CN2785015Y - Network safe system based on NC system - Google Patents
Network safe system based on NC system Download PDFInfo
- Publication number
- CN2785015Y CN2785015Y CN 200520069089 CN200520069089U CN2785015Y CN 2785015 Y CN2785015 Y CN 2785015Y CN 200520069089 CN200520069089 CN 200520069089 CN 200520069089 U CN200520069089 U CN 200520069089U CN 2785015 Y CN2785015 Y CN 2785015Y
- Authority
- CN
- China
- Prior art keywords
- network
- dish
- switch
- isolation
- utility
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000002955 isolation Methods 0.000 claims abstract description 62
- 241000700605 Viruses Species 0.000 abstract description 2
- 238000004891 communication Methods 0.000 description 11
- 230000005540 biological transmission Effects 0.000 description 4
- 238000011161 development Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000004883 computer application Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013016 damping Methods 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 238000006073 displacement reaction Methods 0.000 description 1
- 239000012467 final product Substances 0.000 description 1
- 230000017525 heat dissipation Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000000034 method Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 230000001012 protector Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000010977 unit operation Methods 0.000 description 1
- 230000003313 weakening effect Effects 0.000 description 1
- 238000004804 winding Methods 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The utility model discloses a network safe system based on an NC system, which is mainly composed of a computer mainboard, an internal electronic disk, an external electronic disk and an isolating card, wherein the isolating card which is used for carrying out physical isolation to networks is arranged between the internal electronic disk and the external electronic disk which are connected with the computer mainboard through the isolating card. Because in the information safety of the NC system, the utility model carries out the physical isolation of the internal electronic disk and the external electronic disk, an internal network and an external network in the NC system can be in timesharing connection so that the physical isolation can truly realized. Thereby, the utility model physically isolates a private network from a public network, prevents the internal network from attacks of hackers and viruses from the external network, and solves the problem of the internal network attacked by the hackers in a network world; the utility model has the advantage of higher safety.
Description
Technical field
The utility model relates to a kind of network safety system, particularly relates to a kind of network safety system based on the NC system.
Background technology
The NC system: popular computer equipment has a common characteristic on the market now, needs powerful power supply, very large cabinet and loaded down with trivial details heat dissipation equipment, so its cost height, maintenance is also inconvenient.The purpose of NC system is exactly these shortcomings that overcome computing machine, for those do not have the harsh user who requires that a kind of multi-functional cheap selection is provided to performance.Computation schema from complete set the earliest, C/S tactic pattern finally is again to the distributed computing model of today.The continuous differentiation of computation schema is and guiding the architecture of computer application system with development influence always and is disposing and implement.The pattern of computing environment is always all along with computer hardware and software development and develop, the development and change of simultaneous computer application demand also influence the development and change of computation schema, and to remove to talk computation schema be nonsensical so leave the computer software and hardware environment of different times and application demand characteristics.The characteristics of application demand change, the fast development of network, and based on network NC application frame system is arisen at the historic moment, and all there has been raising in the system of this framework on security, extendability, ease of manageability.As shown in the figure: this NC application frame system is placed on all calculation tasks and data on the relative higher server of sub-fraction performance (blade type PC server), and each terminal only is responsible for the task of simple and user interactions, so be quite low to the configuration requirement of terminal.Analyze from essence, the system of NC application frame belongs to C/S tactic pattern (Thin Client/Fat Server), say more carefully and be SBC computation schema (Serverd-based Computing), but it is different from the thin-client under other many applied environments, because at least also need operating system and other system software back-up environment when generally other so-called thin-client moves, but the NC client computer does not need these, it is just passable that it only needs terminal clientsaconnect can carry out graphic presentation, all calculation tasks will all be distributed on a plurality of blade type PC servers, and the NC client computer is only real super thin terminating machine thus.The system of this NC application frame possesses following characteristics are arranged simultaneously: the cost that need drop into when system builds at first is relatively cheap.Because the configuration requirement of NC client is very low, so the cost of required input has just reduced much when making up the computing power NC system suitable with conventional P C workstation structure;
Though its all nodes do not have hard disk in whole NC system, but electric board as the storage medium of NC system, in total system, still be under a kind of unsafe situation, when system and internet or the interconnection of common computer net, be in complete exposed state, though can install fire wall additional at its edge network, but can not stop the hacking technique of becoming stronger day by day, very easily be subjected to malicious attack from internet or common computer net.In order to solve the problem of its security, we adopt real physical isolation method to realize the isolation of intranet and extranet.
The utility model content
The purpose of this utility model is to provide a kind of network safety system based on NC system malicious attack, that have better security that is not vulnerable to from internet or common computer net.
