CN201022198Y - Network secure system based on PCI-E communication technology - Google Patents
Network secure system based on PCI-E communication technology Download PDFInfo
- Publication number
- CN201022198Y CN201022198Y CNU2007200065228U CN200720006522U CN201022198Y CN 201022198 Y CN201022198 Y CN 201022198Y CN U2007200065228 U CNU2007200065228 U CN U2007200065228U CN 200720006522 U CN200720006522 U CN 200720006522U CN 201022198 Y CN201022198 Y CN 201022198Y
- Authority
- CN
- China
- Prior art keywords
- network
- hub
- hard disk
- intranet
- pci
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
Abstract
The utility model relates to a networkwork safety system, in particular to a networkwork safety system basing on a PCI-E communication technique. The utility model is composed of a computer main board, an intranet hard disk, an internet hard disk and an isolation card, which support the PCI-E communication technique. The intranet hard disk and the internet hard disk are connected with the computer main board in manner of the PCI-E interface by the isolation board. A physical isolation system basing on the PCI-E communication technique physically isolates a secret-involved networkwork and a public networkwork for preventing the external hack attack and the virus attack to the intranet . The utility model achieves the information safety strategy of sharing the information which could be shared and protecting the information which should be protected and saves 75 percent of the cost, which solves the manpower and the resources investment problems for isolating the intranet and the internet and saves the networkwork modification cost of a hundred million yuan for the government, the finance department, the enterprise and or the like.
Description
[technical field]
The utility model relates to a kind of network safety system, particularly relates to a kind of network safety system based on the PCI-E mechanics of communication.
[background technology]
When system and Internet or the interconnection of common computer net, be in complete exposed state, though can install fire compartment wall additional at its edge network, but can not stop the hacking technique of becoming stronger day by day, very easily be subjected to the malicious attack from Internet or function computer network, system is extremely dangerous.
Can the control mode of hard disk be classified according to physical isolation card and computer communication modes, network layout mode.(1) manual switchover mode: i.e. direct-cut operation.Its maximum characteristics are to need not install software.Intranet and extranet just show by the indicator light on the hand switch or its button.It is superseded that such isolation card has been tending towards on market.(2) serial communication mode: it is by software control, realizes the switching of computer network state.The communication modes of isolation card and computer is realized by serial ports.Its maximum characteristics, intelligent high, can monitor out current network state automatically, and friendly interface, easy to use, also have functions such as floppy disk, CD prompting.It is superseded that such isolation card also has been tending towards on market.(3) pci interface mode: it is by software control, realizes computer inner-external network network status detection and switching, and the characteristics of comparing its maximum with the serial communication mode are to have saved limited serial port resource.Its main performance: support external equipment, maximum data transfer rate 133MB/S, and can discern external equipment automatically.Comparatively general on such isolation card market.
The pci bus technology begins to use so far 14 years from phase early 1990s, does not have the development of essence therebetween, and processor is at each mole in the cycle, and performance just doubles.Asynchronous in the technical development makes pci bus become the bottleneck of whole system gradually.Though the pci bus technology is still main flow so far, with regard to its essence, it can not adapt to already.High performance graphic chips was separated from pci bus with regard to first before 7 years, formed independent a kind of bussing technique---AGP.Along with RAID array, Gigabit Ethernet and the appearance of other high bandwidth devices in the consumer level system, the bandwidth of PCI obviously can not satisfy the needs of these application, can not be along with the reduction of the raising of dominant frequency or voltage and adjust transmission rate flexibly, the synchronised clock transfer of data is limited by single rising edge, the signal routing rule is subjected to too much etc. the restriction of FR4 technology, interface pin, and more high bandwidth, a general I/O bus are all set up in all these restrictions.
[utility model content]
The technical problem that the utility model solved is to provide a kind of network safety system based on PCI-E mechanics of communication malicious attack, that have better fail safe that is not vulnerable to from the Internet or common computer net.
The utility model solves above-mentioned technical problem by the following technical programs:
The utility model is a kind of network safety system based on the PCI-E mechanics of communication, and it mainly is made up of computer motherboard, Intranet hard disk, outer net hard disk, the isolation card of supporting the PCI-E mechanics of communication; Described Intranet hard disk, outer net hard disk are connected to computer motherboard by isolation card with the PCI-E interface mode.
The utility model also comprises MODEM (unit/terminal modulator-demodulator), outer network server; Described outer net hard disk is connected with outer network server by MODEM (unit/terminal modulator-demodulator).
The utility model also comprises interior network server, Intranet HUB (hub), outer network server, outer net HUB (hub); The Intranet hard disk by Intranet HUB (hub) be connected with interior network server, the outer net hard disk passes through outer net HUB (hub) and is connected with outer network server.
The utility model also comprises interior network server, Intranet HUB (hub), outer network server, outer net HUB (hub), network security isolation selector; Intranet hard disk, outer net hard disk connect network security by isolation card and isolate selector, and network security is isolated selector and is connected with interior network server by Intranet HUB (hub) respectively, is connected with outer network server by outer net HUB (hub).
After adopting above technical scheme, owing to adopt the power supply control mode that it is controlled, by cutting off the conversion that the hard disk power supply is realized the intranet and extranet hard disk.When starting Intranet (outer net), start Intranet (outer net) power supply, close outer net (Intranet) power supply simultaneously, just can only use single network so in use, and another network is in closed condition completely.Isolation card adopts most effective PCI-E interface mode to carry out communication with computer.Physical isolation system based on the PCI-E communication apparatus; from physically isolating classified network and public network; avoided in-house network to suffer the attack of outside hacker, virus; reached the information security policy of " this shared will sharing; also will protecting of this protection "; can save 75% for solving the man power and material that the intranet and extranet isolation drops into, save the network rebuilding input of more than one hundred million units for units such as government, finance, enterprises.
[description of drawings]
In conjunction with the embodiments the utility model is described in further detail with reference to the accompanying drawings.
Figure 1A is the structural representation of first embodiment of the utility model.
Figure 1B is the structured flowchart of first embodiment of the utility model.
Fig. 2 is the structural representation of second embodiment of the utility model.
Fig. 3 A is the structural representation of the 3rd embodiment of the utility model.
Fig. 3 B is the structured flowchart of the 3rd embodiment of the utility model.
[embodiment]
Operation principle of the present utility model:
Adopt two hard disk schemes: be meant two hard disks are installed on a computer, switching by power supply realizes, when needs use Intranet, start corresponding in-house network hard disk (the outer net hard disk cuts out), connecting corresponding inner netting twine simultaneously connects or is not connected with network, when needs use extranets, start corresponding extranets hard disk (the Intranet hard disk cuts out), connect corresponding outside netting twine simultaneously and connect.From above principle obviously as can be known, for safety from physically segregate internal network and external network, after in-house network (extranets) starts, make the employed hard disk of in-house network (extranets) be connected, and the disconnection of the power supply of extranets (in-house network) make it must use fully with network.So just realize at times employing in-house network or extranets in a PCI-E communication technology system, thereby really realized isolation physically.
Figure 1A, Figure 1B are first embodiment of the present utility model (unit solutions).
Present embodiment mainly is made up of computer motherboard 1, Intranet hard disk 2, outer net hard disk 3, the isolation card 4 of supporting the PCI-E mechanics of communication.
Network carries out the isolation card 4 that physics cuts off and is arranged between Intranet hard disk 2 and the outer net hard disk 3 during described being used for, and Intranet hard disk 2 is connected isolation card 4 respectively with outer net hard disk 3, and isolation card 4 is passed through PCI-E interface mode connection computer motherboard 1.Computer motherboard 1 connects the Internet 6 or other public network by MODEM (unit/terminal modulator-demodulator) 5.
Present embodiment work engineering:
By isolation card 4 controls, computer motherboard 1 can't be got in touch by Modem5 and external network under interior net state, internal hard drive 2 powers up and starts and outside hard disk 3 is in the line weak point that the state (completely not up state) of outage connects network simultaneously and opens, when wanting to connect as external network, the outside hard disk 3 of internal hard drive 2 outage (completely not up state) powers up startup, and network connectivity is opened with outer net and carried out communication simultaneously.Therefore the safety of the internal hard drive 2 of depositing classified information under in working order is guaranteed.Unit safety physical isolation solution can satisfy the requirement that unit or personal user's unit dial up on the telephone.
Fig. 2 is second embodiment of the utility model, is a kind of pair of net solution (two netting twine).
The main terminal system 1A of this enforcement side (comprising computer motherboard, Intranet hard disk, outer net hard disk), isolation card 4A, network security are isolated selection 5A, interior network server 6A, Intranet HUB (hub) 7A, outer network server 8A, outer net HUB (hub) 9A composition.
The described network that is used for carries out isolation card 4 that physics cuts off and is arranged between workstation1 A and the network security isolation selector 5A.The internal hard drive (not shown) is isolated selector 5A, Intranet HUB (hub) 7A through isolation card 4A, network security and is connected with interior network server 6A, the outer net hard disk through isolation card 4A, network security isolation selector 5A, outer net HUB (hub) 9A with outside network server 8A be connected.
The course of work of present embodiment:
Realize the physical isolation of inner concerning security matters network and Internet or other public networks, have the user under the situation of two cover LAN, should adopt two wire structures, install network security separate card additional in terminal system, network is carried out physical isolation, and each network has separately independently server, HUB (hub) and network transmission line.Internal hard drive links to each other with internal network, outside hard disk links to each other with the Internet, outside hard disk outage (can not use) disconnects with the Internet when internal hard drive powers up startup, at this moment the user is connected with HUB and can only carries out communication with the internal network user, when outside hard disk powers up startup, internal hard drive outage (can not use) links to each other with the Internet simultaneously and inner HUB (hub) disconnection, at this moment the user can not with the internal network communication, can carry out communication with the external interconnect net.Used network security physical isolation selector in this scheme, it has the function of exchange and safety selection, and the safety of supporting the two netting twine transfer of data of single netting twine mainly to carry out isolation card is selected.When the user need connect two different networks, such as LAN and Internet, this will cause the network facilities that repeats, perhaps the user is on existing network configuration as need connect a net again, also can need whole structure of modification is installed, this all can cause very big extra cost, hard work and a large amount of time.And as auxiliary products of network security separate card, it will be a perfect settling mode, this will save extra wiring, and can use existing wall scroll Ethernet/Fast Ethernet, the user security ground that network security separate card is housed is connected to two different networks from desktop get on.On the work station that network security separate card has been installed, in fact exist place of safety and public area two states, when work station by network security when selector connects intranet and extranet, when being in common condition, work station says, can only connect extranets, and when being in a safe condition, then can only connect in-house network.
Fig. 3 A, Fig. 3 B are the 3rd embodiment of the utility model, and it is a kind of pair of net solution (single netting twine).
This enforcement side mainly is made up of computer motherboard 1B, Intranet hard disk 2B, outer net hard disk 3B, isolation card 4B, network security isolation selector 5B, interior network server 6B, Intranet HUB (hub) 7B, outer network server 8B, outer net HUB (hub) 9B.
Describedly be used for that network is carried out the isolation card 4B that physics cuts off and be arranged between Intranet hard disk 2B and the outer net hard disk 3B.Intranet hard disk 2B is connected isolation card 4B respectively with outer net hard disk 3B, and isolation card 4B connects computer motherboard 1B by the PCI-E interface mode.Intranet hard disk 2B isolates selector 5B, Intranet HUB (hub) 7B through isolation card 4B, network security and is connected with interior network server 6B, the outer net hard disk through isolation card 4B, network security isolation selector 5B, outer net HUB (hub) 9B with outside network server 8B be connected.
The course of work of present embodiment:
For realizing the physical isolation of inner concerning security matters network and Internet or other public networks, have only the user under the situation of single wire structures, install Zeus's shield network security selector and Zeus's shield network security separate card additional in terminal system, isolation card realizes network is carried out complete physical isolation by the single wire structures of the circuit selection function utilization of selector, and each network has separately independently server, HUB (hub) and network transmission line.Network selector is connected into Intranet on one side as shown in the figure, being connected into outer net on one side switches network, when will visit Intranet, Intranet hard disk power initiation, the outer net hard disk is in the buttoned-up status, netting twine of terminal PC system use and network selector link to each other and are connected with internal network automatically, disconnect with external network, have so just stopped the malicious attack from external network.
It is that a standard is repaired panel that network security is isolated selector, supports 8 or 24 end-user workstations.This equipment can not be considered as ethernet device, and it can be ignored to weakening of ethernet signal.Being connected in network cable between existing HUB (hub) switch and the LAN isolates selector (control Ethernet/Fast Ethernet) by network security and carries out winding displacement.Increase " super band " DC (constant current) voltage signal at electric wire (TX and RX to) and can control two switchings between heterogeneous networks reliably.Which network is the polarity of signal can measure is connected with work station by network security isolation selector.Network security is isolated selector and is erased the DC element, and the network port is presented on " back side " with IEEE802.3 signal clear, standard.If do not detect the DC electric current, two networks all can all be cut off, and the work station that has reduced the place of safety is like this connected the risk that goes up unfiled network mistakenly.This network security is isolated being provided with of selector and is allowed the user successfully to carry out extra network work, has avoided laying to desktop the arguement of new cable.All affiliated facilities are connected on the maincenter of communication machine box and back.In addition, it is that full impregnated is bright that network security is isolated the selector operation, need not maintenance, and to the standard traffic of Ethernet/Fast Ethernet without any influence.Those seek to provide Internet to connect to their user to the high mechanism of safety requirements on the one hand, guarantee the safety of internal data on the other hand.Like this, these mechanisms only need installation data protector in desktop workstations, add common commercial Internet visit solution then and get final product.
Physical isolation system based on the PCI-E communication apparatus; from physically isolating classified network and public network; avoided in-house network to suffer the attack of outside hacker, virus; reached the information security policy of " this shared will sharing; also will protecting of this protection "; can save 75% for solving the man power and material that the intranet and extranet isolation drops into, save the network rebuilding input of more than one hundred million units for units such as government, finance, enterprises.
Claims (4)
1. network safety system based on the PCI-E mechanics of communication is characterized in that: it mainly is made up of computer motherboard, Intranet hard disk, outer net hard disk, the isolation card of supporting the PCI-E mechanics of communication; Described Intranet hard disk, outer net hard disk are connected to computer motherboard by isolation card with the PCI-E interface mode.
2. a kind of network safety system based on the PCI-E mechanics of communication according to claim 1 is characterized in that: also comprise MODEM (unit/terminal modulator-demodulator), outer network server; Described outer net hard disk is connected with outer network server by MODEM (unit/terminal modulator-demodulator).
3. a kind of network safety system based on the PCI-E mechanics of communication according to claim 1 is characterized in that: also comprise interior network server, Intranet HUB (hub), outer network server, outer net HUB (hub); The Intranet hard disk by Intranet HUB (hub) be connected with interior network server, the outer net hard disk passes through outer net HUB (hub) and is connected with outer network server.
4. a kind of network safety system based on the PCI-E mechanics of communication according to claim 1 is characterized in that: also comprise interior network server, Intranet HUB (hub), outer network server, outer net HUB (hub), network security isolation selector; Intranet hard disk, outer net hard disk connect network security by isolation card and isolate selector, and network security is isolated selector and is connected with interior network server by Intranet HUB (hub) respectively, is connected with outer network server by outer net HUB (hub).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNU2007200065228U CN201022198Y (en) | 2007-03-14 | 2007-03-14 | Network secure system based on PCI-E communication technology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNU2007200065228U CN201022198Y (en) | 2007-03-14 | 2007-03-14 | Network secure system based on PCI-E communication technology |
Publications (1)
Publication Number | Publication Date |
---|---|
CN201022198Y true CN201022198Y (en) | 2008-02-13 |
Family
ID=39089614
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNU2007200065228U Expired - Lifetime CN201022198Y (en) | 2007-03-14 | 2007-03-14 | Network secure system based on PCI-E communication technology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN201022198Y (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104506890A (en) * | 2014-12-31 | 2015-04-08 | 成都东方盛行电子有限责任公司 | Audio/video data transmission method based on PCI-E (peripheral component interconnect-express) standard |
-
2007
- 2007-03-14 CN CNU2007200065228U patent/CN201022198Y/en not_active Expired - Lifetime
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104506890A (en) * | 2014-12-31 | 2015-04-08 | 成都东方盛行电子有限责任公司 | Audio/video data transmission method based on PCI-E (peripheral component interconnect-express) standard |
CN104506890B (en) * | 2014-12-31 | 2018-06-05 | 成都东方盛行电子有限责任公司 | A kind of audio/video data transmission method based on PCI-E standard |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN202939611U (en) | Internal and external network physical isolation computer host machine | |
CN103094793A (en) | Smart card connecting circuit for electronic equipment and electronic equipment | |
CN105514949A (en) | Solid state power controller with latent flux prevention function and control method | |
CN101888284A (en) | Method and device used for one-way transmission of data | |
CN106445182B (en) | Key mouse screen safety switching and isolating method suitable for dual-computer environment | |
CN2785015Y (en) | Network safe system based on NC system | |
CN202042898U (en) | Program controlled bypass protection circuit of network equipment | |
CN201022198Y (en) | Network secure system based on PCI-E communication technology | |
CN1738253A (en) | Computer network connection real-time on-off controlling system | |
CN203352595U (en) | Bypass device and network system | |
CN201274050Y (en) | Network safety system based on USB communication interface technique | |
CN2907103Y (en) | Dual-network electronic switch | |
CN111131280A (en) | Internal and external network isolation system | |
CN110838877A (en) | One-way data transmission equipment of visible light | |
CN201274481Y (en) | Network security system based on giga-byte optical fiber interface | |
CN102045600A (en) | Link protection method and device of Ethernet accessed to SDH (Synchronous Digital Hierarchy) optical network | |
CN202940836U (en) | Network switching device | |
WO2003009118A2 (en) | Computer multiplexor | |
CN111435784A (en) | Alternating current and direct current protection system and protection action outlet speed increasing method | |
CN201821164U (en) | Automatic intelligent terminal device for distribution network | |
CN202231736U (en) | Ethernet switch | |
CN101800649A (en) | Physical isolation card | |
CN210629540U (en) | Safety isolation control computer system | |
CN107480082A (en) | A kind of server serial ports output intent and structure | |
CN203406889U (en) | Internet access BYPASS system capable of setting equipment fault flexibly when power is down |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of utility model: Network security system based on PCI-E communication technology Effective date of registration: 20160113 Granted publication date: 20080213 Pledgee: Fuzhou Fujian rural commercial bank Limited by Share Ltd Pledgor: FUZHOU ZHUOSIDUN INFORMATION TECHNOLOGY CO., LTD. Registration number: 2016350000003 |
|
PLDC | Enforcement, change and cancellation of contracts on pledge of patent right or utility model | ||
CX01 | Expiry of patent term |
Granted publication date: 20080213 |
|
CX01 | Expiry of patent term |