CN201403104Y - Network fixation safety isolation and data exchange system - Google Patents
Network fixation safety isolation and data exchange system Download PDFInfo
- Publication number
- CN201403104Y CN201403104Y CN2009201376562U CN200920137656U CN201403104Y CN 201403104 Y CN201403104 Y CN 201403104Y CN 2009201376562 U CN2009201376562 U CN 2009201376562U CN 200920137656 U CN200920137656 U CN 200920137656U CN 201403104 Y CN201403104 Y CN 201403104Y
- Authority
- CN
- China
- Prior art keywords
- data
- net
- port
- hardware
- outside
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The utility model discloses a network fixation safety isolation and data exchange system, wherein an inner/outer net double-machine banked port and an inner/outer net standby port are connected with aprocessor, the processor is further connected with a COM port, an inner/outer management port, a hardware isolating card and a data memory, the data memory is connected with the hardware isolating card, an IDE port is arranged between the data memory and the hardware isolating card, the hardware isolating card is further connected with an inner/outer network port, an ATX interface is arranged between the processor and a power supply, an internal memory slot is arranged between the processor and an internal memory, and a PCI slot is arranged between the processor and the hardware isolating card. The network fixation safety isolation and data exchange system realizes cushioning area internal memory mapping function of an inner and outer net host machine module through an exclusive hardwareisolating exchange card, and data of assigned areas are copied to corresponding areas, thereby finishing the exchange of data. A safety chip is embedded in the hardware isolating exchange card, whichcan fully satisfy the requirements of high-speed data exchange. The network fixation safety isolation and data exchange system can guarantee that no data packs are exchanged between a credible net and an incredible net, and no network connection is built.
Description
Technical field
The utility model relates to a kind of LAN information safety field, particularly a kind of internetwork data isolation and security exchange system at different level of securitys.
Background technology
Along with information technology in fields such as army, military enterprise, government, enterprises more and more widely, deep application, the electronic information technology of developing by leaps and bounds is when bringing the repayment of high efficiency service management revolution and great number business performance to every profession and trade, various violation crimes by means of computer information system are also risen year by year, take precautions against scientific and technological risk and computer crime and are faced with severe challenge.Inside threat is meant the validated user of system or the administrative staff of system because misoperation or deliberately in violation of rules and regulations, utilize behaviors such as system defect, rogue attacks, cause the system failure, service error, data tampering and leakage, assets impaired.Traditional safety product can satisfy the needs of our protected data and network security in a different manner, but can not solve the secure exchange problem of information between network fully, because various safe practice all has its limitation.For protecting the safety of important built-in system; in January, 2000; " computer information system Internet security management regulation " implemented in National Administration for the Protection of State Secrets's issue; explicitly call for: " computer information system that relates to state secret; must not link to each other with Internet or other public information networks directly or indirectly must be carried out physical isolation." 2002 No. 17 file of General Office of the CPC Central Committee " national IT application leading group is about China's e-government development instruction " also clearly emphasize: " physical isolation between government affairs Intranet and the government affairs outer net, logic isolation between government affairs outer net and the Internet.”
Increasing government and enterprise be in order to strengthen self external service quality and inner operating efficiency, and the quickening of E-Government and IT application in enterprises process all impels them to set up external Internet to be connected etc. in addition.But losing of the sensitive data that when offering convenience, also causes the visit of assault, unauthorized user and cause.In old way is information such as these E-Government to be placed on be connected to an independent network on the independent server, and this network is directly not to be connected with the network of outside.
In the process of office automation, the exchange of file is a very common but very important process, and because the certain situation that the occurs process at swap file that makes returns back to manual intervention, promptly regularly wanting data updated to pass through third party's storage media replication in objective network.But the data of a magnanimity have been reached along with the exchanges data between the different network of the expansion of IT application in enterprises scale, can not satisfy the requirement of work by manual intervention, and artificial intervention causes error easily, and inefficiency in the process of swap data and hysteresis, cause the pause of work to lose even thus.So this mode more and more can not satisfy user's requirement.
The utility model content
At the deficiencies in the prior art part, the utility model provides full isolation in a kind of net Guan County and data exchange system, and the exchange that it can guarantee not have between trusted networks and the untrusted net packet does not have the network establishment of connection.
For achieving the above object, technical solutions of the utility model are:
Net Guan County is complete to be isolated and data exchange system, and it is by an inside/outside net two-node cluster hot backup mouth and an inside/outside net standby port connection processing device, and processor also is connected with a com port, inside/outside management mouth, a hardware isolated card and a data storage.Described data storage connection hardware isolation card, and it is provided with the IDE mouth between the two.Described hardware isolated card also is connected with an inside/outside port; The ATX interface is set between described processor and the power supply; Be provided with memory bank between processor and the internal memory; Be provided with the PCI slot between processor and the hardware isolated card.Described processor is responsible for response and is handled all request instructions; Com port internally/the outer net mainboard is configured; The inside/outside port connects inside and outside network.Inside/outside net management mouthful internally, outer net manages and dispose; Inside/outside net two-node cluster hot backup mouth is a product two-node cluster hot backup function mouth; Inside/outside net standby port is as inside and outside net standby port; The PCI slot is an outer net hardware isolated card slot; The IDE mouth is used to connect data storage; The ATX interface is used to connect power supply; Memory bank is a core buffer.
The usefulness of technique scheme is:
The utility model is realized the buffering area memory-mapped function of intranet and extranet host module by proprietary hardware isolated switching card, and the data of appointed area are copied to corresponding zone, finishes the exchange of data.The embedded safety chip of hardware isolated switching card can satisfy the needs that high-speed data exchanges fully.
Product solidifies control logic on hardware, with the read-write operation that only has core buffer in the middle of the intranet and extranet exchanges data, without any the forwarding of procotol and packet.Isolate switching subsystem and adopt mutual exclusion mechanism, before the data of read-write one end host module, end operation earlier to the other end, guarantee to isolate switching system can be not simultaneously internally the data of outer net host module handle, to guarantee there is not mode link layer access between trusted networks and untrusted net at any time, realize that the safety of network is isolated.
Description of drawings
Fig. 1 is the utility model fundamental diagram.
Embodiment
The utility model now is described in conjunction with the accompanying drawings and embodiments.
Net Guan County as shown in Figure 1 is complete to be isolated and data exchange system, it is by an inside/outside net two-node cluster hot backup mouth 5 and an inside/outside net standby port 6 connection processing devices 1, and processor 1 also is connected with a com port 2, inside/outside management mouthful 4, one hardware isolated card and a data storage; Described data storage connection hardware isolation card, and it is provided with IDE mouth 8 between the two; Described hardware isolated card also is connected with an inside/outside port 3; Between described processor 1 and the power supply ATX interface 9 is set; Be provided with memory bank 10 between processor 1 and the internal memory; Be provided with PCI slot 7 between processor 1 and the hardware isolated card.
Described inside/outside host plate adopts industrial control mainboard, and good stable and reliability are arranged, and mainboard is made up of arithmetic unit, controller, memory, input equipment, output equipment and embedding worker chip.Processor 1 is the most crucial part of mainboard, mainly is made up of arithmetic unit and controller, is responsible for response and handles all request instructions.Other equipment all carry out work round processor on the mainboard.
Inside/outside port 3, from the hardware systems figure of product as can be seen product respectively by: the inside/outside net hardware isolated card on inside/outside host plate and the mainboard is formed.Inside/outside port 3 is to connect same network, connects in exchanges data being responsible for simultaneously.
Inside/outside net management mouth 4, the main system that is responsible for disposing on the inside/outside net hard disk that is connected with ide interface 8 on the management inside/outside host plate.Comprise the configuration of data isolation and secure exchange and system running environment etc.
Inside/outside net two-node cluster hot backup port 5 is as product two-node cluster hot backup functional interface.So-called hot-backup function refers to for any delay fault of machine or service disruption of system that causes, and all can trigger software flow and carry out wrong judgement, Fault Isolation and earthing in-line recovery and continue to carry out interrupted service.In this process, the user only need stand to a certain degree acceptable time delay, and the service of can in the shortest time, recovering.
Inside/outside net standby port 6 is as the product standby port.
ATX interface 9 provides main board power supply to connect.
In actual product, data isolation and secure exchange are to finish by isolation card, and wherein inside and outside host's plate respectively is installed in the hardware isolated card.Processor 1 sends the hardware isolated card that data exchange request connects to outer IDE mouth 8 outside on the outer net mainboard.This moment, the Intranet mainboard at first received request by the hardware isolated switching card that interior IDE mouth 8 connects, outer net carries out further application layer security inspection in the request of the sending exchanges data data format of the enterprising line data of hardware isolated card that connects of the outer IDE mouth 8 on host's plate outside simultaneously according to the security strategy of local terminal.Through being up to the standards, then carry out reverse transformation, formatted data is converted to the TCP/IP packet that meets the RFC standard.The PCI slot 7 of Intranet motherboard hardware isolation card receives through after the formative data and sends request to inner treater 1, inner treater 1 inwardly receives behind the request instruction IDE mouth 8 and connects the operating system of moving on the hard disks and verify that interior IDE mouth 8 sends the checking result to inner treater 1.Inner treater 1 is for further processing according to the checking result, when checking by the time formatted data that interior PCI slot 7 is received be saved in the internal memory of memory bank 10 connections.The final hard disk that again deposit data in interior memory bank 10 core buffers is connected to interior IDE mouth 8.Data are through formaing in this data exchange process, and directly reading of data has only through isolation card coding back data and could discern, and data are deposited into interior memory bank 10 core buffers temporarily simultaneously.The read-write operation of memory bank 10 core buffers in the intranet and extranet intermodule only exists is without any the forwarding of procotol and packet.The hardware isolated switching subsystem adopts mutual exclusion mechanism, before the data of read-write one end host module, end operation earlier to the other end, guarantee to isolate switching system can be not simultaneously internally the data of outer net host module handle, to guarantee there is not mode link layer access between trusted networks and untrusted net at any time, realize that the safety of network is isolated.
Claims (1)
1, net Guan County is complete isolates and data exchange system, be characterised in that: it is by an inside/outside net two-node cluster hot backup mouth and inside/outside net standby port (a 6) connection processing device (1), and processor also is connected with a com port (2), inside/outside management mouthful (4), a hardware isolated card and a data storage; Described data storage connection hardware isolation card, and it is provided with IDE mouth (8) between the two; Described hardware isolated card also is connected with an inside/outside port (3); ATX interface (9) is set between described processor and the power supply; Be provided with memory bank (10) between processor and the internal memory; Be provided with PCI slot (7) between processor (1) and the hardware isolated card; Described
Processor (1): be responsible for response and handle all request instructions;
Com port (2): internal/outer net mainboard is configured;
Inside/outside port (3):, connect inside and outside network;
Inside/outside net management mouthful (4), internally, outer net manages and dispose;
Inside/outside net two-node cluster hot backup mouth (5): be product two-node cluster hot backup function mouth;
Inside/outside net standby port (6): as inside and outside net standby port;
PCI slot (7): be outer net hardware isolated card slot;
IDE mouth (8): be used to connect data storage;
ATX interface (9): be used to connect power supply;
Memory bank (10): be core buffer, preserve all buffered datas.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009201376562U CN201403104Y (en) | 2009-04-16 | 2009-04-16 | Network fixation safety isolation and data exchange system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009201376562U CN201403104Y (en) | 2009-04-16 | 2009-04-16 | Network fixation safety isolation and data exchange system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN201403104Y true CN201403104Y (en) | 2010-02-10 |
Family
ID=41662903
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2009201376562U Expired - Fee Related CN201403104Y (en) | 2009-04-16 | 2009-04-16 | Network fixation safety isolation and data exchange system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN201403104Y (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101986638A (en) * | 2010-09-16 | 2011-03-16 | 珠海市鸿瑞软件技术有限公司 | Gigabit one-way network isolation device |
CN104679558A (en) * | 2015-02-09 | 2015-06-03 | 西安酷派软件科技有限公司 | Switching method used among multiple systems and terminal |
-
2009
- 2009-04-16 CN CN2009201376562U patent/CN201403104Y/en not_active Expired - Fee Related
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101986638A (en) * | 2010-09-16 | 2011-03-16 | 珠海市鸿瑞软件技术有限公司 | Gigabit one-way network isolation device |
CN104679558A (en) * | 2015-02-09 | 2015-06-03 | 西安酷派软件科技有限公司 | Switching method used among multiple systems and terminal |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102844762B (en) | Secure environment management during switches between different modes of multicore systems | |
CN107113084A (en) | The processing of head parity error | |
CN106127043A (en) | Method and apparatus data storage device being carried out security sweep from remote server | |
CN106022080A (en) | Cipher card based on PCIe (peripheral component interface express) interface and data encryption method of cipher card | |
CN106557145A (en) | Circuit breaking protective system and its method | |
CN105099711A (en) | ZYNQ-based small-sized cipher machine and data encryption method | |
CN106970823A (en) | Efficient secure virtual machine guard method and system based on nested virtualization | |
CN106022169A (en) | Encryption protection method based on ZYNQ small-size cipher machine and device for realizing method | |
CN103237059B (en) | Traffic information data and command interaction method | |
CN204089849U (en) | A kind of network isolating device based on industrial control protocols | |
CN107544655A (en) | Computer system protection method after UPS power-off | |
CN201403104Y (en) | Network fixation safety isolation and data exchange system | |
CN106326757A (en) | Data encryption device of storage system | |
CN102024115A (en) | Computer with user security subsystem | |
CN202979014U (en) | Network isolation device | |
CN101699456A (en) | Computer security system and method thereof | |
US7873804B2 (en) | Apparatus for facilitating disaster recovery | |
CN201936307U (en) | Special physical isolation device for electric power system | |
CN107613026A (en) | Distributed file management system based on cloud storage system | |
CN1659496B (en) | Method and apparatus for communicating securely with a token | |
CN112419060B (en) | Asset hosting system, asset management method, node and medium | |
CN201403103Y (en) | Network fixation safety management system | |
CN201845340U (en) | Safety computer provided with user safety subsystem | |
Ke et al. | Towards evolving security requirements of industrial internet: a layered security architecture solution based on data transfer techniques | |
CN2582282Y (en) | Physical isolation equipment for network safety |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100210 Termination date: 20120416 |