For achieving the above object, technical solution of the present utility model is:
The utility model is a kind of network safety system based on the NC system, and it mainly is made up of computer motherboard, internal electron dish, external electrical dish and isolation card; Describedly be used for that network is carried out the isolation card that physics cuts off and be arranged between internal electron dish and the external electrical dish, the internal electron dish is connected computer motherboard with the external electrical dish by isolation card.
Described isolation card connects computer motherboard by the pci interface mode.
The utility model also comprises interior network server, interior network switch, outer network server, outer network switch; The internal electron dish is connected with interior network server by interior network switch, and the external electrical dish is connected with outer network server by outer network switch.
The utility model also comprises interior network server, interior network switch, outer network server, outer network switch and network security isolation selector switch; Internal electron dish, external electrical dish connect network security by isolation card and isolate selector switch, and network security is isolated selector switch and is connected with interior network server, is connected with outer network server by outer network switch by interior network switch respectively.
After adopting such scheme, because the utility model (for example: the Internet) carry out the physical isolation of electric board in the information security of NC system, is carried out in-house network (office net or secret net) and extranets.For safety from physically segregate internal network and external network, after in-house network (extranets) starts, the employed electric board of in-house network (extranets) is connected with network, and the power supply of extranets (in-house network) or data line disconnection make it must use fully.So just realize at times connection in-house network or extranets in a NC system, thereby really realized isolation physically.Therefore; physical isolation system based on NC; from physically isolating classified network and public network; avoid in-house network to suffer the attack of outside hacker, virus, reached the information security policy of " this will sharing of sharing, this protection also will protect "; solved the problem of assault internal network in the network world; have better security, can save 75%, save the network rebuilding input of more than one hundred million units for units such as government, finance for solving the man power and material that the intranet and extranet isolation drops into.To enterprise, equally also be suitable for, even main still enterprise and some window services type industries of the target customers of NC largely.
Below in conjunction with the drawings and specific embodiments the utility model is further described.
Description of drawings
Fig. 1 commonly uses typical N C construction system structural representation;
Fig. 2 A is the structural representation of first embodiment of the utility model;
Fig. 2 B is the structured flowchart of first embodiment of the utility model;
Fig. 3 is the structural representation of second embodiment of the utility model;
Fig. 4 A is the structural representation of the 3rd embodiment of the utility model;
Fig. 4 B is the structured flowchart of the 3rd embodiment of the utility model.
Embodiment
Principle of work of the present utility model:
Adopt bielectron dish scheme: bielectron dish scheme is meant installs two electric boards on a computing machine, switching by power supply or data line realizes, when needs use Intranet, start corresponding in-house network electric board (disconnection of outer net electric board), connect corresponding in-house network or unit operation simultaneously, when needs use extranets, start corresponding extranets electric board (disconnection of Intranet electric board), connect corresponding external network simultaneously.
Fig. 2 A, Fig. 2 B are first embodiment of the utility model (unit solutions).
The utility model mainly is made up of computer motherboard 1, internal electron dish 2, external electrical dish 3 and isolation card 4 based on the network safety system of NC system.
Describedly be used for that network is carried out the isolation card 4 that physics cuts off and be arranged between internal electron dish 2 and the external electrical dish 3, internal electron dish 2 is connected isolation card 4 respectively with external electrical dish 3, and isolation card 4 connects computer motherboard 1 by serial ports, USB mouth, pci interface mode.Computer motherboard 1 connects internet 6 or other public network by Modem5.
The course of work of present embodiment:
By the physical isolation card control, under interior net state, computer motherboard 1 can't be got in touch by Modem5 and external network, internal electron dish 2 powers up and starts and external electrical dish 3 is in the line weak point that the state (completely not serviceable condition) of outage connects network simultaneously and opens, when connecting external network, internal electron dish 2 outage (completely not serviceable condition) external electrical dish 3 powers up startup, and network connectivity is opened with outer net and carried out communication simultaneously.Therefore the safety of the internal electron dish 2 of depositing classified information under in working order is guaranteed.Physical isolation card unit safety physical isolation solution can satisfy the requirement that unit or personal user's unit dial up on the telephone.
Fig. 3 is second embodiment of the utility model, and it is a kind of pair of net solution (two netting twine).
The utility model mainly is made up of NC terminal system 1A (comprising computer motherboard, internal electron dish, external electrical dish), isolation card 4A, network security isolation selector switch 5A, interior network server 6A, interior network switch 7A, outer network server 8A, outer network switch 9A based on the network safety system of NC system.
Describedly be used for that network is carried out isolation card 4 that physics cuts off and be arranged between workstation1 A and the network security isolation selector switch 5A.Internal electron dish (not shown) is isolated selector switch 5A, interior network switch 7A through isolation card 4A, network security and is connected with interior network server 6A, the external electrical dish through through isolation card 4A, network security isolation selector switch 5A, outer network switch 9A with outside network server 8A be connected.
The course of work of present embodiment:
Realize the physical isolation of inner concerning security matters network and Internet or other public networks, have the user under the situation of two cover LAN, should adopt two wire structures, install physical isolation card additional in the NC terminal system, network is carried out physical isolation, and each network has separately independently server, switch and network transmission line.The internal electron dish links to each other with internal network, the external electrical dish links to each other with the internet, external electrical dish outage (can not use) disconnects with the internet when the internal electron dish powers up startup, at this moment the user is connected with switch and can only carries out communication with the internal network user, when the external electrical dish powers up startup, internal electron dish outage (can not use) links to each other with the internet simultaneously and the disconnection of inner exchanging machine, at this moment the user can not with the internal network communication, can carry out communication with external the Internet.Used network security physical isolation selector switch in this scheme, it has the function of exchange and safety selection, and the safety of supporting the two netting twine data transmission of single netting twine mainly to carry out isolation card is selected.When the user need connect two different networks, such as LAN and Internet, this will cause the network facilities that repeats, perhaps the user is on existing network structure as need connect a net again, also can need whole structure of modification is installed, this all can cause very big extra cost, hard work and a large amount of time.And as auxiliary products of physical isolation card, it will be a perfect settling mode, this will save extra wiring, and can use existing wall scroll with big net/Fast Ethernet, the user security ground that physical isolation card is housed is connected to two different networks from desktop get on.Installing on the NC terminal system of physical isolation card, in fact exist place of safety and public area two states, when the NC terminal system by network security when selector switch connects intranet and extranet, when being in common condition, the NC terminal system says, can only connect extranets, and when being in a safe condition, then can only connect in-house network.It is that a standard is repaired panel that network security is isolated selector switch, supports 8 or 24 end-user workstations.This equipment can not be considered as ethernet device, and it can be ignored to weakening of ethernet signal.Being connected in network cable between existing concentrator switch and the LAN isolates selector switch (control Ethernet/Fast Ethernet) by network security and carries out winding displacement.Increase " super band " DC (constant current) voltage signal at electric wire (TX and RX to) and can control two switchings between heterogeneous networks reliably.Which network is the polarity of signal can measure is connected with the NC terminal system by network security isolation selector switch.Network security is isolated selector switch and is erased the DC element, and the network port is presented on " back side " with IEEE802.3 signal clear, standard.If do not detect the DC electric current, two networks all can all be cut off, and the workstation that has reduced the place of safety is like this connected the risk that goes up unfiled network mistakenly.This network security is isolated being provided with of selector switch and is allowed the user successfully to carry out extra network work, has avoided laying to desktop the arguement of new cable.All affiliated facilities are connected on the maincenter of communication machine box and back.In addition, it is that full impregnated is bright that data security is isolated the selector switch operation, need not maintenance, and to the standard traffic of Ethernet/Fast Ethernet without any influence.Those seek to provide Internet to connect to their user to the high mechanism of safety requirements on the one hand, guarantee the safety of internal data on the other hand.Like this, these mechanisms only need installation data protector in desktop workstations, add common commercial Internet visit solution then and get final product.
Be the 3rd embodiment of the utility model shown in Fig. 4 A, Fig. 4 B, it is a kind of pair of net solution (single netting twine).
The utility model mainly is made up of computer motherboard 1B, internal electron dish 2B, external electrical dish 3B, isolation card 4B, network security isolation selector switch 5B, interior network server 6B, interior network switch 7B, outer network server 8B, outer network switch 9 based on the network safety system of NC system.
Describedly be used for that network is carried out the isolation card 4B that physics cuts off and be arranged between internal electron dish 2B and the external electrical dish 3B.Internal electron dish 2B is connected isolation card 4B respectively with external electrical dish 3B, and isolation card 4B connects computer motherboard 1B by the pci interface mode.Internal electron dish 2B isolates selector switch 5B, interior network switch 7B through isolation card 4B, network security and is connected with interior network server 6B, the external electrical dish through isolation card 4B, network security isolation selector switch 5B, outer network switch 9B with outside network server 8B be connected.
The course of work of present embodiment:
For realizing the physical isolation of inner concerning security matters network and Internet or other public networks, have only the user under the situation of single wire structures, install network security selector switch and physical isolation card additional in the NC terminal system, isolation card realizes network is carried out complete physical isolation by the single wire structures of the circuit selection function utilization of selector switch, and each network has separately independently server, switch and network transmission line.Network selector is connected into Intranet on one side as shown in the figure, being connected into outer net on one side switches network, when will visit Intranet, Intranet electric board power supply or data line start, the outer net electric board is in the buttoned-up status, netting twine of terminal NC system use and network selector link to each other and are connected with internal network automatically, disconnect with external network, have so just stopped the malicious attack from external network.
The selection of the utility model communication modes:
According to physical isolation card and computing machine communication modes same we it is divided into following three types:
1. manual switchover mode: i.e. direct-cut operation.Its maximum characteristics are to need not install software.Intranet and extranet just show by the pilot lamp on the hand switch or its button.It is superseded that such isolation card has been tending towards on market.
2. serial communication mode: it is by software control, realizes the switching of computer network state.The communication modes of isolation card and computing machine is realized by serial ports.Its maximum characteristics, intelligent high, can monitor out current network state automatically.And friendly interface, easy to use, also have functions such as floppy disk, CD prompting.Comparatively general on such isolation card market.
3.PCI interface mode: it is that mode by software control realizes internal-external network status detection and switching, and the characteristics of comparing its maximum with the serial communication mode are to have saved limited serial port resource.Pci bus is a kind of local bus that does not depend on certain concrete processor.On structure, PCI is the one-level bus of inserting between CPU and original system bus, and specifically by the management of a bridgt circuit realization to this one deck, and the interface between realizing up and down is with the transmission of coordination data.Manager provides signal damping, makes it to support 10 kinds of peripheral hardwares, and can keep high-performance under high clock frequency.Pci bus is the snoop bus master technology also, allows smart machine to obtain bus control right when needed, transmits with expedited data.Its main performance is supported 10 external units, maximum data transfer rate 133MB/S, and clock synchronization mode is not subjected to 32 of CPU and clock frequency influence highway widths (5V) 64 (3.3V), and can discerns external unit automatically.
And the NC system requirements improves whole performance, so our isolation card adopts most effective pci interface mode to carry out communication with computing machine.
We adopt power supply or data line control mode that it is controlled among the NC system, by cutting off the conversion that electric board power supply or data line are realized the intranet and extranet electric board.When starting Intranet (outer net), start Intranet (outer net) power supply or data line, close outer net (Intranet) power supply or data line simultaneously, just can only use single network so in use, and another network is in closed condition completely.
Based on the NC system, we are divided into bielectron dish isolation card two nets, single net again and support the MODEM function from the angle of wiring.
Claims (4)
1. network safety system based on the NC system, it is characterized in that: it mainly is made up of computer motherboard, internal electron dish, external electrical dish and isolation card; Describedly be used for that network is carried out the isolation card that physics cuts off and be arranged between internal electron dish and the external electrical dish, the internal electron dish is connected computer motherboard with the external electrical dish by isolation card.
2. the network safety system based on the NC system according to claim 1 is characterized in that: described isolation card connects computer motherboard by PCI, serial ports, usb mode.
3. the network safety system based on the NC system according to claim 1 is characterized in that: it also comprises interior network server, interior network switch, outer network server, outer network switch; The internal electron dish is connected with interior network server by interior network switch, and the external electrical dish is connected with outer network server by outer network switch.
