external network is transmitted to the internal network device; 301. deploying a module; 302. a receiving module; 303. a transmission module; 3021. a first timing sub-module; 3022. a second synchronization sub-module; 3023. and a third transmitting sub-module.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the applications herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "comprising" and "having" and any variations thereof in the description of the application and the claims and the description of the drawings above are intended to cover a non-exclusive inclusion. The terms first, second and the like in the description and in the claims or in the above-described figures, are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
In order to make the person skilled in the art better understand the solution of the present application, the technical solution of the embodiment of the present application will be clearly and completely described below with reference to the accompanying drawings.
As shown in fig. 1, a system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as a web browser application, a shopping class application, a search class application, an instant messaging tool, a mailbox client, social platform software, etc., may be installed on the terminal devices 101, 102, 103.
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablet computers, electronic book readers, MP3 players (MovingPicture Experts Group Audio Layer III, dynamic video expert compression standard audio plane 3), MP4 (Moving Picture Experts Group Audio Layer IV, dynamic video expert compression standard audio plane 4) players, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background server providing support for pages displayed on the terminal devices 101, 102, 103.
It should be noted that, the method for transmitting the external network data to the internal network provided by the embodiment of the present application is generally executed by a server/terminal device, and correspondingly, the external network data transmission to the internal network device is generally set in the server/terminal device.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
With continued reference to fig. 2, a flow chart of one embodiment of a method of external network data transmission to an internal network in accordance with the present application is shown. The method for transmitting the external network data to the internal network comprises the following steps:
S1: and setting a network object storage server in the security isolation area, wherein the network object storage server provides a first address and a second address, the first address is exposed to the external network, and the second address is set in the internal network.
In this embodiment, the security isolation zone (Demilitarized Zone, DMZ) is a buffer zone established between the non-secure system and the secure system, the security isolation zone being located within a small network area between the internal network and the external network. The data transmission needs to pass through the safety isolation area, which is equivalent to the protection of the internal network except the protection wall, and the safety isolation area adds a defense line to the internal network, thereby improving the protection degree of the internal network. The network object storage (Internet Object Strorage, IOBS) server is provided with a first network card and a second network card, which correspond to the first address and the second address respectively. Wherein the first address and the second address are distinguished by different network segments; for example, the first address is 172.X.x.x; the second address is: x.x.x; therefore, the network object storage server is provided with different IP addresses exposed to the external network and arranged in the internal network, and can respectively receive and store data transmitted by the external network system and the internal network system.
Wherein in step S1, the step of exposing the first address to the external network includes:
mapping the first address to an external network outlet address through NAT;
the first address mapped to the foreign network exit address is provided to the foreign network system in the form of a uniform resource locator.
In this embodiment, the first network card is exposed to the external network through the NAT, and the second network card configures the internal network address. The same piece of data may be accessed through different network domains. External data is written by a first address and internal data is accessed by a second address. Network address translation (Network Address Translation, NAT) is a technique for translating an intranet IP address to an extranet IP address, and the present application may flexibly employ at least one of three implementations of NAT according to actual needs, including but not limited to: implementation of static conversion (STATICNAT), dynamic conversion (DYNAMIC NAT) and port multiplexing (OverLoad). After the first address is mapped to the foreign network exit address by the NAT, the first address mapped to the foreign network exit address is provided to the foreign network system in the form of a uniform resource locator (Uniform Resource Locator, URL). The uniform resource locator is easier to identify and memorize, a user of the external network inputs the uniform resource locator in the external network according to the requirement, and the external network system converts the uniform resource locator into the first address, thereby realizing the access to the first address.
S2: and providing the first address for an external network to receive the external network data transmitted by an external network system.
In this embodiment, a first address that can be accessed is provided for the external network system to transmit external network data, so that external network data from the external network can be received conveniently. The external network data of the application is the information content of the communication between the internal service agent and the external network client through the enterprise WeChat. The internal service agents communicate with the external network clients through the communication enterprise WeChat, the communicated information content is transmitted and stored in the external network system, and the log in the external network system records and stores the information content. According to the application, the internal service agent is returned through the information content (namely, the external network data) communicated with the external network client through the enterprise WeChat, so that the data reflux is realized, and the subsequent compliance quality inspection is facilitated.
Specifically, in step S2, the step of providing the first address to the external network to receive the external network data transmitted by the external network system includes: and sending a data writing request carrying the first address to the external network system so as to provide the first address for the external network system. When the intranet system needs extranet data backflow, a data writing request is sent to a corresponding extranet stored with the extranet data in advance, the data writing request carries a first address exposed to the extranet, and after the extranet system receives the data writing request, the data is transmitted through the provided first address.
Wherein the step of sending a data writing request carrying the first address to the external network system to provide the first address to the external network system comprises: and deploying a synchronous service in the security isolation area, and driving the synchronous service to call a recording interface of the external network system at regular time, wherein the synchronous service sends the data writing request to the external network system through the recording interface.
In this embodiment, after the synchronization service in the security isolation area sends the backhaul request to the external network system, the external network system is ready to send the external network data back to the internal network system, so that when the external network system prepares the backhaul data, the network object storage server provided in the security isolation area is ready to receive the external network data of the external network, and can ensure fast and safe receiving and storing of the external network data. Setting a recording interface of a synchronous service calling external network system at fixed time according to actual requirements so as to control the time and frequency of sending a data writing request, wherein the fixed time can be one month as a period, one week as a period or one day as a period; the time for driving the synchronous service at fixed time can be flexibly adjusted according to the frequency and the duration of communication between staff using the enterprise intranet and the extranet client through chat software; therefore, data reflux with stable data quantity in each time in batches is realized, so that more data quantity in single reflux is avoided, personnel checking is inconvenient, and the burden of increasing the stored data and the transmitted data of the network object storage server is avoided.
Further, the step of deploying a synchronization service in the security isolation area, and driving the synchronization service to call a recording interface of the external network system at regular time, where the step of sending the data writing request to the external network system by the synchronization service through the recording interface includes: and deploying a synchronous service in the security isolation area, and regularly driving the synchronous service to call a recording interface of the external network system, wherein the synchronous service sends a return signal to the external network system through the recording interface so as to remind the external network system of transmitting the external network data.
In the embodiment, the application reminds the external network system to transmit the external network data back in a mode of transmitting the back transmission signal, so that the signal transmission speed is high, and the quick transmission of information is realized. The feedback signal can be sent to an external network system in the form of a character string; and the return signal is sent in the form of a character string, so that the external network system can read and acquire the transmitted information more easily.
S3: when the external network data acquisition request sent by the internal network system is received, the second address is provided for the internal network system, and the external network data is transmitted to the internal network system through the second address.
In this embodiment, the intranet system actively acquires the extranet data stored in the network object storage server by accessing the second address set in the intranet at regular time, so as to ensure that the information acquisition is active in the intranet system, further ensure the information security in the intranet system, store the extranet data in the database of the intranet system, and call when the extranet data is needed.
Such as: the extranet data may be a communication record of the commute agent communicating with the customer through the enterprise WeChat. And in the process that the internal service agent communicates with the client through the enterprise WeChat, the communication record is stored in the external network system, the communication record is returned to the internal network system, so that the communication record is returned, the communication record is stored locally, the communication record is conveniently referred, and the compliance of the communication record is conveniently checked.
In this embodiment, the electronic device (for example, the server/terminal device shown in fig. 1) on which the intranet method operates for transmitting the extranet data may receive the extranet data acquisition request of the intranet system through a wired connection manner or a wireless connection manner. It should be noted that the wireless connection may include, but is not limited to, 3G/4G connection, wiFi connection, bluetooth connection, wiMAX connection, zigbee connection, UWB (ultrawideband) connection, and other now known or later developed wireless connection.
Fig. 3 is a flowchart of another embodiment of a method for transmitting extranet data to an intranet according to the present application, as shown in fig. 3, in some alternative implementations of the present embodiment, after step S2, before step S3, that is, after the step of providing the first address to the extranet to receive the extranet data transmitted by the extranet system; before the step of providing the second address to the intranet system when the external network data acquisition request sent by the intranet system is received and transmitting the external network data to the intranet system through the second address, the electronic device may further execute the following steps:
S4: after receiving the external network data written by the external network system through the first address, storing the external network data in a network object storage server;
s5: scanning and detecting the external network data stored in the network object storage server for a plurality of times to determine whether the external network data contains computer viruses or harmful data;
S6: and if the computer virus or the harmful data is detected, isolating or deleting the external network data.
And after the electronic equipment executes the S4, when the external network data acquisition request sent by the internal network system is received, providing the second address for the internal network system, and transmitting the external network data to the internal network system through the second address.
Thus, the step of S3 further comprises: and transmitting the external network data in the network object storage server to the internal network system through the second address.
In this embodiment, the external network data transmitted by the external network system is received, and the external network data is stored in the network object storage server disposed in the security isolation area, instead of immediately and directly transmitting the external network data to the internal network system, so that the security of the internal network system is further ensured. And in the time period when the external network data is stored in the network object storage server, the network object storage server scans and detects the external network data for a plurality of times in different detection modes so as to determine that the external network data does not contain viruses or harmful data.
Further, in step S6, the step of scanning and detecting the external network data stored in the network object storage server for multiple times includes:
scanning the external network data, and if the external network data contains keywords conforming to harmful information, confirming that the external network data is harmful data, wherein the keywords of the harmful information are obtained from a preset harmful information table;
and detecting the external network data, and if the external network data contains virus feature codes in a virus database, confirming that the external network data is computer viruses.
In this embodiment, the detection method includes: feature code method. The feature code method is the simplest and least expensive method of detecting known viruses. The realization is to collect known virus samples and establish a virus database. When virus detection starts, the detected file is opened, the file is searched, and whether the file contains virus characteristic codes in a virus database or not is checked. If the virus feature codes exist in the detected file, the virus type in the detected file can be judged because the feature codes are in one-to-one correspondence with viruses. Comparing the information carried in the external network data with the harmful information by scanning the external network data for a plurality of times to determine whether the harmful information is contained; wherein, the harmful information table contains the content related to the yellow gambling toxin and the information of harming the national security.
Of course, the application can also detect whether the external network data contains the computer virus or not through the operation mode of the external network data in the network object storage server, and immediately clear or isolate the computer virus once the computer virus is found.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored in a computer-readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. The storage medium may be a nonvolatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a random access Memory (Random Access Memory, RAM).
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited in order and may be performed in other orders, unless explicitly stated herein. Moreover, at least some of the steps in the flowcharts of the figures may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order of their execution not necessarily being sequential, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.
With further reference to fig. 4, as an implementation of the method shown in fig. 2, the present application provides an embodiment of transmitting data from an external network to an internal network device, where the embodiment of the device corresponds to the embodiment of the method shown in fig. 2, and the device may be applied to various electronic devices specifically.
As shown in fig. 4, the transmission of the external network data to the internal network device 300 according to the present embodiment includes: deployment module 301, reception module 202, and transmission module 303. Wherein:
The deployment module 301 is configured to set a network object storage server in a security isolation area, where the network object storage server provides a first address and a second address, exposes the first address to an external network, and sets the second address in an internal network;
A receiving module 302, configured to provide the first address to an external network, so as to receive the external network data transmitted by an external network system;
and the transmission module 303 is configured to provide the second address to the intranet system when the external network data acquisition request sent by the intranet system is received, and transmit the external network data to the intranet system through the second address.
In this embodiment, the external network data is a relevant communication record for the user of the internal network to communicate with the client of the enterprise through enterprise WeChat, personal WeChat, tencent QQ or other chat software. Because the communication content relates to information about business secrets such as information materials, work content and expense quotation of enterprises, the related communication records are stored in the cloud end of the corresponding chat software. If the enterprise wants to obtain the relevant communication record, the enterprise can ensure that the intranet system is not subjected to malicious Trojan implantation, information tampering and other actions when the relevant communication record is returned by the external network chat software under the condition of legal authorization, namely the safety of the intranet system is ensured. The security isolation zone is established in a buffer zone between the non-secure system and the secure system, the security isolation zone being located in a small network area between the internal network and the external network. The data transmission needs to pass through the safety isolation area, which is equivalent to adding a defense line to the intranet, and improving the protection degree of the intranet. According to the application, the deployment module 301 is used for setting the network object storage server in the security isolation area, so that different IP addresses exposed to the internal network and the external network are realized, and thus, the external network system and/or the data information written by the internal network system can be received and output, the interaction and transmission of data are realized, and the security of the internal network system is ensured; after the first address is provided for the external network, the external network data transmitted by the external network system is received through the receiving module 302, and the external network data is transmitted to the internal network through the transmitting module 303 according to the request of the internal network system, so that the data security transmission is realized. Therefore, the enterprise can safely obtain the related communication records, thereby realizing quality inspection of the related communication records, and facilitating the implementation of a series of measures such as responsibility tracking, correction, rewarding and punishment.
Further, the external network data transmission to the internal network device 300 further includes a storage module, where the storage module is configured to store the received external network data written by the external network system through the first address in a network object storage server.
In this embodiment, after the receiving module 302 receives the external network data transmitted by the external network system, the external network data is not immediately transmitted to the internal network system through the transmitting module 303, but is stored in the network object storage server through the storage module. And transmitting corresponding external network data to the internal network system according to the external network data acquisition request only when the external network data acquisition request of the internal network system is received, so as to realize data reflux.
In some optional implementations of this embodiment, the deployment module 301 is further configured to: and mapping the first address to an external network outlet address through NAT, wherein the second address is arranged in an internal network. In this embodiment, the first network card is exposed to the external network through the NAT, and the second network card configures the internal network address. The same piece of data may be accessed through different network domains. External data is written by a first address and internal data is accessed by a second address. NAT (i.e., network address translation technology) is a technology that can translate an intranet IP address into an extranet IP address.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an embodiment of a receiving module 302, where the receiving module 302 includes a first timing submodule 3021, a second synchronization submodule 3022, and a third sending submodule 3023. The first timing sub-module 3021 is configured to drive the synchronization service in a timing manner, so as to invoke a recording interface of the external network system; the second synchronization submodule 3022 is configured to deploy a synchronization service in the security isolation area, and call a recording interface of the external network system through the synchronization service to send the data writing request to the external network system; the third sending sub-module 3023 is configured to send a data writing request carrying the first address to the external network system according to the record interface of the external network system called by the synchronization service, so as to provide the first address to the external network system, and receive the external network data transmitted by the external network system through the first address.
In this embodiment, after the synchronization service is deployed in the security isolation area, the first timing submodule 3021 drives the synchronization service in a timing manner with a certain duration as a fixed period according to a preset setting; when the synchronization service is driven, the second synchronization sub-module 3022 calls the recording interface of the external network record through the synchronization service to provide the transmission channel of the data writing request. The third sending submodule 3023 sends a data writing request carrying the first address to the external network system through the recording interface. And after the external network system receives the data writing request and obtains the first address, the external network system can transmit the external network data to the network object storage server through the first address to realize data reflux.
For many companies, especially for finance business companies, relevant laws and regulations of the country require convenient supervision and quality inspection mechanisms in daily life, and the communicated information content needs to be inspected regularly, and the communicated information content is stored in an external network system, so that the internal network system is inconvenient to inspect the quality; according to the application, the network object storage server is arranged in the security area, and the IP addresses respectively positioned in the external network and the internal network are provided, so that the writing of the external network data of the external network system into the internal network system is realized, and the quality inspection information specified by national laws and regulations is timely acquired on the premise of legal compliance; meanwhile, the information security in the intranet system is ensured.
In order to solve the technical problems, the embodiment of the application also provides computer equipment. Referring specifically to fig. 6, fig. 6 is a basic structural block diagram of a computer device according to the present embodiment.
The computer device 200 includes a memory 201, a processor 202, and a network interface 203 communicatively coupled to each other via a system bus. It should be noted that only computer device 200 having components 201-203 is shown in the figures, but it should be understood that not all of the illustrated components are required to be implemented and that more or fewer components may be implemented instead. It will be appreciated by those skilled in the art that the computer device herein is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction, and its hardware includes, but is not limited to, a microprocessor, an Application SPECIFIC INTEGRATED Circuit (ASIC), a Programmable gate array (Field-Programmable GATE ARRAY, FPGA), a digital Processor (DIGITAL SIGNAL Processor, DSP), an embedded device, and the like.
The computer equipment can be a desktop computer, a notebook computer, a palm computer, a cloud server and other computing equipment. The computer equipment can perform man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch pad or voice control equipment and the like.
The memory 201 includes at least one type of readable storage medium including flash memory, hard disk, multimedia card, card memory (e.g., SD or DX memory, etc.), random Access Memory (RAM), static Random Access Memory (SRAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), programmable Read Only Memory (PROM), magnetic memory, magnetic disk, optical disk, etc. In some embodiments, the storage 201 may be an internal storage unit of the computer device 200, such as a hard disk or a memory of the computer device 200. In other embodiments, the memory 201 may also be an external storage device of the computer device 200, such as a plug-in hard disk, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD) or the like, which are provided on the computer device 200. Of course, the memory 201 may also include both internal storage units of the computer device 200 and external storage devices. In this embodiment, the memory 201 is generally used to store an operating system and various application software installed in the computer device 200, such as program codes of an external network data transmission to an internal network method. In addition, the memory 201 may be used to temporarily store various types of data that have been output or are to be output.
The processor 202 may be a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor, or other data processing chip in some embodiments. The processor 202 is generally used to control the overall operation of the computer device 200. In this embodiment, the processor 202 is configured to execute the program code stored in the memory 201 or process data, for example, execute the program code of the method for transmitting the external network data to the internal network.
The network interface 203 may comprise a wireless network interface or a wired network interface, which network interface 203 is typically used to establish communication connections between the computer device 200 and other electronic devices.
The present application also provides another embodiment, namely, a computer readable storage medium, where an external network data transmission to an internal network program is stored, where the external network data transmission to the internal network program can be executed by at least one processor, so that the at least one processor performs the steps of the external network data transmission to the internal network method described above.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present application.
It is apparent that the above-described embodiments are only some embodiments of the present application, but not all embodiments, and the preferred embodiments of the present application are shown in the drawings, which do not limit the scope of the patent claims. This application may be embodied in many different forms, but rather, embodiments are provided in order to provide a thorough and complete understanding of the present disclosure. Although the application has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described in the foregoing description, or equivalents may be substituted for elements thereof. All equivalent structures made by the content of the specification and the drawings of the application are directly or indirectly applied to other related technical fields, and are also within the scope of the application.
Claims (8)
1. The method for transmitting the extranet data to the intranet is characterized by comprising the following steps:
Setting a network object storage server in a security isolation area, wherein the network object storage server provides a first address and a second address, the first address is exposed to an external network, and the second address is set in an internal network;
Providing the first address for the external network to receive the external network data transmitted by an external network system; and
When the external network data acquisition request sent by an internal network system is received, providing the second address for the internal network system, and transmitting the external network data to the internal network system through the second address;
wherein the step of providing the first address to the external network to receive the external network data transmitted by the external network system includes:
Disposing a synchronous service in the security isolation area, and regularly driving the synchronous service to call a recording interface of the external network system, wherein the synchronous service sends a return signal to the external network system through the recording interface so as to remind the external network system of transmitting the external network data;
Wherein after the step of providing the first address to an external network to receive the external network data transmitted by the external network system, the method comprises:
after receiving the external network data written by the external network system through the first address, storing the external network data in the network object storage server;
Scanning and detecting the external network data stored in the network object storage server for a plurality of times to determine whether the external network data contains computer viruses or harmful data;
if the computer virus or the harmful data is detected, isolating or deleting the external network data;
the step of scanning and detecting the external network data stored in the network object storage server for a plurality of times includes:
scanning the external network data, and if the external network data contains keywords conforming to harmful information, confirming that the external network data is harmful data, wherein the keywords of the harmful information are obtained from a preset harmful information table;
detecting the external network data, and if the external network data contains virus feature codes in a virus database, confirming that the external network data is computer virus;
and detecting the external network data by adopting a detection mode of a feature code method.
2. The extranet data transfer to intranet method of claim 1, wherein exposing the first address to the extranet comprises:
mapping the first address to an external network outlet address through NAT;
the first address mapped to the foreign network exit address is provided to the foreign network system in the form of a uniform resource locator.
3. The method of extranet data transmission to an intranet as recited in claim 1, wherein said step of providing said first address to the extranet to receive said extranet data transmitted by the extranet system comprises:
and sending a data writing request carrying the first address to the external network system so as to provide the first address for the external network system.
4. The extranet data transfer to intranet method of claim 3, wherein sending a data write request carrying the first address to the extranet system to provide the first address to the extranet system comprises:
And deploying a synchronous service in the security isolation area, and driving the synchronous service to call a recording interface of the external network system at regular time, wherein the synchronous service sends the data writing request to the external network system through the recording interface.
5. An extranet data transmission to intranet device, comprising:
the deployment module is used for setting a network object storage server in the security isolation area, the network object storage server provides a first address and a second address, the first address is exposed to the external network, and the second address is set in the internal network;
The receiving module is used for providing the first address for the external network so as to receive the external network data transmitted by the external network system;
the transmission module is used for providing the second address for the intranet system when the extranet data acquisition request sent by the intranet system is received, and transmitting the extranet data to the intranet system through the second address;
wherein the receiving module is further configured to:
Disposing a synchronous service in the security isolation area, and regularly driving the synchronous service to call a recording interface of the external network system, wherein the synchronous service sends a return signal to the external network system through the recording interface so as to remind the external network system of transmitting the external network data;
Wherein, the transmission of the extranet data to the intranet device further comprises: after receiving the external network data written by the external network system through the first address, storing the external network data in the network object storage server; scanning and detecting the external network data stored in the network object storage server for a plurality of times to determine whether the external network data contains computer viruses or harmful data; if the computer virus or the harmful data is detected, isolating or deleting the external network data;
The step of scanning and detecting the external network data stored in the network object storage server for a plurality of times includes: scanning the external network data, and if the external network data contains keywords conforming to harmful information, confirming that the external network data is harmful data, wherein the keywords of the harmful information are obtained from a preset harmful information table; detecting the external network data, and if the external network data contains virus feature codes in a virus database, confirming that the external network data is computer virus; and detecting the external network data by adopting a detection mode of a feature code method.
6. The extranet data transmission to intranet device of claim 5, further comprising a storage module for storing the received extranet data written by the extranet system via the first address in the network object storage server.
7. A computer device comprising a memory and a processor, the memory having stored therein a computer program, the processor when executing the computer program performing the steps of the method for transferring extranet data to an intranet according to any one of claims 1 to 4.
8. A computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the method for transferring extranet data to an intranet according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010101099.XA CN111371741B (en) | 2020-02-19 | 2020-02-19 | Method, device, computer equipment and storage medium for transmitting external network data to internal network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010101099.XA CN111371741B (en) | 2020-02-19 | 2020-02-19 | Method, device, computer equipment and storage medium for transmitting external network data to internal network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111371741A CN111371741A (en) | 2020-07-03 |
| CN111371741B true CN111371741B (en) | 2024-04-26 |
Family
ID=71211386
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010101099.XA Active CN111371741B (en) | 2020-02-19 | 2020-02-19 | Method, device, computer equipment and storage medium for transmitting external network data to internal network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111371741B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112769809B (en) * | 2020-12-31 | 2022-04-19 | 广州中海云科技有限公司 | Maritime administration penalty data processing system, method, device and equipment |
| CN114745398A (en) * | 2021-01-07 | 2022-07-12 | 中国石油天然气股份有限公司 | Data acquisition and access system |
| CN114039788B (en) * | 2021-11-15 | 2023-05-26 | 绿盟科技集团股份有限公司 | Policy transmission method, gateway system, electronic equipment and storage medium |
| CN114124867B (en) * | 2021-11-18 | 2023-07-04 | 大连九锁网络有限公司 | Group-sending instant message transmission method under two-layer and three-layer mixed network structure |
| CN114039949B (en) * | 2021-12-24 | 2024-03-26 | 上海观安信息技术股份有限公司 | Cloud service floating IP binding method and system |
| CN114499986A (en) * | 2021-12-29 | 2022-05-13 | 中软信息系统工程有限公司 | Data transmission method and device and electronic equipment |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1571398A (en) * | 2004-04-29 | 2005-01-26 | 上海交通大学 | Network safety isolating and information exchanging system and method based on proxy mapping |
| CN101820449A (en) * | 2010-04-20 | 2010-09-01 | 江苏电力调度通信中心 | Cross-safety zone application service isolation platform |
| CN102394927A (en) * | 2011-10-31 | 2012-03-28 | 国云科技股份有限公司 | Method for storing and synchronizing data of internal and external networks |
| CN103118147A (en) * | 2013-01-24 | 2013-05-22 | 中国联合网络通信集团有限公司 | Method, equipment and system for accessing intranet server |
| CN104901928A (en) * | 2014-03-07 | 2015-09-09 | 中国移动通信集团浙江有限公司 | Data interaction method, device and system |
| CN104967609A (en) * | 2015-04-28 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Intranet development server access method, intranet development server access device and intranet development server access system |
| WO2015169120A1 (en) * | 2014-05-06 | 2015-11-12 | 周宏斌 | Network access system, network protection device and terminal server |
| CN109428881A (en) * | 2017-09-05 | 2019-03-05 | 中国移动通信有限公司研究院 | Network safety protection method, network element device, system and computer storage medium |
| CN109688100A (en) * | 2018-09-07 | 2019-04-26 | 平安科技(深圳)有限公司 | NAT penetrating method, device, equipment and storage medium |
| CN110602149A (en) * | 2019-10-11 | 2019-12-20 | 北京字节跳动网络技术有限公司 | External network access method, system, shunt server and internal network equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10116617B2 (en) * | 2010-11-17 | 2018-10-30 | Cardinalcommerce Corporation | System architecture for DMZ external IP addresses |
| US9165145B2 (en) * | 2013-03-11 | 2015-10-20 | Sap Se | Efficiently segregating data from externally accessible systems |
-
2020
- 2020-02-19 CN CN202010101099.XA patent/CN111371741B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1571398A (en) * | 2004-04-29 | 2005-01-26 | 上海交通大学 | Network safety isolating and information exchanging system and method based on proxy mapping |
| CN101820449A (en) * | 2010-04-20 | 2010-09-01 | 江苏电力调度通信中心 | Cross-safety zone application service isolation platform |
| CN102394927A (en) * | 2011-10-31 | 2012-03-28 | 国云科技股份有限公司 | Method for storing and synchronizing data of internal and external networks |
| CN103118147A (en) * | 2013-01-24 | 2013-05-22 | 中国联合网络通信集团有限公司 | Method, equipment and system for accessing intranet server |
| CN104901928A (en) * | 2014-03-07 | 2015-09-09 | 中国移动通信集团浙江有限公司 | Data interaction method, device and system |
| WO2015169120A1 (en) * | 2014-05-06 | 2015-11-12 | 周宏斌 | Network access system, network protection device and terminal server |
| CN104967609A (en) * | 2015-04-28 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Intranet development server access method, intranet development server access device and intranet development server access system |
| CN109428881A (en) * | 2017-09-05 | 2019-03-05 | 中国移动通信有限公司研究院 | Network safety protection method, network element device, system and computer storage medium |
| CN109688100A (en) * | 2018-09-07 | 2019-04-26 | 平安科技(深圳)有限公司 | NAT penetrating method, device, equipment and storage medium |
| CN110602149A (en) * | 2019-10-11 | 2019-12-20 | 北京字节跳动网络技术有限公司 | External network access method, system, shunt server and internal network equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111371741A (en) | 2020-07-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111371741B (en) | Method, device, computer equipment and storage medium for transmitting external network data to internal network | |
| US8898796B2 (en) | Managing network data | |
| EP3324325B1 (en) | Method, client, and system for testing application | |
| US8396939B2 (en) | Content distribution management device, terminal, program, and content distribution system | |
| CN110362372A (en) | Page translation method, device, medium and electronic equipment | |
| CN107609122B (en) | Advertisement shielding rule updating method, device, server and storage medium | |
| CN109361713A (en) | Internet risk monitoring and control method, apparatus, equipment and storage medium | |
| CN104125547A (en) | Short message processing method and device | |
| CN107634947A (en) | Limitation malice logs in or the method and apparatus of registration | |
| US20220366066A1 (en) | Display method, display device, and electronic device | |
| US11210633B2 (en) | Collaborative event processing method and apparatus | |
| CN110381026B (en) | Business service packaging and accessing system, method and device for rich client | |
| CN103366149A (en) | Method and device for processing visual graphic code for mobile terminal | |
| CN105162676A (en) | Method and system for acquiring WeChat data | |
| CN103136034A (en) | Method and browser of processing information | |
| CN104182681A (en) | Hook-based iOS (iPhone operating system) key behavior detection device and detection method thereof | |
| CN104834588A (en) | Permanent residence cross site script vulnerability detection method and apparatus | |
| CN103001934A (en) | Terminal application login method and terminal application login system | |
| CN104573486A (en) | Vulnerability detection method and device | |
| US20120239783A1 (en) | Remote operation system and remote operation method for terminal | |
| CN105677800A (en) | Method and device for processing errors during webpage accessing | |
| CN101438549A (en) | Hover to call | |
| CN115426624B (en) | Automatic login method, device, equipment and storage medium | |
| CN116304403A (en) | Webpage access method and device, computer equipment and storage medium | |
| CN108011964A (en) | Picture upload method, device, electric terminal and readable storage medium storing program for executing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |