CN115296921A - Cloud security resource pool and Internet of things security protection system - Google Patents
Cloud security resource pool and Internet of things security protection system Download PDFInfo
- Publication number
- CN115296921A CN115296921A CN202210999532.5A CN202210999532A CN115296921A CN 115296921 A CN115296921 A CN 115296921A CN 202210999532 A CN202210999532 A CN 202210999532A CN 115296921 A CN115296921 A CN 115296921A
- Authority
- CN
- China
- Prior art keywords
- cloud
- resource pool
- security
- unit
- data connection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 claims description 19
- 238000012550 audit Methods 0.000 claims description 15
- 210000001992 atrioventricular node Anatomy 0.000 claims description 8
- 238000004806 packaging method and process Methods 0.000 claims description 7
- 230000003014 reinforcing effect Effects 0.000 claims description 7
- 238000005538 encapsulation Methods 0.000 claims description 5
- 230000006855 networking Effects 0.000 claims description 2
- 230000002159 abnormal effect Effects 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 238000013468 resource allocation Methods 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0654—Management of faults, events, alarms or notifications using network fault recovery
- H04L41/0668—Management of faults, events, alarms or notifications using network fault recovery by dynamic selection of recovery network elements, e.g. replacement by the most appropriate element after failure
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a cloud security resource pool and Internet of things security protection system, which comprises a security protection module, special security equipment, a virtual host, a cloud security resource pool body, a cloud core switch, a network controller, a user terminal and a service application unit, wherein the special security equipment is arranged in a hardware stacking mode, and the virtual host establishes a main and standby virtual machine mode when being established, so that the availability of the system is greatly improved, and abnormal downtime of the system caused by the fault of the security resource pool is prevented; according to the invention, the connection between the application terminal and the cloud management unit is established through the gateway and the service application unit, the cloud server provides service for the user after the authentication application of the cloud server passes, and the risk that the server is attacked is reduced through the design of multiple special safety devices; the invention reduces the problems caused by human factors by automatic drainage, management and arrangement, and the double arrangement drainage mode can ensure diversified service requirements.
Description
Technical Field
The invention relates to the technical field of Internet of things, in particular to a cloud security resource pool and an Internet of things security protection system.
Background
The internet of things is characterized in that the concept of the internet is expanded to the connection between physical equipment and daily objects, electronic equipment, network connection and other forms of hardware are embedded into the equipment, the equipment can communicate and interact with other people through the network, and remote monitoring can be realized, certain potential safety hazards are buried while convenience is brought to users, hacker attacks can be easily transferred to the physical equipment from the traditional internet environment, and huge security holes are caused in the aspect of use environment; when the existing cloud security resource pool and the existing internet of things are used, if the security resource pool fails, abnormal downtime of services on the cloud is caused, and the usability of the cloud security resource pool and the internet of things is low; when the existing cloud security resource pool and the internet of things are deployed and used, the automation degree of drainage, management and arrangement is not high, and the problem caused by human errors is easy to occur.
Disclosure of Invention
The invention aims to provide a cloud security resource pool and an Internet of things security protection system to solve the problems in the background technology.
In order to achieve the purpose, the invention provides the following technical scheme: the utility model provides a cloud security resource pool, thing networking safety protection system, includes safety protection module, cloud security resource pool body, cloud core switch, network controller and user terminal, one side data connection of safety protection module has cloud security resource pool body, and one side data connection of cloud security resource pool body has cloud core switch, and one side of cloud core switch is connected with network controller, and one side data connection of cloud security resource pool body has user terminal.
Preferably, the safety protection module comprises a special safety device and a virtual host, the special safety device is in data connection with the cloud safety resource pool body, and the virtual host is in data connection with the cloud safety resource pool body.
Preferably, the special security device comprises a hardware firewall, a hardware Web application protection and a hardware bastion machine.
Preferably, the user terminal includes a service application unit and an application terminal, and the application terminal establishes data connection with the service application unit.
Preferably, the application terminal comprises the gateway and a control unit, and the gateway establishes data connection with the cloud security resource pool body.
Preferably, the cloud security resource pool body comprises a service node, a flow orchestrator, a cloud management unit, a storage network, a terminal reinforcing unit, a message packaging unit and a security audit unit, the user terminal is in data connection with the cloud management unit, one side of the cloud management unit is connected with the flow orchestrator, one side of the flow orchestrator is connected with the service node, the cloud core switch is in data connection with the service node, and one side of the service node is connected with the storage network.
Preferably, one side of the storage network is connected with a security audit unit, and the security audit unit establishes data connection with the user terminal.
Preferably, one side of the storage network is connected with a terminal reinforcing unit, one side of the storage network is connected with a message packaging unit, and the message packaging unit is in data connection with the security audit unit.
Preferably, the service nodes include a WAF node, an AV node, a FW node, and an IPS node.
Compared with the prior art, the invention has the beneficial effects that: the special safety equipment designed by the invention adopts a hardware stacking mode when being deployed, and the virtual host can establish a main virtual machine mode and a standby virtual machine mode when being established, thereby greatly improving the availability of the system and preventing abnormal downtime of the system caused by the fault of a safety resource pool; according to the invention, the connection between the application terminal and the cloud management unit is established through the gateway and the service application unit, the cloud server provides service for the user after the authentication application is passed, and the risk of the server being attacked is reduced through the design of multiple special safety devices; the invention reduces the problems caused by human factors through automatic drainage, management and arrangement, and the double arrangement drainage mode can ensure diversified service requirements.
Drawings
FIG. 1 is a block diagram of the module of the present invention;
FIG. 2 is a system flow diagram of the present invention;
in the figure: 1. a safety protection module; 11. a dedicated security device; 111. a hardware firewall; 112. protecting hardware Web application; 113. a hardware fort machine; 12. a virtual host; 2. a cloud security resource pool body; 21. a service node; 211. a WAF node; 212. an AV node; 213. an FW node; 214. an IPS node; 22. a flow orchestrator; 23. a cloud pipe unit; 24. a storage network; 25. a terminal reinforcement unit; 26. a message encapsulation unit; 27. a security audit unit; 3. a cloud core switch; 4. a network controller; 5. a user terminal; 51. a service application unit; 52. an application terminal; 521. the aforementioned gateway; 522. a manipulation unit.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-2, an embodiment of the present invention is shown: a cloud security resource pool and Internet of things security protection system comprises a security protection module 1, a cloud security resource pool body 2, a cloud core switch 3, a network controller 4 and a user terminal 5, wherein one side of the security protection module 1 is connected with the cloud security resource pool body 2 in a data mode, one side of the cloud security resource pool body 2 is connected with the cloud core switch 3 in a data mode, one side of the cloud core switch 3 is connected with the network controller 4, and one side of the cloud security resource pool body 2 is connected with the user terminal 5 in a data mode; the safety protection module 1 comprises a special safety device 11 and a virtual host 12, the special safety device 11 is in data connection with the cloud safety resource pool body 2, the virtual host 12 is in data connection with the cloud safety resource pool body 2, the special safety device 11 comprises a hardware firewall 111, a hardware Web application protection 112 and a hardware bastion machine 113, the special safety device 11 supports virtualization functions such as context functions, and due to the special design and development of software and hardware, the special safety device has advantages in performance and reliability, the virtual host 12 has a virtual network function, the decoupling of the software and the hardware is realized on a general server, the cost is lower, and the expansibility is stronger; the user terminal 5 comprises a service application unit 51 and an application terminal 52, the application terminal 52 establishes data connection with the service application unit 51, the application terminal 52 comprises the gateway 521 and a control unit 522, the gateway 521 establishes data connection with the cloud security resource pool body 2, the gateway 521 is used for establishing connection between the application terminal 52 and the service application unit 51, and the control unit 522 is used for controlling the application terminal 52 to work; the cloud security resource pool body 2 comprises a service node 21, a traffic orchestrator 22, a cloud management unit 23, a storage network 24, a terminal reinforcing unit 25, a message encapsulation unit 26 and a security audit unit 27, wherein the user terminal 5 is in data connection with the cloud management unit 23, one side of the cloud management unit 23 is connected with the traffic orchestrator 22, one side of the traffic orchestrator 22 is connected with the service node 21, the cloud core switch 3 is in data connection with the service node 21, and one side of the service node 21 is connected with the storage network 24; one side of the storage network 24 is connected with a security audit unit 27, the security audit unit 27 establishes data connection with the user terminal 5, and the cloud management unit 23 is mainly responsible for security operation and management in a cloud environment, that is, a user applies for a required service to the cloud management unit 23 through the service application unit 51, and the cloud management unit 23 performs application approval and resource allocation; one side of the storage network 24 is connected with a terminal reinforcing unit 25, one side of the storage network 24 is connected with a message packaging unit 26, the message packaging unit 26 is in data connection with a security audit unit 27, the storage network 24 is used for storing various resources, and the terminal reinforcing unit 25 is used for reinforcing the physical network boundary; service node 21 includes WAF node 211, AV node 212, FW node 213, and IPS node 214, where WAF node 211, AV node 212, FW node 213, and IPS node 214 may be used for drainage based on traffic orchestrator 22, and AV node 212, FW node 213, and IPS node 214 may be used for drainage based on decapsulation unit 26.
The working principle is as follows: when the protection system provided by the invention is used, firstly, the gateway 521 in the application terminal 52 sends a signal, the service application unit 51 receives the signal and then sends the signal to the cloud management unit 23 in the cloud security resource pool body 2, the cloud management unit 23 feeds authentication information back to the user terminal 5, after the user terminal 5 confirms that the cloud management unit 23 starts to allocate resources in the storage network 24, after the security audit unit 27 audits security, two ways are arranged, namely, the flow scheduler 22 drains flows to access the service node 21, the flow is scheduled to the WAF node 211, the AV node 212 and the IPS node 214 by using a policy route, and the other way is a service chain function formed by the cloud core switch 3 and the network controller 4, the packet encapsulation unit 26 is used for encapsulation and scheduling to the AV node 212 and the IPS node 214, and finally the flow is fed back to the user terminal 5 by the FW node 213, the gateway 521 controls the operation of the control unit 522, wherein the security protection module 1 provides security resource virtualization for the cloud security resource pool body 2, the special security device 11 supports a virtualization function, such as supporting a virtualization function, a hardware is developed, a hardware boundary protection server with lower cost and a higher hardware development cost and a hardware protection unit 12 is specially designed for strengthening a hardware.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (9)
1. The utility model provides a cloud security resource pool, thing networking safety protection system, includes safety protection module (1), cloud security resource pool body (2), cloud core switch (3), network controller (4) and user terminal (5), its characterized in that: one side data connection of safety protection module (1) has cloud security resource pool body (2), one side data connection of cloud security resource pool body (2) has cloud core switch (3), and one side of cloud core switch (3) is connected with network controller (4), and one side data connection of cloud security resource pool body (2) has user terminal (5).
2. The cloud security resource pool and internet of things security protection system of claim 1, wherein: the safety protection module (1) comprises special safety equipment (11) and a virtual host (12), the special safety equipment (11) is in data connection with the cloud safety resource pool body (2), and the virtual host (12) is in data connection with the cloud safety resource pool body (2).
3. The cloud security resource pool and internet of things security protection system of claim 2, characterized in that: the special security device (11) comprises a hardware firewall (111), a hardware Web application guard (112) and a hardware bastion machine (113).
4. The cloud security resource pool and internet of things security protection system according to claim 1, wherein: the user terminal (5) comprises a service application unit (51) and an application terminal (52), and the application terminal (52) and the service application unit (51) are in data connection.
5. The cloud security resource pool and Internet of things security protection system of claim 4, wherein: the application terminal (52) comprises the gateway (521) and an operation and control unit (522), and the gateway (521) is in data connection with the cloud security resource pool body (2).
6. The cloud security resource pool and internet of things security protection system according to claim 1, wherein: cloud security resource pool body (2) are including service node (21), flow orchestrator (22), cloud management unit (23), storage network (24), unit (25) are consolidated to the terminal, message encapsulation unit (26) and safety audit unit (27), data connection is established with cloud management unit (23) in user terminal (5), one side of cloud management unit (23) is connected with flow orchestrator (22), one side of flow orchestrator (22) is connected with service node (21), and data connection is established with service node (21) in cloud core switch (3), one side of service node (21) is connected with storage network (24).
7. The cloud security resource pool and internet of things security protection system of claim 6, wherein: one side of the storage network (24) is connected with a security audit unit (27), and the security audit unit (27) establishes data connection with the user terminal (5).
8. The cloud security resource pool and internet of things security protection system according to claim 6, wherein: one side of the storage network (24) is connected with a terminal reinforcing unit (25), one side of the storage network (24) is connected with a message packaging unit (26), and the message packaging unit (26) is in data connection with a security audit unit (27).
9. The cloud security resource pool and internet of things security protection system according to claim 6, wherein: the service node (21) comprises a WAF node (211), an AV node (212), a FW node (213) and an IPS node (214).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210999532.5A CN115296921A (en) | 2022-08-19 | 2022-08-19 | Cloud security resource pool and Internet of things security protection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210999532.5A CN115296921A (en) | 2022-08-19 | 2022-08-19 | Cloud security resource pool and Internet of things security protection system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115296921A true CN115296921A (en) | 2022-11-04 |
Family
ID=83830544
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210999532.5A Pending CN115296921A (en) | 2022-08-19 | 2022-08-19 | Cloud security resource pool and Internet of things security protection system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115296921A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016169472A1 (en) * | 2015-04-21 | 2016-10-27 | Hangzhou H3C Technologies Co., Ltd. | Providing security service |
| CN109922021A (en) * | 2017-12-12 | 2019-06-21 | 中国电信股份有限公司 | Security protection system and safety protecting method |
| CN112910705A (en) * | 2021-02-02 | 2021-06-04 | 杭州安恒信息技术股份有限公司 | Method, device and storage medium for arranging network flow |
-
2022
- 2022-08-19 CN CN202210999532.5A patent/CN115296921A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016169472A1 (en) * | 2015-04-21 | 2016-10-27 | Hangzhou H3C Technologies Co., Ltd. | Providing security service |
| CN106161399A (en) * | 2015-04-21 | 2016-11-23 | 杭州华三通信技术有限公司 | A kind of security service delivery method and system |
| CN109922021A (en) * | 2017-12-12 | 2019-06-21 | 中国电信股份有限公司 | Security protection system and safety protecting method |
| CN112910705A (en) * | 2021-02-02 | 2021-06-04 | 杭州安恒信息技术股份有限公司 | Method, device and storage medium for arranging network flow |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102255903B (en) | Safety isolation method for virtual network and physical network of cloud computing | |
| CN100581170C (en) | Trusted network management method based on ternary peer-to-peer identification trusted network connections | |
| CN101345660B (en) | Reliable network management method based on TCPA/TCG reliable network connection | |
| CN109922160A (en) | A kind of terminal security cut-in method, apparatus and system based on electric power Internet of Things | |
| CN105530259A (en) | Message filtering method and equipment | |
| CN105554015A (en) | Management network and method for multi-tenant container cloud computing system | |
| CN102960006B (en) | The processing method of Internet of Things information, device and management control system | |
| CN105100026A (en) | Safe message forwarding method and safe message forwarding device | |
| CN113489691B (en) | Network access method, network access device, computer readable medium and electronic equipment | |
| CN104539600B (en) | A kind of industry control method of realizing fireproof wall for supporting to filter IEC104 agreements | |
| CN103036870A (en) | Industrial firewall without industrial protocol (IP) distributed type depth check arithmetic based on industrial protocol object linking and embedding for process control (OPC) classic | |
| CN104244243A (en) | Terminal peripheral control method, machine-to-machine (M2M) gateway and communication system | |
| CN103581325A (en) | Cloud computing resource pool system and implement method thereof | |
| CN103312682A (en) | Method and system for accessing gateway safely | |
| CN107749885A (en) | Smart machine remote password management method and Lora smart machine networked systems | |
| CN203135901U (en) | Encryption equipment management device | |
| CN112327711A (en) | Multi-node computing power equipment control system | |
| CN110278185A (en) | A kind of isolation of network security and data exchange electric power networks application system | |
| CN104244242A (en) | Network number allocation method and corresponding authentication method of Internet-of-things equipment | |
| CN101175315B (en) | Method and system for updating control mobile station | |
| CN108322343A (en) | Web monitoring devices and method based on distributed SNMP | |
| CN115296921A (en) | Cloud security resource pool and Internet of things security protection system | |
| CN103457755B (en) | A kind of method and system of IEC 61850 system communication failure detection | |
| CN102281334B (en) | A kind of management control method of catv terminal and system and access server | |
| CN100512531C (en) | Method and system for policy control in associated response system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20221104 |
|
| RJ01 | Rejection of invention patent application after publication |