CN202535389U - Internet dial-up security gateway apparatus - Google Patents
Internet dial-up security gateway apparatus Download PDFInfo
- Publication number
- CN202535389U CN202535389U CN201220175050XU CN201220175050U CN202535389U CN 202535389 U CN202535389 U CN 202535389U CN 201220175050X U CN201220175050X U CN 201220175050XU CN 201220175050 U CN201220175050 U CN 201220175050U CN 202535389 U CN202535389 U CN 202535389U
- Authority
- CN
- China
- Prior art keywords
- security gateway
- network interface
- interface card
- internet
- intranet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The utility model discloses and provides an Internet dial-up security gateway apparatus which is convenient for communication, safe in use and is not easily subjected to attacks. The Internet dial-up security gateway apparatus comprises at least one computer mainboard (1), an intranet network card interface (2), an extranet network card interface (3), a USB external interface (4), and a power supply (5), wherein the computer mainboard (1) is provided with a CPU (11), a memory bank (12), a memory card (13), an intranet network card (14), an extranet network card (15), a USB interface (16) and a serial port (17); the intranet network card (14) is connected with an intranet through the intranet network card interface (2); the extranet network card (15) is connected with an extranet through the extranet network card interface (3); and the USB interface (16) is connected with the USB external interface (4). The internet dial-up security gateway apparatus can be widely applied to the network communication field in an electric power system.
Description
Technical field
The utility model relates to a kind of Internet dialing security gateway device.
Background technology
At present, IPSec-VPN occupies an leading position in the middle of VPN technologies, and most of IPSec-VPN product all connects through Internet.But the last security threat of Internet is much bigger, and data, transmission of Information also come to light more easily and then attacked.Also having a kind of mode that adopts dialing to connect at present, connect though in contrast to the Internet network, is safer, has problems such as transmission rate is slow, efficient is lower, stability is lower.
The utility model content
The utility model technical problem to be solved is the deficiency that overcomes prior art, provide a kind of and communicate by letter conveniently, safe in utilization, do not subject to the Internet dialing security gateway device attacked.
The new technical scheme that adopts of this practicality is: the utility model comprises at least one computer motherboard, Intranet network interface card interface, outer net network interface card interface, USB external tapping, power supply; Device has CPU, memory bar, storage card, Intranet network interface card, outer net network interface card, USB interface and serial ports on the said computer motherboard; Said Intranet network interface card is connected with in-house network through said Intranet network interface card interface; Said outer net network interface card is connected with extranets through said outer net network interface card interface, and said USB interface is connected with said USB external tapping.
The utility model also comprises external serial ports, and said external serial ports is connected with said computer motherboard through said serial ports.
The beneficial effect of the utility model is: because the utility model comprises at least one computer motherboard, Intranet network interface card interface, outer net network interface card interface, USB external tapping, power supply; Device has CPU, memory bar, storage card, Intranet network interface card, outer net network interface card, USB interface and serial ports on the said computer motherboard; Said Intranet network interface card is connected with in-house network through said Intranet network interface card interface; Said outer net network interface card is connected with extranets through said outer net network interface card interface, and said USB interface is connected with said USB external tapping, so; The utility model adopts direct Internet network dial to connect; By distributing IP address, manual static ground, its IP address can not be exposed on the Internet, simultaneously through being provided with management and configuration module device, authentication module device and VPN modular device; Reduced the possibility of being attacked when data are transmitted through Internet, limitation and the IP address that has solved IP address dynamic assignment such as exposes at problem on Internet; Since be provided with external serial ports, can be through serial ports to some network equipments, and having solved network commentaries on classics serial ports is the remote configuration and maintenance problem that the network equipment passes through serial ports; The utility model communication is convenient, and is safe in utilization, do not subject to attack; Owing to be provided with the FWSM device, so use safer; Owing to be provided with daily record and audit modular device, so inquiry and communicate by letter conveniently.
Description of drawings
Fig. 1 is the structural representation of the utility model;
Fig. 2 is the operation principle structural representation of each module in the utility model;
Fig. 3 be the utility model in specific embodiment with the syndeton sketch map of ancillary equipment.
Embodiment
Like Fig. 1, shown in Figure 2, the utility model comprises at least one computer motherboard 1, Intranet network interface card interface 2, outer net network interface card interface 3, USB external tapping 4, power supply 5.Device has CPU11, memory bar 12, storage card 13, Intranet network interface card 14, outer net network interface card 15, usb 16 and serial ports 17 on the said computer motherboard 1; Said Intranet network interface card 14 is connected with in-house network through said Intranet network interface card interface 2; Said outer net network interface card 15 is connected with extranets through said outer net network interface card interface 3, and said usb 16 is connected with said USB external tapping 4.The utility model also comprises external serial ports 6, and said external serial ports 6 is connected with said computer motherboard 1 through said serial ports 17.
