CN210327863U - Information security vulnerability notification management and control system - Google Patents
Information security vulnerability notification management and control system Download PDFInfo
- Publication number
- CN210327863U CN210327863U CN201921005420.3U CN201921005420U CN210327863U CN 210327863 U CN210327863 U CN 210327863U CN 201921005420 U CN201921005420 U CN 201921005420U CN 210327863 U CN210327863 U CN 210327863U
- Authority
- CN
- China
- Prior art keywords
- management
- optical
- server cluster
- control server
- information security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000003287 optical effect Effects 0.000 claims abstract description 90
- 239000013307 optical fiber Substances 0.000 claims description 13
- 239000000835 fiber Substances 0.000 abstract 1
- 230000005540 biological transmission Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000008439 repair process Effects 0.000 description 2
- 230000008054 signal transmission Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000000034 method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The utility model discloses an information security vulnerability report management and control system, the system includes management and control server cluster, management and control center computer, a plurality of area substation equipment, management and control server cluster with management and control center computer is connected through internal network, management and control server cluster still through passive optical network simultaneously with area substation equipment is connected. The utility model provides an information security leak report management and control system has good adaptability and scalability, and the compatibility is strong, can effectively save the optic fibre resource simultaneously, can realize the timely report of information security leak, and help the staff realizes the full life cycle management and the risk management and control of security leak.
Description
Technical Field
The utility model relates to an information system field especially relates to an information security leak report management and control system.
Background
The emergence of the power system enables the electric energy which is highly efficient, pollution-free, convenient and easy to control to be widely applied, the change of each field of social production is promoted, the scale and the technical height of the power grid become one of the marks for measuring the national economic development level, however, the power grid is subjected to network attack due to the loophole of the information system of the power grid, so that the power supply is interrupted, the social instability is caused to happen occasionally, the high importance of the country and the industry is aroused, along with the rapid development of the network technology, the attack means adopted by hackers aiming at the loophole of the information system are constantly changed and upgraded, for the huge information network of the power grid company, the information security loophole information is difficult to be reported to all levels of departments in each region in time, therefore, targeted bug repair and defense cannot be timely and effectively performed, and great information safety hidden danger exists.
SUMMERY OF THE UTILITY MODEL
Therefore, an object of the present invention is to provide an information security vulnerability report management and control system to solve the above problems at least.
The information security vulnerability notification management and control system comprises a management and control server cluster, a management and control center computer and a plurality of regional substation equipment, wherein the management and control server cluster is connected with the management and control center computer through an internal network, and meanwhile, the management and control server cluster is connected with the regional substation equipment through a passive optical network.
Further, the management and control server cluster comprises a comprehensive management and control server and a database server cluster, and the comprehensive management and control server is connected with the database server cluster through a GPIO port.
Further, the database server cluster comprises a plurality of rack-mounted servers, the rack-mounted servers are used for storing information security data, and each rack-mounted server is connected with the comprehensive management and control server through a GPIO port.
Further, the passive optical network includes an optical transmitter, an optical multiplexer, a plurality of optical demultiplexer and a plurality of optical receiver, the receiving end of the optical transmitter is connected with the management and control server cluster, the transmitting end is connected with the optical multiplexer, the optical multiplexer is connected with the optical demultiplexer through an optical fiber, the optical demultiplexer is connected with the input end of the optical receiver, and the output end of the optical receiver is connected with the regional station equipment.
Furthermore, a passive optical splitter is arranged between the optical multiplexer and the optical demultiplexer.
Furthermore, the regional substation equipment comprises a substation computer, substation information equipment and a handheld notification terminal, the substation computer is connected with the management and control server cluster through a passive optical network, the substation information equipment is connected with the substation computer, and the handheld notification terminal is connected with the substation computer through a wireless network.
Furthermore, an intelligent gateway and a network hardware firewall are further arranged between the control server cluster and the passive optical network, and the control server cluster, the intelligent gateway, the network hardware firewall and the passive optical network are sequentially connected.
Compared with the prior art, the beneficial effects of the utility model are that:
the utility model provides an information security leak report management and control system possesses good adaptability and scalability, and the passive optical network structure that adopts is little to the optical fiber resource consumption, can in time report the department at different levels with the information security leak based on the fast characteristics of optical fiber transmission speed, to current leak, can find out effectual safety rectification suggestion fast, helps the staff to realize the full life cycle management and the risk management and control of security leak.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only preferred embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive work.
Fig. 1 is a schematic view of the overall system of the management and control system according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of an overall system of a passive optical network according to an embodiment of the present invention.
Fig. 3 is a schematic diagram of a passive optical network according to an embodiment of the present invention.
Fig. 4 is a schematic diagram of a specific system of the management and control system according to an embodiment of the present invention.
In the figure, 1 is a management server cluster, 2 is a management center computer, 3 is a regional substation device, 4 is a passive optical network, 5 is an intelligent gateway, 6 is a network hardware firewall, 11 is a comprehensive management server, 12 is a database server cluster, 31 is a substation computer, 32 is a substation information device, 33 is a handheld notification terminal, 41 is an optical transmitter, 42 is an optical multiplexer, 43 is an optical demultiplexer, 44 is an optical receiver, 45 is a passive optical splitter, and 121 is a rack server.
Detailed Description
In the present application, unless expressly stated or limited otherwise, the terms "connected" and "fixed" are to be construed broadly, e.g., "fixed" may be fixedly connected or detachably connected, or integrally formed; can be mechanically or electrically connected; they may be directly connected or indirectly connected through intervening media, or they may be connected internally or in any other suitable relationship, unless expressly stated otherwise. The specific meaning of the above terms in the present invention can be understood according to specific situations by those skilled in the art.
The principles and features of the present invention are described below in conjunction with the following drawings, the illustrated embodiments are provided to explain the present invention and not to limit the scope of the invention.
Referring to fig. 1, the utility model provides an information security vulnerability report management and control system, including management and control server cluster 1, management and control center computer 2 and regional station equipment 3, management and control center computer 2 with management and control server cluster 1 is connected through internal network, management and control server cluster 1 simultaneously through passive optical network 4 with regional station equipment 3 is connected.
The management and control server cluster 1 is used for storing information security vulnerability data and sending security vulnerability notification information to each regional station device 3 as a broadcast node. The management and control server cluster 1 comprises an integrated management and control server 11 and a database server cluster 12, wherein the integrated management and control server 11 is connected with the database server cluster 12. The integrated management and control server 11 is configured to process a service processing request initiated by the management and control center computer 2 or the regional substation device 3, and may be used as a notification initiating node to initiate a security vulnerability information notification to each regional substation device 3. The comprehensive management and control server can adopt a PowerEdge T340 server.
Specifically, the database server cluster 12 includes a plurality of rack servers 121, each rack server is connected to the integrated management and control server through a GPIO port, the rack servers 121 are configured to store information security related data, establish an information security database, and allow local substations to query and share the information security related data through a network, where the information security related data may include information security evaluation indexes, discovered information security threat vulnerability data, information security risk data, information security vulnerability repair and rectification related knowledge data. The utility model discloses an optional embodiment, rack server 121 adopts server cluster framework, and when certain rack server caused the stop work because of trouble or human error reason in the cluster, other rack servers can take over the work that trouble server is carrying out automatically, guarantee continuation, the steady operation of system. The rack-mounted server can adopt a PowerEdge R240 rack-mounted server.
The staff can control the comprehensive management and control server 11 to send information security vulnerability reports to each regional substation device 3 through the management and control center computer 2, and manage, modify and call data stored in the database server cluster 12.
Referring to fig. 2, the management and control server cluster 1 and the regional station device 3 perform data interaction through the passive optical network 4. The passive optical network 4 includes an optical transmitter 41, an optical multiplexer 42, an optical demultiplexer 43, and an optical receiver 44, where a receiving end of the optical transmitter 41 is connected to the management and control server cluster 1, and a transmitting end is connected to the optical multiplexer 42. The optical demultiplexer 43 is disposed in each regional station, the optical multiplexer 42 is connected to the optical demultiplexer 43 through an optical fiber, the optical demultiplexer 43 is connected to the input terminal of the optical receiver 44, and the output terminal of the optical receiver 44 is connected to the regional station apparatus 3. The optical transmitter 41 is configured to convert an electrical signal sent by the management and control server cluster 1 into an optical signal. The optical multiplexer 42 is used for merging optical signals with different wavelengths and carrying various information, and coupling the optical signals to the same optical fiber in the transmission line for transmission. The optical demultiplexer 43 is used to separate the optical signal from the light. The optical receiver 44 is used to convert the optical signal into an electrical signal and transmit the electrical signal to the differentiating station apparatus 3. The use of optical fiber resources can be effectively saved by transmitting data through the passive optical network 4, and the total cost of the information security vulnerability notification management and control system is reduced. The passive optical network can flexibly adopt tree, star or ring topology systems according to specific requirements, and has strong expandability and flexibility.
Referring to fig. 3, in an embodiment of the present invention, a passive optical splitter 45 is further disposed between the optical multiplexer 42 and the optical demultiplexer 43. In order to transmit signals of the management and control server cluster 1 to each regional substation device 3, an optical fiber needs to be erected between the management and control server cluster 1 and each regional substation device 3, a passive optical splitter 45 is arranged between an optical multiplexer 42 at one end of the management and control server cluster 1 and an optical demultiplexer 43 at one end of a regional substation subnet 3, the optical multiplexer 42 and the passive optical splitter 45 perform signal transmission through a single optical fiber line, the passive optical splitter 45 and the optical demultiplexers 43 of each regional substation perform signal transmission through optical fiber lines, and compared with a mode that the optical multiplexer 42 and the optical demultiplexers 43 are directly connected through optical fiber lines, the length of the laid optical fiber is short, the use of optical fiber resources is saved, and the network erection cost is further reduced.
The regional substation apparatus 3 includes a substation computer 31, a substation information apparatus 32, and a handheld notification terminal 33. The substation computer 31 is connected to the optical demultiplexer 43, the substation information device 32 is connected to the substation computer 31, and the handheld notification terminal 33 is connected to the substation computer 31 through a wireless network. The substation computer 31 is configured to receive the information security vulnerability report, and report the information security vulnerability of the substation information device 32 to the management and control server cluster 1. The substation information device 32 includes a power grid, a communication and office automation device, and an IED device. The handheld notification terminal 33 can obtain the information security vulnerability notification from the substation computer 31 so as to facilitate timely processing and repairing of vulnerabilities by workers, and can also edit information security vulnerability information and send the information security vulnerability notification to the substation computer 31, and the handheld notification terminal 33 is an industrial PDA or a tablet computer. The substation computer 31 sends the information security vulnerability information to the management and control server cluster 1 through the passive optical network 4, records the information security vulnerability information in the database server cluster 12 as the existing information security vulnerability, and reports the information security vulnerability information to other regional substation equipment 3, so that the whole life cycle management and risk management and control of the information security vulnerability can be realized. The staff can also call the safety correction suggestion for the existing holes stored by the management and control server cluster 1 through the substation computer 31, so as to strengthen the system safety.
Referring to fig. 4, in an embodiment of the present invention, the management and control server cluster 1 and the passive optical network 4 are provided with an intelligent gateway 5 and a network hardware firewall 6, and the management and control server cluster 1, the intelligent gateway 5, the network hardware firewall 6 and the passive optical network 4 are connected in sequence. The network hardware firewall 6 is used for resisting external malicious network attacks, and the intelligent gateway 5 can monitor the state of the intelligent link and send an alarm to the management and control center computer 2. The intelligent gateway 5 and the network hardware firewall 6 can guarantee whether the flow of the access control server cluster 1 is safe or not, and prevent the control server cluster 1 from being attacked maliciously. The intelligent gateway can adopt an F-G100 industrial intelligent gateway; the network hardware firewall may employ an RG-WALL 1600-X9850 firewall.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the present invention, and any modifications, equivalent replacements, improvements, etc. made within the spirit and principle of the present invention should be included within the protection scope of the present invention.
Claims (7)
1. The information security vulnerability notification management and control system is characterized by comprising a management and control server cluster, a management and control center computer and a plurality of regional substation equipment, wherein the management and control server cluster is connected with the management and control center computer through an internal network, and meanwhile, the management and control server cluster is connected with the regional substation equipment through a passive optical network.
2. The information security vulnerability notification management and control system according to claim 1, wherein the management and control server cluster comprises a comprehensive management and control server and a database server cluster, and the comprehensive management and control server is connected with the database server cluster through a GPIO port.
3. The information security vulnerability notification management and control system according to claim 2, wherein the database server cluster comprises a plurality of rack-mounted servers, the rack-mounted servers are used for storing information security data, and each rack-mounted server is connected with the comprehensive management and control server through a GPIO port.
4. The information security vulnerability notification management and control system according to claim 1, wherein the passive optical network comprises an optical transmitter, an optical multiplexer, a plurality of optical demultiplexers and a plurality of optical receivers, wherein a receiving end of the optical transmitter is connected with the management and control server cluster, a transmitting end is connected with the optical multiplexers, the optical multiplexers are connected with the optical demultiplexers through optical fibers, the optical demultiplexers are connected with input ends of the optical receivers, and output ends of the optical receivers are connected with the regional substation equipment.
5. The system according to claim 4, wherein a passive optical splitter is disposed between the optical multiplexer and the optical demultiplexer.
6. The information security vulnerability notification management and control system according to claim 1, wherein the regional station equipment comprises a substation computer, a substation information device and a handheld notification terminal, the substation computer is connected with the management and control server cluster through a passive optical network, the substation information device is connected with the substation computer, and the handheld notification terminal is connected with the substation computer through a wireless network.
7. The information security vulnerability notification management and control system according to claim 1, wherein an intelligent gateway and a network hardware firewall are further arranged between the management and control server cluster and the passive optical network, and the management and control server cluster, the intelligent gateway, the network hardware firewall and the passive optical network are sequentially connected.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201921005420.3U CN210327863U (en) | 2019-06-28 | 2019-06-28 | Information security vulnerability notification management and control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201921005420.3U CN210327863U (en) | 2019-06-28 | 2019-06-28 | Information security vulnerability notification management and control system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN210327863U true CN210327863U (en) | 2020-04-14 |
Family
ID=70147782
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201921005420.3U Active CN210327863U (en) | 2019-06-28 | 2019-06-28 | Information security vulnerability notification management and control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN210327863U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114675582A (en) * | 2022-04-20 | 2022-06-28 | 许知坚 | Big data-based intelligent information security management and control system |
-
2019
- 2019-06-28 CN CN201921005420.3U patent/CN210327863U/en active Active
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114675582A (en) * | 2022-04-20 | 2022-06-28 | 许知坚 | Big data-based intelligent information security management and control system |
| CN114675582B (en) * | 2022-04-20 | 2023-01-24 | 希博(张家港)科技有限公司 | Big data-based intelligent information security management and control system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103812710B (en) | Power communication communication terminal special | |
| CN106452571B (en) | Electric power terminal communication access net topological relation faulty section determines and analysis method | |
| CN102324968A (en) | Alarm management method and device of passive optical network terminal equipment | |
| CN110069011A (en) | Fiber optic stretch based on BD and GPS concentrates time dissemination system and time service method | |
| CN107092243B (en) | Power supply control intelligent safety monitoring system based on Internet of things | |
| CN210327863U (en) | Information security vulnerability notification management and control system | |
| CN104469314A (en) | Video monitoring system and method of electric power construction field | |
| CN103036881B (en) | A kind of methods, devices and systems to the unified configuration of disrupter | |
| CN108551400B (en) | Portable fortune dimension fort machine system | |
| CN104378209A (en) | High-speed wireless data secure transmission system and method suitable for distribution network system | |
| CN103686641A (en) | Method for sending and receiving short message in power monitoring field | |
| CN103973495A (en) | Terminal access network interface adapter and data transmission method thereof | |
| CN102904756A (en) | Power information communication scheduling-operation-inspection integrated processing method | |
| CN103957153A (en) | Dispatching exchange network interface adapter and data transmission method thereof | |
| CN104486170A (en) | Novel mining integrated access system | |
| CN103885422B (en) | Hydrogen fuel stand-by power supply monitoring system and method | |
| CN201681280U (en) | Remote monitoring wireless transmitter | |
| CN204707132U (en) | For centralized monitor and the long distance control system of network management server group | |
| CN208638365U (en) | Fire Control system | |
| CN107180524A (en) | A kind of network monitoring method of power information acquisition system | |
| CN105182114A (en) | On-line monitoring device for distribution transformer | |
| CN202634075U (en) | Distribution transformer district equipment abnormal running remote alarm intelligent management center | |
| CN207304565U (en) | A kind of hfc plant management system for possessing optical cable on-line monitoring function | |
| CN208386547U (en) | A kind of power network security monitoring system | |
| CN103957126A (en) | Synchronous clock network interface adaptor and data transmission method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |