RU2277261C1 - Method for controlling network equipment connections to signal distribution environment of local computing networks in compliance with standards ieee 802,3 10-base-2, 10-base-5 and device for realization of said method - Google Patents

Abstract

FIELD: computer science, namely, engineering of means for protecting information from unsanctioned access.

SUBSTANCE: one of common means utilized for unsanctioned access to information, transferred via local computing network, is a protocol analyzer. Protocol analyzers are functionally capable of copying all of network traffic, and also network frames, satisfying given filtration criterions. Protocol analyzers are connected to network in the same way as workstations. One thing in particular obstructs counteraction to malicious utilization of protocol analyzers, namely, their passiveness. It is not possible to detect presence of aforementioned device in local area network by software means. Common methods utilized to protect information from unsanctioned access within distribution environment of local area network are mainly based on cryptographic protection of files intended for transferring. Method is based on probing distribution environment of local area network by harmonic signal, recording its phase delay, introduced by legitimate network equipment, which is taken as standard, and further tracking of probing signal phase to detect uneven phase delay, introduced by current configuration of network equipment, relatively to recorded standard configuration with removal of effect from network collision and signaling when equality is not maintained. Phase monitoring of probing signal within distribution environment is performed within frequencies range, unaffecting serviceability of local computing network. As a result, continuous and masked control is provided over all physical connections of network equipment to distribution environment of local computing network to facilitate introduction of organizational and technical measures countering unsanctioned access to information. Proposed invention is directed not towards semantic closure of source information transferred by network services, but towards prevention of the very possibility of intercepting network frames in distribution environment of local computing network as a result of timely detection of unsanctioned connection to distribution environment of network equipment, thus significantly increasing level of information protection from unsanctioned access in local computing network.

EFFECT: improved protection of information from unsanctioned access.

2 cl, 8 dwg

Description

This document is a description of the claimed group of inventions related to the method and device for its implementation.

FIELD OF THE INVENTION

The scope of the proposed method and device relates to computer technology, in particular to the means of technical protection of information in the distribution medium of signals of a local computer network.

The problem to which the invention is directed

The technical basis of most distributed computing systems is local area networks (LANs). The most common LAN building standard is IEEE 802.3 (Ethernet). The popularity of this standard is due to the relatively high bandwidth of the data channel, ease of installation and reasonable cost of network equipment. The basic specifications of the IEEE 802.3 standard include: 10-BASE-5 (assumes using a thick RG-8 or RG-11 coaxial cable as a physical medium) and 10-BASE-2 (assumes using a physical signal propagation medium thin coaxial cable type RG-58). The requirements of these specifications are described in sufficient detail in the technical literature (for example, Olifer V.G., Olifer N.A. Computer networks. Principles, technologies, protocols: textbook for high schools. 2nd edition: St. Petersburg, Peter, 2003).

Due to the fact that the scope of the invention is claimed in relation to the 10-BASE-2 and 10-BASE-5 specifications of the IEEE 802.3 standard (IEEE Standard for Information technology - Telecommunications and information exchange between systems - Local and metropolitan area networks - Specific requirements / Part 3: Carrier sense multiple access with collision detection (CSMA / CD) access method and physical layer specifications: ANSI / IEEE 802.3, 2000 Edition), hereinafter referred to as the LAN propagation medium, we will mean the physical signal propagation environment implemented in complies with the 10-BASE-2 and 10-BASE-5 specifications of the IEEE 802.3 standard (Ethernet).

Ethernet local area networks use a uniform method of access to the signal propagation medium - Carrier Sense Multiply Access with Collision Detection (CSMA / CD) (IEEE Standard for Information technology - Telecommunications and information exchange between systems - Local and metropolitan area networks - Specific requirements. Part 3: Carrier sense multiple access with collision detection (CSMA / CD) access method and physical layer specifications: ANSI / IEEE 802.3, 2000 Edition). The method involves the use of a signal propagation medium according to the principle of a common bus. Moreover, in accordance with the rules established by the method, a network frame, if it is not broadcast, has the right to receive only the LAN workstation to which it is addressed. However, the fact that all LAN workstations have direct access to the signal distribution medium is a vulnerability of the IEEE 802.3 standard, which is used by cybercriminals to realize the threat of violating the confidentiality of information in the process of transmitting it over the LAN signal distribution medium. That is, an attacker, contrary to the established rules, has the technical ability to intercept all network traffic (without exception, all network frames transmitted over a signal distribution environment).