The utility model also comprises management and configuration module device 71, network access module device 72, authentication module device 73, VPN modular device 74, FWSM device 75, daily record and audit modular device 76.Said management and configuration module device 71 are used to dispose said Internet dialing security gateway device and each dialing user's static IP, and each dialing user's user name, password and static IP are bound; Said network access module device 72 is used for Terminal Server Client and sets up communication link through outer net network interface card and said Internet dialing security gateway device that the Internet network dial connects the Internet dialing security gateway device; Said authentication module device 73 is used for the mutual authentication of Terminal Server Client and said Internet dialing security gateway device; Said VPN modular device 74 is used to provide the encryption of communication data between said dialing security gateway device and the Terminal Server Client, and is used for the multiple host of the in-house network that remote client access is connected with said dialing security gateway device; Said FWSM device 75 is used to control Terminal Server Client can visit the main frame that said in-house network is connected; Said daily record is used for the communication of Terminal Server Client is write down, inquired about with audit modular device 76, for trace in the future foundation is provided.
Said network access module device 72 provides the function of direct-connected dialing; Terminal Server Client connects the outer net network interface card of Internet dialing security gateway device through the Internet network; Security gateway device responds; CPU sends instruction or data to the outer net network interface card, just can set up communication link through Internet; Said authentication module device 73 is used for the authentication function; Internet dialing security gateway and Terminal Server Client must show the digital certificates of oneself to the other side; Verify separately the other side by own trusted could begin to send data; And the data of sending are encrypted, and digital certificates are stored in the smart card, and CPU obtains this certificate through usb line; Said VPN modular device 74 provides cryptographic services; Ability with remote client access in-house network multiple host; The communication data of receiving from the Intranet network interface card; To be encrypted the back by this modular device and send to Terminal Server Client,, will be sent to the main frame of in-house network through Intranet network interface card interface from the Intranet network interface card by the deciphering back from the data that the outer net network interface card is received through the outer net network interface card; Said FWSM device 75 is used to control Terminal Server Client can visit those in-house network main frames; Said daily record is used for the communication of Terminal Server Client is write down, inquired about with audit modular device 76, for trace in the future foundation is provided.
Because Terminal Server Client connects the network access module device of the Intranet network interface card of said Internet dialing security gateway device through Internet, the network access module device is by distributing IP address, manual static ground, and the IP address can not be exposed on the Internet; Manage related parameter is arranged owing to be used to dispose management and the configuration module device of Internet dialing security gateway parameter, before setting up dial-up connection, first this Internet dialing security gateway device is configured; Distribute server and each dial user's static IP this moment, each dial user's user name, password and static IP bound, when setting up dial-up connection; Username and password through the dial user be identified at the static ip address that acquisition has been distributed on the server, the authentication module device that is used for authentication and the VPN modular device that is used to provide cryptographic services and remote client access in-house network multiple host and are to use operating system to verify that local user's method verifies the dial user at the username and password of setting up dialing usefulness not with the clear-text way record not hereof; Both password was stored through behind the coding encrypting, and this dial user can not can only obtain network through dialing and connect from local login system; This user institute IP address allocated is kept in the different configuration files; To distribute different IP addresses, creating the dial user is to accomplish through script, and this script reads and uses standard commands to create a local user; Accomplish the encryption stores scripts of user cipher and under this user's catalogue, create configuration file; Write and will distribute to this user's IP address, this user is in the process of dialing, through the username and password of input like this; The IP address that just can obtain to have distributed; So communication is convenient, and is safe in utilization, owing to also provide network to change the serial ports technology; Can carry out long-range configuration and maintenance to some network equipments through serial ports, so communication is convenient.Generally speaking, the utility model can more effective its fail safe of raising when using the IPSec-VPN technology to carry out transfer of data and communicate by letter, and has reduced the possibility of being attacked when data are transmitted through Internet; Problems such as limitation and the IP address that has solved IP address dynamic assignment exposes on Internet, and having solved network, to change serial ports be the remote configuration and maintenance problem that the network equipment passes through serial ports.
