CN2790052Y - Single-net wire network isolation system - Google Patents
Single-net wire network isolation system Download PDFInfo
- Publication number
- CN2790052Y CN2790052Y CN 200520057157 CN200520057157U CN2790052Y CN 2790052 Y CN2790052 Y CN 2790052Y CN 200520057157 CN200520057157 CN 200520057157 CN 200520057157 U CN200520057157 U CN 200520057157U CN 2790052 Y CN2790052 Y CN 2790052Y
- Authority
- CN
- China
- Prior art keywords
- network
- switch
- interface
- network interface
- computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The utility model discloses a single-net wire network isolating system which comprises an external network exchanger, an internal network exchanger and a terminal computer, wherein the external network exchanger is connected an external network; the internal network exchanger is connected with an internal network; the terminal computer is provided with a isolating card; the utility model also comprises a network selecting device which is respectively connected with the external network exchanger, the internal network exchanger and the terminal computer by connecting wires of a network. Compared with the existing network isolating system, the network isolating system of the utility model realizes physical isolation in the mode of a network wire. The utility model has the advantages that the wire laying of a network can be simplified; the wire laying cost of the network can be reduced; simultaneously, the management and the maintenance work for networks are convenient.
Description
Technical field
The utility model relates to filed of network information security, particularly a kind of network isolation system of single net line structure.
Background technology
Along with fast development of computer technology, the continuous expansion of computer network scale, the relation of our routine work, life and computer network is also more and more closer; But when we inserted public network (the Internet) with computer, network security and information security just became a problem that can not be ignored.Particularly in enterprises and institutions such as office, government, banks, its internal information or to relate to secret, secret data be not wish to be stolen by the user of extranets, in case the leakage of significant data takes place, will make the interests of our unit or our company suffer heavy losses, even national security and interests are caused significant impact.A kind of solution to the problems described above promptly adopts physically-isolated method, can realize physically-isolated isolation card according to one on terminal computer, the Internet and in-house network are isolated mutually, and the user can select to enter corresponding network according to the needs of oneself.
But in the existing network isolation system, its network security separate card need connect two netting twines of the Internet and in-house network (promptly mostly simultaneously, the dual network system), therefore, just need arrange two netting twines simultaneously at the terminal computer place, article one, connect the Internet, another connects in-house network.When number of users increases, this will make the cost of network layout sharply increase, and also result in hand cramps to network operation simultaneously.
Summary of the invention
In order to address the deficiencies of the prior art, the utility model provides a kind of single netting twine network isolation system, in this system, terminal computer only need connect network selector by a netting twine, and carry out the network handover operation by this network selector, thereby reduce the wiring cost of system, conveniently carry out network operation and management work.
The technical scheme that the utility model adopted: a kind of single netting twine network isolation system, comprise the outer network switch that connects extranets, the interior network switch that connects in-house network, the terminal computer of isolation card is housed, it is characterized in that, also comprise a network selector, this network selector is connected with terminal computer with outer network switch, interior network switch respectively by network connection.
Above-mentioned network selector comprises control circuit, diverter switch, outer network interface, interior network interface and computer network interface, its outer network interface is connected with computer network interface by diverter switch with interior network interface or disconnects, the input of control circuit is connected with computer network interface, output is connected with commutation circuit, and controls its switching state.
Above-mentioned diverter switch is made up of relay switch.
Above-mentioned network selector is provided with at least one group of outer network interface, interior network interface and computer network interface, outer network interface is connected with outer network switch by network connection, interior network interface is connected with interior network switch by network connection, and computer network interface is connected with the isolation card of terminal computer by network connection.
Above-mentioned outer network interface, interior network interface and computer network interface are the RJ45 network interface.
Above-mentioned Intranet interface is at least one.
Above-mentioned isolation card is connected with terminal computer by the computer PCI bus interface.
Above-mentioned isolation card comprises pci bus interface, singlechip controller, network switch unit, hard disk switch unit and filter, its pci bus interface is connected with filter input end, filter output is connected with the input of singlechip controller, and the output of singlechip controller connects network switch unit and hard disk switch unit.
The utility model is to increase by a network selector in existing network isolation system, and this network selector is realized the network physical isolation by the network security separate card of single net line structure connecting terminal computer.Its advantage is to simplify network layout, reduces the cost of network layout; Simultaneously, make things convenient for Network Management and maintenance work.
Description of drawings
Fig. 1 is the structural representation of existing network isolation system;
Fig. 2 is the schematic network structure of the utility model first embodiment;
Fig. 3 is the schematic network structure of the utility model second embodiment;
Fig. 4 is the circuit block diagram of network selector described in the utility model;
Fig. 5 is the structural representation of isolation card described in the utility model;
Fig. 6 is the 1st embodiment circuit theory diagrams of network selector described in the utility model;
Fig. 7 is the 2nd embodiment circuit theory diagrams of network selector described in the utility model;
Fig. 8 is the 3rd embodiment circuit theory diagrams of network selector described in the utility model.
Embodiment
Be illustrated in figure 1 as the network connection architecture schematic diagram of existing network shielding system, wherein, isolation card is installed in the terminal computer, and be connected with the switch device of in-house network and extranets respectively by two netting twines, interior network switch is connected in-house network and extranets (that is the Internet) respectively with outer network switch.The defective of this network isolation system just is, when terminal use's number increases, the quantity of two netting twines arranging between terminal computer and inside and outside network switch also will roll up, and this will make the cost of network layout increase, and also result in hand cramps to network operation simultaneously.
In order to address the above problem, the utility model provides a kind of single netting twine network isolation system, comprise the outer network switch that connects extranets, the interior network switch that connects in-house network, the terminal computer of isolation card is housed, also comprise a network selector, this network selector is connected with terminal computer with outer network switch, interior network switch respectively by network connection.Below will be further explained explanation by specific embodiment:
Embodiment one
As shown in Figure 2, a kind of single netting twine network isolation system, comprise outer network switch, interior network switch, terminal computer, isolation card and network selector, wherein, outer network switch is connected extranets (the Internet) and in-house network respectively with interior network switch, isolation card accesses terminal by the PCI slot in the personal computer, and is connected with network selector by a netting twine, and network selector passes through two netting twines again and is connected with interior network switch with outer network switch respectively.
Embodiment two
As shown in Figure 3, network isolation system described in the utility model can also be realized the physical isolation of three nets, comprise outer network switch, Intranet 1 switch, Intranet 2 switches, terminal computer, isolation card and network selector, wherein, outer network switch, Intranet 1 switch is connected extranets (the Internet) respectively with Intranet 2 switches, Intranet 1 and Intranet 2, isolation card accesses terminal by the PCI slot in the personal computer, and be connected with network selector by a netting twine, network selector pass through again two netting twines respectively with outer network switch, Intranet 1 switch is connected with Intranet 2 switches.
In order to realize the network isolation system among above-mentioned two kinds of embodiment, network selector is an important component part wherein.As shown in Figure 4, this network selector comprises control circuit, diverter switch, outer network interface, interior network interface and computer network interface, its outer network interface is connected with computer network interface by diverter switch with interior network interface or disconnects, the input of control circuit is connected with computer network interface, output is connected with commutation circuit, and controls its switching state.Below will further introduce the implementation of network selector by specific embodiment:
As shown in Figure 6, network selector described in the utility model, comprise computer network interface NC, outer network interface NB, interior network interface NA, control circuit and diverter switch, described diverter switch is made up of relay switch U1, U2, the input contact A of relay switch U1, U2, B are connected with computer network interface NC, output contact A 2, B2 are connected with outer network interface NB, and contact A 1, B1 are connected with interior network interface NA.
In 8 wiring of computer network interface NC, the 1st, 2,3,6 line uses as the network data line, and the 7th, 8 two line is connected with the input of photo coupler G1 as control line; The output of photo coupler G1 plays U3A, triode amplifier T1 through voltage ratio, is connected with the coil negative pole of relay switch U1, U2, and coil electrode connects+the 5V power supply.
As shown in Figure 7, network selector described in the present embodiment comprises computer network interface NC, outer network interface NB, interior network interface NA1, NA2, control circuit and diverter switch, and described diverter switch is made up of relay switch U1, U2, U3, U4.The input contact A of relay switch U1, U2, B are connected with computer network interface NC, output contact A NO, BNO are connected with network interface NA1 in first, contact A NC, BNC are connected with input contact A, the B of relay switch U3, U4, output contact A NO, the BNO of relay switch U3, U4 is connected with network interface NA2 in second, and contact A NC, BNC are connected with outer network interface NB.
Identical with embodiment one, in 8 wiring of computer network interface NC, the 1st, 2,3,6 line uses as the network data line, and the 7th, 8 two line is connected with the input of photo coupler G1, G2 as control line; The output of photo coupler G1 plays U5A, triode amplifier T1 through voltage ratio, is connected with the coil negative pole of relay switch U1, U2, and coil electrode connects+the 5V power supply; The output of photo coupler G2 plays U6A, triode amplifier T2 through voltage ratio, is connected with the coil negative pole of relay switch U3, U4, and coil electrode connects+the 5V power supply.Above-mentioned+5V power supply obtains after passing through transformer TF1, full-wave rectifier (being made up of diode D21, D22, D23, D24), filter capacitor and voltage stabilizing chip LM7805CT by alternating current.
As shown in Figure 8, in the present embodiment, network selector adopts the line concentration mode, 8 wiring of computer network interface NC are divided into two groups, 1st, 2,3,6 lines are connected with interior network interface NA as one group, 4th, 5,7,8 lines are connected with outer network interface NB as second group, therefore, any moment (as long as inside and outside network interface is connected with map network), in 8 wiring of computer network interface NC data message is arranged all, can select computer to be connected with Intranet or outer net by the network diverter switch in the network security separate card.
Wherein, the structure of network security separate card as shown in Figure 5, this network security separate card comprises pci bus interface 1, controller 2, network switch unit 3, hard disk switch unit 4 and filter 5, controller 2 is connected with network switch unit 3, hard disk switch unit 4 respectively, and filter 5 is connected between pci bus interface 1 and the controller 2.Wherein, network switch unit 3 comprises interior network interface 311, outer network interface 312, intranet and extranet interface 313, hand switch interface 32 and diverter switch 33, the output of diverter switch 33 is connected with interior network interface 311, outer network interface 312, intranet and extranet interface 313 respectively, and the input of diverter switch 33 is connected with controller 2.Hard disk switch unit 4 comprises Intranet hard disc data line interface 41, outer net hard disc data line interface 42, computer data line interface 43 and data wire bus switch 40, between Intranet hard disc data line interface 41 and the computer data line interface 43, be connected by data wire bus switch 40 between outer net hard disc data line interface 42 and the computer data line interface 43, and the control end of data wire bus switch 40 is connected with singlechip controller 2.Filter 5 is made up of programmable logic array chip (GAL) 51 and output latch (d type flip flop) 52, and the input of programmable logic array chip 51 is connected with pci bus, and output is connected with singlechip controller 2 through latch 52.
When adopting embodiment 1,2 described network selectors, the computer network interface NC of network selector is connected with the interior network interface 311 of isolation card; When adopting embodiment 3 described network selectors, the computer network interface NC of network selector is connected with the outer network interface 312 of isolation card.
In the utility model first embodiment (as shown in Figure 2), realized a kind of network isolation system of single netting twine-dual network, wherein, the isolation card that is installed in the personal computer PC I slot is connected with the computer network interface NC of network selector by single netting twine, the interior network interface NA of network selector is connected with interior network switch, outer network interface NB is connected with outer network switch, and interior network switch is connected Intranet and outer net (that is the Internet) respectively with outer network switch.
In the utility model second embodiment (as shown in Figure 3), realized a kind of single netting twine-three network of network shielding system, wherein, the isolation card that is installed in the personal computer PC I slot is connected with the computer network interface NC of network selector by single netting twine, the first interior network interface NA1 of network selector is connected with Intranet 1 switch, network interface NA2 is connected with Intranet 2 switches in second, outer network interface NB is connected with outer network switch, Intranet 1 switch, Intranet 2 switches are connected Intranet 1 respectively with outer network switch, Intranet 2 and outer net are (promptly, the Internet), wherein, Intranet 1 belongs to different networks with Intranet 2.
In above-mentioned network connects, Intranet and outer net, and realize physical isolation fully between the different Intranets (Intranet 1 and Intranet 2), at user terminal, select different networks by network security separate card Control Network selector, in the same time, the user can only be connected with one of them network, realizes the physical isolation between the heterogeneous networks.Compare with existing network isolation system, this network isolation system is realized physical isolation by single netting twine mode, and its advantage is to simplify network layout, reduces the cost of network layout; Simultaneously, make things convenient for Network Management and maintenance work.
Claims (9)
1. single netting twine network isolation system, comprise the outer network switch that connects extranets, the interior network switch that connects in-house network, the terminal computer of isolation card is housed, it is characterized in that, also comprise a network selector, this network selector is connected with terminal computer with outer network switch, interior network switch respectively by network connection.
2. single netting twine network isolation system according to claim 1, it is characterized in that, described network selector comprises control circuit, diverter switch, outer network interface, interior network interface and computer network interface, its outer network interface is connected with computer network interface by diverter switch with interior network interface or disconnects, the input of control circuit is connected with computer network interface, output is connected with commutation circuit, and controls its switching state.
3. single netting twine network isolation system according to claim 2 is characterized in that described diverter switch is made up of relay switch.
4. single netting twine network isolation system according to claim 2 is characterized in that described network selector is provided with at least one group of outer network interface, interior network interface and computer network interface.
5. according to claim 2 or 4 described single netting twine network isolation systems, it is characterized in that, described outer network interface is connected with outer network switch by network connection, interior network interface is connected with interior network switch by network connection, and computer network interface is connected with the isolation card of terminal computer by network connection.
6. according to claim 2 or 4 described single netting twine network isolation systems, it is characterized in that described outer network interface, interior network interface and computer network interface are the RJ45 network interface.
7. according to claim 2 or 4 described single netting twine network isolation systems, it is characterized in that described Intranet interface is at least one.
8. single netting twine network isolation system according to claim 1 is characterized in that, described isolation card is connected with terminal computer by the computer PCI bus interface.
9. according to claim 1 or 8 described single netting twine network isolation systems, it is characterized in that, described isolation card comprises pci bus interface, singlechip controller, network switch unit, hard disk switch unit and filter, its pci bus interface is connected with filter input end, filter output is connected with the input of singlechip controller, and the output of singlechip controller connects network switch unit and hard disk switch unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200520057157 CN2790052Y (en) | 2005-04-18 | 2005-04-18 | Single-net wire network isolation system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200520057157 CN2790052Y (en) | 2005-04-18 | 2005-04-18 | Single-net wire network isolation system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN2790052Y true CN2790052Y (en) | 2006-06-21 |
Family
ID=36790384
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200520057157 Expired - Fee Related CN2790052Y (en) | 2005-04-18 | 2005-04-18 | Single-net wire network isolation system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN2790052Y (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102694848A (en) * | 2012-05-11 | 2012-09-26 | 东莞广州中医药大学中医药数理工程研究院 | Terminal management machine for hospital patrol |
| CN108696395A (en) * | 2018-05-23 | 2018-10-23 | 湖南麒麟信安科技有限公司 | Network switching device and its application process under a kind of Multi net voting isolation environment |
| CN110365506A (en) * | 2018-04-09 | 2019-10-22 | 山西太钢不锈钢股份有限公司 | A kind of promotion tandem rolling annealing and pickling basic automatization network stabilization method |
-
2005
- 2005-04-18 CN CN 200520057157 patent/CN2790052Y/en not_active Expired - Fee Related
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102694848A (en) * | 2012-05-11 | 2012-09-26 | 东莞广州中医药大学中医药数理工程研究院 | Terminal management machine for hospital patrol |
| CN102694848B (en) * | 2012-05-11 | 2014-11-26 | 东莞广州中医药大学中医药数理工程研究院 | Terminal management machine for hospital patrol |
| CN110365506A (en) * | 2018-04-09 | 2019-10-22 | 山西太钢不锈钢股份有限公司 | A kind of promotion tandem rolling annealing and pickling basic automatization network stabilization method |
| CN108696395A (en) * | 2018-05-23 | 2018-10-23 | 湖南麒麟信安科技有限公司 | Network switching device and its application process under a kind of Multi net voting isolation environment |
| CN108696395B (en) * | 2018-05-23 | 2021-06-25 | 湖南麒麟信安科技股份有限公司 | Network switching device under multi-network isolation environment and application method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103944739A (en) | Intelligent POE power source supplying system and efficient POE power source managing method thereof | |
| CN102623761A (en) | Battery management system and management method thereof | |
| CN2790052Y (en) | Single-net wire network isolation system | |
| CN1921329A (en) | Power cord chopped wave communication transmitting-receiving circuit | |
| CN1791103A (en) | Field bus communication adapter with configurable characteristic | |
| CN205016208U (en) | LED display screen power and signal double copies system | |
| CN109245222A (en) | The passive mixed equilibrium circuit of the master of series-connected cell group and its charge control method | |
| CN104065530A (en) | Automatic testing method and system of powerline adapter | |
| CN103490907A (en) | POE power source receiving method and POE power source receiving device | |
| CN102496904B (en) | A kind of Self-powered communication-bus short-circuit protection method | |
| CN103731316B (en) | A kind of flow-monitoring device and method | |
| CN210839610U (en) | Series Ethernet power supply system | |
| CN2836031Y (en) | Single-chip voltage monitoring device for vehicle fuel cell | |
| CN108304339B (en) | Serial port expansion circuit of dynamic management and control system and working method thereof | |
| CN104991198A (en) | Battery tour inspection processing circuit based on ARM platform multichannel switching | |
| CN1140812C (en) | Electric service life monitor system for contact of breaker | |
| CN201294511Y (en) | Digital signal input device | |
| CN201886063U (en) | Battery management system and single battery voltage sampling circuit in controller of battery management system | |
| CN204855748U (en) | Treatment circuit is patrolled and examined to battery based on many channel switching of ARM platform | |
| CN206877374U (en) | A kind of power marketing intelligent platform | |
| CN202772881U (en) | Carrier current loop communication device of solar photovoltaic module array condition monitoring system | |
| CN200953558Y (en) | Electric source wire chopping communication transmitting-receiving circuit | |
| CN2433670Y (en) | Physical isolator suitable for computer network | |
| CN200972702Y (en) | Remote meter reading system | |
| CN110806547A (en) | Method and device for monitoring voltage of electric automobile stack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20060621 Termination date: 20100418 |