CN115001906B - Security gateway - Google Patents
Security gateway Download PDFInfo
- Publication number
- CN115001906B CN115001906B CN202210621866.9A CN202210621866A CN115001906B CN 115001906 B CN115001906 B CN 115001906B CN 202210621866 A CN202210621866 A CN 202210621866A CN 115001906 B CN115001906 B CN 115001906B
- Authority
- CN
- China
- Prior art keywords
- data
- module
- field station
- access control
- network access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 claims abstract description 24
- 238000013500 data storage Methods 0.000 claims abstract description 18
- 238000002955 isolation Methods 0.000 claims abstract description 14
- 238000004891 communication Methods 0.000 claims abstract description 13
- 238000012795 verification Methods 0.000 claims abstract description 10
- 238000011217 control strategy Methods 0.000 claims abstract description 6
- 230000003993 interaction Effects 0.000 claims abstract description 6
- 238000004806 packaging method and process Methods 0.000 claims abstract description 4
- 238000013524 data verification Methods 0.000 claims description 9
- 238000000034 method Methods 0.000 abstract description 11
- 238000012423 maintenance Methods 0.000 abstract description 9
- 230000005540 biological transmission Effects 0.000 description 7
- 238000007689 inspection Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000013459 approach Methods 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 240000007651 Rubus glaucus Species 0.000 description 2
- 235000011034 Rubus glaucus Nutrition 0.000 description 2
- 235000009122 Rubus idaeus Nutrition 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000035800 maturation Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005553 drilling Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000005684 electric field Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a security gateway, include: the external network access control module is used for controlling external network access data according to an external network access control strategy issued by the field station control center; the intranet access control module is used for carrying out port isolation according to the isolation instruction sent by the data storage module; the network communication module is used for carrying out online authentication and offline authentication on data and carrying out data interaction with the field station management and control center or the switch when verification passes; and the data storage module is used for packaging and storing the operation data of the field station. The method and the device can be responsible for access control of network boundaries and network interiors, and can isolate problem equipment and self-manage, so that the method and the device are applicable to wider scenes. Meanwhile, the gateway has low cost and extremely low requirement on hardware performance, and compared with the existing firewall products which need to know the subnet environment, master the network protocol knowledge and meet the requirement of the firewall product policy configuration, the operation and maintenance cost of the gateway is also greatly reduced.
Description
Technical Field
The application relates to the field of field station data safety transmission technology, in particular to a safety gateway.
Background
With the adoption of the method, in the global Internet of things, particularly in field station/cabinet scenes, such as offshore oil drilling platforms, offshore wind farms, desert solar electric fields and the like, an offline mode is adopted for working because network construction is not in place or bandwidth is insufficient, namely, a workstation needs to temporarily store data to be exchanged, and data uploading and data downloading are completed when inspection equipment or inspection personnel approach. In order to ensure the safe transmission of the field station/cabinet network data, the current mode is to deploy access control equipment such as commercial firewall or industrial firewall at the subnet boundary so as to intercept, analyze and compare the traffic entering and exiting the subnet and then determine whether to release the network communication packet.
However, this approach tends to have its own drawbacks: firstly, the division in the mode can actually split the functions of network monitoring, network interception and interaction with the upper network, so that each safety product needs to establish an independent management and control system, and the operation is complex and the application range is limited; secondly, the firewall is only deployed at the network boundary and can only control the flow entering and exiting the sub-network, but cannot control the intranet, so that the protection capability of the firewall cannot meet the safety requirement on field war data transmission; thirdly, the mode relies on manual inspection, so that the requirement on the working capacity of inspection personnel is high, the number of field stations is huge, the inspection work is necessary to consume a large amount of manpower and material resources, and the development difficulty is extremely high; meanwhile, the manufacturing cost of the firewall is relatively high, so that the cost of the method is high, and the economical efficiency is poor.
Disclosure of Invention
The utility model aims to provide a security gateway to solve the problem that the existing field station data transmission adopts to prevent wall and manual inspection mode in existence with high costs, complex operation, develop the degree of difficulty big and application scope limitation.
To achieve the above object, the present application provides a security gateway, including:
the external network access control module is used for controlling external network access data according to an external network access control strategy issued by the field station control center;
the intranet access control module is used for carrying out port isolation according to the isolation instruction sent by the data storage module;
the network communication module is used for carrying out online authentication and offline authentication on data and carrying out data interaction with the field station management and control center or the switch when verification passes;
and the data storage module is used for packaging and storing the operation data of the field station.
Further, preferably, the security gateway further includes:
the wireless on-duty machine is used for starting the wireless network card to search surrounding hot spots when the field station is in an off-line state.
Further, preferably, the data storage module is further configured to receive alarm information issued by a field station management and control center, and change a control policy of the external network access control module or an isolation instruction of the internal network access control module according to the alarm information.
Further, preferably, the data storage module is further configured to send the stored data to a field station management center when the field station is in an on-line mode.
Further, preferably, the data storage module is further configured to send the stored data to the switch when the field station is in the offline mode.
Further, preferably, the external network access control module is disposed at a network boundary, and the internal network access control module is connected with the switch.
Further, preferably, the external network access control module adopts iptables or firewall modules in linux.
Further, preferably, the external network access control module is further configured with an open source VPN module, configured to establish an encrypted channel with a field station management center.
Further, preferably, the network communication module includes:
the device comprises a data receiving module, a data transmitting module and a data verifying module;
the data verification module is used for carrying out data verification, when the verification passes, the data sent by the field station management and control center or the switch which is received by the data receiving module is stored into the data storage module,
or the data passing the verification is sent to a field station management and control center or a switch through a data sending module.
Further, preferably, the data verification module is further configured to:
when the field station is in an offline mode, verifying the data sent by the switch;
and when the field station is in an online mode, carrying out information source authentication and data integrity check on data issued by a field station management and control center.
Compared with the prior art, the beneficial effect of this application lies in:
1) The method and the device can be responsible for access control at the boundary and inside the network, and can isolate problem equipment and self-manage, so that the method and the device can be widely used.
2) The device has low cost and extremely low requirement on hardware performance, can be deployed on low-cost hardware such as raspberry pie and the like, and can reduce the variation cost by one order of magnitude compared with the existing product after the product is formed.
3) The operation and maintenance cost of the application is lower, and only the fastening installation is needed, and the electric connection is needed. Compared with the existing firewall products which need to know the subnet environment, grasp the network protocol knowledge and meet the requirements of the firewall product policy configuration, the cost of the application is greatly reduced.
Drawings
In order to more clearly illustrate the technical solutions of the present application, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of a security gateway according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a security gateway according to another embodiment of the present application;
fig. 3 is a schematic structural diagram of a hardware configuration of a security gateway according to an embodiment of the present application;
fig. 4 is a schematic diagram of a security gateway applied to a field station supervision process according to an embodiment of the present disclosure.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
It should be understood that the step numbers used herein are for convenience of description only and are not limiting as to the order in which the steps are performed.
It is to be understood that the terminology used in the description of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
The terms "comprises" and "comprising" indicate the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
The term "and/or" refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
It should be noted that, in order to ensure the data communication security of the field station/cabinet network scenario, the current main mode is to deploy access control equipment, such as a commercial firewall or an industrial firewall, at the subnet boundary, and then intercept and analyze the traffic entering and exiting the subnet; after the parallel policy, a decision is made as to whether to release the network communication packet. However, this approach has a number of drawbacks: first, the protection capability is not applicable, and the traditional network access control product can only be deployed at the network boundary, can only control the flow entering and exiting the subnetwork, but can not prevent and control the intranet port, so that the traditional network access control product is not applicable to the subnetwork environment of the field station. And a hacker can break through physical protection, directly access the attack equipment into the subnet or replace the existing networking equipment, and simulate the IP address of the existing equipment to attack. In this case, neither the existing commercial firewalls nor the industrial firewalls are capable. Secondly, the application range is very limited, because the access control is only deployed at the network boundary, but in the actual situation, the field station can not be timely networked for various reasons, the field station does not need to be connected with the internet of the computing center at ordinary times, and work is independently carried out, under the condition, the working form of the firewall is not applicable, and the monitoring of the working process of the field station can not be realized. Thirdly, the requirement on the capability of the patrol personnel is too high, and under the field station scene, the patrol personnel conforming to the network safety working capability has the safety production working capability of the field station and needs to master the network knowledge and the network safety knowledge, so that the operation and maintenance cost of the whole domain Internet of things is necessarily higher. Fourth, the cost of this way is high, because the most inexpensive products of commercial firewall are over 1 ten thousand at present, the cost of industrial firewall is 3-5 ten thousand, and the cost of a field station is only about several thousand to several ten thousand yuan, and the quantity is huge, if such products as firewall are configured for each field station, it is obviously quite unreasonable in terms of economy, and it is also difficult to accept by field station operation units. Therefore, the application aims to provide a security gateway which replaces the traditional firewall mode, so that the data security transmission of the field station can be ensured, the cost can be reduced, and the application range is enlarged.
Referring to fig. 1, an embodiment of the present application provides a security gateway. As shown in fig. 1, the security gateway includes modules 01-04. The specific functions of each module are as follows:
the external network access control module 01 is used for controlling external network access data according to an external network access control strategy issued by a field station control center;
preferably, the external network access control module 01 can adopt a maturation module of iptables or firewall of linux community maturation, and is applied to a network boundary, and a policy is issued by a superior level center.
The intranet access control module 02 is used for carrying out port isolation according to the isolation instruction sent by the data storage module 04;
specifically, the intranet access control module 02 is connected with the switch through a serial port, and performs port isolation according to the isolation instruction sent by the data storage module 04;
the network communication module 03 is used for carrying out online authentication and offline authentication on data and carrying out data interaction with a field station management and control center or a switch when verification passes;
and the data storage module 04 is used for packaging and storing the operation data of the field station.
In a certain embodiment, the data storage module 04 is further configured to receive alarm information issued by a field station management and control center, and change a control policy of the external network access control module 01 or an isolation instruction of the internal network access control module 02 according to the alarm information; the system is also used for transmitting the stored data to a field station management and control center when the field station is in an on-line mode; and is also used to transmit the stored data to the switch when the field station is in an offline mode.
It can be understood that the data storage module 04 is a security center of the field station, and can accept the alarm information sent by the superior level center and the on-line monitoring equipment; the external network access control strategy and the internal network access control module 02 can be changed according to the alarm information, and the execution result is recorded; the log information, the equipment information and the operation and maintenance records of the field station which are administrated by the invention can be packaged and directly sent to the superior level center in an on-line mode, and delivered to the data switch in an off-line mode.
Referring to fig. 2, in one embodiment, the security gateway further includes:
the wireless on-duty machine 05 is used for starting the wireless network card to search surrounding hot spots when the field station is in an off-line state. In practical application, the wireless network card can be opened periodically to search for the close hot spot. The wireless on-duty machine 05 is applied to an off-line scene and waits for the approach of a data switch; in addition, the wireless watch box 05 also provides a planning function, and can watch in a timing or preset next contact mode according to the operation and maintenance strategy of the upper computing center. And the wireless network card is prevented from being started in the unscheduled time, so that the wireless attack surface is further reduced.
In a certain preferred embodiment, the external network access control module 01 is further configured with an open source VPN module, configured to establish an encrypted channel with a field station management center. By establishing the encryption channel, the safety of data communication can be further ensured, and the data transmission process is prevented from being cracked or invaded.
Referring to fig. 2, in one embodiment, the network communication module 03 specifically includes a data receiving module 031, a data transmitting module 032, and a data verifying module 033; wherein their respective functions are as follows:
the data verification module 033 is used for performing data verification, when the verification passes, the data sent by the field station management center or the switch received by the data receiving module 031 is stored in the data storage module 04,
or the data passing the verification is sent to a field station management and control center or a switch through a data sending module 032.
As a preferred embodiment, the data verification module 033 is further configured to:
when the field station is in an offline mode, verifying the data sent by the switch;
and when the field station is in an online mode, carrying out information source authentication and data integrity check on data issued by a field station management and control center.
IN a certain embodiment, a preferred hardware configuration of the security gateway is also provided, as shown IN fig. 3, and as can be seen from fig. 3, the security gateway includes at least three interfaces, i.e. an IN port, an OUT port and a CONSOLE port; when entering an offline mode, an IN port or an OUT port is accessed to a switch network port; when entering an online mode, an OUT port is accessed to a superior network, an IN port is accessed to a switch network port (the port of the original superior network access switch); while the con state port typically runs the 485 protocol and accesses the switch's con state port.
Referring to fig. 4, in one embodiment, a schematic diagram of the monitoring process using the security gateway described above for a field station is provided. As can be seen from fig. 4, the field station network security monitor performs data interaction with the security operation and maintenance management and control center through a general field station gateway (i.e., the security gateway provided in the present application), where the field station network security monitor includes an industrial personal computer, a conventional detector, a conventional actuator, an intelligent instrument, an intelligent controller, and the like, when the security operation and maintenance management and control center performs online management on the field station network security monitor, access control of the internal network and the external network can be implemented through the gateway, so as to ensure access and data transmission security in the past; and when the network environment is poor, the off-line management can be directly carried out through the data switch.
In summary, the security gateway provided by the present application only performs network isolation, log and data exchange, and can implement simple network access control by using the existing open source code, which is applied to the online management situation. Specifically, the present application can achieve at least the following effects:
1) The traditional boundary protection concept is jumped out, access control of network boundaries and the inside of a network can be responsible through system architecture reformation, and problem equipment and self management can be isolated, so that the system is applicable to various scenes and has strong popularization.
2) The method has extremely low requirements on hardware performance, can be deployed on low-cost hardware such as raspberry pie and the like, and can reduce the variation cost by one order of magnitude compared with the existing product after the product is formed, so that the security gateway has low manufacturing cost.
3) The application has extremely low operation and maintenance cost, and only needs to be fastened and installed, and the electric connection is achieved. Compared with the existing firewall products, the firewall products need to know the subnet environment, master the network protocol knowledge and meet the requirements of the firewall product policy configuration, and the operation and maintenance cost of the security gateway is greatly reduced.
In the several embodiments provided in this application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and the division of the units is merely one logical function division, and there may be other ways of dividing the same in practical applications, for example, multiple units or page components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical, or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in hardware plus software functional units. The integrated units implemented in the form of software functional units described above may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium, and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to perform part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Finally, it should be noted that the above embodiments are merely for illustrating the technical solution of the present application, and are not limiting thereof; although the present application has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art that the technical solutions described in the foregoing embodiments may be modified or some of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.
Claims (5)
1. A security gateway, comprising:
the external network access control module is used for controlling external network access data according to an external network access control strategy issued by the field station control center;
the intranet access control module is used for carrying out port isolation according to the isolation instruction sent by the data storage module;
the network communication module is used for carrying out online authentication and offline authentication on data and carrying out data interaction with the field station management and control center or the switch when verification passes; the system is also used for receiving alarm information issued by a field station management and control center and changing a control strategy of an external network access control module or an isolation instruction of an internal network access control module according to the alarm information;
the data storage module is used for packaging and storing the operation data of the field station;
the wireless on-duty machine is used for starting the wireless network card to search surrounding hot spots when the field station is in an off-line state;
the external network access control module is deployed at a network boundary, and the internal network access control module is connected with the switch;
the data storage module is also used for sending the stored data to a field station management and control center when the field station is in an on-line mode; when the field station is in an offline mode, the stored data is transmitted to the switch.
2. The security gateway of claim 1, wherein the extranet access control module employs iptables or firewall modules in linux.
3. The security gateway of claim 1, wherein the extranet access control module is further configured with an open source VPN module for establishing an encrypted channel with a field station management center.
4. The security gateway of claim 1, wherein the network communication module comprises:
the device comprises a data receiving module, a data transmitting module and a data verifying module;
the data verification module is used for carrying out data verification, when the verification passes, the data sent by the field station management and control center or the switch which is received by the data receiving module is stored into the data storage module,
or the data passing the verification is sent to a field station management and control center or a switch through a data sending module.
5. The security gateway of claim 4, wherein the data verification module is further configured to:
when the field station is in an offline mode, verifying the data sent by the switch;
and when the field station is in an online mode, carrying out information source authentication and data integrity check on data issued by a field station management and control center.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210621866.9A CN115001906B (en) | 2022-06-02 | 2022-06-02 | Security gateway |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210621866.9A CN115001906B (en) | 2022-06-02 | 2022-06-02 | Security gateway |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115001906A CN115001906A (en) | 2022-09-02 |
CN115001906B true CN115001906B (en) | 2024-03-29 |
Family
ID=83031034
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210621866.9A Active CN115001906B (en) | 2022-06-02 | 2022-06-02 | Security gateway |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115001906B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101277308A (en) * | 2008-05-23 | 2008-10-01 | 杭州华三通信技术有限公司 | Method for insulating inside and outside networks, authentication server and access switch |
CN106941494A (en) * | 2017-03-30 | 2017-07-11 | 中国电力科学研究院 | A kind of security isolation gateway and its application method suitable for power information acquisition system |
CN111935068A (en) * | 2020-06-12 | 2020-11-13 | 工业互联网创新中心(上海)有限公司 | Big data platform, server side thereof, security authentication system and method |
CN112003750A (en) * | 2020-08-24 | 2020-11-27 | 浪潮云信息技术股份公司 | Data center host Overlay network access control method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11082256B2 (en) * | 2019-09-24 | 2021-08-03 | Pribit Technology, Inc. | System for controlling network access of terminal based on tunnel and method thereof |
-
2022
- 2022-06-02 CN CN202210621866.9A patent/CN115001906B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101277308A (en) * | 2008-05-23 | 2008-10-01 | 杭州华三通信技术有限公司 | Method for insulating inside and outside networks, authentication server and access switch |
CN106941494A (en) * | 2017-03-30 | 2017-07-11 | 中国电力科学研究院 | A kind of security isolation gateway and its application method suitable for power information acquisition system |
CN111935068A (en) * | 2020-06-12 | 2020-11-13 | 工业互联网创新中心(上海)有限公司 | Big data platform, server side thereof, security authentication system and method |
CN112003750A (en) * | 2020-08-24 | 2020-11-27 | 浪潮云信息技术股份公司 | Data center host Overlay network access control method |
Also Published As
Publication number | Publication date |
---|---|
CN115001906A (en) | 2022-09-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Quincozes et al. | A survey on intrusion detection and prevention systems in digital substations | |
CN106302535A (en) | The attack emulation mode of power system, device and attack emulator | |
US11038887B2 (en) | Enhanced smart process control switch port lockdown | |
CN111526061B (en) | Monitoring flow scheduling system and method for network target range actual combat drilling scene | |
CN113037745A (en) | Intelligent substation risk early warning system and method based on security situation awareness | |
CN112738063A (en) | Industrial control system network safety monitoring platform | |
WO2024016642A1 (en) | Sdn-based intelligent ship network system | |
Qassim et al. | Simulating command injection attacks on IEC 60870-5-104 protocol in SCADA system | |
Paul et al. | Towards the protection of industrial control systems–conclusions of a vulnerability analysis of profinet IO | |
Xu et al. | The landscape of industrial control systems (ICS) devices on the internet | |
CN109194616A (en) | A kind of industrial information security protection system for variable frequency vector control device | |
CN115001906B (en) | Security gateway | |
CN106789275B (en) | Power transmission network security test system and method for electric power system | |
CN108833218A (en) | The network system and its method for building up of multi-variable air conditioning unit | |
Mashima et al. | On design and enhancement of smart grid honeypot system for practical collection of threat intelligence | |
CN115134131B (en) | Internet of things communication transmission system based on situation awareness | |
CN103152195B (en) | Collecting method and device | |
Salazar et al. | Towards a high-fidelity network emulation of IEC 104 SCADA systems | |
Menzel et al. | Securing SCADA networks for smart grids via a distributed evaluation of local sensor data | |
Sharma et al. | SCADA Communication Protocols: Modbus & IEC 60870–5 | |
CN108900481A (en) | A kind of interchanger safety access system and method | |
Basan et al. | Exploring Security Testing Methods for Cyber-Physical Systems | |
CN115001804B (en) | Bypass access control system, method and storage medium applied to field station | |
Carcano et al. | Modbus/DNP3 state-based filtering system | |
CN109889529B (en) | IPTABLE-based firewall implementation method for communication controller |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |