CN1905460A - Higher quarantine network system - Google Patents
Higher quarantine network system Download PDFInfo
- Publication number
- CN1905460A CN1905460A CN 200510028301 CN200510028301A CN1905460A CN 1905460 A CN1905460 A CN 1905460A CN 200510028301 CN200510028301 CN 200510028301 CN 200510028301 A CN200510028301 A CN 200510028301A CN 1905460 A CN1905460 A CN 1905460A
- Authority
- CN
- China
- Prior art keywords
- network system
- intranet
- user
- quarantine network
- outer net
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an advanced isolation region network system, located between user intranet and extranet and comprising in order: firewall, safely and selectively isolating inter-access between user intranet and extranet; core switcher, switching data between intranet and extranet for quick and stable data transmission; load balancing equipment, reasonably allocating network bandwidth and making priority allocation on data flow; anti-virus software server, making domain resolution and filtration on use requested websites and making virus detection and filtration. And the firewall adopts two firewall devices which are hot backups for each other. And the core switcher adopts two switchers which are backups for each other, and the two switchers are each provided with two optical fiber modules and interconnected through a gigabit optical fiber.
Description
Technical field
The present invention relates to a kind of network safety system, particularly relate to a kind of higher quarantine network system.
Background technology
Between present user's internal network (being called for short " Intranet ") and the external network (being called for short " outer net ") generally all is simply to be equipped with anti-virus software at user side, can simply prevent the invasion of some viruses like this, in case but poisoning intrusion, then whole user network then is limited to paralysis.And some company is in order to limit employee's the claim to the visit of outer net, and needs to be equipped with relevant fire compartment wall, but the problem that outer net can not be visited Intranet can occur again after installing.
Summary of the invention
The technical problem that the present invention solves has provided a kind of higher quarantine network system, the safety issue of the internal network that it can effectively solve company during with the external network exchanging visit.
In order to solve above technical problem, the invention provides a kind of higher quarantine network system, it and comprises between user's Intranet and outer net successively: fire compartment wall is used for anti-each other the asking between user's Intranet and the outer net carried out safely, selectively isolated; Core switch is used to exchange from Intranet after handling through described fire compartment wall and data from outer net; Load-balancing device is used for the bandwidth of network is rationalized distribution, carries out priority assignment for the data traffic after described core switch exchange; The anti-virus software server is positioned at the lower end of described load-balancing device, be used for that the access websites of user's request is carried out domain name mapping and filter, and the detection of virus is filtered.
Described fire compartment wall adopts two firewall boxs, and Hot Spare each other.
Described core switch is two switches of employing and backups each other that described two switches dispose two optic modules respectively, and connects with a kilomega optic fiber.
Because higher quarantine network system of the present invention, two fire compartment walls of Hot Spare have each other been adopted, in two fire compartment walls, pass through tight access control policy, the tight control of safety the access request of the client in the customer network to outer net, and Intranet is to the issue of outer net, guaranteeing safety of data transmission between client's internal network and external network, and between two equipment by two-shipper Hot Spare each other, make whole network environment safer, stable; And core switch of the present invention is two switches of employing and backups each other, these two switches dispose two optic modules respectively in addition, and connect with kilomega optic fiber, set up high-speed link, it makes quick, the stable transmission of data traffic between client's Intranet and the outer net, by the distribution that load-balancing device rationalizes the bandwidth of network, carry out priority assignment for data traffic.The anti-virus software server has carried out filtration and control and management to the INTERNET access request of client, has accelerated the disposal ability of system, has strengthened the stable of system self; And the key position in system adopts two-node cluster hot backup, guarantees the high stability of operation.
Description of drawings
Below in conjunction with the drawings and specific embodiments, the present invention is further elaborated.
Fig. 1 is a flow chart of the present invention;
Fig. 2 is the present invention's schematic diagram in kind.
Embodiment
Fig. 1 is a flow chart of the present invention.When user's Intranet inserts by switch (can select the switch of the catalyst model of Cisco company here) and router (can select the router of Cisco company here), and when the Internet access request is arranged, at first earlier user's request is reached two fire compartment walls 2 of Hot Spare each other, the ground floor of the security strategy by fire compartment wall 2 filters, see whether it belongs to rational Internet access request, whether mainly be to see whether it has access rights rationally, be mainly used in the user capture outer net that does not have the open visit authority in the restriction Intranet, if belong to irrational request, system is with denied access, if the reasonable request that belongs to, then will ask to reach two load-balancing devices 3 by two core switch 1 (can select the switch of the WS-C3550-48-SMI model of Cisco company here), access request was carried out rational allocated bandwidth when this load-balancing device 3 can be measured the large user, and then reach Proxy server 4 by this equipment, by this server 4 legitimacy of this user request of surfing the Net is examined, rationally then reached anti-virus software server 5 as this request, this anti-virus software server 5 carries out that this user is sent the access websites of asking of surfing the Net and carries out the domain name mapping filtration, and the detection of virus is filtered, be not inconsistent with security strategy as finding, then system can send the warning picture very first time to user side, as then being forwarded to two fire compartment walls 2 again by filtering to detect, by tight security strategy client's access request is carried out again safety filtering, it is legal still to be considered as this visit, could final visit outlet visit outer net through Internet.
Fig. 2 is a schematic diagram in kind of the present invention.It mainly contains two core switch 1, two fire compartment walls 2, two load balancing 3, four Proxy servers 4, four anti-virus software servers 5 are formed.
It is the switch of WS-C3550-48-SMI that core switch 1 can be selected two Cisco company models, backup each other as two core switch 1, and disposing two Cisco company models respectively is the optic module of WS-G5484, between two core switch 1, connect, set up the high-speed link of 1G with a kilomega optic fiber.
The selection of fire compartment wall 2, can adopt the fire compartment wall of the PIX525 model of two Cisco companies, in two fire compartment walls 2 by tight access control policy, the control that safety is tight the access request of client in the customer network to outer net, and Intranet is to the issue of outer net.To guarantee safety of data transmission between client's internal network and external network.And pass through two-shipper Hot Spare each other between two equipment, whole network environment is safer, stable.
Load balancing 3 then can adopt the load-balancing device of the CSS11503 model of two Cisco companies, by the distribution that load-balancing device rationalizes the bandwidth of network, carries out priority assignment for data traffic.
Maintenance monitoring about system environments, adopted the name of Hewlett-Packard Corporation to be called the monitoring software of OVO, it can be monitored in real time to all relevant devices (comprising the network equipment and associated server), in case relevant device or data communication break down, the maintenance centre will obtain reporting to the police the very first time, and correlation engineering teacher will carry out correspondence at the fault that occurs in the very first time, and troubleshooting.
Claims (5)
1, a kind of higher quarantine network system is characterized in that, it and comprises between user's Intranet and outer net successively:
Fire compartment wall is used for anti-each other the asking between user's Intranet and the outer net carried out safely, selectively isolated;
Core switch is used to exchange from Intranet after handling through described fire compartment wall and data from outer net;
Load-balancing device is used for the bandwidth of network is rationalized distribution, carries out priority assignment for the data traffic after described core switch exchange;
The anti-virus software server is positioned at the lower end of described load-balancing device, be used for that the access websites of user's request is carried out domain name mapping and filter, and the detection of virus is filtered.
2, higher quarantine network system as claimed in claim 1 is characterized in that, described fire compartment wall adopts two firewall boxs, and Hot Spare each other.
3, higher quarantine network system as claimed in claim 1, it is characterized in that, described switch is to adopt two switches as spine switches and backup each other, and described two switches dispose two optic modules respectively, and with a kilomega optic fiber connection.
4, higher quarantine network system as claimed in claim 1 is characterized in that, also places client server or forum in system.
5, higher quarantine network system as claimed in claim 1 is characterized in that, it also comprises monitoring software, carries out to be used for monitoring all relevant devices in real time, in case relevant device or data communication break down, will send alert notice.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510028301 CN1905460A (en) | 2005-07-29 | 2005-07-29 | Higher quarantine network system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510028301 CN1905460A (en) | 2005-07-29 | 2005-07-29 | Higher quarantine network system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1905460A true CN1905460A (en) | 2007-01-31 |
Family
ID=37674597
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200510028301 Pending CN1905460A (en) | 2005-07-29 | 2005-07-29 | Higher quarantine network system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1905460A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010000146A1 (en) * | 2008-07-04 | 2010-01-07 | 成都市华为赛门铁克科技有限公司 | Method, firewalls and network system for realizing information backup |
| CN101286871B (en) * | 2008-05-22 | 2010-12-01 | 上海交通大学 | Isolation system configuring method based on digital certificate and security protocol |
| CN102075458A (en) * | 2010-08-25 | 2011-05-25 | 上海神计信息系统工程有限公司 | Instant messaging data ferrying transmitter and transmission method between two physically isolated networks |
| CN103198254A (en) * | 2012-01-10 | 2013-07-10 | 国际商业机器公司 | Storage device with internalized anti-virus protection |
| CN104639499A (en) * | 2013-11-06 | 2015-05-20 | 中国移动通信集团广东有限公司 | Firewall monitoring method, firewall monitoring device and network management platform |
| CN105430009A (en) * | 2015-12-25 | 2016-03-23 | 北京奇虎科技有限公司 | Network access method, terminal and gateway server |
| CN108512687A (en) * | 2017-05-18 | 2018-09-07 | 苏州纯青智能科技有限公司 | A kind of integrated network office system |
| CN109714397A (en) * | 2018-12-11 | 2019-05-03 | 北京数盾信息科技有限公司 | Internet proxy server management system |
| CN109743197A (en) * | 2018-12-24 | 2019-05-10 | 中信百信银行股份有限公司 | A kind of firewall deployment system and method based on priority configuration |
| CN111953808A (en) * | 2020-07-31 | 2020-11-17 | 上海燕汐软件信息科技有限公司 | Data transmission switching method of dual-machine dual-active architecture and architecture construction system |
| WO2021147305A1 (en) * | 2020-01-22 | 2021-07-29 | 中国银联股份有限公司 | System and method used to assemble dmz |
-
2005
- 2005-07-29 CN CN 200510028301 patent/CN1905460A/en active Pending
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101286871B (en) * | 2008-05-22 | 2010-12-01 | 上海交通大学 | Isolation system configuring method based on digital certificate and security protocol |
| WO2010000146A1 (en) * | 2008-07-04 | 2010-01-07 | 成都市华为赛门铁克科技有限公司 | Method, firewalls and network system for realizing information backup |
| CN102075458A (en) * | 2010-08-25 | 2011-05-25 | 上海神计信息系统工程有限公司 | Instant messaging data ferrying transmitter and transmission method between two physically isolated networks |
| CN102075458B (en) * | 2010-08-25 | 2012-11-21 | 上海神计信息系统工程有限公司 | Instant messaging data ferrying transmitter and transmission method between two physically isolated networks |
| CN103198254B (en) * | 2012-01-10 | 2016-06-22 | 国际商业机器公司 | System and method for anti-virus protection |
| CN103198254A (en) * | 2012-01-10 | 2013-07-10 | 国际商业机器公司 | Storage device with internalized anti-virus protection |
| CN104639499B (en) * | 2013-11-06 | 2018-05-22 | 中国移动通信集团广东有限公司 | A kind of fire wall monitoring method, device and network management platform |
| CN104639499A (en) * | 2013-11-06 | 2015-05-20 | 中国移动通信集团广东有限公司 | Firewall monitoring method, firewall monitoring device and network management platform |
| CN105430009A (en) * | 2015-12-25 | 2016-03-23 | 北京奇虎科技有限公司 | Network access method, terminal and gateway server |
| CN105430009B (en) * | 2015-12-25 | 2019-03-08 | 北京奇虎科技有限公司 | A kind of Network Access Method, terminal and gateway server |
| CN108512687A (en) * | 2017-05-18 | 2018-09-07 | 苏州纯青智能科技有限公司 | A kind of integrated network office system |
| CN109714397A (en) * | 2018-12-11 | 2019-05-03 | 北京数盾信息科技有限公司 | Internet proxy server management system |
| CN109743197A (en) * | 2018-12-24 | 2019-05-10 | 中信百信银行股份有限公司 | A kind of firewall deployment system and method based on priority configuration |
| CN109743197B (en) * | 2018-12-24 | 2022-07-01 | 中信百信银行股份有限公司 | Firewall deployment system and method based on priority configuration |
| WO2021147305A1 (en) * | 2020-01-22 | 2021-07-29 | 中国银联股份有限公司 | System and method used to assemble dmz |
| TWI818187B (en) * | 2020-01-22 | 2023-10-11 | 大陸商中國銀聯股份有限公司 | A system for forming a demilitarized zone (dmz) |
| CN111953808A (en) * | 2020-07-31 | 2020-11-17 | 上海燕汐软件信息科技有限公司 | Data transmission switching method of dual-machine dual-active architecture and architecture construction system |
| CN111953808B (en) * | 2020-07-31 | 2023-08-15 | 上海燕汐软件信息科技有限公司 | Data transmission switching method of dual-machine dual-activity architecture and architecture construction system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1905460A (en) | Higher quarantine network system | |
| CN100592680C (en) | A device and method for secure information joint processing | |
| CN109558366A (en) | A kind of firewall based on multiple processor structure | |
| CN110426971B (en) | Rail transit control network data acquisition and management method and system | |
| CN112468592B (en) | Terminal online state detection method and system based on electric power information acquisition | |
| CN105306622A (en) | Cloud network convergence domain name analysis system and DNS service method thereof | |
| CN114553537A (en) | Abnormal flow monitoring method and system for industrial Internet | |
| CN101034976A (en) | Intrusion detection in an ip connected security system | |
| CN102035895A (en) | Web site supervision method based on HTTP (hypertext transfer protocol) analysis | |
| CN117376989A (en) | Wireless network resource management system capable of accessing network on line | |
| CN1309208C (en) | Network safety system of computer network and controlling method thereof | |
| CN111262815A (en) | Virtual host management system | |
| CN117319064A (en) | Network space safety management and control system based on trusted computing | |
| CN110417725B (en) | Multi-layer cooperative defense model suitable for source network load control private network | |
| CN110971467A (en) | Network centralized management system | |
| US10574659B2 (en) | Network security management system | |
| RU2675900C1 (en) | METHOD OF PROTECTING NODES OF VIRTUAL PRIVATE COMMUNICATION NETWORK FROM DDoS-ATTACKS WITH METHOD OF MANAGING QUANTITY OF RENDERED COMMUNICATION SERVICES TO SUBSCRIBERS | |
| CN1175350C (en) | Host computer performance monitoring and automatic reacting system | |
| CN114389991B (en) | Intelligent network flow scheduling management method and device | |
| CN109120647A (en) | A kind of security exchange system | |
| KR102160537B1 (en) | Digital substation with smart gateway | |
| KR102145421B1 (en) | Digital substation with smart gateway | |
| KR100541742B1 (en) | A system for controlling communication and a method thereof | |
| CN212935935U (en) | Network security front-end processing device of urban rail transit comprehensive monitoring system | |
| Jin et al. | Study on Security Protection Technology of Multi-Network Integration |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |