CN1561030A - Physical buffer card of network safety - Google Patents
Physical buffer card of network safety Download PDFInfo
- Publication number
- CN1561030A CN1561030A CNA2004100127672A CN200410012767A CN1561030A CN 1561030 A CN1561030 A CN 1561030A CN A2004100127672 A CNA2004100127672 A CN A2004100127672A CN 200410012767 A CN200410012767 A CN 200410012767A CN 1561030 A CN1561030 A CN 1561030A
- Authority
- CN
- China
- Prior art keywords
- card
- physical isolation
- network
- isolation card
- network interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
This invention discloses a network safety physical isolating card including orderly connected interface circuits a network interface chip, a switch logic control circuit and two mesh wire/bases, a configurated memory connected with the interface chip, among which, the PCI interface circuit provides PCI communication protocol between the physical isolation card and PC master board, the chip provides network interface to let the card have function of logging-onto-the net, the memory has EEPORM serial input function for storing the starting configuration parameters of the card, the switch logic control circuit is for switching the card between internal and external nets, the mesh wire base is used in connecting the card and standard twisted-pair line.
Description
Technical field
The invention belongs to the network information security technology field, particularly, is a kind of integrated network security physical isolation card of 10M/100M adaptive net card function.The present invention can be applicable among the network information security engineering of every field such as government bodies, financial instrument, military service, large and medium-sized enterprise, scientific research institution and school.It is divided into in-house network and two parts of extranets with network, realizes that the absolute physical of security context and insecure environments is isolated, and accomplishes not only open but also safety, has not only protected confidential data but also has made things convenient for being connected of user and Internet.
Background technology
Use stratagems mutually in network crime means and network security technology, under the situation that competition is constantly upgraded, network attack person and defender have lost the barrier of technical elements, and network security technology becomes through regular meeting and is not so effective.Therefore, can not the place one's entire reliance upon protection of various safe practices of the safety of confidential data, physical isolation can be described as the last line of defense of the network information security.
At present, the various physical isolation technology of extensive use have following several:
(1) computer adopts two independent hard disks to correspond respectively to in-house network and public network, these two hard disks have respectively separately operating system and the special purpose interface by separately be connected with network; The conversion that relies on relay to control the by stages simultaneously is connected with network, to guarantee the isolation of Intranet and outer net.
(2) use PC network safety isolation card, when computer was in network environment in internal network or the external network, the physical isolation parts guaranteed that segregate hard disk or fdisk and corresponding network are not communicated with each other.When computer links to each other with Intranet, can select the physical isolation parts for use, forbid that the user uses floppy drive and CD-ROM drive; When computer is changed between inner network and external network, must restart,, therefore the problem that residual risk is divulged a secret can not take place even internal memory also all can not be reused like this.
(3) safety isolated switch is installed between the intranet and extranet, by software control, intelligence is switched the isolation that realizes Intranet and outer net.When this software carries out information gathering, should be connected with outer net, disconnect with Intranet; When the information of carrying out is transmitted, be connected, disconnect with outer net with Intranet.
As can be seen, there is following defective in traditional physical isolation way:
(1) adopt two cover systems, comprise two cover wirings, the two cover network equipment and two locking terminals, wiring also will add some shielding means and take precautions against electromagnetic radiation, and then has caused the huge waste of networking.
(2) adopt the double plate type and or the two two net machine isolation methods such as (operating system) type that drive of single-deck, caused the waste of investment.In addition, complicated operation needs to adopt two hard disks or carry out fdisk on single hard disk, wants restarting systems during switching, uses loaded down with trivial details inconvenience.
(3) adopt two network interface cards, receive internal network and external network respectively, taken the more slot resource of computer.
Summary of the invention
The objective of the invention is to overcome above-mentioned weak point, a kind of network security physical isolation card is provided; This is stuck in when using and only adopts a kind of operating system and a hard disk, need be at the enterprising line data subregion of hard disk.
A kind of network security physical isolation card provided by the invention, it is characterized in that: this physical isolation card comprises peripheral element extension interface circuit, network interface chip, switch logic control circuit and two the netting twine seats that link to each other successively, and config memory links to each other with network interface chip; Wherein the peripheral element extension interface circuit provides the peripheral element extension interface communication protocol of physical isolation card and PC mainboard; Network interface chip provides network interface, makes physical isolation card Internet enabled; Config memory is the EEPORM with serial input function, is used for storing the startup configuration parameter of physical isolation card; The switch logic control circuit is used to make physical isolation to be stuck between Intranet and the outer net to switch; The netting twine seat is used to make physical isolation card to be connected with the twisted-pair feeder of standard.
The present invention has following functional characteristics:
(1) the present invention is divided into in-house network and extranets two parts with computer network, and intranet and extranet are carried out physical isolation, can guarantee the exchange of business datum simultaneously again as required.
(2) the present invention runs on has on the collaboration server of physical connection with intranet and extranet simultaneously.In the course of the work, the intranet and extranet state is switched in the instruction of sending according to the tension management program of this card.At any time, this server only in permission and Intranet or the outer net be communicated with.
(3) 10M/100M adaptive net card function that the present invention is integrated has replaced a conventional physical isolation card and two network interface cards, has realized the function of three cards with a card.The present invention possesses auto-negotiation functionality, can discern automatically connect the speed and the working method of the network equipments such as switch, hub, and automatically speed, the working method of network interface card are adjusted to correct pattern with adapt with it (10M/100M, complete/half-duplex).
(4) the present invention adopts a kind of network chip to realize function of surfing the Net, makes things convenient for the function expansion.
(5) the present invention adopts the physical isolation mode of cutting off all netting twines, does not use high speed gateway and special-purpose network operating system, and the safety of economic and reliable ground realization in-house network and extranets is isolated.
(6) driver of the present invention adopts WDM (Windows Driver Model) to realize, can be operated in the Windows 98/2000/NT operating system.
(7) the present invention has changed the method for traditional two hard disks, dual operating systems or heterogeneous networks configuration, uses single hardware and single operation system, does not need to restart computer when intranet and extranet switch.
(8) the present invention in the course of the work, but its any operating state between outer net and Intranet of artificial selection, also can utilize tension management software to carry out state automatically switches, and can dynamically arrange the IP address and the subnet mask of internal network and external network, data exchange zone need be set on hard disk in addition.
Description of drawings
Fig. 1 is the structural representation of a kind of embodiment of network security physical isolation card;
Fig. 2 is the workflow diagram of network security physical isolation card;
Fig. 3 is the interface of tension management software and physical isolation card.
Specific implementation
The present invention is described in further detail below in conjunction with accompanying drawing and example.
As shown in Figure 1, physical isolation card is by peripheral element extension interface circuit (being the pci interface circuit) 4, network interface chip 5, config memory 6, switch logic control circuit 7 and two formations such as netting twine seat 8,9.Wherein pci interface circuit 4 provides the PCI communication protocol of physical isolation card and PC mainboard; Network interface chip 5 provides network interface, makes physical isolation card Internet enabled; Config memory 6 is the electricallyerasable ROM (EEROM)s (being EEPORM) with serial input function, is used for storing the startup configuration parameter of physical isolation card.Switch logic control circuit 7 is used to make physical isolation to be stuck between Intranet and the outer net to switch.Netting twine seat 8,9 is used to make physical isolation card to be connected with the twisted-pair feeder of standard.
With example use of the present invention is described below.Physical isolation card 1 is inserted in the pci bus slot 2 of computer, and Intranet is connected respectively in the RJ8-45 netting twine socket of the present invention with outer web portal 3.Under normal circumstances, physical isolation card 1 is equivalent to a common network interface card, and the user can pass through physical isolation card connection Intranet or outer net.Physical isolation is stuck in when carrying out the intranet and extranet switch operating, system at first sends control command, by the pci bus slot 2 on the mainboard, and then the pci interface circuit 4 and the RTL8139 network interface chip 5 of process physical isolation card, arrive switch logic control circuit 7, this circuit adopts relay, with the switching of the intranet and extranet operating state that realizes this card.
Fig. 2 is the workflow of physical isolation card.After the computer initialization of physical isolation card was housed, default conditions of the present invention were in Intranet, and this moment, this computer and outer net were in isolation.When needs switched to outer net, tension management software sent an instruction that switches to outer net, the current intranet data swap status that whether is in of system's meeting detection computations machine this moment, if, after then system can wait until that the intranet data exchange is finished, just disconnect Intranet, switch to outer net state; If not, will disconnect Intranet immediately, switch to outer net.Outside computer is in during net state, switch to interior net state if desired, tension management software sends an instruction that switches to Intranet, the current data exchange phase that whether is in of system's detection computations machine this moment, if, after then system can wait until that the outer net exchanges data is finished, just disconnect outer net, switch to interior net state; If not, will disconnect outer net immediately, switch to Intranet.
Fig. 3 is the software flow pattern of physical isolation card.When physical isolation was stuck in intranet and extranet work, tension management software sent the instruction of switching the intranet and extranet state, calls SQL, call the Win32 function by Windows operating system, according to NDIS, call driver is carried out the switching of intranet and extranet then.Whenever carry out a next state and switch, network physical isolation card miniport driver will return the state value of execution, by Windows operating system, send to tension management software.
Claims (1)
1, a kind of physical isolation card that is used for network security, it is characterized in that: this physical isolation card comprises peripheral element extension interface circuit (4), network interface chip (5), switch logic control circuit (7) and two the netting twine seats (8,9) that link to each other successively, and config memory (6) links to each other with network interface chip (5); Wherein peripheral element extension interface circuit (4) provides the peripheral element expanding communication agreement of physical isolation card and PC mainboard; Network interface chip (5) provides network interface, makes physical isolation card Internet enabled; Config memory (6) is the electricallyerasable ROM (EEROM) with serial input function, is used for storing the startup configuration parameter of physical isolation card; Switch logic control circuit (7) is used to make physical isolation to be stuck between Intranet and the outer net to switch; Netting twine seat (8,9) is used to make physical isolation card to be connected with the twisted-pair feeder of standard.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2004100127672A CN1561030A (en) | 2004-02-24 | 2004-02-24 | Physical buffer card of network safety |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2004100127672A CN1561030A (en) | 2004-02-24 | 2004-02-24 | Physical buffer card of network safety |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1561030A true CN1561030A (en) | 2005-01-05 |
Family
ID=34440080
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2004100127672A Pending CN1561030A (en) | 2004-02-24 | 2004-02-24 | Physical buffer card of network safety |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1561030A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101043409B (en) * | 2007-03-28 | 2010-10-06 | 邹涛 | Method and apparatus for realizing information safety |
| CN101520826B (en) * | 2008-02-27 | 2011-11-30 | 华硕电脑股份有限公司 | Anti-virus protection method and electronic device with anti-virus protection |
| CN102279337A (en) * | 2011-04-19 | 2011-12-14 | 珠海经济特区伟思有限公司 | Network security separated card testing system |
| CN102932372A (en) * | 2012-11-22 | 2013-02-13 | 山东中孚信息产业股份有限公司 | Network security isolation card and implementation method thereof |
-
2004
- 2004-02-24 CN CNA2004100127672A patent/CN1561030A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101043409B (en) * | 2007-03-28 | 2010-10-06 | 邹涛 | Method and apparatus for realizing information safety |
| CN101520826B (en) * | 2008-02-27 | 2011-11-30 | 华硕电脑股份有限公司 | Anti-virus protection method and electronic device with anti-virus protection |
| CN102279337A (en) * | 2011-04-19 | 2011-12-14 | 珠海经济特区伟思有限公司 | Network security separated card testing system |
| CN102932372A (en) * | 2012-11-22 | 2013-02-13 | 山东中孚信息产业股份有限公司 | Network security isolation card and implementation method thereof |
| CN102932372B (en) * | 2012-11-22 | 2015-04-15 | 山东中孚信息产业股份有限公司 | Network security isolation card and implementation method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20040098621A1 (en) | System and method for selectively isolating a computer from a computer network | |
| CN102346818B (en) | Computer network environment isolation system implemented by using software | |
| CN102208004B (en) | Method for controlling software behavior based on least privilege principle | |
| AU2007263406A1 (en) | A system and method for secured data communication in computer networks by phantom connectivity | |
| EP3192226B1 (en) | Device and method for controlling a communication network | |
| CN112714137A (en) | Method for deploying honey nets across vlan in large scale based on virtual switching | |
| CN102710651A (en) | Control method for cross-network video session | |
| CN101034976A (en) | Intrusion detection in an ip connected security system | |
| CN109976926A (en) | Method, circuit, terminal and the storage medium of protection BMC renewal process are restarted in a kind of shielding | |
| CN1561030A (en) | Physical buffer card of network safety | |
| CN104580744A (en) | Terminal and control method and device thereof | |
| CN2681467Y (en) | A physical isolator for network safety | |
| CN1738253A (en) | Computer network connection real-time on-off controlling system | |
| CN108134792B (en) | Method for defending network virus attack in computer system based on virtualization technology | |
| US20050076236A1 (en) | Method and system for responding to network intrusions | |
| CN111093125B (en) | Method, device and storage medium for realizing trunk optical fiber protection of optical line terminal | |
| CN2785015Y (en) | Network safe system based on NC system | |
| CN111131280A (en) | Internal and external network isolation system | |
| CN116566752A (en) | Safety drainage system, cloud host and safety drainage method | |
| CN114448888B (en) | Financial network mimicry routing method and device | |
| CN115981274A (en) | Safety protection system of industrial control system | |
| CN101909021A (en) | BGP (Border Gateway Protocol) gateway equipment and method for realizing gateway on-off function by utilizing equipment | |
| CN100362793C (en) | Physic separated controlling circuit and computer system of physic separated network | |
| CN1400540A (en) | Control method of network connection and separation | |
| CN103856529A (en) | Method, device and system for locking screen |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |