CN206640607U - Anti-data-leakage system - Google Patents

Anti-data-leakage system Download PDF

Info

Publication number
CN206640607U
CN206640607U CN201720387909.6U CN201720387909U CN206640607U CN 206640607 U CN206640607 U CN 206640607U CN 201720387909 U CN201720387909 U CN 201720387909U CN 206640607 U CN206640607 U CN 206640607U
Authority
CN
China
Prior art keywords
shift register
data
network
controller
switch
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201720387909.6U
Other languages
Chinese (zh)
Inventor
王志
祝青柳
何华荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen United Soft Polytron Technologies Inc
Original Assignee
Shenzhen United Soft Polytron Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen United Soft Polytron Technologies Inc filed Critical Shenzhen United Soft Polytron Technologies Inc
Priority to CN201720387909.6U priority Critical patent/CN206640607U/en
Application granted granted Critical
Publication of CN206640607U publication Critical patent/CN206640607U/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

It the utility model is related to field of information security technology, and in particular to a kind of anti-data-leakage system, including:Device end, network-switching equipment, data isolation device, security server, the network-switching equipment includes cable interface, electronic switch, the network switch, controller, the communication device for grafting netting twine, and the data isolation device includes the first shift register, the second shift register, the 3rd shift register, the 4th shift register, optocoupler.Anti-data-leakage system provided by the utility model, by twice physical isolation, improve the anti-attack ability and reliability of anti-data-leakage system.