As shown in Figure 3; The use embodiment of the utility model: the described Internet dialing security gateway of in-house network 30, the utility model 31, ordinary PC 32, wait to be configured the network equipment 33, the Terminal Server Client 34 debugging or safeguard through the logical 32 pairs of Internet dialing security gateways 31 of PC of a Daepori.In the process of configuration; Except network interface, route, firewall rule etc. are provided with; The user name of also pre-set each Terminal Server Client 34, password and IP also bind together it; When Terminal Server Client 34 dials, input own legal users name and password, promptly can be connected on the Internet dialing security gateway 31 and obtain IP.After through two-way authentication; The vpn tunneling of between Terminal Server Client 34 and Internet dialing security gateway 31, setting up a safety is connected; All packets all will pass through the detection of FWSM, and legal packet will pass through between transmission after the processing of VPN module.After the VPN secure tunnel was set up well, Terminal Server Client 34 had promptly invented a computer in the in-house network 30, can realize the resource-sharing in the local area network (LAN).Can also between Internet dialing security gateway 31 and the network equipment 33 of waiting to debug or safeguarding, be connected a Serial Port Line, change the serial ports technology through network, Terminal Server Client 34 can be treated debugging or the network equipment 33 safeguarded carries out remote maintenance.
The utility model can be widely used in the power system network communications field.
Claims (2)
1. Internet dialing security gateway device; It is characterized in that: said a kind of Internet dialing security gateway device comprises at least one computer motherboard (1), Intranet network interface card interface (2), outer net network interface card interface (3), USB external tapping (4), power supply (5); Said computer motherboard (1) is gone up device has CPU (11), memory bar (12), storage card (13), Intranet network interface card (14), outer net network interface card (15), USB interface (16) and serial ports (17); Said Intranet network interface card (14) is connected with in-house network through said Intranet network interface card interface (2); Said outer net network interface card (15) is connected with extranets through said outer net network interface card interface (3), and said USB interface (16) is connected with said USB external tapping (4).
2. a kind of Internet dialing security gateway device according to claim 1; It is characterized in that: said a kind of Internet dialing security gateway device also comprises external serial ports (6), and said external serial ports (6) is connected with said computer motherboard (1) through said serial ports (17).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201220175050XU CN202535389U (en) | 2012-04-24 | 2012-04-24 | Internet dial-up security gateway apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201220175050XU CN202535389U (en) | 2012-04-24 | 2012-04-24 | Internet dial-up security gateway apparatus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN202535389U true CN202535389U (en) | 2012-11-14 |
Family
ID=47136541
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201220175050XU Expired - Fee Related CN202535389U (en) | 2012-04-24 | 2012-04-24 | Internet dial-up security gateway apparatus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN202535389U (en) |
-
2012
- 2012-04-24 CN CN201220175050XU patent/CN202535389U/en not_active Expired - Fee Related
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101494624B (en) | Electric force special public network communication secure gateway | |
| CN100559820C (en) | A kind of dialing security gateway device | |
| EP3132559B1 (en) | Automatic log-in and log-out of a session with session sharing | |
| JP2008299617A (en) | Information processing device, and information processing system | |
| CN102811225B (en) | A kind of SSL middle-agent accesses method and the switch of WEB resource | |
| CN103986717A (en) | Network data secure transmission and storage system and method | |
| CN103457736B (en) | A kind of official document receive-transmit system based on WEB and official document receiving/transmission method | |
| CN103916363A (en) | Communication security management method and system for encryption machine | |
| CN103051636B (en) | The transmission method and equipment of a kind of data message | |
| CN202652534U (en) | Mobile terminal safety access platform | |
| CN103716280B (en) | data transmission method, server and system | |
| CN211352206U (en) | IPSec VPN cryptographic machine based on quantum key distribution | |
| CN104519055A (en) | VPN (virtual private network) service implementation method, VPN service implementation device and VPN server | |
| CN201315596Y (en) | Dial safety gateway device | |
| CN103209107A (en) | Method for realizing user access control | |
| CN108809938B (en) | Remote control implementation method and system for password equipment | |
| CN202535389U (en) | Internet dial-up security gateway apparatus | |
| CN103269301A (en) | Desktop type IPSecVPN cryptographic machine and networking method | |
| CN103036901A (en) | ETS remote programming method | |
| CN102868748B (en) | A kind of file security shared system and file security shared server, client | |
| CN202004770U (en) | Safety dial system supporting client environment credibility analysis and decision technology | |
| CN102694792A (en) | Longitudinal encryption device for distribution network | |
| CN102291405A (en) | Network card supporting filtration and encryption of network data | |
| CN201993768U (en) | Encryption card with network interfaces | |
| CN103401753A (en) | Method and structure for realizing transmission of power purchase settlement data in SSLVPN (Secure Sockets Layer Virtual Private Network) mode |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121114 Termination date: 20210424 |