4. the network safety system based on the NC system according to claim 1 is characterized in that: it also comprises interior network server, interior network switch, outer network server, outer network switch and network security isolation selector switch; Internal electron dish, external electrical dish connect network security by isolation card and isolate selector switch, and network security is isolated selector switch and is connected with interior network server, is connected with outer network server by outer network switch by interior network switch respectively.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200520069089 CN2785015Y (en) | 2005-02-03 | 2005-02-03 | Network safe system based on NC system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200520069089 CN2785015Y (en) | 2005-02-03 | 2005-02-03 | Network safe system based on NC system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN2785015Y true CN2785015Y (en) | 2006-05-31 |
Family
ID=36771983
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200520069089 Expired - Fee Related CN2785015Y (en) | 2005-02-03 | 2005-02-03 | Network safe system based on NC system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN2785015Y (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104243426A (en) * | 2013-06-19 | 2014-12-24 | 鞍钢股份有限公司 | Protocol-isolated internal and external network data communication method |
| CN104505105A (en) * | 2014-12-31 | 2015-04-08 | 苏州互盟信息存储技术有限公司 | One-way physical-isolation disc conveying device |
| CN106790151A (en) * | 2016-12-29 | 2017-05-31 | 中铁信安(北京)信息安全技术有限公司 | A kind of data isolation Transmission system and method |
| CN106778383A (en) * | 2016-12-05 | 2017-05-31 | 陈丹丹 | A kind of USB suspensions structure, computer security network |
| CN111104458A (en) * | 2019-11-12 | 2020-05-05 | 杭州创谐信息技术股份有限公司 | Distributed data exchange system and method based on RK3399Pro |
-
2005
- 2005-02-03 CN CN 200520069089 patent/CN2785015Y/en not_active Expired - Fee Related
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104243426A (en) * | 2013-06-19 | 2014-12-24 | 鞍钢股份有限公司 | Protocol-isolated internal and external network data communication method |
| CN104505105A (en) * | 2014-12-31 | 2015-04-08 | 苏州互盟信息存储技术有限公司 | One-way physical-isolation disc conveying device |
| CN104505105B (en) * | 2014-12-31 | 2017-03-15 | 苏州互盟信息存储技术有限公司 | A kind of isolated smooth disc transport apparatus of uni-directional physical |
| CN106778383A (en) * | 2016-12-05 | 2017-05-31 | 陈丹丹 | A kind of USB suspensions structure, computer security network |
| CN106778383B (en) * | 2016-12-05 | 2024-01-12 | 中技安全科技有限公司 | USB network disconnection structure and computer security network |
| CN106790151A (en) * | 2016-12-29 | 2017-05-31 | 中铁信安(北京)信息安全技术有限公司 | A kind of data isolation Transmission system and method |
| CN111104458A (en) * | 2019-11-12 | 2020-05-05 | 杭州创谐信息技术股份有限公司 | Distributed data exchange system and method based on RK3399Pro |
| CN111104458B (en) * | 2019-11-12 | 2024-04-05 | 杭州创谐信息技术股份有限公司 | Distributed data exchange system and method based on RK3399Pro |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102955675B (en) | For improvement of method and the device of the resource utilization in data center | |
| US6366951B1 (en) | Distributed processing system where a management computer automatically connects remote reduced-capability workstations with centralized computing modules | |
| CN2785015Y (en) | Network safe system based on NC system | |
| CN1969248A (en) | Method and an apparatus for managing power consumption of a server | |
| CN1955893A (en) | Media sharing apparatus | |
| Devi et al. | Security in virtual machine live migration for KVM | |
| CN100456693C (en) | Data transmitting system used in electronic equipment with multiple service unit | |
| US20140304804A1 (en) | On-premise cloud appliance | |
| CN1740972A (en) | Long-distance guide chip of transparent computing equipment based on dragon chip rack and panel construction and method thereof | |
| CN109471546A (en) | A kind of method, system and the storage medium of KVM command scheduling | |
| CN101782880B (en) | Multi-computer switch, transmitter thereof with multiple hosts and setting method | |
| CN111262815A (en) | Virtual host management system | |
| CN108134792B (en) | Method for defending network virus attack in computer system based on virtualization technology | |
| CN204117069U (en) | A kind of server backplanes | |
| CN201022198Y (en) | Network secure system based on PCI-E communication technology | |
| CN103532977A (en) | Secure access equipment for intranet and extranet | |
| CN201274050Y (en) | Network safety system based on USB communication interface technique | |
| CN2482147Y (en) | Microcomputer having backup harddisk | |
| CN1185585C (en) | Method of constructing office work application network and its device | |
| CN201274481Y (en) | Network security system based on giga-byte optical fiber interface | |
| CN103069361B (en) | Personal computer system and operational approach thereof for mobile phone users | |
| CN2667565Y (en) | Integrated network isolating card | |
| CN1812334A (en) | Long-distance control system for cutter blade server and long-distance switch control method thereof | |
| CN105701400A (en) | Virtual machine platform safety control method and device | |
| Sagawa et al. | Cloud computing based on service-oriented platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: FUZHOU AEGIS INFORMATION TECHNOLOGY CO. Free format text: FORMER OWNER: ZHANG ZHILIANG Effective date: 20070518 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20070518 Address after: 350003, building 908, building A, Shanhaiguan garden, No. 80 West 2nd Ring Road, Hongshan Town, Gulou District, Fujian, Fuzhou, China Patentee after: FUZHOU ZHUOSIDUN INFORMATION TECHNOLOGY CO., LTD. Address before: Lake Street in Fuzhou City, Fujian province 350000 No. 68 double garden 11 602 Patentee before: Zhang Zhiliang |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20060531 Termination date: 20130203 |