Summary of the invention
The purpose of the utility model is to provide a kind of computer security management system, can better solve the problem that confidential data is leaked.
According to an aspect of the utility model, said computer security management system comprises management end, the network equipment, via a plurality of user sides that the network equipment is connected with said management end, also comprises:
Each user side is furnished with a multi-functional gatherer with data double-way transmission channel and data sheet to transmission channel.
Further, the data double-way transmission channel of said multi-functional gatherer comprises:
The concerning security matters USB interface that connects the special-purpose flash disk of concerning security matters;
The concerning security matters flash disk authentication circuit that connects said concerning security matters USB interface.
Further, the data sheet of said multi-functional gatherer comprises to transmission channel:
The generic USB interface that connects common flash disk;
The transmitting terminal that connects said generic USB interface;
The receiving end that connects said transmitting terminal via optical fiber.
Further, said multi-functional gatherer also comprises:
The USB HUB chip that connects said concerning security matters flash disk authentication circuit and said receiving end;
The special-purpose multifunctional gatherer interface that connects said USB HUB chip.
Further, said user side comprises the user side illegal external connection module that is used to monitor and report the illegal external connection operation.
Further, said user side also comprises and is used for the concerning security matters flash disk that management and control inserts and the user side medium management module of common flash disk.
Further, said user side also comprises the multi-functional importing module of user side that is used to import confidential data.
Further, said management end is furnished with a multi-functional gatherer.
Further, said management end comprises management end illegal external connection module, management end medium management module, the multi-functional importing module of management end.
Compared with prior art, the beneficial effect of the utility model is:
The utility model is through carrying out the illegal external connection detection and movable storage device being carried out the mutual management and control of confidential data to user side; Improved of the security protection of concerning security matters industry, effectively prevented because of relating computer connects the internet in violation of rules and regulations, the movable storage device intersection is used the classified information leakage of a state or party secret that causes to sensitive data.
Embodiment
Be elaborated below in conjunction with the preferred embodiment of accompanying drawing, should be appreciated that following illustrated preferred embodiment only is used for explanation and explains the utility model, is not limited to the utility model the utility model.
Fig. 1 has shown a kind of computer security management systematic schematic diagram that the utility model provides; As shown in Figure 1; Said computer security management system comprises management end 1, the network equipment 2, via a plurality of user sides 3 that the network equipment is connected with said management end, also comprise:
Each user side is furnished with one and has data double-way transmission channel and data sheet to the multi-functional gatherer 4 of transmission channel, is used between flash disk and user side 3, transmitting confidential data.
Said flash disk comprises special-purpose flash disk of concerning security matters and common flash disk.Wherein, Profile, interface, internal data format, unique ID and authentication mode that the special-purpose flash disk of said concerning security matters has regulation; Its usable range of may command; For example only limit to me and use, be used for and multi-functional gatherer to be used the two-way confidential data of accomplishing between special-purpose flash disk of concerning security matters and the user side 3 mutual.The special-purpose flash disk of concerning security matters at first inserts multi-functional gatherer 4 in use, verifies user password then.Because the data read-write operation process of the special-purpose flash disk of concerning security matters comprises the encapsulation or the analyzing step of data, and the data field adopted the private file form, therefore; In illegal environment; Can not be by the operating system Direct Recognition, the special-purpose flash disk of concerning security matters can't the normal load drive, promptly can't normally use.In addition, the private file form of said data field also can't be converted into Standard File Format.
Further, the data double-way transmission channel of said multi-functional gatherer 4 comprises:
The concerning security matters USB interface 41 that connects the special-purpose flash disk of concerning security matters is used to insert the special-purpose flash disk of concerning security matters;
The concerning security matters flash disk authentication circuit 42 that connects said concerning security matters USB interface is used for the special-purpose flash disk of the concerning security matters that insert is carried out authentication.
Further, the data sheet of said multi-functional gatherer 4 comprises to transmission channel:
Connect the generic USB interface 43 of common flash disk, be used to insert common flash disk;
The transmitting terminal 44 that connects said generic USB interface;
The receiving end 45 that connects said transmitting terminal via optical fiber.
Said data sheet is utilized in the optical fiber between transmitting terminal 44 and the receiving end 45 to transmission channel, realizes the one-way transmission of data.
Further, said multi-functional gatherer 4 also comprises:
Connect the USB HUB chip 46 of said concerning security matters flash disk authentication circuit 42 and said receiving end 45, be used to receive confidential data from bidirectional data path and one-way data passage;
Connect the special-purpose multifunctional gatherer interface 47 of said USB HUB chip 46, be used for said confidential data is sent to user side 3.
Further, said user side 3 comprises the user side illegal external connection module 31 that is used to monitor and report the illegal external connection operation.
Further, said user side 3 also comprises and is used for the concerning security matters flash disk that management and control inserts and the user side medium management module 32 of common flash disk.
Further, said user side 3 also comprises the multi-functional importing module 33 of user side that is used to import confidential data.
Said management end 1 also is furnished with a multi-functional gatherer 4.
Said management end 1 comprises the management end illegal external connection module 11 that is used for management audit user side 3 and management end medium management module 12 and the multi-functional importing module 13 of management end that is used to import confidential data.
Fig. 2 has shown a kind of computer security management system schematic of the utility model embodiment; As shown in Figure 2, a plurality of user sides 3, multi-functional gatherer 4 that said computer security management system comprises management end 1, the network equipment 2, is connected with said management end 1 through the network equipment 2.
The management end software of said management end 1 is installed on Windows 2000/2003 operating system; Have management end software, can be placed in the machine room, control by control desk; With contact directly through the network equipment 2 and user side 3, and with all information stores in database.The keeper realizes the management to system through its keeper's identity key login system, comprises to the issuing of the control strategy of user side 3, like the CD of control user side 3, the use or the forbidding of floppy disk.The auditor can pass through its auditor's identity key login system, realizes the audit to system, for example to the usage log audit of user side 3, the audit etc. of reporting to the police.
The user side software of said user side 3 is installed in each user side, is used for user side is monitored.Said user side comprises the concerning security matters network terminal and concerning security matters unit, and wherein, said concerning security matters unit is the portable computer that user side software is installed.
Said multi-functional gatherer is at the management end 1 of installation administration end software and/or be equipped with on each user side 3 of user side software and use.Its concerning security matters USB interface connects the special-purpose flash disk of concerning security matters, realizes the data access of the special-purpose flash disk of concerning security matters; Its generic USB interface connects common flash disk, with unidirectional management end and/or the user side that imports to concerning security matters of the non-confidential data in the common flash disk of non-concerning security matters.Wherein, Profile, interface, internal data format, unique ID and authentication mode that the special-purpose flash disk of said concerning security matters has regulation; Its usable range of may command; For example only limit to me and use, be used for and multi-functional gatherer to be used the two-way confidential data of accomplishing between special-purpose flash disk of concerning security matters and user side 3/ management end 1 mutual.The special-purpose flash disk of concerning security matters at first inserts multi-functional gatherer 4 in use, verifies user password then.Because the data read-write operation process of the special-purpose flash disk of concerning security matters comprises the encapsulation or the analyzing step of data, and the data field adopted the private file form, therefore; In illegal environment; Can not be by the operating system Direct Recognition, the special-purpose flash disk of concerning security matters can't the normal load drive, promptly can't normally use.In addition, the private file form of said data field also can't be converted into Standard File Format.
Fig. 3 has shown the multi-functional gatherer structural representation of the utility model, and is as shown in Figure 3, and said multi-functional gatherer 4 has data double-way transmission channel and data sheet to transmission channel, wherein:
The data double-way transmission channel of said multi-functional gatherer 4 comprises:
The concerning security matters USB interface 41 that connects the special-purpose flash disk of concerning security matters;
The concerning security matters flash disk authentication circuit 42 that connects said concerning security matters USB interface.
The data sheet of said multi-functional gatherer 4 comprises to transmission channel:
The generic USB interface 43 that connects common flash disk;
The transmitting terminal 44 that connects said generic USB interface;
The receiving end 45 that connects said transmitting terminal via optical fiber.
Said multi-functional gatherer also comprises:
The USB HUB chip 46 that connects said concerning security matters flash disk authentication circuit 42 and said receiving end 45;
The special-purpose multifunctional gatherer interface 47 that connects said USB HUB chip 46.
This device imports in the concerning security matters environment the external information in the common flash disk is unidirectional to transmission channel through data sheet; Through the confidential data of the special-purpose flash disk of the mutual concerning security matters of data double-way transmission channel and user side/management end, effectively avoid the information in the concerning security matters environment to lose and leakage through common flash disk.Compare with common flash disk, the special-purpose flash disk of concerning security matters has characteristics such as internal data format, unique ID and authentication mode, uses on the user side 3 that the special-purpose flash disk of concerning security matters can only the management end 1 in Intranet be set.
Through this device; The user can freely select the file in common flash disk and/or the concerning security matters flash disk; Want to pass which file and promptly can pass which file; Remove the user from and be and avoid importing unwanted information and have to file in common flash disk and/or the concerning security matters flash disk is carried out regular deletion repeatedly or empties operation, uses easylier, its importing efficient and dirigibility improve greatly; The import operation of All Files all can be accomplished through the button on the panel, need not keyboard and mouse, and is easy-to-use; When being imported into file selection mistake or error of transmission, all can stop file transfer at any time, use more flexible.
The data rate of this device is adjustable, and BMB24-2010 requires transmission speed to be not less than 500KB/S.This device is regulated and control the data boot speed according to the actual requirements, and speed is divided into 5 grades; Default rate is 1 grade, can reach 900KB/S, and the highest 5 grades can reach 4MKB/S; The rate adjusted joint has more compatible when the new and old computing machine that disposes in the face of various height.
This device is realized the parsing to common flash disk and/or concerning security matters flash disk file directory from hardware bottom layer; Comprise filename, file size, file attribute are resolved; And the unidirectional concerning security matters host side (user side or management end) that uploads to; The user is through document directory structure viewing files directly perceived just like this, and technology is bottom more; Key function really realizes at inner nuclear layer, as to peripheral hardware control, illegal external connection monitoring etc., the inner nuclear layer security higher, compatible better, control is more accurate, program run efficient is higher, the monitoring feedback is safer quick.
Fig. 4 has shown the user side inner structure synoptic diagram of the utility model, and is as shown in Figure 4, comprising:
Said user side 3 comprises the user side illegal external connection module 31 that is used to monitor and report the illegal external connection operation; Whether said user side illegal external connection module 31 real-time supervisory user ends connect the internet in violation of rules and regulations; If unlawful practice occurring reports warning message immediately, and the blocking-up network connects.
Said user side 3 also comprises and is used for the concerning security matters flash disk that management and control inserts and the user side medium management module 32 of common flash disk; Said user side medium management module 32 realizes functions such as the registration, inquiry of the special-purpose flash disks of concerning security matters, and prevents the illegal or the forgery of the special-purpose flash disk log-on message of concerning security matters.
Said user side 3 also comprises the multi-functional importing module 33 of user side that is used to import confidential data.
Fig. 5 has shown the management end inner structure synoptic diagram of the utility model, and is as shown in Figure 5, and said management end 1 comprises management end illegal external connection module 11, management end medium management module 12, the multi-functional importing module 13 of management end.
Said management end illegal external connection module 11 is used for the Real-time Monitor Management end and whether connects the internet in violation of rules and regulations, if unlawful practice occurring sends warning message immediately, and the blocking-up network connects; Also be used for the illegal external connection operation of user side is audited.
Said management end medium management module 12 is used to realize functions such as the registration, inquiry of the special-purpose flash disk of concerning security matters; And preventing the illegal or the forgery of the special-purpose flash disk log-on message of concerning security matters, use or the forbidding that also is used for the special-purpose flash disk of common flash disk, concerning security matters, CD-ROM drive or floppy drive to user side managed and audited.
The multi-functional importing module 13 of said management end is used for the multi-functional gatherer 4 that matching management end 1 is furnished with, and carries out the mutual of confidential data, and the unidirectional importing of general data.
That is to say that management end is also managed user side and audited except the management of the monitoring of self being carried out illegal external connection and mobile memory medium, comprising reports to the police is provided with, daily record audit, strategy are provided etc.
In sum, the utlity model has following technique effect:
1, the illegal external connection module of the present invention through user side realizes that illegal external connection surveys, and that avoids that the interception of common fire wall causes fails to report, and prevents the wrong report that the destruction of rogue program is caused, and can reach the barrier effect that outreaches of Millisecond;
2, the present invention has realized the unidirectional importing of non-confidential data in the common flash disk through multi-functional gatherer, makes user side and/or the management end can leak data;
3, the present invention cooperates multi-functional gatherer through using the special-purpose flash disk of concerning security matters, realizes the mutual of user side and/or management end data and concerning security matters flash disk data;
4, management end of the present invention is through setting authority to user side, and the use or the forbidding of control ustomer premises access equipment avoid user side to walk around the device control strategy through the killing process.
Above-mentioned specific embodiment is used for the described technology of more detailed description the utility model; Be not used in restriction the utility model; Therefore, all any modification, improvement and replacements of on the basis of the utility model, being made are included within the protection domain of the utility model.