CN116186791A - Safe and reliable-based scientific data center sharing method - Google Patents
Safe and reliable-based scientific data center sharing method Download PDFInfo
- Publication number
- CN116186791A CN116186791A CN202310155864.XA CN202310155864A CN116186791A CN 116186791 A CN116186791 A CN 116186791A CN 202310155864 A CN202310155864 A CN 202310155864A CN 116186791 A CN116186791 A CN 116186791A
- Authority
- CN
- China
- Prior art keywords
- data
- database
- center
- analysis
- audit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000012550 audit Methods 0.000 claims abstract description 25
- 230000005540 biological transmission Effects 0.000 claims abstract description 18
- 238000000586 desensitisation Methods 0.000 claims abstract description 17
- 238000012544 monitoring process Methods 0.000 claims abstract description 6
- 238000007405 data analysis Methods 0.000 claims description 9
- 238000012423 maintenance Methods 0.000 claims description 9
- 238000004458 analytical method Methods 0.000 claims description 7
- 238000013480 data collection Methods 0.000 claims description 6
- 238000007726 management method Methods 0.000 claims description 6
- 238000004891 communication Methods 0.000 claims description 4
- 238000011161 development Methods 0.000 claims description 4
- 230000005856 abnormality Effects 0.000 claims description 3
- 238000012098 association analyses Methods 0.000 claims description 3
- 238000009960 carding Methods 0.000 claims description 3
- 238000013075 data extraction Methods 0.000 claims description 3
- 230000003014 reinforcing effect Effects 0.000 claims description 3
- 238000005070 sampling Methods 0.000 claims description 3
- 238000005728 strengthening Methods 0.000 claims description 3
- 238000012360 testing method Methods 0.000 abstract description 6
- 238000000926 separation method Methods 0.000 abstract description 4
- 238000004519 manufacturing process Methods 0.000 abstract description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
- G06F16/2358—Change logging, detection, and notification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Medical Informatics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a safe and reliable scientific data center sharing method, which is characterized by comprising the following steps of: comprising the following six steps. The invention realizes the separation of the database server and the service system server through the architecture, performs data desensitization encryption in the data reading and exchanging process, prevents data leakage, realizes the desensitization operation on personal information in the data acquisition process through the database desensitization, prevents unauthorized access and illegal use of the personal information, can realize the separation of a production environment and a test environment by means of the data desensitization system, prevents the data leakage in the test process of a new system implementation, ensures that core data of a user is not leaked, lost and tampered, builds a database audit system in a bypass monitoring mode, can realize the safety protection of the core data without changing the existing network structure, establishes a special external network-free service terminal, and uses a special encryption transmission medium to upload and download data so as to ensure the safety of data transmission.
Description
Technical Field
The invention relates to the technical field of data sharing, in particular to a safe and reliable scientific data center sharing method.
Background
The data sharing is to enable users using different computers and different software in different places to read the data of other people and perform various operations, operations and analysis, and along with the continuous development of informatization, the sharing data center plays a key role in ensuring the stable operation of each service system.
However, the data sharing brings convenience and also faces new risks, and once the data is leaked or tampered in the process of sharing the data, the normal operation of the informatization system is affected.
Disclosure of Invention
The invention aims to provide a safe and reliable scientific data center sharing method to solve the problems in the background technology.
In order to achieve the above purpose, the present invention provides the following technical solutions:
the safe and reliable scientific data center sharing method comprises the following six steps:
step one: establishing a scientific data center shared database, collecting data of each service system, collecting the data to the shared data center by using a universal data extraction and synchronization tool, and generating a data update report;
step two: data arrangement, namely arranging updated data according to digitally formulated information standards, reporting data abnormality, ensuring consistency and accuracy of the data, retaining historical data, sharing and utilizing part or all resources of a data center, and providing a data use condition report in real time by a shared data center;
step three: the data encryption transmission is used for encrypting and storing the information stored in the database, and the authority control on the sensitive data access is realized through an independent authority control system, so that the data security is ensured;
step four: the database operation and maintenance audit improves the information security assurance capability and level through three stages of data acquisition, data analysis and audit analysis, and avoids great loss caused by the leakage or damage of the database content;
step five: the data sharing security architecture is established, the data security protection architecture of the safe and reliable scientific data sharing center is established through the security policies of the first step, the second step, the third step and the fourth step, the database server is separated from the service system server, and data desensitization encryption is carried out in the data reading and exchanging process, so that data leakage is prevented.
Step six: the operation and maintenance standardization is deployed by carding system assets, reinforcing system accounts and standardizing operation and maintenance processes, strengthening personnel management and making emergency plans.
Further, the data encryption transmission in the step three generates the desensitized quasi-real data through sampling, replacement and other modes, meets the requirements of being exported from a development database for use by a system developer, prevents real data from being leaked, encrypts important system data in a column-wise, line-wise and record-wise manner through database encryption, and desensitizes personal information through database, thereby preventing unauthorized access and illegal use of personal information.
Further, the data collection in the step four is accessed to the core switch in a bypass monitoring mode, all operations of communication with the database can be monitored by the collection engine through setting a port mirror mode, the operations are restored and tidied according to a database operation protocol and are sent to the data analysis center, the data analysis center carries out association analysis of the database operation by receiving database operation data of the data collection engine according to preset data analysis and event association rules, a result is sent to the data analysis center, the data analysis center sets a database audit rule according to the content of a database manager to be monitored, when the received analysis result accords with the audit rule set by the manager, the data analysis carries out alarming in real time, information such as a user, time, a terminal identification number, SQL statement and the like of the DML and DDL operation can be audited, the control is carried out from the SQL statement level of the access database and the field level of the check database, the audit record can be associated with a user name and a user IP address by utilizing the uniqueness of the session identifier of the database, and the audit record of the database of different types is concentrated on a management platform, and the audit record is prevented from being tampered with the data and the data is tampered with from the root.
In the fifth step, a special non-extranet service terminal is erected, and a special encryption transmission medium is used for uploading and downloading data, so that the data transmission safety is ensured.
Compared with the prior art, the invention has the beneficial effects that: the method is characterized in that a database server is separated from a service system server through a framework, data desensitization encryption is carried out in the data reading and exchanging process, data leakage is prevented, the desensitization operation on personal information is realized in the data collecting process through the database desensitization, unauthorized access and illegal use of the personal information are prevented, the separation of a production environment and a test environment can be realized by means of a data desensitization system, the data leakage in the test process of a new system is prevented, the fact that core data of a user are not leaked, lost and tampered is ensured by the method, a database audit system is built in a bypass monitoring mode, the safety protection of the core data can be realized without changing the existing network structure, a special external network-free service terminal is erected, and data uploading and downloading are carried out by using a special encryption transmission medium, so that the safety of data transmission is ensured.
Drawings
FIG. 1 is a schematic flow chart of the steps of the safe and reliable-based scientific data center sharing method.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the description of the present invention, it should be noted that the directions or positional relationships indicated by the terms "upper", "lower", "inner", "outer", "front", "rear", "both ends", "one end", "the other end", etc. are based on the directions or positional relationships shown in the drawings, are merely for convenience of describing the present invention and simplifying the description, and do not indicate or imply that the devices or elements referred to must have a specific direction, be configured and operated in the specific direction, and thus should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it should be noted that, unless explicitly specified and limited otherwise, the terms "mounted," "provided," "connected," and the like are to be construed broadly, and may be fixedly connected, detachably connected, or integrally connected, for example; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the present invention will be understood in specific cases by those of ordinary skill in the art.
Example 1
Referring to fig. 1, an embodiment of the present invention is provided: the safe and reliable scientific data center sharing method comprises the following six steps:
step one: establishing a scientific data center shared database, collecting data of each service system, collecting the data to the shared data center by using a universal data extraction and synchronization tool, and generating a data update report;
step two: data arrangement, namely arranging updated data according to digitally formulated information standards, reporting data abnormality, ensuring consistency and accuracy of the data, retaining historical data, sharing and utilizing part or all resources of a data center, and providing a data use condition report in real time by a shared data center;
step three: the data encryption transmission is used for encrypting and storing the information stored in the database, and the authority control on the sensitive data access is realized through an independent authority control system, so that the data security is ensured;
step four: the database operation and maintenance audit improves the information security assurance capability and level through three stages of data acquisition, data analysis and audit analysis, and avoids great loss caused by the leakage or damage of the database content;
step five: establishing a data sharing security architecture, constructing a data security protection architecture of a safe and reliable scientific data sharing center through security policies of the first step, the second step, the third step and the fourth step, separating a database server from a service system server, and performing data desensitization encryption in the data reading and exchanging process to prevent data leakage;
step six: the operation and maintenance standardization is deployed by carding system assets, reinforcing system accounts and standardizing operation and maintenance processes, strengthening personnel management and making emergency plans.
Further, the data encryption transmission in the third step generates desensitized quasi-real data through sampling, replacement and other modes, meets the requirements of being exported from a development database for use by a system developer, prevents real data from being leaked, encrypts important system data in columns, rows and records through database encryption, and desensitizes personal information through database, so that unauthorized access and illegal use of the personal information are prevented.
Further, the data collection in the fourth step is accessed to the core switch in a bypass monitoring mode, all operations of communication with the database can be monitored by the collection engine through setting a port mirror mode, the operations are restored and tidied according to a database operation protocol and are sent to a data analysis center, the data analysis center carries out association analysis of the database operation by receiving database operation data of the data collection engine according to preset data analysis and event association rules, a result is sent to the data analysis center, the data analysis center sets a database audit rule according to the content of the database manager to be monitored on the database, when the received analysis result accords with the audit rule set by the manager, the data analysis carries out alarming in real time, can audit information such as users, time, terminal identification numbers and SQL sentences of DML and DDL operation, prevents control from accessing SQL sentence levels of the database and viewing field levels of the database, enables audit records of the databases to be associated with user names and user IP addresses by utilizing the uniqueness of session identifiers of the database, and the audit records of the databases of different types are concentrated on a management platform, and tampering of the data, deletion of the data and theft of the data are prevented from a root.
In the fifth step, the special non-extranet service terminal is erected, and the special encryption transmission medium is used for uploading and downloading data, so that the data transmission safety is ensured.
Example 2
The method is characterized in that a database server is separated from a service system server through a framework, data desensitization encryption is carried out in the data reading and exchanging process, data leakage is prevented, the desensitization operation on personal information is realized in the data collecting process through the database desensitization, unauthorized access and illegal use of the personal information are prevented, the separation of a production environment and a test environment can be realized by means of a data desensitization system, the data leakage in the test process of a new system is prevented, the fact that core data of a user are not leaked, lost and tampered is ensured by the method, a database audit system is built in a bypass monitoring mode, the safety protection of the core data can be realized without changing the existing network structure, a special external network-free service terminal is erected, and data uploading and downloading are carried out by using a special encryption transmission medium, so that the safety of data transmission is ensured.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (4)
1. The safe and reliable scientific data center sharing method is characterized by comprising the following steps of: the method comprises the following six steps:
step one: establishing a scientific data center shared database, collecting data of each service system, collecting the data to the shared data center by using a universal data extraction and synchronization tool, and generating a data update report;
step two: data arrangement, namely arranging updated data according to digitally formulated information standards, reporting data abnormality, ensuring consistency and accuracy of the data, retaining historical data, sharing and utilizing part or all resources of a data center, and providing a data use condition report in real time by a shared data center;
step three: the data encryption transmission is used for encrypting and storing the information stored in the database, and the authority control on the sensitive data access is realized through an independent authority control system, so that the data security is ensured;
step four: the database operation and maintenance audit improves the information security assurance capability and level through three stages of data acquisition, data analysis and audit analysis, and avoids great loss caused by the leakage or damage of the database content;
step five: establishing a data sharing security architecture, constructing a data security protection architecture of a safe and reliable scientific data sharing center through security policies of the first step, the second step, the third step and the fourth step, separating a database server from a service system server, and performing data desensitization encryption in the data reading and exchanging process to prevent data leakage;
step six: the operation and maintenance standardization is deployed by carding system assets, reinforcing system accounts and standardizing operation and maintenance processes, strengthening personnel management and making emergency plans.
2. The safe and reliable scientific data center sharing method according to claim 1, wherein: and thirdly, data encryption transmission is performed, desensitized quasi-real data is generated through sampling, replacement and other modes, the requirements of deriving from a development database for use by a system developer are met, real data leakage is prevented, important system data are encrypted in a column-wise, line-wise and record-wise manner through database encryption, desensitization operation on personal information is realized in the data acquisition process through database desensitization, and unauthorized access and illegal use of the personal information are prevented.
3. The safe and reliable scientific data center sharing method according to claim 1, wherein: the data collection in the fourth step is accessed to the core switch in a bypass monitoring mode, all operations of communication with the database can be monitored by the collection engine through setting a port mirror mode, the operations are restored and tidied according to a database operation protocol and are sent to a data analysis center, the data analysis center carries out association analysis of the database operation by receiving database operation data of the data collection engine according to preset data analysis and event association rules, the data analysis center sends results to the data analysis center, the data analysis center sets a database audit rule according to the content of a database manager to be monitored on the database, when the received analysis results accord with audit rules set by the manager, the data analysis carries out real-time alarm, can audit information such as users, time, terminal identification numbers and SQL sentences of DML and DDL operations, prevents control from accessing SQL sentence levels of the database and viewing field levels of the database, enables audit records to be associated with user names and user IP addresses by utilizing the uniqueness of session identifiers of the database, and the audit records of the databases of different types are concentrated on a management platform, and the audit records of the database is prevented from falsifying data, deleting data and stealing data from a root.
4. The safe and reliable scientific data center sharing method according to claim 1, wherein: and step five, a special non-extranet service terminal is erected, and a special encryption transmission medium is used for uploading and downloading data, so that the data transmission safety is ensured.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310155864.XA CN116186791A (en) | 2023-02-23 | 2023-02-23 | Safe and reliable-based scientific data center sharing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310155864.XA CN116186791A (en) | 2023-02-23 | 2023-02-23 | Safe and reliable-based scientific data center sharing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116186791A true CN116186791A (en) | 2023-05-30 |
Family
ID=86436259
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310155864.XA Withdrawn CN116186791A (en) | 2023-02-23 | 2023-02-23 | Safe and reliable-based scientific data center sharing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116186791A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117272355A (en) * | 2023-11-22 | 2023-12-22 | 杭州绿云软件股份有限公司 | Personal information management system and method |
-
2023
- 2023-02-23 CN CN202310155864.XA patent/CN116186791A/en not_active Withdrawn
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117272355A (en) * | 2023-11-22 | 2023-12-22 | 杭州绿云软件股份有限公司 | Personal information management system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110443048A (en) | Data center looks into number system | |
| US6347374B1 (en) | Event detection | |
| KR101039698B1 (en) | Database Security System, Server and Method which can protect user's Access to Database through Application | |
| CN108416225A (en) | Data Audit method, apparatus, computer equipment and storage medium | |
| CN116186791A (en) | Safe and reliable-based scientific data center sharing method | |
| CN108965317B (en) | Network data protection system | |
| CN112511484B (en) | U shield safety control management system | |
| CN111159548A (en) | Network information science and technology popularization service system | |
| CN112734057A (en) | Comprehensive automatic comprehensive operation and maintenance monitoring system for railway marshalling station | |
| CN112734248A (en) | Real estate intelligent management system | |
| CN112613047A (en) | System for data security management | |
| CN117411913B (en) | Secure interaction method of cloud platform and health application based on power transformation | |
| CN117292054A (en) | Three-dimensional digital-based intelligent operation and maintenance method and system for power grid | |
| CN116894259A (en) | Safety access control system of database | |
| CN116955441A (en) | Broken card early warning platform | |
| CN108388664A (en) | Integration method, device, computer equipment and the storage medium of sentence segment | |
| CN115456379A (en) | Asset intelligent mining and management method and system based on multi-source data | |
| CN114282194A (en) | IT risk monitoring method and device and storage medium | |
| CN111883277A (en) | Nuclear power station safety credible state monitoring system based on physical disconnection | |
| CN111259383A (en) | Safety management center system | |
| CN110933064A (en) | Method and system for determining user behavior track | |
| CN114141342B (en) | Medical equipment monitoring management analysis system based on MQTT protocol | |
| CN117220935B (en) | Network security monitoring system based on mobile computer | |
| CN102298675A (en) | Method and system for sending alarm signal by mobile storage device | |
| EP4362413A1 (en) | Diagnostic device and diagnosis method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20230530 |