WO2007033392A1 - Security system - Google Patents

Security system

Info

Publication number
WO2007033392A1
WO2007033392A1 PCT/AT2006/000381 AT2006000381W WO2007033392A1 WO 2007033392 A1 WO2007033392 A1 WO 2007033392A1 AT 2006000381 W AT2006000381 W AT 2006000381W WO 2007033392 A1 WO2007033392 A1 WO 2007033392A1
Authority
WO
Grant status
Application
Patent type
Prior art keywords
network
internal
system
data
protection
Prior art date
Application number
PCT/AT2006/000381
Other languages
German (de)
French (fr)
Inventor
Franz Christian Stebe
Klaus Janschitz
Original Assignee
Diaplan Elektronic Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic

Abstract

The invention relates to a security system for the best possible protection against directly damaging attacks on the internal network, in particular, for protection of data on the internal network or manipulation of data and the best possible protection against viruses and trojans, which is a network or a stand-alone device, wherein all information from the external network is converted into an image format by a converter (C1, C3) or another data format, transferred to the internal network and subsequently converted back. Normally there are two distinct networks. At least one network forms the internal network and at least one physically-separate network or region, for example, connected to the internet, is considered unsafe. By means of conversion of the information all information infected with script or viruses is lost, wherein the conversion forms an image such as taken by a camera, which is then reconverted into the same electronic data format such as performed by a scanner. The system therefore offers the best possible network security.

Description

security system

technical field

The invention relates to a computer and network - security system for the highest possible simple and reliable protection of the operating system from damaging attacks from external networks and the best possible protection against viruses and Trojans, according to the preamble of claim 1. The system is used for the protection of corporate networks and private networks and their Internet connection or other as unsafe classified network connections.

State of the art

The topic of security is becoming increasingly important for companies. The threat of the IT systems through vulnerabilities in operating systems and applications is constantly growing. Companies today are constantly exposed to new and difficult-to-control threats from hackers. Where once sufficient nor the hedge all entry and exit points of a network, today more comprehensive protections are necessary. Above all, networks of virus and Trojan horse programs are threatened, which can be offered only by updating the anti-virus programs against known virus protection. In addition, administrators must always be on the cutting edge of technology in order to fill gaps in the network and operating systems. Part of this work is already taken over by automatic update programs that still is but still operate a significant cost for protecting the network, to be sure, at least against known viruses and operating system vulnerabilities. For as yet unknown vulnerabilities there but from the prior art are not protected. The use of data from the Internet or other unsecured networks is one of the most important components in a company at the same time it provides an interface to attacks. The risks associated with using the Internet to go from data theft to system failure or manipulation of data files, which can result in lost productivity to ruin. Especially with the rapid development of automation control systems such as PLC controllers and production, inventory management programs are first affected not only at the administrative level but also at the machine level. The impact from a hacker attack on a production site can not be estimated. Since in a management failure due to tape backup, the damage caused is limited. Is many times greater at a control attack such as an industrial robot of the auto industry, the damage. As thus Produktionszustillstand comes and reprogrammed the whole production site, configured and changed under circumstances parts. In this case, not only the cost of workers and machines but also the cost of restoring the company to come on the farm. Companies from fused with the prior art can not 100% guarantee that your network can not be affected.

Protection systems for corporate networks in a manner known for use in corporate networks, which limit access to the corporate network, for example by filtering the incoming outgoing traffic, animation control, blocking of suspicious scripts and "XXX dailer" or other methods. Examples firewalls are PIX stations, which form the interface to the Internet and deny example, unauthorized access of blocked ports.

firewalls

With the available systems on the market, it is possible to define rules for specific protocols, ports, applications and / or remote addresses. It can also go messages to the administrator when users attempt to establish an Internet connection.

These systems protect the network by limiting access to the network and the traffic will be searched. Disadvantage is that an attack on the unlocked or punctured access options (for example, https, http, ftp ports) can be carried out with the help of the operating system or application program gaps. These errors are often discovered only in case of damage and corrected with updates from the manufacturer. It goes by a certain time so until a security vulnerability is known and is available an update to an application or an operating system. The users are then responsible for ensuring that all your network users import the latest updates in the computer network. The administration of such protection systems is very time and money consuming and requires special training. By the need to constantly update the configuration, the system is very prone to error. The programs are becoming more complex with increasing level of security and are therefore usually operate only with special knowledge.

For ensuring the current state of art security a corporate network a permanent, costly maintenance and monitoring is necessary, therefore, this maintenance and system upgrades are often extremely expensive and therefore can usually be financed only by large companies. Small businesses are usually not implemented for cost reasons capable of such security measures. Systems are known for example by DE 19742330 Cl. They provide a method for partitioning of safety-related data processing systems against interference from other data networks as well as suitable for this purpose facilities. In order to prevent a communicating with a public data network security-related data processing system on originating from outside data telegrams reacts with security-content, the two data networks are separated from each other by two safety translator systems. This leaves only data with non-safety-technical character for transmission to the security-related data processing system. By filtering the data messages of the external network can be ensured that no data telegrams arrive with security-sensitive content in the second network, making the system classifies as protected against security-related data messages.

The system consists of two safety translator which has the advantage that the externally applied telegrams can be evaluated separately.

The messages are encrypted by a security translator and decrypted by the other, making the system gains in safety. The cyclic testing of filters for compliance, the system is constantly checked for functionality.

Disadvantage of the system is connected to the direct connection 'the external network, thereby forming a penetration through a configuration error, a gap in the operating system of the data processing system, a gap in the security translator system, an error of an internal user, etc. is possible in the safety devices of hackers and changed data of the internal system, stolen or control commands are fed into the network.

In addition, DE discloses 102 01 655 Cl a MuItifunktions- server, in particular twin server with at least two stand-alone server, each having an independent main board, at least its own CPU, hard drive, memory devices and / or network card, wherein the server common in a "rackable 19 in particular in one housing are arranged. firewalls run in parallel on two independent servers. With the approach of the redundancy in the system, the system is indeed fail safe, which is a characteristic of the system. a maximum protection against attacks from an external network the system can not provide, because it is directly connected to the external network. through a configuration error, by failure to update an operating system or user error the internal network from an external network can be attacked damaging. in spite of the cost of acquisition of the hardware of the system , remains increased maintenance costs for updating operating systems, virus scanners and administration.

US 6901519B1 discloses a "EMAIL VIRUS PROTECTION SYSTEM AND METHOD" system and method which uses a sacrificial server. Any executables or other suspicious parts of a received email message is sent to the scrificial server, which converts to a non-executable format, such as PDF and continues to send to the recipient. the scrificial server is then scanned for viruses and then restarted.

One disadvantage results from the fact that no information about the test is performed after the conversion to give a residue of a damaged codes may be left over and thus can access the network to be protected.

A further disadvantage results from the fact that the conversion is carried out at e-mails in one direction only, whereby only one direction is secured.

A disadvantage is also that a simple Convert is for converting the information displayed in the browser is not sufficient, but a further processing of the converted information is necessary to be able to represent the changed information again in the browser.

A disadvantage arises from the fact that the system is designed only for securing incoming emails and a pure backup of emails a company by viruses in HTML pages is no longer sufficient to protect the network

In US 6487664B1, a system is disclosed that includes an insulation of the external data signal to reach a security in exchanging information between the protected information system and the external network. The system and method protect against the Get of unconverted external data signals (eg analog conversion to digital TV signal or video card to the client;.) In the protected system using an intermediate screen, which is a hardware of a computer. The intermediate screen is located between the protected system and the external system and is used. to process all incoming signals from the external system, wherein information is extracted before they come approved in the protected system.

The conversion of the data signal into another data signal without executable code is indeed ensured that the client computer is protected from attack, but the effort increases considerably because the client computer must be equipped with expansion cards and additionally with a special software to view the signals must be provided. In one embodiment of the system according to US 6,487,664 Bl, the data signal is converted into a video signal and displayed with a video card in the client computer.

Another disadvantage is caused by the maintenance, with a higher maintenance occurs at the workstation by the additional hardware or software.

Disclosure of the Invention

From the known art, the object of the present invention an inexpensive, simple, and in terms of the damage caused highest possible safe solution for the protection of operating systems or networks from damaging attacks via an external interface on the protected network or system to offer. The invention is based on a simple idea, the internal network hardware separate from the Internet interface, which constitutes the weak link in the network. This ensures that a damaging attack on the external interface to the network to be protected is impossible in principle (physical separation of the connection). The previously known systems from the prior art to connect the entire network or server on the network to the Internet.

Technical Problem

The object of the invention is to allow the client of the internal network an Internet connection, without connecting the internal network to the Internet. To achieve this object, the invention assumes that two or more networks are developed. The user is always fixedly connected to the internal network but can never be connected to the external network (Internet) (see Figure 1). In order to still get data and information from the external network, the internal network with a transducer (e.g., HTML-TO-PICTURE processor) is connected, which processes the user's requirements. Due to the separation, it is ensured that a connection to the internal network is not possible. The transducer, for example, as HTML processor, detects the proxy requests to the internal user, encodes them in a freely selectable protocol and forwards these via an optical or electrical connection via the data buffer to the transducer, which is executed for example as HTML-TO-PICTURE processor is on. Before forwarding the data buffer is separated from the internal interface. The data buffer then forwards the checked information to the converter (for example, HTML-TO-PICTURE) further, which sends the desired requirements in the Internet. The received HTML or information page is converted, for example, in an image or character string, which via the data buffer to the internal converter, which is designed for example as HTML processor, is further added. This creates the image of the HTML page or an HTML string back side. The user sees only an image of the external transformer of the right side. Through this mechanism, a maximum security against viruses infected website, viruses scripts or contaminated data can be guaranteed the network. the user wants to take a document from a Web page or the external network to the internal network, this is to be front, converted by a transducer which is designed for example as a print processor and then converted back into the original format. This is ensured that documents do not contain scripts or other viruses (easily scan print and re-using the same format). The system is so designed that it can only be projected to the Internet HTML pages that you can wait on the internal network without being connected to the Internet or the external interface.

Technical solution

The object is achieved in that each requested information from the Internet via a converter, which is designed for example as an HTML TO-PICTURE, the information in a different format, for example, converts an image, and reconverts with a second processor. For connection setup the workstation with an external unsafe resource, the information is first converted and then stored in a data buffer between the processor, which is separated from the internal network. After successful separation, the information to the data buffer to the external transducer is redirected.

By the physical separation of network connections no direct access to the internal network can take place. The external interface, which constitutes the weak point in the network structure of the present system standards is thus physically separated from the internal network. So that the internal network is highly possible hedged. By the converter also an indirect attack download files or scripts in HTML pages is highly possible hedged because all executable programs or scripts are lost when converting. Advantageous Effects

This allows businesses to save expensive firewalls, virus scanners, update costs, etc.

The implementation of the system can not be used only for company but also for private network or systems that can be scaled as needed.

Embodiment (s) of the invention

The present inventors have found that it is preferable if the security system is equipped with an update program to install new fonts or scripts.

It is preferred that the connection between the data buffer and processor external transformer and the internal optical transducer is carried out, as this very high cutting speeds can be achieved.

According to the invention it has been found that it is preferable if the security system is combined with a computer security system which is shown in the patent application A90 / of 2005. In the combination of the corporate network can be divided into several sub-networks, which are provided in dependence of the user groups with different privileges. In the partition, a network for non-secure applications should be established then, which are performed in this network, and are coupled via the security system via the external transducer, for example, as image information. In order to run applications that constitute a danger to the internal network is also possible. The insular network area can be provided for example with a scanner or an erase process. By linking applications of foreclosed area can then be operated in the internal system then, the link then creates a visual HTML link to the application. As insular network but no network must be used, but may also be a storage medium used.

It is preferable that the image information of the external converter is not checked for errors and content and forwards only after successful verification before transmitting.

According to the invention that the connection is accelerated by the use of a latch for securing the partial results was found.

It is Favor that a quality level can be set in the system, which can be configured according to the requirements of speed or Dokumentengualität.

Another aspect of the inventive solution is that the security system is Applicable on bus systems for industrial control, to protect them from unauthorized access. A further aspect of this is also a data visualization of systems on the Internet possible without Sicherheitsrάsiko because the security system can work in both directions.

The present inventors have found that in larger corporate networks advantageous to perform processing units multiple times, to handle the requirements of the user more quickly.

Another aspect of the inventive solution is that all interfaces on the server, but also at the work stations are equipped with the security system to provide maximum security for external or internal drives, USB drives, etc. ensures to provide.

According to a further embodiment of the inventive safety system is scalable. It meet of an inexpensive entry-level solution for private networks and grow to large corporate networks.

According to the invention it has been found that it 'is preferred that the system is equipped depending on the hardware used with different security levels. As this facilitates an individual adjustment and saves costs. Mark the data transfer process and the additional resources required of the system, for example, the system is divided into three levels, wherein the lowest sum result of these criteria forms Level. 3 In the first level, the interface is replaced to the external network by the security system. This ensures that no attacks or verseuchtet files can come to the Internal network.

In the second level of the data buffer processor is also equipped with a test algorhythm for content and errors that still checks the conversion images and the information of the Internal network before they are Redirected. In the third level, all interfaces are equipped to workstations and servers with the security system.

In the following paragraphs, the security levels are specifically described and explained.

For example, embodiments of Level 1 according to the invention the flow of information is performed from the internal network is described as follows. The workstation has set the security system as a proxy server in the Web browser. the user sends an Internet request to the security system, so this requirement is converted from the internal converter in an internal data format and transmitted via the buffer processor to the external transformer. The forwarding of the information only after successful separation of the data coupler. The data coupler can only be connected to a processor unit. This allows the two network are always separated hardware from each other. The information of the data buffer processor are then forwarded to the external converter. Which of the user's request the HTML page, for example, in an image Converts which are sent as a result via the data buffer processor. The internal transducer then processes the image information in a WEB page which is displayed to the user. The user receives the HTML page as image information and it can infect the internal network no scripts or viruses.

When you download a document on the Internet there are two ways the user can go. The first way is to display the document in the Web browser, which works the same as the display of HTML pages. the user wants to save the document in the internal network, the document via the external transducer is converted into a print format and transmitted via the data buffer processor. The internal converter Wandet this picture then back to the Original or a defined data format. This ensures that no contaminated files can be imported into the internal network.

For example, embodiments of Level 2

According to the invention an information request is performed as described by a user to the internal network as follows.

The workstation has set the security system as a proxy server in the Web browser. the user sends an Internet request to the security system, so this requirement is converted from the internal converter in an internal data format and transmitted via the buffer processor to the external transformer. The forwarding of the information only after successful separation of the data coupler. The data coupler can only be connected to a processor unit. This allows the two network are always separated hardware from each other. The information of the data buffer processor are then forwarded to the external converter. Which of the user's request the HTML page into an image Converts which are sent as a result via the data buffer processor. Before forwarding the image information to the internal network, the image information is checked once more in the data buffer processor. This check is a safety check of the received images. It could, for example to correct images or content of the images are checked (forbidden pages). The internal transducer then processes the image information in a WEB page which is displayed to the user. so that the user receives the HTML page as image information, and it can attack the internal network no scripts or viruses.

When downloading a document on the Internet there are two ways the user can go. The first way is to display the document in the Web browser, which works the same as the display of HTML pages. the user wants to save the document in the internal network, the document through the external converter in, for example, to convert a print format and transmitted via the data buffer processor. Each frame is then checked for correctness and content of the data buffer processor. Only after successful test is the image Redirected and included in the file. The internal converter Wandet the data format again in the Original or a defined data format (such as PDF - files) to. This ensures that no contaminated files can be imported into the internal network.

For example, embodiments of Level 3

In Security Level 3, all interface are equipped with the safety system, both server and workstation. Because users tend einzuspielen data by other interfaces such as USB sticks, or hard drives, and as a virus can be fed into the internal network are these interfaces provided with the security system. This highest possible level of security is achieved.

An extension of the inventive solution provides that any network can also be equipped with additional protection systems.

A further aspect of the inventive solution is that the external data can be brought with its own transfer station in the internal network. The transfer station can bring files or e-mails, which are stored as a file in the transfer processor in the internal network. Each file or mail is previously converted by the external converter and checked for errors and content in the data buffer processor and converted back. According to the invention, an advantageous embodiment of the inventive solution in the embodiment of the system is carried out with level three workstations as thin clients.

Another aspect of the inventive solution is that security system can be designed as a plug-in card for a PC. This has no additional external hardware is required and an existing network is easily converted by installation of switching the advantage. For smaller networks, this system solution is more cost effective.

According to a checking function is integrated in the data buffer, which checks the images formed on correctness and content. This makes it possible to block certain websites for access. The lock can then be configured through the browser.

Another aspect of the advantageous embodiment of the inventive solution is that the internal processors have branded the program fix that is also no changes to the chip are possible. The software is so branded hardware.

According to the invention the control of the separation of the two networks is provided with a buffering, i.e. the requirements which arise during the separation of the data buffer processor are stored and processed after switching back.

An advantageous embodiment of the inventive solution is that the data buffer processor is not waiting for the response from the external transformer but switches over immediately. This saves time and he can give the new requirements of the internal system immediately on. During the changeover is always checked whether a conversion is already done.

According to the invention it was found that the separation can be quickly realized with an optical link, which is switched on depending on the connection from respectively.

An advantageous embodiment of the inventive solution is that the security system can be implemented directly on the motherboard and the purchase already is part of the PC. This completes the installation of the system is omitted in the internal and external network structure. Particularly useful are motherboards that support multi-processor systems.

Embodiment, the arrangement for the system consists of an external transducer, a DATA BUFFER and an internal converter with an optical separation unit that allows the connection and disconnection of the individual processor communications. The controls for the separation of the processor is uncoupled from both systems can thus be connected by a network in one direction only. This makes it impossible to make an external hackers, the switchover to Use because this is not in communication with the external network. Furthermore, the software of the processors is branded fixed and can not be changed.

Brief Description of Drawings

1 shows the use of the system in a network is shown with an Internet connection as an external network. In the figure, the external and the internal network A2 with Al are symbolized. The workstations A3 can not be but connected to the external network only be connected to the security system A7. Requires a workstation A3 an Internet page, a connection to the security system A7 is established and passed the data on the conversion processor to the workstation. The use of the system is shown in Figure 1 is very simple. The system is operated between the Internet and the internal network.

Figure 2 shows a block diagram of the individual parts of the safety system 8. The Internet interface B7 can be used as modem interface, ADSL interface, Ethernet interface, or any other Internet connection interface are executed. the Internet connection interface is then connected to the external converter Bl to the data lines BIL. The processor converts all internet browser pages in another format, for example, into an image. It responds to a request from the internal transducer B3, which receives its information through the data buffer processor B2. The communication between the external transducer and the data buffer processor proceeds via an optical link B6. The data buffer B2 processor is connected to an optical link with the internal converter. The internal transducer B3 responds to the requirements of the work stations and sends them further via the data buffer processor to the external transformer. Via an interface B5 the internal converter is connected to the internal network. The communication link BIL forms the connection of the internal transducer to the internal network.

3 shows a detailed block diagram of the processor communication for ensuring the separation of the network is shown. The external converter Cl is connected via a driver unit C5 to an optical link to the data buffer processor C2. The optical link can then be activated in response to the request or Disabled. The data buffer processor C2 studied in receiving images from the external transducer, the received images for correctness and on content. The data buffer processor C2 may block with a configuration file and web pages, that is, those pages are not forwarded. The communication connection to the internal and external network so adapted that of the data buffer processor with at least one processor can be connected. Through the optical connection channels connections can be established very quickly and be dismantled. To imagine the security of the system better, one can imagine the external CONVERTER as a printer that has as output a document that can not be changed and can not contain viruses. The data buffer processor can be thought of as a folder, which is passed from one to the other. The internal converter is like a scanner, and then converts the document back into an electronic document Free viruses in an agreed information format, in an advantageous embodiment of the inventive solution, it is converted in the same data format.

Claims

claims
1. A security system for protection against direct harmful attacks on the internal network and the protection of the data of the internal network, and protection against viruses and Trojan Horses, which is a network or a stand-alone operation, characterized in that the information of the external (A2) or internal network, or work station are converted via at least one data format converter (Cl) at least once in at least one deviates from the original data format data format and in the internal or external (A2) network or workstation (A3) to be transmitted, wherein the control of the connection from the data format converter for external (A2) and the internal network is implemented by at least two separate control system and these are separated from each other in terms of hardware and is implemented a data buffer for Inhaltsfehler- processor, Konvertierungsfehler- and virus checking in the system.
2. security system for protection against direct harmful
Attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1, characterized in that an internal converter is implemented in the system, which feeds the received images of the external processor to the internal network in an HTML page again ,
3. security system for protection against direct harmful
Attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claims 1 and 2, characterized in that the data buffer-processor (C2) in need an external information first connection to the internal processor (C3) separates and only upon successful separation of a connection to the external processor (Cl) receives.
4. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 3, characterized in that the transfer of the information of the data format converter with a data buffer processor (C2) takes place, which prior to transmitting the data, these for viruses, conversion errors and content errors.
5. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1, characterized
, in that no information from the internal system, which have not been converted to the 'converter processors is transmitted through the security system to the external interface.
, A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 3, characterized in that a request for a change of connection of the data buffer processor is only possible in one direction per network and that the data buffer processor is disconnected from the internal transducer before connection to the external converter.
A security system for protection against direct harmful attacks on the internal network via a 'external interface, in particular the protection of the data of the internal network according to claim 1, characterized in that a transfer of information of the internal data only on a data buffer processor (C2) passes, which is not is connected to both networks simultaneously.
8. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1, characterized in that only the external transducer to the external network or unsafe. Region is connected.
9. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1 and 5, characterized in that the external and internal converter converts information in dependence of the configuration in both directions ,
10. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1 ,,. characterized in that only in error and tested content information, a forwarding to the internal network is possible.
11. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that is switched in connection change always via the data buffer processor.
12. A security system for protection against direct damaging attacks to the internal network through an external interface in particular the protection of the data of the internal network according to claim 1-5, characterized in that the security system stores converted pages in a buffer to indicate this in recall quickly ,
13. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system is designed as an external or internal device.
14. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system comprises at least one or more of the listed sectional pillars USB, Firewire, Ethernet , RS232, IR, Bluetooth and Wi-Fi is executed.
15. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system is implemented on the motherboard.
16. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system for one or more of the listed data media such as removable hard disks and USB memory sticks can be used as a security system.
17. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system for WLAN can be used as a security system for the retrieval of the web pages.
18. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that, the system is built with fix branded processors with reprogrammable processors.
19. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system is equipped with multiple transducers for better performance.
20. A security system for protection against direct damaging attacks to the internal network through an external interface in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system is implemented with at least two processors.
21. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, .dadurch in that the transducer processors (at least one or more printable formats Ex. PDF) are implemented.
22. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the converters operate selectively in one direction or in both directions.
23. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system, as a plug-in card with at least one of the listed interfaces ISA, PCI PCI Express, IDE, SCSI, or any other PC connection is formed for the workstation.
24. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the transducers processors HTML pages or other information in one or more printable formats converts.
25. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system comprises a hardware-based control of the Information Exchange of a special combination or special button of the mouse , or keyboard is supported.
26. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the transducer processor of HTML script, or any other programming language, an output on the represent generated on one or more screens.
27. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system records each change of connection in a file and monitored.
5, characterized in that the system is equipped as a multi-system with parallel-working units for a better system performance - 28. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1 ,
29. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system is cascaded into subsystems.
30. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system is updated by firmware updates with new punctures for the data format conversion becomes.
31. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system is connected to a UPS system and communicates with the latter.
32. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system is configured with multiple data processors buffer.
33. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system provides an interface with which it is possible for the user, the system to configure according to his needs.
34. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system is equipped with an interface through which statistically recorded data from can be read out of the system.
35. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system monitors the network traffic and so automatic connection is possible.
36. A security system for protection against direct damaging attacks to the internal network through an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system is also arranged so that the user confirm each connection got to.
37. A security system for protection against direct damaging attacks to the internal network through an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system is provided with a password for establishing a connection.
38. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that a connection change password is set in the system for each user.
39. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system has the transducer processor that as in the external server drive available and transports files to the internal system with the security system.
40. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system web pages, e-mails but also file or one or more printable formats over the transducers in the internal network processors converted transported.
41. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system with the data buffer processor mail from the external mail server in the internal mail server and vice versa automatically transferred.
42. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system in case of failure has a redundant parallel processor unit for protection against failures ,
43. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system creates an image of the information and this again in the same data format in the reconverts internal network and provides.
44. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system can be set with a time setting so that it only at certain times allows data exchange with the external network.
45. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system operates in two directions and internally managed Web pages or information to can export the external interface.
46. ​​A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system during online operation which records new operating software updates that the at each connection updating the system.
47. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system by the separation of the control for the switching process only to a connecting position is brought from a network.
48. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system controls the directions of information flow based user.
49. A security system for protection against direct damaging attacks to the internal network through an external interface in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system is configured with a separate external operation for the information transport each workstation.
50. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system is equipped with an encryption unit.
51. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the data buffer processor of the system loads the transfer data in a buffer memory, where these are scanned for viruses, content errors and translation errors and tested.
52. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the data buffer processor data exchange of emails and files to the internal or the can perform internal network dynamically.
53. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the safety system is formed with a second unit, and upon failure of the first unit switching to the second redundant unit.
54. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that each of the two redundant units has its own power supply.
55. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the safety system has an insular network in which security-critical applications, files, and data are processed.
56. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the safety system is extended with a foreclosed storage medium.
57. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the safety system the network through a parameter change of the configuration in subnetworks with different rights divided and administered.
58. A security system for protection against direct damaging attacks on the internal network through an external interface, in particular the protection of. Data of the internal network according to claim 1-5, characterized in that the security system performs security-critical applications within a closed network and indicating a link on the internal network.
59. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the safety system is implemented with at least one bus system of an industrial network.
60. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the security system each processor is equipped with an update mechanism by which new fonts or scripting languages ​​are imported into the processor.
61. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the safety system also allows an exception for non-printable documents with an extension.
62. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system also data, files and applications Bildinformationeri to the external and internal interface forwards.
63. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1, characterized in that the system is implemented with a processor, wherein the tasks of the two transducers processors and the buffer processor takes over.
64. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the transducers processors for communicating to the buffer processor (C2) are fitted with optical transmitting and receiving devices.
65. A security system for protection against direct harmful attacks on the internal network via an external interface, in particular the protection of the data of the internal network according to claim 1-5, characterized in that the system is extended with a fiber optic interface.
PCT/AT2006/000381 2005-09-20 2006-09-14 Security system WO2007033392A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AT15512005 2005-09-20
ATA1551/2005 2005-09-20

Publications (1)

Publication Number Publication Date
WO2007033392A1 true true WO2007033392A1 (en) 2007-03-29

Family

ID=37565144

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AT2006/000381 WO2007033392A1 (en) 2005-09-20 2006-09-14 Security system

Country Status (1)

Country Link
WO (1) WO2007033392A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE202008006554U1 (en) 2007-05-14 2008-07-31 Abb Technology Ag Firewall apparatus between two computer communication networks of a high voltage power transmission system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0858201A2 (en) * 1997-02-06 1998-08-12 Sun Microsystems Inc. Method and apparatus for allowing secure transactions through a firewall
US6026502A (en) * 1997-01-27 2000-02-15 Wakayama; Hironori Method and mechanism for preventing from invading of computer virus and/or hacker
US20030131245A1 (en) * 2002-01-04 2003-07-10 Michael Linderman Communication security system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6026502A (en) * 1997-01-27 2000-02-15 Wakayama; Hironori Method and mechanism for preventing from invading of computer virus and/or hacker
EP0858201A2 (en) * 1997-02-06 1998-08-12 Sun Microsystems Inc. Method and apparatus for allowing secure transactions through a firewall
US20030131245A1 (en) * 2002-01-04 2003-07-10 Michael Linderman Communication security system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE202008006554U1 (en) 2007-05-14 2008-07-31 Abb Technology Ag Firewall apparatus between two computer communication networks of a high voltage power transmission system

Similar Documents

Publication Publication Date Title
US6192477B1 (en) Methods, software, and apparatus for secure communication over a computer network
US7308715B2 (en) Protocol-parsing state machine and method of using same
Orebaugh et al. Wireshark & Ethereal network protocol analyzer toolkit
US7870610B1 (en) Detection of malicious programs
US5550984A (en) Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non-ip protocol to remove address and routing services information
US7313823B2 (en) Anti-alternation system for web-content
Jackson et al. Forcehttps: protecting high-security web sites from network attacks
US7360237B2 (en) System and method for secure network connectivity
US20090254990A1 (en) System and method for intelligent coordination of host and guest intrusion prevention in virtualized environment
US7761605B1 (en) Embedded anti-virus scanner for a network adapter
US20060037077A1 (en) Network intrusion detection system having application inspection and anomaly detection characteristics
US20100125897A1 (en) Methods and apparatus for establishing a dynamic virtual private network connection
US20060174119A1 (en) Authenticating destinations of sensitive data in web browsing
US20060294194A1 (en) Access control list checking
US20030065793A1 (en) Anti-virus policy enforcement system and method
US20080320567A1 (en) System and method for preventing web frauds committed using client-scripting attacks
US20110072262A1 (en) System and Method for Identifying Security Breach Attempts of a Website
US20010044820A1 (en) Method and system for website content integrity assurance
US20070169190A1 (en) System to enable detecting attacks within encrypted traffic
US5896499A (en) Embedded security processor
US20080282339A1 (en) Attack defending system and attack defending method
US7685425B1 (en) Server computer for guaranteeing files integrity
US20040268149A1 (en) Network firewall host application identification and authentication
US20050108393A1 (en) Host-based network intrusion detection systems
US20060288418A1 (en) Computer-implemented method with real-time response mechanism for detecting viruses in data transfer on a stream basis

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct app. not ent. europ. phase

Ref document number: 06774778

Country of ref document: EP

Kind code of ref document: A1