RU2727090C1 - Software-hardware system for data exchange of automated systems - Google Patents

Abstract

FIELD: computer equipment.

SUBSTANCE: invention relates to computer engineering for providing internetwork communication. Technical result is achieved due to software and hardware system for data exchange of automated systems, which comprises stacks of network switches, intended for connection to them of technical means of corresponding automated systems, fail-safe clusters of firewalls, an additional stack of network switches, a network traffic analyzer, a memory unit, an interface server, an information storage and transmission server, a data bus and a centralized control server.

EFFECT: technical result consists in improvement of level of security and safety of transmitted information during data exchange of automated systems.

1 cl, 1 dwg

Description

The invention relates to communication technology and can be used for the safe interaction of automated systems, both from the side of the data transmission network for operational and technological purposes, and from the side of the data transmission network for general technological purposes.

A technical solution for multimode interconnection is known, presenting a digital network system capable of simultaneously providing a session of connection to a multimode interconnection over a variety of heterogeneous network systems, from a user base device (UPD) to network gateways NSP, CSP or ASP, and providing a variety of internetworking environments. It also provides ways to support the following interworking services at the same time: public and shared Internet services; Virtual private network (VPN) services with MPLS and IP support; hybrid network system connection sessions between heterogeneous connection-oriented and connectionless network systems; and end-to-end connection-oriented and circuit-switched connections for VDMI based application services via a digital transceiver, whether terrestrial or wireless environment based on xDSL or VCC (WO2013015673, H04L 12/66, 01/31/2013).

The known technical solution is not intended for use in data exchange systems between national networks for the exchange of data of general use and territorial departments and does not provide the necessary level of protection and security of transmitted information.

As a prototype, a software and hardware complex of technical means of an automated data exchange system (multifunctional telecommunication multiplexer) was adopted, built on a modular principle and containing adapter modules that implement channel-level protocols and perform procedures for interaction with communication channels, the outputs of which are connected to the inputs of interface modules with channels connections with standard joints (C1-TG, C1-TCh, C1-I, C2, C2 special, etc.) and grouped by the types of channels used (TC, TG, etc.), as part of the hardware-software complex functions multiplexing, switching and management of hardware and software complex and communication channels are performed by functional modules located in the system unit of the PC, which controls the operation of these functional modules and is simultaneously a server of the local network, to which automated workstations are connected that carry out reception / transmission, processing , storage of information and control of the data exchange system, and adapter modules that implement channel-level protocols are installed in the connectors of the system bus of the motherboard of this PC, and the interface modules with communication channels with standard joints are structurally combined into a separate unit (crate) - the communication channel interface unit (RU128429, H04L 12/66, 20.05.2016).

The known technical solution has expanded functionality of the complex as a nodal transport station in transmission networks, primarily for departmental purposes, by providing the possibility of expanding the range and number of used open and encrypted communication channels, increasing the number of general-purpose technical means used in its composition instead of specially developed ones, and also increasing the list of possible modes of operation and ensuring the possibility of integrating the software and hardware complex from a set of functional modules for communication objects of various control levels.

The well-known hardware and software complex is a multi-level microprocessor structure focused on performing multi-channel information exchange through communication channels and does not have the functionality to process data at the application level using unique data exchange protocols, while ensuring that there is no direct network connection between transceiver units and information storage units ...

The technical result of the invention is to increase the level of security and safety of transmitted information when exchanging data from automated systems.

The technical result is achieved by the fact that the software and hardware complex for the exchange of data of automated systems contains stacks of network switches designed to connect the technical means of the corresponding automated systems to them, the inputs / outputs of each stack of network switches are connected to the outputs / inputs of the corresponding fail-safe cluster of firewalls, and failover clusters of firewalls are interconnected through an additional stack of network switches, to which a network traffic analyzer is connected, connected to the memory unit, additional outputs / inputs of each failover cluster of firewalls are connected to the inputs / outputs of the corresponding interface server connected to the storage and transmission server , the gateway servers are connected to the data bus to which the centralized management server and additional I / O of the additional network switch stack are connected.

The drawing shows a diagram of a hardware-software complex for data exchange of automated systems.

The hardware and software complex for the exchange of data of automated systems contains stacks 1, 2 network switches designed to connect technical means 3, 4 of the corresponding automated systems to them, the inputs / outputs of each stack 1 (2) network switches are connected to the outputs / inputs of the corresponding failover cluster 5 (6) firewalls, and failover clusters 5 and 6 of firewalls are interconnected through an additional stack of 7 network switches, to which a network traffic analyzer 8 is connected, connected to the memory unit 9, additional outputs / inputs of each failover cluster 5 (6) firewalls are connected to the inputs / outputs of the corresponding interface server 10 (11) connected to the storage and transmission server 12, the interface servers 10 and 11 are connected to the data transfer bus 13 to which the centralized control server 14 and additional input / output of the additional stack are connected 7 network comms utators.

Hardware and software complex for data exchange of automated systems works as follows.

All connections to external (adjacent systems) in the software and hardware complex are protected by failover clusters 5 and 6 firewalls.

A failover cluster performs the following functions:

- firewalling;

- cryptographic protection of the communication channel with the workstation of the information security administrator of the hardware and software complex;

- identification and authentication of the information security administrator in the software and hardware complex;

- traffic filtering based on the state of the session (stateful packet inspection);

- providing address translation (NAT);

- inspection of application protocols;

- anti-spoofing protection;

- prevention of DoS attacks.

With the interaction of technical means 3, 4 of the corresponding automated systems through the software and hardware complex, the following sequence of information processing is carried out.

The technical means 3 (4) of the automated system establishes a connection with the ip-address of the failover cluster 5 (6) of the firewalls to the dedicated port, which redirects the connection from this port to the corresponding interface server 10 (11). The interface server 10 (11) sends the received data for exchange to the information storage and transmission server 12.

The interface server 11 (10) polls the information storage and transmission server 12 for messages to download. Downloads them, if available, and transfers them to the 4 (3) facilities of the corresponding automated system.

When analyzing network traffic and detecting intrusions, the following information processing is carried out.

All network traffic circulating in the software and hardware complex from the stack 7 of network switches is transmitted for analysis to the network traffic analyzer 8, which analyzes the network traffic received from the network switch (inspected network traffic) for signs of computer attacks.

Network traffic analyzer 8 is designed to perform the following functions:

- detection of computer attacks based on dynamic analysis of network traffic, starting from the link layer of the TCP / IP protocol stack and ending with the application layer;

- heuristic analysis to identify anomalies in network traffic and in the actions of its users;

- detection of computer attacks in a mode close to real time, with notification of the detected attack visually (in the computer attack log) and by e-mail (about the most critical events, selective events, etc.);

- display of detected computer attacks in the management console and notification of recorded critical computer attacks;

- automatic saving of the history of detected computer attacks to ensure subsequent analysis;

- search (selective search) of detected computer attacks in accordance with the specified filters;

- export of computer attack logs to a CSV file (text format intended for presentation of tabular data) for subsequent import into third-party applications;

- using separate rules for detecting computer attacks or a group of rules;

- the ability to write your own rules for detecting computer attacks to analyze network traffic;

- control of the integrity of executable and configuration files;

- control of the integrity of the loaded databases of permitting rules;

- control of its performance in general;

- local and remote control (administration);

- identification and authentication of the administrator at his local requests for access to the control process;

- updating the databases of allowing rules in an automated mode (using the security administrator);

- setting the parameters of its functioning;

- display and export to a PCAP file of network packets corresponding to registered computer attacks (in order to ensure subsequent analysis of attacks);

- automatic transmission of data on computer attacks to the system for collecting and transmitting events via the syslog protocol;

- backup and recovery of software, configuration files and logs;

- delimitation of users' powers depending on the assigned role, as well as audit of their performance.

When a signature of a computer attack or an anomaly of network traffic is detected in the inspected traffic, the network traffic analyzer 8 automatically stores information about the detected information security events in its own database in the memory unit 9 and transmits it to the centralized control server 14 designed to perform the following functions: centralized management (administration) of software and hardware-software components of the complex; software and hardware-software systems support and maintenance (including software and threat signature updates); software update management of the complex and analysis of the security of its components; backup of configuration files and information about events on the components of the complex; ensuring the functioning of the VipNet Administrator 4 software complex for the initial initialization and maintenance of the VipNet protection network components.

The information security administrator of the hardware and software complex monitors the events recorded by the analyzer 8 of network traffic and transmitted to the software complex for information security management in systems (not shown in the drawing), and takes appropriate measures for the identified incidents.

When identifying vulnerabilities in the software of the components of the software and hardware complex, the sequence of information processing is as follows.

At the automated workstation (not shown in the drawing) of the software and hardware complex, according to a pre-configured schedule, tasks of scanning the components of this complex for vulnerabilities are launched from the centralized control server 14.

When vulnerabilities are detected in the software of the components of the software complex, the analyzer 8 automatically saves information about the detected vulnerabilities in the memory block 9 into its own database and generates a report.

The information security administrator of the software and hardware complex analyzes the reports of the software complex generated by the analyzer 8 and takes appropriate measures for the identified incidents.

Thus, the proposed technical solution makes it possible to increase the level of security and safety of the transmitted information when exchanging data from automated systems.

Claims (1)

A software and hardware complex for the exchange of data of automated systems, containing stacks of network switches designed to connect to them the technical means of the corresponding automated systems, the inputs / outputs of each stack of network switches are connected to the outputs / inputs of the corresponding failover cluster of firewalls, and the failover clusters of firewalls are connected among themselves through an additional stack of network switches, to which a network traffic analyzer is connected, connected to a memory unit, additional outputs / inputs of each failover cluster of firewalls are connected to the inputs / outputs of the corresponding interface server connected to the storage and transmission server, the interface servers are connected to data bus to which the centralized management server and additional I / O of an additional stack of network switches are connected.

Images