Description

Anti-data-leakage system
Technical field
It the utility model is related to field of information security technology, and in particular to a kind of anti-data-leakage system.
Background technology
With the development that group is information-based, group internal unit is designed with information system, and these information systems operate in life On the internal network of production and office, all significant datas of group are stored in intranet systems.It is fast with internet Exhibition is hailed, group internal business just constantly stretches out, and data interaction is increasingly frequent.But some in intranet systems are important Data can not be transmitted arbitrarily, it is necessary to special protection on the internet.To ensure the Information Security of its built-in system, it is necessary to control These good data messages, strict control measure are taken it, a kind of method is will with reference to national relating computer administrative provisions In-house network is physically separated with extranets, and then ensures the safety of data.
After internal and external network does isolation processing, the transmission of some information will be affected.Data will on extranets It must be imported by hand into Intranet, the data on in-house network will transmit needs between unit and manually send with charge free.With service application Development, some data need transmission in real time, and pure manual operations can not be applicable new application demand, it is therefore desirable to each place Unit external network connection is got up, and passes through network delivery.The requirement to be maintained secrecy according to military project, it is necessary to internally adopted between extranets Corresponding technological means and control measures are taken, the confidential document for taking precautions against in-house network is leaked into external network.But how can Internal-external network is isolated according to the provisions of the relevant regulations issued by the State, and can realizes the data of information system secure exchange of internal-external network, is to be badly in need of Solve the problems, such as.
Utility model content
For in the prior art the defects of, anti-data-leakage system provided by the utility model, by twice physical isolation, Improve the anti-attack ability and reliability of anti-data-leakage system.
A kind of anti-data-leakage system provided by the utility model, including:Device end, network-switching equipment, data every From device, security server, the device end is connected by netting twine with the network-switching equipment, the network-switching equipment bag Include the cable interface for grafting netting twine, electronic switch, the network switch, controller, communication device, the number of the cable interface It is connected respectively by the electronic switch with the network switch according to receiving terminal and data sending terminal, the control of the electronic switch Port processed is connected with the controller, and the controller is connected by communication device with total control terminal, the network switch Output end is connected with the data isolation device, and the data isolation device includes the first shift register, the second shift register, the Three shift registers, the 4th shift register, optocoupler, first shift register and the 3rd shift register are serial type Input, the shift register of parallel output, second shift register and the 4th shift register are parallel input string The shift register of row output, the input of first shift register are connected with the network switch, and described first moves The output end of bit register is connected one to one by the input of optocoupler and second shift register respectively, and described second The output end of shift register is connected with the security server, and the input of the 3rd shift register takes with the secrecy Business device connection, the output end of the 3rd shift register pass through the input one of optocoupler and the 4th shift register respectively One corresponding connection, the output end of the 4th shift register are connected with the network switch.
Anti-data-leakage system provided by the utility model, by setting electronic switch in network switch front end, realize To the priority assignation of device end, priority assignation is convenient, and by way of hardware switch rather than software identity checking come Equipment authority is set, improves the anti-attack ability and reliability of anti-data-leakage system;It is provided with eventually by data isolation device Second physical isolation between end equipment and security server, system will upload the passage and downloading data channel separation of data Open, realize the unidirectional feedback-less transmission of data in system, prevent invader from illegally obtaining concerning security matters data by network.
Preferably, the network-switching equipment also includes microswitch, detects circuit, alarm, on the cable interface Window is provided with, the action reed of the microswitch is extended in the cable interface by the window, the microswitch Switch pin be connected with the detection circuit, the detection circuit is connected with the controller, the controller and the report Alert device connection.
Preferably, the controller is any of CPU, FPGA, DSP, ARM or ASIC.
Preferably, first shift register and the 3rd shift register select 74LS164 chips.
Preferably, second shift register and the 4th shift register select 74LS595 chips.
Preferably, the alarm includes alarm lamp and buzzer.
Preferably, the cable interface is RJ-45 interfaces.
Brief description of the drawings
The structured flowchart for the anti-data-leakage system that Fig. 1 is provided by the utility model embodiment;
The structural frames of network-switching equipment in the anti-data-leakage system that Fig. 2 is provided by the utility model embodiment Figure;
The structured flowchart of data isolation device in the anti-data-leakage system that Fig. 3 is provided by the utility model embodiment;
The connected mode schematic diagram of optocoupler in the anti-data-leakage system that Fig. 4 is provided by the utility model embodiment;
The structured flowchart of network-switching equipment in the anti-data-leakage system that Fig. 5 is provided by the utility model embodiment.
Embodiment
The embodiment of technical solutions of the utility model is described in detail below in conjunction with accompanying drawing.Following examples are only For clearly illustrating the technical solution of the utility model, therefore example is intended only as, and this reality can not be limited with this With new protection domain.
It should be noted that unless otherwise indicated, technical term or scientific terminology used in this application should be this reality The ordinary meaning understood with new one of ordinary skill in the art.
As shown in figure 1, a kind of anti-data-leakage system that the present embodiment provides, including:Device end 1, network exchange dress Put 2, data isolation device 3, security server 4.Device end 1, network-switching equipment 2, data isolation device 3, security server 4 it Between be linked in sequence by netting twine.System includes multiple equipment terminal 1.
As shown in Fig. 2 network-switching equipment 2 includes handing over for the cable interface 21, electronic switch 22, network of grafting netting twine Change planes 23, controller 24, communication device 25.The data receiver and data sending terminal of cable interface 21 pass through electronic switch respectively 22 are connected with the network switch 23, i.e. a cable interface 21 is corresponding with two electronic switches 22, respectively control data receiving terminal, The break-make of data sending terminal and the network switch 23.Electronic switch 22 can be the circuit built by triode, FET, The control port of electronic switch 22 is connected with controller 24, applies high electricity by the control port of the electron of controller 24 switch 22 Flat or level, the break-make of control cable interface 21 and the network switch 23.Controller 24 passes through communication device 25 and total control terminal Connection, communication device 25 can be wire communication device 25 or wireless communication apparatus 25, can be set by total control terminal each The opening and closing of electronic switch 22, only administrative staff can touch total control terminal.The output end of the network switch 23 and data every Connected from device 3, be to provide more connectivity ports in sub-network by network exchange function, to connect more device ends 1.By above-mentioned network-switching equipment 2, administrative staff can be realized to terminal according to the authority of terminal device by total control terminal Equipment connects the setting of security server 4, it is assumed that terminal device A allows uplink data to security server 4, without allowing from guarantor Close server 4 is downloaded data, and electronic switch 22 corresponding to the data receiver of terminal device A network interface is K, and data are sent Electronic switch 22 corresponding to end is J, then opens electronic switch K by total control terminal and controller 24, closes electronic switch J, this Sample terminal device A data sending terminal realizes path with security server 4, and data receiver disconnects with security server 4.
As shown in figure 3, data isolation device 3 includes the first shift register 31, the displacement of the second shift register the 32, the 3rd is posted Storage 33, the 4th shift register 34, optocoupler 35.The input of first shift register 31 is connected with the network switch 23, the The output end of one shift register 31 is connected one to one by the input of optocoupler 35 and the second shift register 32 respectively, the The output end of two shift registers 32 is connected with security server 4, input and the security server 4 of the 3rd shift register 33 Connection, the output end of the 3rd shift register 33 are corresponded by the input of the shift register 34 of optocoupler 35 and the 4th respectively Connection, the output end of the 4th shift register 34 are connected with the network switch 23.
Wherein, the first shift register 31 and the 3rd shift register 33 are serial type input, the shift LD of parallel output Device, the data of serial transmission can be converted into the data of parallel transmission;Second shift register 32 and the 4th shift register 34 be the shift register of parallel in serial output, and the data of parallel transmission can be converted into the data of serial transmission, the One shift register 31, the second shift register 32, the 3rd shift register 33, the 4th shift register 34 parallel digit can Set with the actual demand according to system, such as realized using 8,16 bit shift registers, multi-disc can also shifted and posted Storage is serially known in the art general knowledge using the shift register for realizing more seniority top digit, concrete methods of realizing, no longer superfluous herein State.
Wherein, optocoupler 35 is the abbreviation of photo-coupler, and it is the device for carrying out transmitting telecommunication number using light as medium, generally hair Light device (infrared light-emitting diode LED) is encapsulated in same shell with light-receiving device (photosensitive semiconductor pipe), when input powers up Photophore emits beam during signal, and light-receiving device receives just to produce photoelectric current after light, is flowed out from output end, it is achieved thereby that " electrical-optical-electrical " is changed.In data isolation device 3, how many digit of the output of the first shift register 31 has just corresponded to how many individual light Coupling 35, how many digit of the output of the 3rd shift register 33 have just corresponded to how many individual optocouplers 35, it is assumed that the first shift register 31st, the 3rd shift register 33 is all eight, then one shares 16 optocouplers 35 in data isolation device 3.Fig. 4 gives optocoupler 35 Specific connected mode, P1, P2, P3, P4 connect the parallel output terminal of the first shift register 31, Q1, Q2, Q3, Q4 difference respectively The parallel input terminal of second shift register 32, Fig. 4 only give the connected mode of four optocouplers 35, connect remaining optocoupler 35 Use identical connected mode.
Data instance is uploaded with device end 1, it is assumed that the device end 1 has the authority uploaded, it is assumed that the first displacement is posted Storage 31, the second shift register 32, the 3rd shift register 33, the 4th shift register 34 are eight bit shift registers.If Data are sent to data isolation device 3 by standby terminal 1 by network-switching equipment 2, and the data that data isolation device 3 receives are serial Send, by switching to eight bit parallel datas after the first shift register 31, moved by eight parallel transmissions of optocoupler 35 to second Eight bit parallel datas are converted to serial data again and are sent to security server 4 by bit register 32, the second shift register 32. The mode of reading data is similar with uploading data mode from security server 4, and serial data is sent to number by security server 4 According to isolator 3, serial data is switched into parallel data by the 3rd shift register 33, by optocoupler 35 by data transfer be the 4th Shift register 34, network-switching equipment 2 is sent to after the 4th shift register 34 switchs to serial data, is connect by network Mouth, netting twine return to terminal device.
The anti-data-leakage system that the present embodiment provides, it is real by setting electronic switch 22 in the front end of the network switch 23 Showing the priority assignation to device end 1, priority assignation is convenient, and by way of hardware switch rather than software identity checking To set equipment authority, the anti-attack ability and reliability of anti-data-leakage system are improved;It is provided with by data isolation device 3 Second physical isolation between terminal device and security server 4, system will upload the passage and downloading data passage point of data Leave, realize the unidirectional feedback-less transmission of data in system, prevent invader from illegally obtaining concerning security matters data by network.
Wherein, network-switching equipment 2 also includes microswitch 201, detection circuit 202, alarm 203, cable interface 21 On be provided with window 204, the action reed 205 of microswitch 201 is extended in cable interface 21 by window 204, microswitch 201 switch pin 206 is connected with detection circuit 202, and detection circuit 202 is connected with controller 24, controller 24 and alarm 203 connections.
As shown in figure 5, the present embodiment is provided with window 204, the action reed 205 of microswitch 201 on cable interface 21 Extended in cable interface 21 by window 204, when reticle plug provided insertion cable interface 21, will be pressed onto flexible dynamic Make reed 205 and trigger microswitch 201, the level that the switch pin 206 of microswitch 201 goes out can change, and detect circuit 202 detection level changes simultaneously send change to controller 24, thus can detect whether netting twine is pulled out, if detecting net Line is extracted, then controller 24 is alarmed by alarm 203.The I/O pin of some controllers 24 has detection low and high level Function, I/O pin of the switch pin 206 of microswitch 201 directly with controller 24 can also be now connected.By above-mentioned Set, malice plug netting twine, the identification invasion time very first time can be detected.
Wherein, alarm 203 includes alarm lamp and buzzer.
Wherein, controller 24 is any of CPU, FPGA, DSP, ARM or ASIC.
Wherein, the first shift register 31 and the 3rd shift register 33 select 74LS164 chips.
Wherein, the second shift register 32 and the 4th shift register 34 select 74LS595 chips.
Wherein, cable interface 21 is RJ-45 interfaces.
Finally it should be noted that:Various embodiments above is only to illustrate the technical solution of the utility model, rather than it is limited System;Although the utility model is described in detail with reference to foregoing embodiments, one of ordinary skill in the art should Understand:It can still modify to the technical scheme described in foregoing embodiments, either to which part or whole Technical characteristic carries out equivalent substitution;And these modifications or replacement, the essence of appropriate technical solution is departed from this practicality newly The scope of each embodiment technical scheme of type, it all should cover among claim of the present utility model and the scope of specification.

Claims (7)

  1. A kind of 1. anti-data-leakage system, it is characterised in that including:
    Device end, network-switching equipment, data isolation device, security server,
    The device end is connected by netting twine with the network-switching equipment,
    The network-switching equipment is included for the cable interface of grafting netting twine, electronic switch, the network switch, controller, logical Device is interrogated, the data receiver and data sending terminal of the cable interface pass through the electronic switch and the network exchange respectively Machine is connected, and the control port of the electronic switch is connected with the controller, and the controller is whole by communication device and master control End connection, the output end of the network switch are connected with the data isolation device,
    The data isolation device is posted including the first shift register, the second shift register, the 3rd shift register, the 4th displacement Storage, optocoupler, first shift register and the 3rd shift register are serial type input, the shift LD of parallel output Device, second shift register and the 4th shift register are the shift register of parallel in serial output, described The input of first shift register is connected with the network switch, and the output end of first shift register passes through respectively The input of optocoupler and second shift register connects one to one, the output end of second shift register with it is described Security server is connected, and the input of the 3rd shift register is connected with the security server, and the 3rd displacement is posted The output end of storage is connected one to one by the input of optocoupler and the 4th shift register respectively, the 4th displacement The output end of register is connected with the network switch.
  2. 2. system according to claim 1, it is characterised in that the network-switching equipment also includes microswitch, detection Circuit, alarm, window are provided with the cable interface, the action reed of the microswitch extends to institute by the window State in cable interface, the switch pin of the microswitch is connected with the detection circuit, the detection circuit and the control Device is connected, and the controller is connected with the alarm.
  3. 3. system according to claim 1 or 2, it is characterised in that the controller be CPU, FPGA, DSP, ARM or Any of ASIC.
  4. 4. system according to claim 1, it is characterised in that first shift register and the 3rd shift LD Device selects 74LS164 chips.
  5. 5. system according to claim 1, it is characterised in that second shift register and the 4th shift LD Device selects 74LS595 chips.
  6. 6. system according to claim 2, it is characterised in that the alarm includes alarm lamp and buzzer.
  7. 7. system according to claim 1, it is characterised in that the cable interface is RJ-45 interfaces.
CN201720387909.6U 2017-04-13 2017-04-13 Anti-data-leakage system Active CN206640607U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201720387909.6U CN206640607U (en) 2017-04-13 2017-04-13 Anti-data-leakage system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201720387909.6U CN206640607U (en) 2017-04-13 2017-04-13 Anti-data-leakage system

Publications (1)

Publication Number Publication Date
CN206640607U true CN206640607U (en) 2017-11-14

Family

ID=60248775

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201720387909.6U Active CN206640607U (en) 2017-04-13 2017-04-13 Anti-data-leakage system

Country Status (1)

Country Link
CN (1) CN206640607U (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108234525A (en) * 2018-03-30 2018-06-29 阜阳职业技术学院 A kind of information leakage preventing theft protection management system in computer network security

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108234525A (en) * 2018-03-30 2018-06-29 阜阳职业技术学院 A kind of information leakage preventing theft protection management system in computer network security

Similar Documents

Publication Publication Date Title
CN103761848B (en) A kind of data concentrated collection copies control table system
CN101094121B (en) Method, system and device for detecting Ethernet links among not direct connected devices
CN102307118B (en) Back plate test method, apparatus thereof and system thereof
CN206433003U (en) Ethernet link switching device
CN103746884A (en) Method and system for testing flow through switchboard
CN105791031B (en) A kind of method data acquisition and sent
CN206640607U (en) Anti-data-leakage system
CN104158670B (en) Gigabit Ethernet bypass apparatus
CN110244649A (en) PLC internal data acquisition method and system
CN106095708A (en) The electric current loop means of communication of two-wire system half-duplex one master and multiple slaves multi computer communication and system
CN208477322U (en) POE network interface expanded circuit, repeater and network monitoring system
CN109120063B (en) Plug-and-play sensor monitoring method, system and acquisition unit thereof
CN104765304B (en) It is a kind of to be used for sensor data acquisition, processing, the system of transmission
CN104935381B (en) A kind of multichannel Ethernet power port turns optical port one-way transmission apparatus
CN102013923B (en) Method for realizing high-speed automation of meter reading based on Ethernet optical fiber network
CN101644766B (en) Data transmission node for self-configured universal towed linear array
CN104865938B (en) Applied to the node connection chip and its meshed network for assessing personal injury's situation
CN208597085U (en) Solar energy system
CN103491459A (en) Electronic distributing frame system
CN108616292A (en) Communication circuit, communication method thereof, controller and electric equipment
CN206100072U (en) Safety protection compliance data acquisition system of power monitoring system
CN109756576B (en) Photoelectric network system
CN208548904U (en) Communication circuit, controller and consumer
CN108038047A (en) Server info suggestion device and system
CN104700606B (en) Ammeter information reporting system based on plastic optical fiber

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant