CN2775947Y - Network safety system based on server data exchange - Google Patents
Network safety system based on server data exchange Download PDFInfo
- Publication number
- CN2775947Y CN2775947Y CN 200520069090 CN200520069090U CN2775947Y CN 2775947 Y CN2775947 Y CN 2775947Y CN 200520069090 CN200520069090 CN 200520069090 CN 200520069090 U CN200520069090 U CN 200520069090U CN 2775947 Y CN2775947 Y CN 2775947Y
- Authority
- CN
- China
- Prior art keywords
- server
- network
- external
- internal
- network server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000002955 isolation Methods 0.000 abstract description 10
- 230000005540 biological transmission Effects 0.000 abstract description 9
- 238000004891 communication Methods 0.000 description 10
- 230000006399 behavior Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 206010033799 Paralysis Diseases 0.000 description 2
- 238000000034 method Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000002860 competitive effect Effects 0.000 description 1
- 238000013016 damping Methods 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The utility model discloses a network safety system based on server data exchange, which comprises an internal network server, an external network server and a network isolation card, wherein the network isolation card is arranged between the internal network server and the external network server. The utility model uses two network servers with high performance to provide data resources for users; the internal network server is positioned in an internal network, and the external network server is positioned in an external network; the network isolation card is arranged on the servers to physically connect the two servers so that the two servers can completely carry out effective data transmission. The utility model physically isolates a private network from a public network server, realizes the safe issuance of internal network data towards the external network and the safe summarization of external network data towards the internal network, and prevents the internal network from attacks by hackers.
Description
Technical field
The utility model relates to a kind of network safety system, particularly relates to a kind of network safety system based on the server data exchange.
Background technology
Along with network technology constantly develops, improving constantly of PC unit performance, network is to everyone is indispensable now, it has information inquiry efficiently, functions such as information communication easily, people can stay indoors and just can obtain us and want the information understood, make things convenient for medium-sized and small enterprises to come Information Monitoring, understand first hand market, so as in intense market competition dominate.What is a server so server is widely used in network facet now? server is a kind of high-performance computer, and as the node of network, therefore 80% data, information are also referred to as the soul of network on storage, the processing network.Server system can be a kind of information mode with all information type set such as Email, voice, paging, mobile short-message, fax and multi-medium data, and any reception in the communication equipments such as available phone, fax, mobile phone, pager, PC, palmtop PC, PDA handles, and framework plays an information interconnecting channels between wired, wireless, the Internet.Implementing in full of server can really realize and ERM system of enterprise and ecommerce perfect adaptation, will change traditional working way and life style.Medium-sized and small enterprises utilize this server system all can give full play to Enterprise Information Resources, application such as the phone of enterprise, fax, mail, ERM/CRM are focused on finish on the station server, break through the restriction of original working way and customer service mode, the communication service and the information service of providing convenience to enterprise staff, client, and can utilize oneself information resources, easily develop the information content and the E-business service that shows unique characteristics, improved service ability comprehensively and obtained more inputs repayment.Every profession and trade enterprise servers system, can make enterprise staff at any time and any place, by any way, obtain enterprises and outside various information, simultaneously also can be by making up the corporate client service system, more preferably the client provides personalized service more targetedly, satisfies client's actual demand.Therefore, the information communication channel that it not only provides convenience unobstructed, and can improve enterprise work efficient greatly, cut operating costs, promote the corporate client image, to improve the comprehensive competitive power of enterprise.The user can enjoy omnibearing unified information service, no matter be at home, on the way, still in office or hotel, can handle individual, client's voice messaging, fax and Email whenever and wherever possible, the convenience that enjoys cybertimes to the full is with quick.Traditional enterprise information system is telephone system (phone, a fax), modern enterprise information system becomes increasingly complex, comprise isolated each other, the nothing contacts mutually of all multisystems such as telephone system (phone, fax), LAN system (Internet visit gateway, Email), access service system, enterprise management system, e-commerce system, enterprise has to set up respectively application servers such as remote access server, Internet gateway server, e-mail server, ERM/CRM, uses to support various information.
Server is that the safety problem of very important network device server is the basis that ensures all application to network now as known from the above.For a regular network, have dissimilar servers, as dns server, Web server, mail server or the like.Also have and use general PC to provide Internet to connect the main frame of shared and some simple Web services as network.The Internet of whole LAN (local area network (LAN)) inserts and has leaned on it, if it goes wrong, gently then client computer be could not get on to the Net, heavy then whole network paralysis.Hostile network behavior to the webserver comprises three aspects: the one, and the attack of malice, as Denial of Service attack, internet worm or the like, these behaviors are intended to consume server resource, influence the normal operation of server, even the paralysis of server place network; Another one is exactly the intrusion behavior of malice, and this behavior can cause the server sensitive information leakage especially, and the invador can do at will especially, destroys server wantonly.Last aspect is exactly the security breaches that server itself is had.The webserver is meant that mainly those deposit website data DATA server, dns server and MAIL server.The problem of WEB server had been said many, just learnt about the problem of DATA server, dns server and MAIL server earlier here.
One, DATA server
Look at the DATA server first.It mainly is the server in store data storehouse.With the SQL database is example, considers from security standpoint, and sql server is the same with all programs in the BACKOFFICE assembly, all is based on Windows Server, has utilized the owned security performance of WindowsServer.And when you linked to each other sql server with Internet, for guaranteeing your safety of data and integrality, you needed special consideration some thing.
Two, dns server
Dns server is the basis that Internet goes up other service, and its handles the request of DNS client computer: name and IP address are exchanged, and other publish information (write down as MX etc.) that particular host is provided.Generally speaking, webmasters are run into has following several situation mostly.
1. name deception.When host B was visited host A (simultaneously also as dns server) as execution rlogin, A received this connection and obtains to initiate the IP address of this connection host B.For verifying the legitimacy of this connection, host A just to the reverse inquiry of local dns server corresponding to this IP address of host name.When returning Query Result---during main frame that host name B trusts for this machine, just allow remote command rlogin from B.Below we look at again main frame D be how to utilize the checking leak cheat host A.When main frame D also carried out rlogin, host A will be verified the legitimacy of this connection equally.If when A can not inquire corresponding host name according to the IP of D in local dns server, will send request, can find dns server C eventually at last to other dns server.If when the invador revised among the dns server C corresponding to own IP address of host host B by name, the IP address of host name that host A will obtain corresponding to D was the reverse Query Result of B, so host A is approved this connection.So deception A success.
2. Information hiding.Needs when certain enterprise owing to reasons such as maintaining secrecy give some particular host with specific internal host name, and the invaded person of these main frame passwords is when obtaining, and the server host of depositing private data will expose fully.
Three, MAIL server
The MAIL server becomes the object of numerous online friends' complaint always because of its fail safe.Really, theoretically, the MAIL service is a kind of unsafe service, because it must accept the nearly all data from INTERNET.On the Internet, the mail exchange between server is finished by smtp protocol.The smtp server of main frame receives mail (this mail may be from the smtp server on the external host, also may from the user agent on this machine), checks addresses of items of mail then, still is forwarded to some other main frame so that decision sends at this machine.SMTP program in the Unix system is Sendmail normally.The safety problem important reasons of relevant Sendmail is that it is a unusual complicated program, and Another reason is its need root user privileges operation.
What generally adopt in settlement server safety is the method for software, or utilizes fire compartment wall that the information from external network is filtered, and detects interception.Adopt powerful network operating system, do safe system's gamete, adopt effective antivirus software to play a role, but the network security software of the all-pervasive safety again of the hacking technique of becoming stronger day by day and fire compartment wall all can only be guaranteed can not tackle the problem at its root safely for the moment to server security.
The utility model content
The purpose of this utility model is to provide a kind of safe and reliable network safety system based on the server data exchange.
For achieving the above object, technical solution of the present utility model is:
The utility model is a kind of network safety system based on the server data exchange, and it comprises internal network server, external network server and network security separate card; Internal network server links to each other by grid line, serial ports, parallel port, USB mouth with external network server, and described network security separate card is arranged between internal network server and the external network server.
After adopting such scheme, because the exchanges data of server system, between two-server, carry out active data transmission and exchange exactly, promptly the useful data on the station server is transferred on another station server, the utility model uses two high performance webservers to provide data resource as the user, one station server is in Intranet, and another station server is in outer net, network security separate card is installed on server, physically two-server is linked to each other, two-server just can carry out the active data transmission completely like this.The utility model is from physically isolating classified network and public network; avoided in-house network to suffer the attack of outside hacker, virus; reached the information security policy of " this shared will sharing; also will protecting of this protection "; can save 75% for solving the man power and material that the intranet and extranet isolation drops into, save the network rebuilding input of more than one hundred million units for units such as government, finance.Comparing this system with present shielding system on the market all improves a lot at aspects such as low-cost, easily installation, performance, stability, functions.
Below in conjunction with the drawings and specific embodiments the utility model is further described.
Description of drawings
Fig. 1 is a structural representation of the present utility model.
Embodiment
As shown in Figure 1, the utility model is a kind of network safety system based on the server data exchange, and it comprises internal network server 1, external network server 2 and network security separate card 3.
Operation principle of the present utility model:
The exchanges data of server system, between two-server, carry out active data transmission and exchange exactly, promptly the useful data on the station server is transferred on another station server, the utility model uses two high performance webservers to provide data resource as the user, an internal network server 1 is in Intranet (handling the in-house network of confidential document), and another external network server 2 is in outer net (extranets that connect the Internet).Network security separate card 3 is installed on server, physically two-server (internal network server 1 and external network server 2) is linked to each other, two-server just can carry out the active data transmission completely like this, at this moment just can directly be transferred to external network server to the information that inside is wanted to be published to outer net, also the data that outer net is collected can be aggregated into interior network server.If network security separate card 3 is not installed, after two-server was linked to each other, Intranet just was directly exposed in the Internet so, and at this moment in-house network is being not inner classified network, wherein had the classified information of pipe will be subjected to malicious attack from the external interconnect net.And network security separate card 3 can be basic from physically solving the safety problem of Intranet information, when using network security separate card 3 to link to each other two-server, server is in completely in the physical connection, connecting line and internal network server 1 disconnection by network security separate card 3 when external network server 2 provides the Internet resource for the user, at this moment internal network server 1 disconnects completely, be not connected with external network, if want the information storage that obtains from outer net to in-house network the time, earlier information storage externally on the webserver 2, disconnect with the external interconnect net by network security separate card 3 then and linking to each other with internal network server 1, at this moment no matter be external network server 2 or internal network server 1, just look like to be in one completely in the internal environment.The disconnecting external Internet with when in-house network is connected, begin to carry out transfer of data, so because two-server has effectively prevented the attack from the outside in the internal environment of a complete closed.When wanting to be distributed on the information of in-house network on the Internet, network security separate card 3 disconnects with and external interconnect net automatic by the netting twine switching, link to each other with internal network server 1 then, two-server is in the security context of an inside like this, internal network server 1 is wanting information releasing to be transferred on the external network server 2, isolation card is switched by netting twine again behind the end of transmission, be connected with the external interconnect net with internal network server 1 disconnection, at this moment internal network server 1 is in fully in the internal security environment and is not connected with any external network, avoids internal network server 1 to suffer external attack.So adopt physical isolation scheme of the present invention, realized safety guarantee completely, guarantee integrality, availability and the fail safe of server data.
Interior network server will be published to outer net with information; outer network server disconnection is connected with external network; at this moment the information of internal network is transferred on the external network server 2 by network security separate card 3; in the time of end of transmission; network security separate card 3 disconnects the connection of two-server; simultaneously external network server 2 is linked to each other with the external interconnect net, Intranet just be in one not with the state of any network interconnection in outside in, thereby effectively protected inner classified information.From as can be seen above, network security separate card 3 is exactly under a kind of state of physical security completely, has guaranteed two-server transfer of data safely and fast, is different from existing server clastotype.
The selection of the utility model communication modes:
The network security separate card system is realizing on the basis that safety is isolated several communication modes being arranged.
1. manual switchover mode: i.e. direct-cut operation.Its maximum characteristics are to need not install software.Intranet and extranet just show by the indicator light on the hand switch or its button.It is superseded that such isolation card has been tending towards on market.
2. serial communication mode: it is by software control, realizes the switching of computer network state.The communication modes of isolation card and computer is realized by serial ports.Its maximum characteristics, intelligent high, can monitor out current network state automatically.And friendly interface, easy to use, also have functions such as floppy disk, CD prompting.Comparatively general on such isolation card market.
3.PCI interface mode: it is that mode by software control realizes internal-external network status detection and switching, and the characteristics of comparing its maximum with the serial communication mode are to have saved limited serial port resource.Pci bus is a kind of local bus that does not depend on certain concrete processor.On structure, PCI is the one-level bus of inserting between CPU and original system bus, and specifically by the management of a bridgt circuit realization to this one deck, and the interface between realizing up and down is with the transmission of coordination data.Manager provides signal damping, makes it to support 10 kinds of peripheral hardwares, and can keep high-performance under high clock frequency.Pci bus is the snoop bus master technology also, allows smart machine to obtain bus control right when needed, transmits with expedited data.Its main performance is supported 10 external equipments, maximum data transfer rate 133MB/S, and clock synchronization mode is not subjected to 32 of CPU and clock frequency influence highway widths (5V) 64 (3.3V), and can discerns external equipment automatically.
And server system requires whole performance, to provide Internet resources as much as possible for the network user, fast corresponding reflection is made in user's's (trigger condition or stipulated time realization automatic switchover being set by system) request, so isolation card of the present utility model adopts most effective pci interface mode to carry out communication with computer.
Claims (1)
1, a kind of network safety system based on the server data exchange, it is characterized in that: it comprises internal network server, external network server and network security separate card; Internal network server links to each other by grid line, serial ports, parallel port, USB mouth with external network server, and described network security separate card is arranged between internal network server and the external network server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200520069090 CN2775947Y (en) | 2005-02-03 | 2005-02-03 | Network safety system based on server data exchange |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200520069090 CN2775947Y (en) | 2005-02-03 | 2005-02-03 | Network safety system based on server data exchange |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN2775947Y true CN2775947Y (en) | 2006-04-26 |
Family
ID=36750263
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200520069090 Expired - Fee Related CN2775947Y (en) | 2005-02-03 | 2005-02-03 | Network safety system based on server data exchange |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN2775947Y (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102055765A (en) * | 2010-12-30 | 2011-05-11 | 恒生电子股份有限公司 | Network communication system |
| CN102231707A (en) * | 2011-06-27 | 2011-11-02 | 中国建设银行股份有限公司 | Method and system for reliably transmitting data message in bank outlets |
| CN102737191A (en) * | 2012-07-05 | 2012-10-17 | 智迪电子科技镇江有限公司 | Dual-machine computer system for information security protection |
| CN102801693A (en) * | 2011-05-26 | 2012-11-28 | 腾讯科技(北京)有限公司 | Method and system for processing extranet information |
| CN103391295A (en) * | 2013-07-24 | 2013-11-13 | 佳都新太科技股份有限公司 | Data exchange mechanism for performing real-time security communication with public security in-network system |
| CN105282174A (en) * | 2015-11-10 | 2016-01-27 | 浪潮(北京)电子信息产业有限公司 | Secure transmission system and method |
-
2005
- 2005-02-03 CN CN 200520069090 patent/CN2775947Y/en not_active Expired - Fee Related
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102055765A (en) * | 2010-12-30 | 2011-05-11 | 恒生电子股份有限公司 | Network communication system |
| CN102801693A (en) * | 2011-05-26 | 2012-11-28 | 腾讯科技(北京)有限公司 | Method and system for processing extranet information |
| CN102801693B (en) * | 2011-05-26 | 2017-03-15 | 腾讯科技(北京)有限公司 | A kind of processing method of extranet information and system |
| CN102231707A (en) * | 2011-06-27 | 2011-11-02 | 中国建设银行股份有限公司 | Method and system for reliably transmitting data message in bank outlets |
| CN102737191A (en) * | 2012-07-05 | 2012-10-17 | 智迪电子科技镇江有限公司 | Dual-machine computer system for information security protection |
| CN103391295A (en) * | 2013-07-24 | 2013-11-13 | 佳都新太科技股份有限公司 | Data exchange mechanism for performing real-time security communication with public security in-network system |
| CN105282174A (en) * | 2015-11-10 | 2016-01-27 | 浪潮(北京)电子信息产业有限公司 | Secure transmission system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10621344B2 (en) | System and method for providing network security to mobile devices | |
| US10284603B2 (en) | System and method for providing network and computer firewall protection with dynamic address isolation to a device | |
| US9832227B2 (en) | System and method for network level protection against malicious software | |
| EP2837131B1 (en) | System and method for determining and using local reputations of users and hosts to protect information in a network environment | |
| US20060156407A1 (en) | Computer model of security risks | |
| US20060090023A1 (en) | Computer and method for on-demand network access control | |
| EP2387746B1 (en) | Methods and systems for securing and protecting repositories and directories | |
| CN2775947Y (en) | Network safety system based on server data exchange | |
| AU2011283160A1 (en) | System and method for local protection against malicious software | |
| CN101061683B (en) | Intelligent home appliance, mobile terminal | |
| CN101277302A (en) | Apparatus and method for safety centralized protection of distributed network equipment | |
| US20080148385A1 (en) | Sectionalized Terminal System And Method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: FUZHOU AEGIS INFORMATION TECHNOLOGY CO. Free format text: FORMER OWNER: ZHANG ZHILIANG Effective date: 20070511 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20070511 Address after: 350003, building A#, building 80, Shanhaiguan garden, No. 908 West 2nd Ring Road, Hongshan Town, Gulou District, Fujian, Fuzhou Patentee after: FUZHOU ZHUOSIDUN INFORMATION TECHNOLOGY CO., LTD. Address before: Lake Street in Fuzhou City, Fujian province 350000 No. 68 double garden 11 602 Patentee before: Zhang Zhiliang |
|
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20060426 Termination date: 20140203 |