In the process of implementing this threat, an attacker can use protocol analyzers. The main purpose of the protocol analyzer is to analyze network traffic in order to optimize the use of LAN network resources, as well as to diagnose network equipment. The protocol analyzer can be a typical (standard, produced in large series) computer tool that incorporates a network adapter that supports the “promiscuous mode” of network frames at the hardware or software level and special software (Network Monitor production of Microsoft, WinPcap, ScoopLm, WinDump, THC-parasite, SpyNet, Sniffer Pro LAN, Sniffer Basic, Packet Tracer, Iris, Hoppa Analyzer, CommView, Asniffer, Ethereal, etc.), which intercepts all network traffic, and specialized device supporting e standard IEEE 802.3, the hardware and software which is specialized in the interception of network traffic. The order of use and the technical capabilities of protocol analyzers are described in the technical literature (for example, J. Scott Hogdal. Analysis and diagnostics of computer networks - M .: Lori, 2001).

The protocol analyzer is connected to the signal propagation medium in the same way as a workstation, i.e. using the same hardware (network adapters) made in accordance with the specifications of the IEEE 802.3 standard. Most well-known protocol analyzers have the ability to copy both all network traffic and network frames that meet the specified filtering criteria, as well as buffer captured network frames, visualize and analyze them to restore the original information. The unlawful use of protocol analyzers is a real threat to the confidentiality of information transmitted over the LAN signal distribution medium.

A feature of protocol analyzers, which greatly complicates the counteraction to their illegal (illegitimate, unauthorized) use, is their functional passivity with respect to the signal propagation environment - the analyzers only work on receiving network frames, while maintaining complete or almost complete “silence on air”. Modern control tools (software utilities Check Promiscuous Mode, LOpht AntiSniff, PromiScan, Sentinel and the like) designed to detect the connection of illegitimate protocol analyzers to the LAN signal propagation medium use in their work attempts to provoke the protocol analyzer to break its silence. For example, like any LAN station, the protocol analyzer must respond to certain requests of the ARP, DNS, ICMP protocols, which is used by monitoring tools to search for illegitimate protocol analyzers.

However, in accordance with the model of the intruder (Collection of guiding documents on protecting information from unauthorized access. - M.: State Technical Commission of Russia, 1998), it should be assumed that the attacker is aware of the use of the above means of control in the LAN. A sufficient measure of confronting an intruder with modern means of control is to disable the transmitting path of the network adapter of the protocol analyzer. Shutdown can be made both at the hardware level, and at the level of the operating system (software level). After that, modern control tools will not be able to detect the illegitimate connection of the protocol analyzer to the LAN signal propagation environment.

The methods used by attackers to increase the secrecy of protocol analyzers lead to the failure of existing means of detection of protocol analyzers.

Thus, in the problematic area of technical protection of information in local area networks, there is a situation where there are no adequate countermeasures regarding the illegal use of protocol analyzers. Modern means of cryptographic protection of information used in local area networks are also not able to guarantee the confidentiality of information when transmitting it over a signal distribution environment. Firstly, modern means of cryptographic information protection (CIP), which can be used to protect network traffic (IPSec, PPTP, HTTPS, L2TP, IPv6, S / MIME, SSL, PGP, SSH), are not certified in Russia and, in basically, they do not meet the requirements of GOST 28147-89 "Information processing systems. Cryptographic protection. Cryptographic transformation algorithm." Secondly, these cryptographic information protection tools do not protect service information (headers) contained in network frames, which allows protocol analyzers to freely intercept network traffic, collect information about network topology (which can be used by an attacker to organize subsequent network attacks), and filter out the necessary network frames, assemble packets, segments and files from intercepted network frames and, if necessary, transfer collected packets, segments, files for further processing cryptanalysis boots.

In the absence of adequate countermeasures to the attacker, there is no need to resort to additional refinement of the network adapters used by protocol analyzers to mask the removal of information from the signal propagation environment. Moreover, the modern network equipment market provides a wide range of possibilities for connecting the network adapter used by the protocol analyzer to the LAN signal propagation environment.

The network adapter specification 10-BASE-2 is structurally designed so that to connect to a signal propagation environment, it requires the presence of a typical BNC connector (see figure 1). The 10-BASE-2 specification does not define the requirements for protecting the BNC-tee / connectors design from reconnection (in the sense of the absence of physical blocking elements such as locks, latches, etc.), which provides an attacker with almost secretive connection of the protocol analyzer to the distribution medium signals (traffic is interrupted for a time ≈1 sec, corresponding to the average time of switching).

The design of transceivers of specification 10-BASE-5, using a coaxial cable piercing (the so-called "vampire tooth", see figure 2) to connect to a central signal cable, allows connecting the protocol analyzer to the LAN signal propagation medium technically secretly (without interrupting network operation) in any accessible place of the coaxial cable used to implement the signal propagation environment. Moreover, the full physical, signal and electrical compatibility of the 10-BASE-5 and 10-BASE-2 specifications allows the use of 10-Base-5 specification transceivers to connect a protocol analyzer and to a 10-Base-2 specification LAN signal propagation environment, ensuring complete secrecy of connection and for this specification.

The above-described problem of monitoring (detecting) the connection to the medium of LAN signal propagation of network equipment (an illegitimate protocol analyzer) is a key problem of technical information protection in the medium of LAN signal distribution and the primary target of the proposed method. To solve this problem, a method is proposed that is different from that used by modern software control tools. It is proposed to carry out control not at the network, transport, session, and application levels (the names of the levels of the interaction model of open ISO / OSI systems are given), which is used by modern control software, but at the physical level. The feasibility of monitoring at the physical level the model of interaction between open ISO / OSI systems is obvious due to the passivity of protocol analyzers and the technical ability to maintain passivity by blocking the transmit paths of the protocol analyzer.

Considering the aspect that the network equipment (network adapters) used by the protocol analyzer to access the signal propagation medium must support the specification of the LAN physical layer, the proposed monitoring method and the device that implements it have a dual purpose. The first is monitoring the connections to the LAN signal propagation environment of legitimate network equipment: in the interest of confirming the immutability of the network configuration, which is one of the information security requirements. The second is monitoring the connections to the LAN signal propagation environment of illegitimate network equipment: in order to detect unlawful connections to the protocol analyzer signal propagation environment and take timely measures to prevent unauthorized access to information during its transmission through the LAN signal propagation environment.

The objective of the developed method (and the device that implements it) is to provide continuous monitoring of network equipment connections to the LAN signal propagation environment of IEEE 802.3 10-BASE-2, 10-BASE-5 standards.

State of the art

At the time of filing the application, developed or under development means of controlling the connections of network equipment to the signal propagation medium at the physical LAN level, no Ethernet standard specifications are known. The task of detecting protocol analyzers is currently solved by software at the network and higher levels of the interaction model of open ISO / OSI systems, but not at the physical level. There are objective reasons for this, which are described below.

According to the set of features, the closest analogue of the claimed method should be considered as a reflectometric method for monitoring wire lines, implemented by reflectometers used as a means of detecting unauthorized connections to wire lines with the aim of organizing information leakage channels (Anansky E.V. Telephone protection. Service journal Security, 2000, No. 6-7).

OTDRs are devices designed to detect the heterogeneity of the wave resistance of a wireline. The class of reflectometers includes devices manufactured by the domestic industry such as "P5-X" (standard line heterogeneity meters), as well as devices designed to control wire communications during their comprehensive check for information leakage, such as Bor-1.

OTDR method (see, for example, Vorontsov A.S., Frolov P.A. Pulse measurements of coaxial communication cables - M .: Radio and communication, 1985) based on the transmission of a pulse signal to the communication line and the reception of signals reflected from heterogeneity of the line. Today, the reflectometry method is the most powerful tool for detecting line heterogeneities. The use of ultrashort signals makes it possible to generate an impulse response of the analyzed communication line containing information in a very wide frequency range, thereby forming a rich picture of the state of the line and allowing to detect heterogeneities of any nature, including those that occur during unauthorized connections, when the attacker tries to mask his presence in every possible way lines.

In the field of local area networks, the reflectometric method found its application only in the form of LAN testers (see, for example, Barry Nans Computer Networks - M .: BINOM, 1995, p. 337), used exclusively for detecting breaks and short circuits in a signal propagation environment LAN, as well as to determine some electrical parameters of the medium (such as attenuation, crosstalk, etc.). The use of reflectometers as a means of technical information protection is not known.

Some key features of the OTDR method and the proposed method, such as an active effect on the wired communication line / LAN signal propagation medium by the probing signal, and analysis of the results of its passage, on the basis of which a decision is made on the fact of the presence of communication line inhomogeneities / unauthorized connections to the signal propagation medium, match.

However, the use of the reflectometry method is fundamentally impossible to ensure continuous monitoring of network equipment connections to the LAN signal propagation environment. The reason is that OTDRs are used only on de-energized communication lines and in order to avoid disruption of the operation of all network equipment connected to the LAN signal propagation environment, they can be used only during scheduled maintenance of the LAN or during repair and restoration work.

In any case, even at low probe pulse powers, the use of reflectometers in the presence of network traffic in the LAN signal propagation environment is unacceptable: ultra-short pulses used in reflectometers for sounding have an ultra-wide spectrum that covers the frequency range of network traffic. The sounding of the propagation medium of signals by such pulses at the moments of network traffic will lead, first of all, to the disruption of the LAN performance. On the other hand, the trace itself will be distorted by the spectral components of the network traffic signals and unsuitable for analysis. This circumstance makes the reflectometry method fundamentally inapplicable for solving the problem of providing continuous monitoring of the LAN propagation environment.

Key prerequisites that potentially allow continuous monitoring of the LAN signal propagation environment in general, and the proposed method in particular, were discovered during the applicant's own research and are the undeclared capabilities of the IEEE 802.3 standard local area network data transmission channel in 10-BASE-2 specifications and 10-BASE-5.

The international standard IEEE 802.3, which defines the requirements both in terms of building Ethernet networks and their development for manufacturers of network equipment, defines a universal (within the entire network equipment of the Ethernet standard) functional element that implements the interface of the terminal network equipment with the signal distribution medium - MAU (Medium Attachment Unit - an element of the interface with the distribution medium), which is entrusted with all the functions of organizing the physical layer of the network data transmission channel (see clause 10.3 of the "MAU functional specifications" andarta "IEEE Standard for Information technology. Telecommunications and information exchange between systems: Local and metropolitan area networks: Specific requirements. Part 3: Carrier sense multiple access with collision detection (CSMA / CD) access method and physical layer specifications" - ANSI / IEEE 802.3, 2000).

MAU is supplied by integrated network equipment manufacturers: CTI 8392 standard chips - Coaxial Transceiver Interface.

The declared MAU operating conditions do not stipulate the possibility of transmitting third-party signals that differ in physical parameters from those prescribed by the IEEE 802.3 standard through the distribution medium of the local area network. However, as shown by studies (the experimental setup is shown in Fig. 3) on sensing the medium of LAN signal propagation by harmonic signals of various levels and frequencies in the presence of network traffic (the waveform of the traffic signal is shown in Fig. 4, the oscillogram of the mixture of the probe harmonic signal and the traffic signal shown in Fig. 5), LAN performance is not affected by signals with a level of the same order as established by the IEEE 802.3 standard, and with a frequency lying above the upper hour the total range of network traffic (spectrogram of signals while transmitting traffic and a probe harmonic signal over the network is shown in Fig.6). The average data transfer rate over the signal propagation medium, latency, level of collisions and the specific number of failed frames do not change when a probing harmonic signal is supplied with the above parameters. The research results indicate the presence of high-frequency filtering of the signal received by the MAU from the signal propagation medium.

Thus, it was found that the frequency range with a lower limit of 100 MHz can be used, in particular, to solve the problem of monitoring the propagation environment of signals.

The detected frequency multiplexing of the signal propagation medium in the content of the IEEE 802.3 standard is not declared. Manufacturers of microchips of the Coaxial Transceiver Interface family that implement the MAU functional element in the product technical documentation (See for example: MYSON TECHNOLOGY MTD492 Coaxial Transceiver Interface. Design reference. MYSON Corporation 1997. 78Q8392L Low-power Ethernet Coaxial Transceiver. TDK semiconductor corporation, 1998. DP 8391/92 Ethernet / Cheapemet Transceiver chip set. National Semiconductor, 1986. NE83C92 Low-power coaxial Ethernet transceiver. Product specification. Philips Semiconductors, 1995. W89C92 Transceiver for coaxial cable (TCC). Technical information. Winbond Electronics Corp. 1994. ) also do not declare such opportunities. The authors of the claimed invention for the above undeclared possibility have investigated the CTI family of the following leading manufacturers of network equipment and its components - RTL8092 (Realtek semicondactor corp.), W89C92 (Winbond corp.) DP8391 / 92 (National semicondactors), 78Q8392L (TDK semiconductor corp .), NE83C92 (Philips semiconductors), MTD492 (Myson technology). The strong tendency to maintain the discovered undeclared opportunity by the leaders of the network equipment market allowed the applicant to generalize the technical possibility of frequency multiplexing the IEEE 802.3 LAN signal distribution medium to the entire set of network equipment and to expect its presence in that insignificant circle of brands of network equipment that was not examined by the applicant.

The reasons why the possibility of frequency multiplexing the signal propagation medium is hushed up by manufacturers of network equipment are unknown. At the same time, this technical opportunity opens up prospects for the multi-purpose use of the LAN signal propagation medium.

In parallel with the studies of the aforementioned undeclared capabilities, the input impedance of CTI microchips of various manufacturers of network equipment was evaluated. For all microchips of the CTI family of leading manufacturers (the list is presented above), it is characteristic that, in addition to the high-impedance active component, the input impedance of the CTI microchips has a reactive component of a capacitive nature of 50-60 pF.

Thus, the key physical distinguishing feature from the OTDR method of the proposed method is the type of probe signal used: to probe the signal propagation medium, a narrow-band harmonic signal (rather than an ultra-wide pulsed signal) with a level of the same order as established by the IEEE 802.3 standard and a frequency whose value (more than 100 MHz) does not belong to the frequency range that affects the operation of the network, which leads to the implementation of another distinguishing feature - the possibility of conducting Nia connection continuous monitoring of network equipment to the propagation medium LAN signal in its normal mode, ie, in the presence of network traffic.

The above differences of the proposed method, together with its distinctive purpose (to control the connections of network equipment to the environment for propagating LAN signals) make it possible to judge whether the criterion of "inventive step" is satisfied.

Disclosure of invention

Continuous monitoring of the connection of network equipment to the LAN signal propagation medium is achieved by the fact that the LAN signal propagation environment (in the IEEE 802.3 10-BASE-2,10-BASE-5 standard is based on a coaxial cable) is sensed by a narrow-band harmonic signal with a level of the same order, which is set by the IEEE 802.3 standard for traffic signals, and a frequency whose value is higher than the upper limit of the frequency range of network traffic, and analyzes the phase delay of the probe signal after passing through the signal propagation medium LAN. To do this, the probe signal is passed through the propagation medium, starting from one of its edges, on the other edge of the LAN signal propagation medium, the probe signal is received and the phase delay of the probe signal introduced by the current configuration of network equipment is compared with the reference value obtained by analogous sensing of the LAN signal propagation environment in a state of certified configuration, when only legitimate network equipment is connected to the LAN signal propagation environment. In case of inequality of the phase delay of the received sounding signal and the reference phase delay, an alarm is generated.

The connection of network equipment to the LAN signal propagation medium due to the presence of a reactive component of the capacitive nature of its input impedance leads to the appearance of another capacitive inhomogeneity in the signal propagation medium, which entails the introduction of an additional delay in the phase of the probing signal and is fixed by a signal device generating an alarm signal as a result of the delay inequality phase of the received sounding signal and its reference value.

Disconnecting the network equipment from the LAN signal propagation medium leads to a decrease in the phase delay of the probing signal, which is recorded by the signaling device that generates an alarm as a result of the inequality of the phase delay of the received probing signal and its reference value.

Thus, any configuration change at the physical level of the LAN (which is unacceptable for information objects certified for information security requirements (see the Regulatory and Methodological Document. Special requirements and recommendations for the technical protection of information (STR-K). Approved by order of the State Technical Commission of Russia of 30.08 .2002 No. 282 M .: 2002. - 80 p.), Will be detected almost immediately by a device that implements the method, which will allow the security administrator to take adequate countermeasures.

In other words, at the stage of putting into operation a device that implements the inventive method, when organizational measures confirm the presence of only legitimate network equipment in the LAN, the phase delay of the probe signal, which is considered to be the reference one, is recorded. During the operation of the LAN, continuous sounding of the signal propagation medium is made and the resulting phase delay of the probe signal is compared with a reference value. Any difference in phase delays is regarded as the result of a LAN configuration violation.

Thus, the technical phenomenon, which consists in the appearance of an additional delay in the phase of the probing signal when connecting network equipment to the LAN signal propagation medium, allows us to obtain a technical result by the proposed method consisting in the possibility of controlling the fact of unauthorized connection to the LAN signal propagation medium. The same technical phenomenon, which consists in reducing the phase delay of the probe signal when the network equipment is disconnected from the LAN signal propagation medium, allows, by implementing the proposed method, to obtain a technical result consisting in the possibility of monitoring the fact of a LAN configuration change.

The features of the proposed method:

- sounding the medium of propagation of LAN signals (along its entire length, i.e., from edge to edge) with a harmonic signal with a level and frequency that do not affect the operation of the network;

- fixing the phase delay of the probing signal introduced by a certified network configuration, i.e. when connecting to the distribution medium only legitimate network equipment, accepted as a reference in the future:

- tracking the phase delay of the probe signal introduced by the current configuration of network equipment, for inequality, the reference value of the phase delay;

- elimination of the impact of network conflict (disclosed below);

- signaling upon the fact of the inequality of the current and reference delays of the phase of the probing signal;

- the application of the method is possible both in the presence of network traffic, and with a fully or partially de-energized LAN.

Sounding the LAN cable system with a harmonic signal and monitoring its phase in order to control unauthorized access to information in the distribution medium of local area network signals in the known methods of technical information protection is not used, which allows us to conclude that the claimed technical solution meets the criterion of "novelty."

The proposed method is not aimed at closing the initial information transmitted by network services, but at preventing the very possibility of intercepting network frames in a signal distribution environment of a local area network as a result of timely detection of the fact of unauthorized connection of network equipment to a signal distribution medium or disconnecting it and taking adequate countermeasures.

The application of the proposed method and device that implements it ensures the fulfillment of the requirements of stable, continuous, operational, covert control and leads to a significant increase in the level of information security from unauthorized access in a local computer network. Continuity follows from the fact that control is carried out in any operating conditions of a local area network both in the presence of traffic and in a de-energized state of network equipment. The stability of control is provided by the round-the-clock mode of operation of the device. Efficiency follows from the almost immediate signaling of the fact of connection, which provides the ability to immediately take measures to counter unauthorized access to information. Secrecy consists in keeping secret from the attacker the fact of controlling the distribution environment, since the method does not unmask its work in the working frequency range of the local computer network.

The above distinctive properties of the method allow us to conclude that the proposed technical solution meets the criterion of "inventive step".

Brief Description of the Drawings

The description is accompanied by the following explanatory graphic materials:

Figure 1 represents the interface design for connecting a network adapter to a coaxial cable of a 10-Base-2 specification;

Figure 2 represents the interface design of the connection of the transceiver with a coaxial cable specification 10-Base-5;

Figure 3 is a diagram of an experimental setup used to investigate undeclared capabilities for frequency multiplexing a LAN signal propagation environment. The experimental design is simplified due to its triviality, because For reproduction, only a harmonic signal generator and a local network built according to the considered standards are needed. By organizing a sounding of the LAN propagation medium with a harmonic signal simultaneously with data transmission over the network, you can make sure that the signal will not affect the network if its frequency is more than 100 MHz and the amplitude is about 2 V;

Figure 4 is a waveform of a LAN traffic signal;

5 is an oscillogram of a mixture of a probe harmonic signal with a frequency of 120 MHz and a LAN traffic signal. Here and in Fig. 6, a harmonic signal with an amplitude of 2 V and a frequency of 120 MHz is selected, which was done in order to increase visibility - one spectrogram shows all traffic harmonics (up to the last 100 MHz) and a probe signal;

6 is a spectrogram of a mixture of a traffic signal and a probe harmonic signal with a frequency of 120 MHz;

7 is a block diagram of a device for implementing the method and a circuit for switching it with a LAN distribution environment;

Fig. 8 is a block diagram of a device alarm unit.

The implementation of the invention

The implementation of the invention is proposed to be considered on the basis of a description of a device that implements the proposed method, which is part of the claimed group of inventions.

The invention is illustrated by graphic materials, where Fig. 7 shows a block diagram of a device that implements control of network equipment connections to the local area network signal distribution medium and signaling upon a LAN configuration change at the physical level (hereinafter referred to as signal device), and a circuit for switching a signaling device with a LAN signal propagation environment. The signal device includes: a harmonic signal generator, an optocoupler galvanic isolation unit and a key signaling unit.

A harmonic signal generator provides sounding of the LAN propagation medium with a harmonic signal with a level and frequency that do not affect the network, as well as the formation of a reference signal, relatively fixed (as mentioned at the stage of commissioning the device) phase of which the phase of the probing signal is compared after it passes through the LAN signal propagation medium. For this, the signal from the generator is divided into two isolated channels.

Through channel 1, the signal from the generator is fed to the optocoupler galvanic isolation unit, then, through a connecting wiring that provides electrical connection of the optocoupler galvanic isolation unit with the signal propagation medium at a point located in close proximity to one of the matching terminators of the coaxial network cable, it probes the propagation medium LAN signals and further through the connecting wiring providing electrical connection of the signaling unit with the signal propagation medium at a point located in close proximity to the other matching terminator of the coaxial network cable, it enters input 1 of the alarm unit of the signaling device.

Channel 2 sends a signal to input 2 of the signaling unit of the alarm device.

The optocoupler galvanic isolation unit of the signaling device, which implements the isolation of channels 1 and 2, is designed to eliminate the influence of the reflection of the channel 2 on the reference signal from the input resistance of the connecting wiring, which provides electrical connection of the galvanic isolation unit with the signal propagation medium. Galvanic isolation is performed using a transistor optocoupler. The reflection is due to the fact that at the frequency of the probing signal, the influence of local capacitive inhomogeneities becomes significant and the propagation medium ceases to be consistent. In the same connection, the requirements for connecting wiring are defined. First, the wiring bandwidth should correspond to the frequency range used by the probe harmonic signal. Secondly, in order to eliminate reflection from the connection points of the wiring with the propagation medium, the wave impedance of the wiring should be equal to the wave impedance of the cables used in the specifications under consideration, i.e. 50 ohms. The described requirements make it obvious to use the same coaxial cables as the connecting wiring that are used to build the distribution medium within the framework of the specifications in question. This will also allow the use of standard cable connection and installation elements used in the construction of the cable system of the local network.

The signaling unit of the signaling device is designed to fix the etolon delay of the probe signal phase and to track the current delay of the probe signal phase after it passes through the LAN signal propagation medium for its inequality to the fixed reference value and signaling (alarm generation) upon the fact of LAN configuration change at the physical level. The block diagram of the alarm unit is shown in Fig. 8, where it is indicated:

1 - amplifier;

2 - high-pass filter (HPF);

3, 9 - amplifier-restrictive cascades;

4 - a comparator;

5 - delay link;

6 - a waiting multivibrator;

7 - D-trigger;

8 - link adjustable phase delay.

Tracking by the signaling unit of the signal device of the equality of the phase delay of the probe signal after passing through the LAN signal propagation medium to the standard value of the phase delay is carried out by converting the phase difference into the time interval (see. V. Kukush, Electroradio-measurement: Textbook for universities. - M .: Radio and Communications, 1985).

The alarm unit of the alarm device has two inputs and one output.

The signal that performed sounding of the LAN signal propagation medium through channel 1 of the signal device, the phase of which contains information on the number of network equipment connected to the LAN signal propagation medium, is fed to input 1 of the signaling unit, which is the input of the amplifier (1). The amplifier (1) pre-amplifies the signal and transfers it to the HPF input (2), where the spectral components of the network traffic signal are filtered out. From the output of the HPF (2), the signal is fed to the input of the amplifier-limiting cascade (3), where the harmonic signal is converted into a sequence of P-pulses. The resulting sequence of P-pulses determines exclusively the phase of the harmonic signal and is devoid of the influence of its amplitude, which can significantly reduce the level of false alarms.

The reference signal from the harmonic signal generator via channel 2 of the signal device is fed directly to input 2 of the signaling unit, which is the input of the adjustable phase delay link (8), made according to the principle of a phase shifter and introducing a reference fixed delay into the phase of the reference signal when connected to a signal propagation medium LAN of exceptionally legitimate network equipment. Fixing the reference value of the phase delay of the probe signal is carried out on the basis of the disappearance of the alarm signal at the output of the alarm device. From the output of the adjustable phase delay link (8), the signal is fed to the input of the amplifier-limiting cascade (9), where the harmonic signal is converted into a sequence of P-pulses.

From the outputs of the amplifier-limiting cascades (3) and (9), the sequences of P-pulses arrive at the inputs of the comparator (4), at the output of which pulses are formed, the duration of which corresponds to the gap of the voltage inequality at its inputs, i.e. the phase difference (time of arrival) of the input sequences of P-pulses. In the absence of unauthorized connections, synchronous P-pulse sequences will be fed to the inputs of the comparator (4), and there will be no signal at the output of the comparator (4). Thus, the formation of a signal at the output of the comparator (4) will indicate a change in the LAN configuration at the physical level relative to the configuration approved at the time the device was put into operation.

The use of an adjustable phase delay link (8) requires a separate remark. The signal in channel 1 will be phase-delayed relative to the signal in channel 2 due to not only delays introduced by the network equipment of the LAN signal propagation medium, but also delays introduced by the optocoupler in the optocoupler isolation unit, amplifier (1), filter (2), and connecting wiring, as well as the coaxial cable itself, used to implement a LAN signal propagation environment (see Figs. 7, 8). Therefore, the reference value of the phase delay of the probe signal, fixed by the adjustable phase delay link (7) at the stage of putting the device into operation, will correspond to the sum of all the delays listed above. However, this does not mean inconsistency with the method. For maximum accuracy, of course, it would be necessary to logically separate the delay link to compensate for these parasitic (uninformative for the task being solved) delays and the delay link to fix the phase delay introduced by legitimate network equipment connected to the LAN signal propagation environment. However, for the practical implementation of the device, it is enough to do with one phase shifter of an adjustable phase delay link (8). For this reason, in the circuit of the device provides one link adjustable phase delay. These particular technical aspects do not apply to the method, because associated with a specific implementation of the device, and the method should not exclude an alternative to its implementation. Invariant with respect to the implementation of the method, it is necessary to take into account the phase delay of the probe signal introduced exclusively by network equipment connected to the LAN signal propagation medium, which is reflected in the features of the method.

Due to the constancy in time of the phase delay of the probe signal introduced by capacitive inhomogeneity during unauthorized connection of network equipment, as with any change in the LAN configuration at the physical level, it is possible to apply a module to eliminate the influence of network collision (see Fig. 8), which allows completely eliminating false alarms caused by network collisions. The signal from the comparator (4) is divided into two channels, one of which enters the delay link (5), introducing a delay for the decision time T _p , and then to the waiting multivibrator (6), at the output of which after a set time interval T _p from the moment the first P-pulse arrives at the input of the delay link (5), a pulse is formed that allows the generation of the D-trigger alarm signal (7). The pulse duration of the multivibrator (6) is selected to be greater than or equal to the period of the probe harmonic signal. From the output of the multivibrator (6) and directly from the output of the comparator (4), the signals are respectively sent to the information input and the synchronization input of the D-trigger (7). Thus, the inequality of phase delays, lasting less than the decision time T _p , will not lead to the formation of a signal at the output of the D-trigger (7). The decision-making module is included in the signaling unit due to the need to take into account the phenomenon of network collision, in which two or more stations simultaneously begin to transmit traffic over the network. At the same time, a significant expansion of the traffic spectrum to the high-frequency region and the appearance of spectral components at the frequency of the probing signal are possible, especially at those moments when the stations entering the collision amplify the situation by sending a special 32-bit jam sequence to the signal propagation environment, which can lead to to a false alarm. Directly, the duration of the collision (but not the time to exit this state of the workstation) is small and does not exceed 32 μs. Therefore, to eliminate the false alarm of the signal device due to network conflict, it is enough to set the decision time from the range 32 <T _p ≤1000 μs, where the maximum value is limited by the duration of possible unauthorized reconnections of the network equipment in the signal propagation environment, and thereby achieve an additional positive technical effect - eliminating the effects of network collisions. The described technical solution for taking into account the collision phenomenon by making a decision about whether the phase delay inequality is caused by a collision or not is also a hallmark of the invention.

So, the inequality of the phase delays of the signals in channels 1 and 2, lasting longer than the time T _p , will cause the D-trigger to go into a stable state of a logical unit, forming a constant level signal at its input, which is an alarm signal.

In cases where segmentation of the LAN signal propagation medium is used, in which segments are combined into a common signal propagation medium by means of repeaters, an instance of the signaling device and connecting wiring will be required to control the connection of network equipment in each segment of the signal propagation medium (the maximum number of segments is determined by the IEEE 802.3 specifications).

Some elements that make up the device were described at the level of functional generalization generally accepted in the scientific and technical literature, which allows the applicant to omit a detailed description of such commonly used elements as a harmonic signal generator, amplifier, high-pass filter, comparator, delay link, multivibrator, D-trigger due to their fame. For the remaining elements, you must provide information for their implementation. In particular, the schematic diagrams of their implementation can be borrowed from the following sources:

- phase shifter - V. Kukush Electro-radio measurements: Textbook. manual for universities. - M .: Radio and communications, 1985,

- amplifier-limiter - Scherbakov V.I., Grezdov G.I. Electronic circuits on operational amplifiers. Directory. - K .: Technique, 1983 .-- 213 p.,

- The scheme of optocoupler galvanic isolation - Nosov Yu., Sidorov A. Optrons and their application. - M .: Radio and communications, 1981,

and are provided by the presence on the domestic market of a well-known element base, which allows us to make a positive conclusion about the industrial applicability of the claimed method and device.

Claims (2)

1. A method for controlling the connections of network equipment to the signal propagation environment of local area networks of IEEE 802.3 standards 10-BASE-2, 10-BASE-5, which consists in the fact that a sounding signal is passed through the signal propagation environment of the local computer network and its parameters are analyzed after passing through , characterized in that a harmonic signal with a frequency and level that does not affect the operation of the local computer network is used as a probe signal, and control of the connection of network equipment to the distribution medium the signals of the local computer network are computed by comparing the phase delay of the probe signal introduced by the current configuration of the network equipment with respect to the reference phase delay, for which the probe signal is passed through the propagation medium, starting from one of its edges, and the probe signal is received and recorded on the other edge of the propagation medium the phases of the probe signal after passing through the medium of signal propagation of the local computer network when connected to it is only legitimate of the network equipment, which is accepted as the reference, then compare the phase delay of the probe signal introduced by the current configuration of the network equipment with respect to the reference phase delay, eliminate the effect of the network collision phenomenon, signal the inequality of the current and reference phase delays, apply the method under conditions such as the presence of network traffic in the network, and with a de-energized local area network. 2. A control device for connecting network equipment to the signal propagation medium of local area networks of IEEE 802.3 10-BASE-2, 10-BASE-5 standards, comprising a harmonic signal generator, an optocoupler isolation unit and an alarm unit, while the output of the harmonic signal generator is first the channel through the optocoupler isolation unit and then through the distribution medium of the local area network is connected to the first input of the signaling unit, and through the second channel directly to the second input of the unit and an alarm, which consists of a series-connected amplifier with its first input, a high-pass filter and a first amplifier-limiting cascade connected to one input of a comparator, and series-connected with its second input of an adjustable phase delay link and a second amplifier-limiting cascade connected to to the other input of the comparator, the output of the comparator is connected through a series-connected delay link and a waiting multivibrator with the information input of the D-trigger and directly with the synchronization input of the D-trigger, the output of the D-trigger is the output of the alarm unit and the output of the device.

Images