CN1147738A - Fireproof wall system - Google Patents
Fireproof wall system Download PDFInfo
- Publication number
- CN1147738A CN1147738A CN 96109573 CN96109573A CN1147738A CN 1147738 A CN1147738 A CN 1147738A CN 96109573 CN96109573 CN 96109573 CN 96109573 A CN96109573 A CN 96109573A CN 1147738 A CN1147738 A CN 1147738A
- Authority
- CN
- China
- Prior art keywords
- safety
- manager
- security
- card
- router
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention consists of five parts including safety controller, system controller, router, safety card and safety card vise managing system, and it is mounted between outer Internet and inside net. The present system can protect interior resource against damage from illegal access and prevent interior data from outputting. It isolates the inside net and outer Internet and performs safety inspection to the connection or data from and to the inside net based on the safety regulations set by the system, so as to raise the safety of inside net.
Description
The present invention relates to the network security fireproof wall technology of Internet (Internet), it belongs to computer network security technology.
It is in 1993 the earliest that this notion of fire compartment wall (firewall) is introduced the Internet secure context.The most approaching existing technology of the present invention is the fire compartment wall with packet filtering function, as the FireWall-1 product of the highest CheckPoint company of present world market occupation rate, (sees FireWalls for Sale, BYTE, Vol.20, No.4,1995, P.99).Self does not possess stronger protective capacities this firewall system, can't identifying operation person identity, and the fire compartment wall itself and the network user's legitimacy can not obtain differentiating that the network security policy often can not be guaranteed on technological means, therefore is not suitable for the national conditions of China.
The objective of the invention is to: provide a kind of and carry out internal network security protection and user management, can effectively realize the network security policy, firewall system with packet filtering function by safety card, safety card CERTIFICATION AUTHORITY MANAGEMENT SYSTEM.
Task of the present invention is finished in the following manner: native system is made up of security manager, system administration manager, router, safety card and safety card CERTIFICATION AUTHORITY MANAGEMENT SYSTEM five parts.Router is carried out the control of turnover data according to the safety regulation of configuration, system administration manager is carried out the pre-configured and safety policy configuration (being referred to as system configuration) of this fire compartment wall after the mandate that obtains security manager, the mandate of security manager differentiates by safety card and Personal Identification Number and confirms that safety card is generated and management by the safety card CERTIFICATION AUTHORITY MANAGEMENT SYSTEM.
The present invention is placed between informant or inside (special use) network and the exterior I nternet, can protect internal resource not by unauthorized access and destruction, stops inner information output without issue and mandate.It can be used as the secure router between internal network and the Internet, adopts hardware mode to realize that processing speed is exceedingly fast.This fire compartment wall is through anti-sledge design, and the control of adopt that ripe at present packet filtering technology realizes internally, data flowing between the outer network realizes safeguard protection and management to firewall system itself by the safety card technology.
Security manager is made of central control module, I/O control module, safety control module, safety card identification module and communication control module etc., and it is connected with system administration manager, router by communication control module.It is a key component of the present invention, it keeps apart control (Console) port and the system administration manager (terminal) of router, the one, avoided terminal directly the network security rule to be configured from control port, the 2nd, undertaking legitimacy affirmation and Special Empower from system administration manager are being differentiated, the 3rd, implement the classification security control and collect audit information.The mandatory constraint means that this just provides technically to the configuration of Subscriber Unit network security rule reaches the purpose of protecting Subscriber Unit internal network resource security simultaneously.
The basic functional principle of security manager is that its communication control module is is constantly intercepted and captured the communication data from two ends, transmits after being judged, also can directly send order acquisition of information and data to router simultaneously.To data (order) from system administration manager, the data in the table compare judgement in the safety control module according to leaving in for it, implement other security control of classification, in case judge when needing Special Empower and carrying out legal identifications, just require the user to insert Personal Identification Number (PIN) data that safety card and input correctly identify identity.It is to carrying out necessary record and memory dump from the data (information) of router and system administration manager simultaneously, running status according to fire compartment wall, security manager provides self operating state prompting of living in, and is aided with the liquid crystal display of " normally ", " mistake " and " alarm " three kinds of states.When the configuration file of finding fire compartment wall may be modified, the warning of sounding, system for prompting the safety officer confirm.The program circuit of security manager will be illustrated in the accompanying drawing of back.
Security manager links to each other with router with system administration manager respectively by the RS232 interface, communicating to connect of control desk (system administration manager) and router is provided, additional authorization mechanism to control desk configuration router safety regulation manages, the operating position of record security manager, failure condition and collect from the parameter and the data of router, and with these data qualifications storages or be sent to control desk.
Security manager utilizes sound and light alarm to point out current action type when operating at system resource configuration and safety regulation setting.After attempting to enter safe condition and entering safe condition, except that the safety management standard-sized sheet is put, system will note the operation of all relevant security commands automatically, and should operate date, the time of carrying out, and file can be followed the trail of all relevant safety operations for a period of time thus.For possible to system resource configuration or the act of revision of the setting of safety regulation, system compares by the original safety regulation that stores and new safety regulation, can in time find incident in violation of rules and regulations, some violation incident is in time corrected automatically with reference to the basic security criterion of depositing in advance, and immediately the violation incident is carried out detailed record, comprise: incident in violation of rules and regulations, security command in violation of rules and regulations, utilize the sound and light alarm of security manager to remind operating personnel to have gross mistake simultaneously.
Router can be the product of any tool packet filtering function in the world.What model machine of the present invention adopted is Cisco 2501 products of U.S. Cisco company, and it provides Route Selection and packet filtering function, finishes according to the safety regulation of control desk configuration the filtration of turnover internal network information is controlled.Also can in the user of existing packet filtering router, install devices such as security manager and system administration manager additional and constitute system of the present invention; Can also be integrated into router in the security manager, these all are non-limiting enforcement special cases more of the present invention, do not influence generality of the present invention.
System administration manager is made up of one 386 above microcomputer or special-purpose PC and the system management software with advanced graphic user interface (GUI) function, operates under form (Windows) environment.Software requirement: operating system is DOS5.0 or upgrades version that running environment requires to Chinese Windows3.1 or upgrades version, perhaps English Windows 3.0 or renewal version (needing to load Chinese Star or other Chinese character platform software on English Windows).Hardware requirement: IBM or IBM compatible (80386DX processor, 4M internal memory, a floppy drive, a control serial port, a mouse interface), least residue hard drive space 20M.The above computer of 80486DX, the above internal memory of 8M, the above hard disk of 420M are used in suggestion.
The system management software is made of functional modules such as filtering rule editing machine, firewall state monitor, control tabulation monitor and warning information gatherers, is stored on the hard disk.
System administration manager links to each other with the control mouth of router via security manager, menu mode management and firewall system configuration and safety regulation configuration to system is provided, and collects audit information.
System administration manager is used to dispose the safety policy of whole network, control and the operation of monitoring fire compartment wall, observation login and warning information.
The present invention can use different safety regulations to be configured according to different safety requirements.We will be called pre-configured for guaranteeing the required basic configuration of network security.Pre-configured is the basic condition that makes up fire compartment wall, and the user must be added to pre-configured parameter in user's the configuration file when carrying out the route system configuration." CONFIG.SYS affirmation " program that the system management software provides compares pre-configured parameter provided by the invention and user configured operational factor, confirms whether its configuration is legal.
Firewall security rule configuration file leaves among the NVRAM of router, and it is the foundation that fire compartment wall " allows/forbid " connection or access control, controls the power to make decision that this configuration power has in fact just been grasped network security control.Taked following measure: (1) utilizes the AUX reserve order mouth of router and pre-configured it is configured to asynchronous communication (dedicated mode) mode, and this just forbids that terminal directly signs in to router from this mouth for this reason; (2), and strengthen entering the password of router privileged operation state, the management that identity is assert by the pre-configured of each communication port of router (containing the AUX mouth) forbidden that all internal and external customers sign in to router from network.Thereby, the configuration expedient of fire compartment wall is focused on the console port of router, the console port directly is connected with security manager, links system administration manager by security manager again.
The system safety manager utilizes the system management software of the present invention could be configured the system of fire compartment wall via security manager by terminal, otherwise security manager will be refused transmission information.When the system safety manager relates to the network security Control Parameter and is configured in to fire compartment wall, must be to " safety card reads in device " mouthful insertion safety card of fire compartment wall front panel, and import correct person identfication number sign indicating number (PIN), just can enter configuration status, otherwise the security manager of fire compartment wall will be refused to carry out.
The present invention's self safety is implemented protection by safety card and management system thereof.Safety card is the smart card (Smart card) with storage and processing capacity, and smart card is the microcomputer chip that comprises memory, and its size is identical with credit card, is a kind of active device that can handle cryptographic algorithm in real time.This technology belongs to known technology, and its fail safe is owing to advantages such as multi-functional, easy replacement, intellectuality are greatly improved.Safety card is by firewall security personnel keeping and use.Depositing card holder's safety certificate in the safety card, the generation of this safety certificate is to utilize advanced cryptological technique to realize that this mechanism is called " visa-granting office (CA) " by special mechanism with management.Its effect is: (1) differentiates instrument for fire compartment wall user and manager provide safety card; (2) safeguard the data item of differentiating in the safety card; (3) authority and the rank of change safety card; (4) issue safety card and generation PIN (Personal Identification Number); (5) checker of maintenance safe card.
A fire compartment wall has a safety card, and the legitimacy of safety card, validity, secure content etc. are signed and issued by a special safety card CERTIFICATION AUTHORITY MANAGEMENT SYSTEM (CAMS).The safety card CERTIFICATION AUTHORITY MANAGEMENT SYSTEM is the organic component of whole firewall system, but is managed by national departments concerned (or leading department of large-scale custom system).Only hold safety card, and have holder's Personal Identification Number (PIN), could carry out sequence of operations such as safety policy enforcement, change this fire compartment wall.
Safety card CERTIFICATION AUTHORITY MANAGEMENT SYSTEM (CAMS) be one under network environment (multiple fire-proof wall constitute interconnected environment) to a plurality of safety cards authorize, authenticate, the system of identification, maintenance and management, it provides a certificate to each safety card.This system is controlled by the department that country or governments at all levels are responsible for the fire compartment wall policy, to guarantee the legitimacy and the authority of safety card.
This CERTIFICATION AUTHORITY MANAGEMENT SYSTEM by one more than 386 microcomputer and the management software of the special exploitation of a cover constitute, the granting of its safety certificate can be off-line mode when fire compartment wall (single), also can be on-line mode (under the network environment).The safety card that CERTIFICATION AUTHORITY MANAGEMENT SYSTEM generates is mainly used in the safety storage of user secret information.It uses employed form to sticking into capable initialization according to firewall security.To be used for then security service pack into for information about the format after safety card.
The effect of safety card mainly is the safe storage of confidential data and the safe handling of fire compartment wall measure.The safe handling function can prevent the tracking attack of external attacker to the safety policy implementation procedure, and the safe storage function then can prevent unauthorized reading and writing operation.In firewall applications,, therefore just adopt safety card to store owing to be difficult to be remembered by the user based on the security parameter of cryptographic technique.
In use, user's Personal Identification Number that must have oneself activates safety card.Like this, even the safety manager also must have safety card when configuring firewalls, and with known to Personal Identification Number activate safety card, thereby reach effective protection to safety policy and this fire compartment wall self.
This security logic based on safety policy protection vital strategic secrets data is divided into following two kinds:
(1) policy safe in utilization disposes and revises core work parameter in the fire compartment wall so that obtain the authorization.This situation requires and must carry out by card safe in utilization, otherwise security module will be refused request.(2) policy not safe in utilization, no matter whether card safe in utilization to be, and security module all allows to visit fire compartment wall.But " reading " operation is only permitted in user's mandate, and any " writing " operation will be rejected.
In order to strengthen safety supervision, native system provides a Special Empower mechanism of configuring firewalls parameter.TCP (TCP/IP) is the communication protocol of Intemet, so computer that is attached thereto and network all must be installed corresponding ICP/IP protocol.According to ICP/IP protocol, any data (application layer data) of transmission all must be divided into some little datagrams (datagram), and each datagram is transmitted by physical layer after encapsulating through transport layer, IP layer and network access layer again.The data that data encapsulation is meant application layer are during by following each layer, and every layer all will oneself distinctive header be added in and receives the data segment front, delivers to down the process of one deck again.To packet filtering useful mainly be the header of transport layer and the header of IP layer.The TCP/IP form is known, and each packet all includes customizing messages such as IP source address, IP destination address, protocol type, source port number and destination slogan.Packet filtering is exactly the routing iinformation that utilizes these customizing messages and determined by router, and the control fire compartment wall stops or allows some grouping to pass through.
The present invention is by monopolizing " safety regulation is provided with power " technology and add-on security control licensing scheme, realizing tightly and reliably control and supervision and examination to network system resources configuration and safety regulation setting.In system, relate to safe parameter setting, safety regulation setting and change thereof and must pass through security audit.Security audit of the present invention has three grades of general management level, supervisor level and safety management levels etc.Enter the safety management level, need hold legal safety card and the correct safety card password of input.
System of the present invention is based on the network security control system of packet filtering technology, the safety regulation that it is set according to the user, to carrying out the security inspection analysis one by one into and out of grouping, it is unblocked that guarantee meets the grouping information of safety condition, stop the grouping information that does not meet safety condition to be passed through, thereby guarantee the safety of internal network.Therefore the correct configuration of safety regulation is the key that guarantees network security.
The configuration of safety regulation is in order to stop the attack possible to internal network; the present invention does not carry out the safety regulation configuration when dispatching from the factory; any freedom of information turnover on the default permission network; be that it only possesses routing function; firewall functionality remains after the user carries out the configuration of suitable safety regulation according to detailed policy, just can reach the purpose of protection internal network security.The present invention can use different safety regulations to be configured according to different safety requirements.The present invention also is equipped with and guarantees the required basic configuration of network security, and is promptly pre-configured." CONFIG.SYS affirmation " program that the system management software provides compares pre-configured parameter of the present invention and user configured operational factor, confirms whether its configuration is legal.
The use of native system except that satisfying the electric product conditions needed, also should be specifically noted that security context, and certain fire prevention, thief-proof, flood control and measure such as dustproof must be arranged, and dehumidification equipment should be considered in the place that has a humid climate; Anti-static precautions should be considered in dry place.
The invention is characterized in: native system is made of security manager, system administration manager, router, safety card and safety card CERTIFICATION AUTHORITY MANAGEMENT SYSTEM five parts.Router is carried out the control of turnover data according to the safety regulation of configuration, system administration manager is carried out the pre-configured and safety policy configuration (being referred to as system configuration) of this fire compartment wall after the mandate that obtains security manager, the mandate of security manager differentiates by safety card and Personal Identification Number and confirms that safety card is generated and management by the safety card CERTIFICATION AUTHORITY MANAGEMENT SYSTEM.
The present invention is placed between internet information supplier or internal network or dedicated network and the external network.The present invention adopts known packet filtering technology, its operation principle is the safety regulation according to configuration, source/address, place of advancing/going out grouping or port and control corresponding agreement are adjudicated, decision advance/go out grouping " allowing/forbid " by and make corresponding Route Selection.
Security manager is made of central control module, I/O control module, safety control module, safety card identification module and communication control module etc., and it is connected with system administration manager, router by communication control module.
The basic functional principle of security manager is, its communication control module is is constantly intercepted and captured the communication data from two ends, transmit after being judged, also can directly send order acquisition of information and data simultaneously to router, to data (order) from system administration manager, the data in the table compare judgement in the safety control module according to leaving in for it, implement other security control of classification, in case judge when needing Special Empower and carrying out legal identifications, just require the user to insert Personal Identification Number (PIN) data that safety card and input correctly identify identity.It is to carrying out necessary record and memory dump from the data (information) of router and system administration manager simultaneously, running status according to fire compartment wall, security manager provides self operating state prompting of living in, and is aided with the liquid crystal display of " normally ", " mistake " and " alarm " three kinds of states.When the configuration file of finding fire compartment wall may be modified, the warning of sounding, system for prompting the safety officer confirm.
System administration manager is made up of one 386 above microcomputer or special-purpose PC and the system management software with advanced graphic user interface (GUI) function, operates under the Windows environment.Software requirement: operating system is DOS5.0 or upgrades version that running environment requires to Chinese Windows3.1 or upgrades version, perhaps English Windows 3.0 or renewal version (needing to load Chinese Star or other Chinese character platform software on English Windows).Hardware requirement: IBM or IBM compatible (80386DX processor, 4M internal memory, a floppy drive, a control serial port, a mouse interface), least residue hard drive space 20M.The above computer of 80486DX, the above internal memory of 8M, the above hard disk of 420M are used in suggestion.
The system management software is made of each functional modules such as filtering rule editing machine, firewall state monitor, control tabulation monitor and warning information gatherers, and is stored in the hard disk.
System administration manager links to each other with the control mouth of router via security manager, menu mode management and firewall system configuration and safety regulation configuration to system is provided, and collects audit information.
Router can adopt the router product of various tool packet filtering functions more common on the present world market.Also can in the user of existing packet filtering router, install devices such as security manager and system administration manager additional and constitute system of the present invention; Can also be integrated into router in the security manager, these all are special cases more of the present invention, do not influence generality of the present invention.
The present invention is by monopolizing " safety regulation is provided with power " technology and add-on security control licensing scheme, realizing tightly and reliably control and supervision and examination to network system resources configuration and safety regulation setting.In system, relate to safe parameter setting, safety regulation setting and change thereof and must pass through security audit.Security audit of the present invention has three grades of general management level, supervisor level and safety management levels etc.Enter the safety management level, need hold legal safety card and the correct safety card password of input.
Security manager links to each other with router with system administration manager respectively by the RS232 interface, communicating to connect of control desk and router is provided, additional authorization mechanism to control desk configuration router safety regulation manages, the operating position of record security manager, failure condition and collect from the parameter and the data of router, and with these data qualifications storages or be sent to control desk.
Security manager will utilize sound and light alarm to point out current action type when operating at system resource configuration and safety regulation setting.After attempting to enter safe condition and entering safe condition, except that the safety management standard-sized sheet is put, system will note the operation of all relevant security commands automatically, and should operate date, the time of carrying out, and file can be followed the trail of all relevant safety operations for a period of time thus.For possible to system resource configuration or the act of revision of the setting of safety regulation, system compares by the original safety regulation that stores and new safety regulation, can in time find incident in violation of rules and regulations, some violation incident is in time corrected automatically with reference to the basic security criterion of depositing in advance, and immediately the violation incident is carried out detailed record, comprise: incident in violation of rules and regulations, security command in violation of rules and regulations, utilize the sound and light alarm of security manager to remind operating personnel to have gross mistake simultaneously.
The present invention is described further below in conjunction with accompanying drawing.
Fig. 1 is the location drawing of the present invention in the Internet net.It is installed between internal network and the exterior I nternet, can protect internal resource not by unauthorized access and destruction, stops inner information output without issue and mandate.Filtering Router is Cisco 2501 products of a Cisco company, and it provides Route Selection and packet filtering function, finishes according to the safety regulation of control desk configuration the filtration of turnover internal network information is controlled.
Fig. 2 is a structured flowchart of the present invention.Safety card inserts card reader, and at the correct PIN of terminal input, after central control module was handled the affirmation mandate, system administration manager had just possessed the right of system configuration, then by I/O control module output LED display message, and can be configured router.
Fig. 3 is that security manager of the present invention is realized block diagram.The safety card identification module of security manager is made of a BullCP8 card reader, it is connected with safety control module by the RS232 mouth, central control module adds the part memory device by a CPU (80486) and forms, the I/O control module constitutes by 8255, the software program of safety control module and communication control module is handled in central control module, and communication control module all adopts the RS232 mouth with being connected of system administration manager and router.
Fig. 4 is the program flow diagram of security manager of the present invention.
Claims (5)
1. a firewall system is characterized in that,
(1) it is made up of security manager, system administration manager, router, safety card and safety card CERTIFICATION AUTHORITY MANAGEMENT SYSTEM five parts;
(2) it is placed between informant or internal network or dedicated network and the outside Internet;
(3) it adopts the router with packet filtering function to be connected with external network, and router is controlled the turnover data according to the safety regulation of configuration;
(4) it realizes system configuration by system administration manager, and system administration manager is the executive system configuration after the mandate that obtains security manager;
(5) it provides the mandate of system configuration to differentiate by security manager, and the mandate of security manager differentiates that by affirmations such as safety cards safety card is generated and management by the safety card CERTIFICATION AUTHORITY MANAGEMENT SYSTEM.
2. system according to claim 1 is characterized in that,
(1) security manager is made of communication control module, central control module, I/O control module, safety control module and safety card identification module etc.;
(2) security manager utilizes safety card identification module identification safety card;
(3) security manager is connected with system administration manager, router by its communication control module, and communication control module adopts the RS232 interface to link to each other with router with system administration manager respectively;
Mandate when (4) security manager provides the system administration manager system configuration is differentiated.
3. according to the system administration manager of the described system of claim 1, it is characterized in that,
(1) it is made of one 386 above microcomputer or dedicated microcomputer or work station and a cover system management software, and software runtime environment is a form;
(2) it is connected with security manager by the RS232 mouth;
(3) it links to each other with the control mouth of router via security manager, and the menu mode management to system is provided, and carries out firewall system configuration and safety regulation configuration, and collects audit information;
(4) system management software is made of functional modules such as filtering rule editing machine, firewall state monitor, control tabulation monitor and warning information gatherers;
(5) it must obtain the mandate of security manager when carrying out the configuration of network security policy.
4. system according to claim 1 is characterized in that,
(1) safety card is a smart card with storage and processing capacity, is depositing card holder's safety certificate in the card;
(2) generation of safety card safety certificate and management are by independently safety card CERTIFICATION AUTHORITY MANAGEMENT SYSTEM realization;
(3) the safety card CERTIFICATION AUTHORITY MANAGEMENT SYSTEM is made of one 386 above microcomputer and a cover dedicated management software.
5. according to the program circuit of the described system security management device of claim 1, it is characterized in that,
(1) communication control module of security manager is is constantly intercepted and captured the communication data from two ends, transmits after being judged, also can directly send order acquisition of information and data to router simultaneously;
(2) to data from system administration manager, the data in the table compare judgement to security manager in the safety control module according to leaving in, implement other security control of classification, in case judge when needing Special Empower and carrying out legal identifications, just require the user to insert the Personal Identification Number that safety card and input correctly identify identity;
(3) the while security manager is to carrying out necessary record and memory dump from the data of router and system administration manager, running status according to fire compartment wall, security manager provides self operating state prompting of living in, and is aided with the liquid crystal display of " normally ", " mistake " and " alarm " three kinds of states;
(4) when the configuration file of finding fire compartment wall may be modified, the security manager warning of sounding, system for prompting the safety officer confirm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN96109573A CN1075695C (en) | 1996-09-02 | 1996-09-02 | Fireproof wall system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN96109573A CN1075695C (en) | 1996-09-02 | 1996-09-02 | Fireproof wall system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1147738A true CN1147738A (en) | 1997-04-16 |
| CN1075695C CN1075695C (en) | 2001-11-28 |
Family
ID=5120452
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN96109573A Expired - Fee Related CN1075695C (en) | 1996-09-02 | 1996-09-02 | Fireproof wall system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1075695C (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100337222C (en) * | 2004-07-15 | 2007-09-12 | 联想网御科技(北京)有限公司 | A firewall and access restriction method thereof |
| CN100338930C (en) * | 1999-10-30 | 2007-09-19 | Sap股份公司 | Method and transaction interface for secure data exchange between distinguishable networks |
| CN100373867C (en) * | 2005-01-14 | 2008-03-05 | 北邮英科(北京)信息技术研究所有限公司 | Massive parallel processing apparatus and method for network isolation and information exchange module |
| CN100389400C (en) * | 2002-09-06 | 2008-05-21 | 美国凹凸微系有限公司 | VPN and firewall integrated system |
| CN100414938C (en) * | 2004-01-05 | 2008-08-27 | 华为技术有限公司 | Network safety system and method |
| CN100428731C (en) * | 2006-06-02 | 2008-10-22 | 清华大学 | Method for preventing star-shape network from invading and attacking based on intelligent exchanger |
| CN101945084A (en) * | 2009-07-09 | 2011-01-12 | 精品科技股份有限公司 | Client web browsing control system and method |
| CN101263466B (en) * | 2005-09-12 | 2011-02-09 | 微软公司 | Method for perceiving firewall traversal |
| CN102364491A (en) * | 2011-11-01 | 2012-02-29 | 宇龙计算机通信科技(深圳)有限公司 | Method for managing data authority, and terminal |
| CN1577342B (en) * | 2003-07-07 | 2012-10-31 | 株式会社日立制作所 | Method for accessing corresponding machine of network and apparatus thereof |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1324867C (en) * | 2003-12-30 | 2007-07-04 | 华为技术有限公司 | Route exchanger of integrated fire proof wall |
| CN100444582C (en) * | 2006-01-24 | 2008-12-17 | 杭州华三通信技术有限公司 | Switching device with firewall function |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5416842A (en) * | 1994-06-10 | 1995-05-16 | Sun Microsystems, Inc. | Method and apparatus for key-management scheme for use with internet protocols at site firewalls |
-
1996
- 1996-09-02 CN CN96109573A patent/CN1075695C/en not_active Expired - Fee Related
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100338930C (en) * | 1999-10-30 | 2007-09-19 | Sap股份公司 | Method and transaction interface for secure data exchange between distinguishable networks |
| CN100389400C (en) * | 2002-09-06 | 2008-05-21 | 美国凹凸微系有限公司 | VPN and firewall integrated system |
| US7596806B2 (en) | 2002-09-06 | 2009-09-29 | O2Micro International Limited | VPN and firewall integrated system |
| CN1577342B (en) * | 2003-07-07 | 2012-10-31 | 株式会社日立制作所 | Method for accessing corresponding machine of network and apparatus thereof |
| CN100414938C (en) * | 2004-01-05 | 2008-08-27 | 华为技术有限公司 | Network safety system and method |
| CN100337222C (en) * | 2004-07-15 | 2007-09-12 | 联想网御科技(北京)有限公司 | A firewall and access restriction method thereof |
| CN100373867C (en) * | 2005-01-14 | 2008-03-05 | 北邮英科(北京)信息技术研究所有限公司 | Massive parallel processing apparatus and method for network isolation and information exchange module |
| CN101263466B (en) * | 2005-09-12 | 2011-02-09 | 微软公司 | Method for perceiving firewall traversal |
| CN100428731C (en) * | 2006-06-02 | 2008-10-22 | 清华大学 | Method for preventing star-shape network from invading and attacking based on intelligent exchanger |
| CN101945084A (en) * | 2009-07-09 | 2011-01-12 | 精品科技股份有限公司 | Client web browsing control system and method |
| CN102364491A (en) * | 2011-11-01 | 2012-02-29 | 宇龙计算机通信科技(深圳)有限公司 | Method for managing data authority, and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1075695C (en) | 2001-11-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1075695C (en) | Fireproof wall system | |
| US8667589B1 (en) | Protection against unauthorized access to automated system for control of technological processes | |
| US7725558B2 (en) | Distributive access controller | |
| CN103621038B (en) | Middleware machine environment being supported, subnet management packet fire wall limits and the system and method for at least one in service protection | |
| AU2004248605A1 (en) | Event monitoring and management | |
| CN106789964A (en) | Cloud resource pool data safety detection method and system | |
| KR101552950B1 (en) | direct access management system for a server and network device | |
| CN101331494A (en) | System and method for authorizing information flows | |
| CN1621994A (en) | Computer security control module and safeguard control method thereof | |
| CN103684922A (en) | Outlet information privacy checking detection platform system based on SDN (self-defending network) and detection method | |
| CN107563213A (en) | A kind of safe and secret control device of anti-storage device data extraction | |
| CN107196932A (en) | Managing and control system in a kind of document sets based on virtualization | |
| CN107247907A (en) | A kind of electric automobile interconnects Information Security Defending System | |
| CN1243312C (en) | Embedded safety module and its safety protection method | |
| CN1178951A (en) | Special grouped filter fire-proof wall | |
| CN2771917Y (en) | Computer safety control module | |
| CN110221991A (en) | The management-control method and system of computer peripheral | |
| CN1416093A (en) | System for monitoring network bar | |
| CN106375434A (en) | Industrial sewage monitoring system | |
| CN113110354A (en) | Ferry-based industrial data security system and method | |
| RU2571372C1 (en) | System for protecting information containing state secrets from unauthorised access | |
| CN1882898A (en) | Method for accessing a data processing system | |
| CN201203867Y (en) | Credible computing system | |
| RU2648942C1 (en) | System of protection of information from unauthorized access | |
| CN202663423U (en) | Monitoring system based on intranet of multiple trust levels |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| C57 | Notification of unclear or unknown address | ||
| DD01 | Delivery of document by public notice |
Addressee: Tianrongxin Technology and Trade Co., Ltd., Beijing Document name: Notice of correction |
|
| ASS | Succession or assignment of patent right |
Owner name: BEIJING TIANRONG XIN NETWORK SECURITY TECHNOLOGY Free format text: FORMER OWNER: BEIJING TIANRONGXIN TECHNOLOGY AND TRADING CO., LTD. Effective date: 20010712 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20010712 Applicant after: Beijing Topsec Network Safety Technology Co., Ltd. Applicant before: Tianrongxin Technology and Trade Co., Ltd., Beijing |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C19 | Lapse of patent right due to non-payment of the annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |