CN114006760B - Database information security prevention and control system - Google Patents
Database information security prevention and control system Download PDFInfo
- Publication number
- CN114006760B CN114006760B CN202111282159.3A CN202111282159A CN114006760B CN 114006760 B CN114006760 B CN 114006760B CN 202111282159 A CN202111282159 A CN 202111282159A CN 114006760 B CN114006760 B CN 114006760B
- Authority
- CN
- China
- Prior art keywords
- data
- module
- layer
- database
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention provides a database information security prevention and control system which comprises a front end user layer, a front end protection layer, a middle end application layer, a rear end protection layer, a rear end data layer and a system monitoring layer, wherein the front end user layer, the front end protection layer, the middle end application layer, the rear end protection layer and the rear end data layer are all connected with the system monitoring layer, a user login module and an administrator login module are arranged in the front end user layer, the front end user layer is connected with the front end protection layer, a first firewall and a verification module are arranged in the front end protection layer, the front end protection layer is connected with the middle end application layer, and a data module and a data isolation box are arranged in the middle end application layer.
Description
Technical Field
The invention relates to the technical field of information safety protection, in particular to a database information safety prevention and control system.
Background
The database is a warehouse for organizing, storing and managing data according to a data structure, is an organized, sharable and uniformly managed collection of a large amount of data stored in a computer for a long time, the world today is an Internet world filled with data, and corresponding enterprises are filled with a large amount of data to store, and certain security protection is needed to be provided for data information in the storage process;
because of the openness of the internet world, the traditional database cannot well meet the safety requirement because of a data model and a predefined operation mode, and the situation that the database information is leaked or tampered easily occurs along with the increase of the data quantity and the increase of channels for acquiring the data, and enterprises and individuals can be subjected to unpredictable harm, so the invention provides a database information safety prevention and control system to solve the problems in the prior art.
Disclosure of Invention
Aiming at the problems, the invention aims to provide a database information security prevention and control system which adopts the arrangement of a double-layer firewall to improve the security of information, and simultaneously, the data module isolates the direct connection between a user and a database when the user and the database interact with each other so as to strengthen the security performance of the database information.
In order to achieve the purpose of the invention, the invention is realized by the following technical scheme: the utility model provides a database information security prevention and control system, includes front end user layer, front end inoxidizing coating, well end application layer, back end inoxidizing coating, back end data layer and system monitoring layer, front end user layer, front end inoxidizing coating, well end application layer, back end inoxidizing coating and back end data layer all are connected with the system monitoring layer, be equipped with user login module and administrator in the front end user layer, and front end user layer and front end inoxidizing coating are connected, be equipped with first firewall and verification module in the front end inoxidizing coating, and the front end inoxidizing coating is connected with well end application layer, be equipped with data module and data isolation case in the well end application layer and be connected with the back end inoxidizing coating, be equipped with wind control security module and second in the back end inoxidizing coating, and back end inoxidizing coating is connected with the back end data layer, be equipped with information database and virus database in the back end data layer.
The further improvement is that: the system monitoring layer is internally provided with an event recording module, a log generating module and a network monitoring module, wherein the event recording module is used for recording operation events of a user on the system, the event recording module is connected with the log generating module, the log generating module is used for generating corresponding log information according to information recorded by the event recording module, the log generating module is in butt joint with the wind control safety module, the wind control safety module is connected with the network monitoring module, and the network monitoring module is used for monitoring changes of an access network.
The further improvement is that: the back-end data layer is also internally provided with a user information database and an administrator information database, wherein the user information database is used for storing user information, and is connected with the administrator database which is used for storing administrator information.
The further improvement is that: the system also comprises a middle-end management layer, wherein a user management module, an administrator management module and a database management module are arranged in the middle-end management layer, the user management module is in butt joint with the user information database, the administrator management module is in butt joint with the administrator database, and the database management module is in butt joint with the information database.
The further improvement is that: the data module comprises a data processing unit, a data reading unit, a data temporary storage unit, a data conveying unit and a data receiving unit, and is connected with the information database through a second firewall.
The further improvement is that: the first firewall and the second firewall are both connected with a data isolation box, and the data isolation box is used for isolating problem data.
The further improvement is that: the wind control safety module is also internally preset with a system safety strategy, and wind control is carried out according to the system safety strategy.
The further improvement is that: the verification module is connected with the user information database and the manager database and is used for verifying the user information and the manager information.
The beneficial effects of the invention are as follows: the database information security prevention and control system adopts the double-layer firewall to improve the security of information, and simultaneously isolates the direct connection between a user and a database to strengthen the security of the database information when the data module enables the user to interact with the database, and comprehensively monitors the operation of the user, the operation of an administrator and a network through the set system monitoring layer, and performs wind control according to the system security policy set in the wind control security module, thereby further strengthening the security of the database information.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only some embodiments of the invention, and that other drawings can be obtained according to these drawings without inventive faculty for a person skilled in the art.
Fig. 1 is a schematic structural view of the present invention.
Fig. 2 is a schematic diagram of a data module structure according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the description of the present invention, it should be noted that the terms "first," "second," "third," "fourth," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it should be noted that, unless explicitly specified and limited otherwise, the terms "abutting", "connected" and "connected" are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the present invention will be understood in specific cases by those of ordinary skill in the art.
According to fig. 1-2, this embodiment provides a database information security prevention and control system, including a front end user layer, a front end protection layer, a middle end application layer, a back end protection layer, a back end data layer and a system monitoring layer, where the front end user layer, the front end protection layer, the middle end application layer, the back end protection layer and the back end data layer are all connected with the system monitoring layer, a user login module and an administrator login module are disposed in the front end user layer, the front end user layer is connected with the front end protection layer, a first firewall and a verification module are disposed in the front end protection layer, the front end protection layer is connected with the middle end application layer, a data module and a data isolation box are disposed in the middle end application layer, the middle end application layer is connected with the back end protection layer, a wind control security module and a second firewall are disposed in the back end protection layer, the back end protection layer is connected with the back end data layer, an information database and a virus database are disposed in the back end data layer, and a standby database is disposed in the back end data layer.
The system monitoring layer is internally provided with an event recording module, a log generating module and a network monitoring module, wherein the event recording module is used for recording operation events of a user on the system, the event recording module is connected with the log generating module, the log generating module is used for generating corresponding log information according to the information recorded by the event recording module, the log generating module is in butt joint with the wind control safety module, the wind control safety module is connected with the network monitoring module, the network monitoring module is used for monitoring changes of an access network, when a database is attacked, a large number of centralized accesses of the network can occur, or a large number of data accesses can cause network fluctuation, namely, the wind control safety module is convenient for monitoring the state of the network, in the process of the event recording module, an administrator can also record the operation together, record information, the log generating module is used for generating corresponding logs according to the recorded information, the log generating module is used for converting and storing the recorded information, so that the event recording information is not required to be stored, the event recording module can record more operations conveniently, the log generating module can be provided with a log storage unit, and the log storage unit is used for generating and storing the log, namely, the log storage operation information can be traced back to the operation log can be stored by a manager through the operation log.
The back-end data layer is also internally provided with a user information database and an administrator information database, the user information database is used for storing user information, the user information database is connected with the administrator database, the administrator database is used for storing administrator information, and information stored in the user information database and the administrator database is provided as verification information for a verification module so as to verify the identity of a user or an administrator.
The system also comprises a middle-end management layer, wherein a user management module, an administrator management module and a database management module are arranged in the middle-end management layer, the user management module is in butt joint with the user information database, the administrator management module is in butt joint with the administrator database, the database management module is in butt joint with the information database, the middle-end management layer is mainly convenient for an administrator to manage, and meanwhile, different authorities distinguish between the administrators, and the distinguishing mode is set according to actual conditions.
The data module comprises a data processing unit, a data reading unit, a data temporary storage unit, a data conveying unit and a data receiving unit, wherein the data module is connected with the information database through a second firewall, and is used for completing data interaction with a user during working, the data module plays a role of relaying, namely, the data module is used for acquiring data in the database, then the data temporary storage unit is used for interaction, the data conveying unit is used for conveying the data into the database after interaction, and meanwhile, the data conveying unit is used for scanning the second firewall and returning the data into the corresponding database during data transmission, so that modification or coverage and other operations are completed.
The first firewall and the second firewall are both connected with the data isolation box, the data isolation box is used for isolating problem data, the first firewall and the second firewall are both provided with a function of scanning data, the first firewall and the second firewall are both in butt joint with the virus database, the passing data are scanned and analyzed through samples in the virus database, the problematic files can directly enter the data isolation box, further processing is carried out by a follow-up manager, and the manager with the highest authority has control authority of the whole system.
The system security policy is preset in the wind control security module, and wind control is performed by the wind control security module according to the system security policy, wherein the system security policy is preset, such as the access times of the same user at the same time, the operation times of the same user, and the like, i.e. the system security policy is a series of regulations and rules which must be observed in the system environment to ensure certain security, and when the condition of violating the system security policy occurs, the wind control security module performs wind control management on the user, i.e. closes the operation authority of the user.
The verification module is connected with the user information database and the manager database and is used for verifying the user information and the manager information.
Meanwhile, in the application, the system monitoring layer is also provided with an alarm module, the alarm module is in butt joint with the wind control safety module, and the switch of the alarm module is controlled according to the requirement of the wind control safety module.
The foregoing has shown and described the basic principles, principal features and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, and that the above embodiments and descriptions are merely illustrative of the principles of the present invention, and various changes and modifications may be made without departing from the spirit and scope of the invention, which is defined in the appended claims. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (8)
1. The utility model provides a database information security prevention and control system, includes front end user layer, front end inoxidizing coating, well end application layer, rear end inoxidizing coating, rear end data layer and system monitoring layer, its characterized in that: the system comprises a front end user layer, a front end protection layer, a middle end application layer, a rear end protection layer and a rear end data layer, wherein the front end user layer is internally provided with a user login module and an administrator login module, the front end user layer is connected with the front end protection layer, a first firewall and a verification module are arranged in the front end protection layer, the front end protection layer is connected with the middle end application layer, a data module and a data isolation box are arranged in the middle end application layer, the middle end application layer is connected with the rear end protection layer, a wind control safety module and a second firewall are arranged in the rear end protection layer, the rear end protection layer is connected with the rear end data layer, and an information database and a virus database are arranged in the rear end data layer;
the data module comprises a data processing unit, a data reading unit, a data temporary storage unit, a data conveying unit and a data receiving unit, wherein the data module is connected with the information database through a second firewall, and when the data module works, the data module is used for completing data interaction with a user, the data module is used for acquiring data in the database, then the data temporary storage unit is used for interaction, the data conveying unit is used for conveying the data into the database after the interaction, and meanwhile, the data can be scanned by the second firewall and returned to the corresponding database in the data transmission process, so that modification or covering operation is completed.
2. The database information security prevention and control system according to claim 1, wherein: the system monitoring layer is internally provided with an event recording module, a log generating module and a network monitoring module, wherein the event recording module is used for recording operation events of a user on the system, the event recording module is connected with the log generating module, the log generating module is used for generating corresponding log information according to information recorded by the event recording module, the log generating module is in butt joint with the wind control safety module, the wind control safety module is connected with the network monitoring module, and the network monitoring module is used for monitoring changes of an access network.
3. The database information security prevention and control system according to claim 1, wherein: the back-end data layer is also internally provided with a user information database and an administrator information database, wherein the user information database is used for storing user information, and is connected with the administrator database which is used for storing administrator information.
4. A database information security prevention and control system according to claim 3, wherein: the system also comprises a middle-end management layer, wherein a user management module, an administrator management module and a database management module are arranged in the middle-end management layer, the user management module is in butt joint with the user information database, the administrator management module is in butt joint with the administrator database, and the database management module is in butt joint with the information database.
5. The database information security prevention and control system according to claim 1, wherein: the data module comprises a data processing unit, a data reading unit, a data temporary storage unit, a data conveying unit and a data receiving unit, and is connected with the information database through a second firewall.
6. The database information security prevention and control system according to claim 1, wherein: the first firewall and the second firewall are both connected with a data isolation box, and the data isolation box is used for isolating problem data.
7. The database information security prevention and control system according to claim 1, wherein: the wind control safety module is also internally preset with a system safety strategy, and wind control is carried out according to the system safety strategy.
8. A database information security prevention and control system according to claim 3, wherein: the authentication module is connected with the user information database and the manager database, and the verification module is used for verifying the user information and the manager information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111282159.3A CN114006760B (en) | 2021-11-01 | 2021-11-01 | Database information security prevention and control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111282159.3A CN114006760B (en) | 2021-11-01 | 2021-11-01 | Database information security prevention and control system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114006760A CN114006760A (en) | 2022-02-01 |
| CN114006760B true CN114006760B (en) | 2023-07-18 |
Family
ID=79926069
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111282159.3A Active CN114006760B (en) | 2021-11-01 | 2021-11-01 | Database information security prevention and control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114006760B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2156015A1 (en) * | 1995-08-14 | 1997-02-15 | Anthony Brent Nelson | Computer firewall for use between a secure network and a potentially hostile network |
| WO1998054644A1 (en) * | 1997-05-29 | 1998-12-03 | 3Com Corporation | Multilayer firewall system |
| CN101639879A (en) * | 2008-07-28 | 2010-02-03 | 成都市华为赛门铁克科技有限公司 | Database security monitoring method, device and system |
| CN102722576A (en) * | 2012-06-05 | 2012-10-10 | 西安未来国际信息股份有限公司 | Encipherment protection system and encipherment protection method for database in cloud computing environment |
| CN106656987A (en) * | 2016-11-03 | 2017-05-10 | 郑州理工职业学院 | Computer information security management system |
| CN109739203A (en) * | 2019-02-25 | 2019-05-10 | 南京世界村云数据产业集团有限公司 | A kind of industrial network Border Protection system |
| CN110022305A (en) * | 2019-03-07 | 2019-07-16 | 北京华安普特网络科技有限公司 | Web portal security guard system and method |
| CN111931239A (en) * | 2020-09-21 | 2020-11-13 | 安徽长泰信息安全服务有限公司 | Data leakage prevention system for database security protection |
| CN113094730A (en) * | 2021-04-16 | 2021-07-09 | 杭州卓健信息科技有限公司 | Medical data safety management platform based on internet |
-
2021
- 2021-11-01 CN CN202111282159.3A patent/CN114006760B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2156015A1 (en) * | 1995-08-14 | 1997-02-15 | Anthony Brent Nelson | Computer firewall for use between a secure network and a potentially hostile network |
| WO1998054644A1 (en) * | 1997-05-29 | 1998-12-03 | 3Com Corporation | Multilayer firewall system |
| CN101639879A (en) * | 2008-07-28 | 2010-02-03 | 成都市华为赛门铁克科技有限公司 | Database security monitoring method, device and system |
| WO2010012170A1 (en) * | 2008-07-28 | 2010-02-04 | 成都市华为赛门铁克科技有限公司 | Database security monitoring method, device and system |
| CN102722576A (en) * | 2012-06-05 | 2012-10-10 | 西安未来国际信息股份有限公司 | Encipherment protection system and encipherment protection method for database in cloud computing environment |
| CN106656987A (en) * | 2016-11-03 | 2017-05-10 | 郑州理工职业学院 | Computer information security management system |
| CN109739203A (en) * | 2019-02-25 | 2019-05-10 | 南京世界村云数据产业集团有限公司 | A kind of industrial network Border Protection system |
| CN110022305A (en) * | 2019-03-07 | 2019-07-16 | 北京华安普特网络科技有限公司 | Web portal security guard system and method |
| CN111931239A (en) * | 2020-09-21 | 2020-11-13 | 安徽长泰信息安全服务有限公司 | Data leakage prevention system for database security protection |
| CN113094730A (en) * | 2021-04-16 | 2021-07-09 | 杭州卓健信息科技有限公司 | Medical data safety management platform based on internet |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114006760A (en) | 2022-02-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102333090A (en) | Internal control bastion host and security access method of internal network resources | |
| CN102195991A (en) | Terminal security management and authentication method and system | |
| CN108270716A (en) | A kind of audit of information security method based on cloud computing | |
| CN110222498A (en) | A kind of supervision management system and method based on mobile interchange cloud | |
| KR20140035146A (en) | Apparatus and method for information security | |
| CN114338105B (en) | Zero trust based system for creating fort | |
| CN102025536A (en) | Method and device for collecting Unix/Linux system operation data | |
| CN107329884A (en) | The access auditing method and system of a kind of storage system | |
| CN110049028A (en) | Monitor method, apparatus, computer equipment and the storage medium of domain control administrator | |
| CN112350858A (en) | Cloud intelligent home data security management system | |
| CN101408955A (en) | Method and system determining obligation base on tactic | |
| CN113364758B (en) | Network security operation and maintenance management system based on fort machine | |
| CN114006760B (en) | Database information security prevention and control system | |
| CN112511484B (en) | U shield safety control management system | |
| CN105893376A (en) | Database access supervision method | |
| CN102053970B (en) | Database auditing method and system | |
| CN114092065A (en) | Data governance platform organizational structure and system management | |
| CN114626849A (en) | Data protection method and protection device based on block chain | |
| CN114826786A (en) | Highway toll collection auditing system | |
| KR101453487B1 (en) | A contents distribution log agent for the protection of authoring content provided as an online service, and management method thereof | |
| CN107124429A (en) | A kind of Network security protection method and system designed based on Double Data table | |
| CN114021171A (en) | Data security protection method based on big data | |
| CN102298675B (en) | Flash memory device sends method and the system thereof of alerting signal | |
| CN113364592A (en) | Engineering system file management system and method based on credit value union chain | |
| CN115473712B (en) | Cloud security service security management platform and cloud security service management method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |