WO2019243657A1 - Accès à un réseau informatique sécurisé - Google Patents

Accès à un réseau informatique sécurisé Download PDF

Info

Publication number
WO2019243657A1
WO2019243657A1 PCT/FI2018/050488 FI2018050488W WO2019243657A1 WO 2019243657 A1 WO2019243657 A1 WO 2019243657A1 FI 2018050488 W FI2018050488 W FI 2018050488W WO 2019243657 A1 WO2019243657 A1 WO 2019243657A1
Authority
WO
WIPO (PCT)
Prior art keywords
computer network
network
arrangement
switch
secure
Prior art date
Application number
PCT/FI2018/050488
Other languages
English (en)
Inventor
Tony Glader
Tomi URHO
Markku HIRVELÄ
Original Assignee
Wärtsilä Finland Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wärtsilä Finland Oy filed Critical Wärtsilä Finland Oy
Priority to PCT/FI2018/050488 priority Critical patent/WO2019243657A1/fr
Publication of WO2019243657A1 publication Critical patent/WO2019243657A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/40Constructional details, e.g. power supply, mechanical construction or backplane

Definitions

  • the present invention relates to access control of a secure computer network and, in particular, to a technique for accessing an unsecured computer network from a secure computer network in manner that lowers a risk of compromising the security or integrity of the secure computer network.
  • an access to such a secure computer network would consti- tute a serious security risk for the integrity of the information or control system it serves to implement, while on the other hand enabling the secure computer net- work to access a resource in an external network and/or enabling an entity of an external network to access the secure computer network is in many cases highly desirable and in some cases even unavoidable.
  • enabling access from an external network at least to some of the information stored in an information system implemented by a secure computer network in many cases provides significantly improved usability in accessing the information, at the same time it may provide an opening for unauthorized access to the information stored in the information system by a malicious party.
  • ac- cess from an external network to a secure computer network that implements a control system may be highly useful or even unavoidable for installing or replac- ing software components that constitute part of the control system or the oper- ating system applied to run the control system, which quite apparently consti- tutes a security risk that may enable a malicious party to access the core of the control system.
  • Non-limiting examples of environments of special interest that have especially high security and/or integrity requirements include power plants, military/govern- mental establishments, hospitals, aviation control and financial services such as banking and stock exchange.
  • a network arrangement for secure trans- fer of data comprising a computer net- work; and a switching arrangement for selectively connecting the computer net- work to a secure computer network or disconnecting the computer network from said secure computer network and for selectively connecting the computer net- work to an unsecured computer network or disconnecting the computer network from said unsecured computer network.
  • a computer-implemented method for secure transfer of data using a network arrangement comprising controlling the switching arrangement to disconnect the secure computer net- work from the computer network and to connect the unsecured computer net- work to the computer network; transferring data from one or more hosts in the unsecured computer network to a server entity in the computer network; controlling the switching arrangement to disconnect the unsecured computer network from the computer network and to connect the secure computer network to the computer network; transferring the data from the server entity to one or more hosts in the secure computer network; and controlling the switching ar- rangement to disconnect the secure computer network from the computer net- work.
  • a computer program comprising computer readable program code configured to cause performing at least a method according to the example embodiment described in the foregoing when said program code is executed on one or more computing apparatuses.
  • the computer program according to an example embodiment may be embodied on a volatile or a non-volatile computer-readable record medium, for example as a computer program product comprising at least one computer readable non- transitory medium having program code stored thereon, the program which when executed by one or more apparatuses cause the one or more apparatuses perform at least to perform a method according to the example embodiment de- scribed in the foregoing.
  • Figure 1 illustrates a block diagram of some elements of a computer network arrangement according to an example
  • Figure 2 illustrates a block diagram of some elements of a computer network arrangement according to an example
  • Figure 3A illustrates operation of a computer network arrangement according to an example
  • Figure 3B illustrates operation of a computer network arrangement according to an example
  • Figure 4 illustrates an interlocking arrangement according to an example
  • Figure 5 illustrates a block diagram of some elements of a computer network arrangement according to an example
  • Figure 6 illustrates a block diagram of some elements of a computer network arrangement according to an example
  • Figure 7 illustrates a method according to an example
  • Figure 8 illustrates a block diagram of some elements of an apparatus according to an example. DESCRIPTION OF SOME EMBODIMENTS
  • Figure 1 depicts a block diagram of some elements of a computer network ar- rangement 100.
  • the computer network arrangement 100 comprises in interme- diate computer network 114 and a switching arrangement 110 for selectively connecting the intermediate computer network 114 to a secure computer net- work 112 or disconnecting the intermediate computer network 114 from the se- cure computer network 112 and for selectively connecting the intermediate computer network 1 14 to an unsecured computer network 1 16 or disconnecting the intermediate computer network 1 14 from the unsecured computer network 1 16.
  • the computer network arrangement 100 further comprises an interlocking arrangement that is configured to control the switching arrangement 1 10 such that at any given time at most one of the secure computer network 1 12 and the unsecured computer network 1 16 is connected to the intermediate computer network 1 14.
  • the intermediate computer network 1 14 represents a neutral zone (or a‘de-mil itarized zone’ (DMZ)) between the secure computer network 1 12 and the unsecured computer network 1 16.
  • the secure computer network 1 12 may comprise, for example, a local area network (LAN) or an aggregate of two or more LANs that are arranged to provide an information system, a service or a control system in an environment that has high security and/or integrity re- quirements. Examples of such environments include power plants, military/gov- ernmental establishments, hospitals, aviation control, financial services such as banking and stock exchange, etc.
  • the unsecured computer network 1 16 may comprise an‘external’ LAN or wide area network (WAN), which may comprise or consist of a public computer network or a private computer network or a com- bination of one or more public and/or one or more private computer networks.
  • the unsecured computer network 1 16 represents the Internet. How- ever, the exact topology and extent of the unsecured computer network 1 16 is immaterial for the non-limiting examples described in the following.
  • FIG. 2 illustrates a block diagram of some elements of a computer network arrangement 101 , which is a a non-limiting example of making use of the com- puter network arrangement 100.
  • the switching arrangement 1 10 comprises a first air gap switch (AGP1 ) 1 18 and a second air gap switch (AGP2) 120, wherein the first air gap switch 1 18 is provided for se- lectively connecting the intermediate computer network 1 14 to a secure com- puter network 1 12 or disconnecting the intermediate computer network 1 14 from the secure computer network 1 12, and wherein the second air gap switch 120 is provided for selectively connecting the intermediate computer network 1 14 to an unsecured computer network 1 16 or disconnecting the intermediate com- puter network 1 14 from the unsecured computer network 1 16.
  • AGP1 first air gap switch
  • AGP2 second air gap switch
  • the intermediate computer network 1 14 is shown with a network node 126 and a server entity 128, where the network node 124 is arranged to route data traffic between the unsecured computer network 1 16 and the server entity 128 and route data traffic between the server entity 128 and the secure computer network 1 12.
  • the network node 126 may comprise, for exam- pie, one or more devices arranged to operate as a respective network hub or switch.
  • the server entity 128 may comprise, for example, one or more server devices arranged to operate as the server entity 128.
  • the computer network arrangement 10T may further comprise a first firewall (FW1 ) 122 arranged between the secure computer network 1 12 and the first air gap switch 120 and/or a second firewall (FW2) 124 arranged between the sec- ond air gap switch 120 and the intermediate computer network 1 14.
  • the first firewall 122 may be provided, for example, as a network-based firewall imple- mented in a server device via which the secure computer network 1 12 is con- nectable (via the first air gap switch 1 18) to the intermediate computer network 1 14.
  • the first firewall 122 as shown in Figure 2 may be omit- ted and hosts in the secure computer network 1 12 may rely on respective host- based firewall solutions instead.
  • the second firewall 124 may be provided, for example, as a network-based firewall implemented in a server device via which the intermediate computer network 1 14 is connectable (via the second air gap switch 120) to the unsecured computer network 1 16.
  • the second firewall 124 as shown in Figure 2 may be omitted and hosts in the intermediate computer network 1 14 may rely on respective host-based firewall solutions instead.
  • the first air gap switch 1 18 may be operated in one of a connected state and a disconnected state: in the connected state the first air gap switch 1 18 enables the connection between the secure computer network 1 12 and the intermediate computer network 1 14, whereas in the disconnected state the first air gap switch 1 18 physically disconnects the secure computer network 1 12 from the interme- diate computer network 1 14.
  • the second air gap switch 120 may be operated in one of a connected state and a disconnected state: in the connected state the second air gap switch 120 enables the connection between the intermediate computer network 1 14 and the unsecured computer network 1 16, whereas in the disconnected state the second air gap switch 120 physically disconnects the intermediate computer network 1 14 from the unsecured com- puter network 1 16.
  • the connected state of the air gap switch 1 18, 120 may be also referred to as a closed state or an enabled state, whereas the disconnected state of the air gap switch 1 18, 120 may be also referred to as an open state or a disabled state.
  • the first air gap switch 1 18 and the second air gap switch 120 are controlled such that only one of them is in the connected state at any given time. In other words, at least one of the first air gap switch 1 18 and the second air gap switch 120 is in the disconnected state at any given time.
  • the allowable states of the first and second air gap switches 1 18, 120 include the following:
  • the secure computer network 1 12 is at all times physically dis- connected from the unsecured computer network 1 16 via at least one of the first air gap switch 1 18 and the second air gap switch 120 being set into the discon- nected state.
  • Figure 3A illustrates connectivity of the computer network arrangement 101 in a situation where the first air gap switch 1 18 is in the disconnected state and the second air gap switch 120 is in the connected state. Consequently, the connec- tion between the server entity 128 and a host in the unsecured computer net- work 1 16 is enabled, thereby enabling transfer of data between these two enti- ties. In contrast, the connection to the secure computer network 1 12 both from the host in the unsecured computer network 1 16 and from the server entity 128 is blocked, thereby physically isolating the secure computer network 1 12 both from the intermediate computer network 1 14 and from the unsecured computer network 1 16.
  • the illustration of Figure 3A omits the optional first and second firewalls 122, 124 in the interest of graphical clarity of the illustration.
  • Figure 3B illustrates connectivity of the computer network arrangement 101 in a situation where the first air gap switch 1 18 is in the connected state and the second air gap switch 120 is in the disconnected state. Consequently, the con- nection between the server entity 128 and a host in the secure computer network 1 12 is enabled, thereby enabling transfer of data between these two entities. In contrast, the connection to the unsecured computer network 1 16 both from the secure computer network 1 12 and from the server entity 128 is blocked, thereby physically isolating the secure computer network 1 12 from the unsecured com- puter network 1 16 while the connection between the server entity 128 and the secure computer network 1 12 is enabled.
  • the illustration of Figure 3B omits the optional first and second firewalls 122, 124 in the interest of graphical clarity of the illustration.
  • the first air gap switch 1 18 may be provided with a first activation means that enable setting the first air gap switch 1 18 from the disconnected state to the connected state or vice versa
  • the second air gap switch 120 may be pro- vided with a second activation means that enable setting the second air gap switch 120 from the disconnected state to the connected state or vice versa
  • the first activation means may comprise a first relay that is arranged to set the first air gap switch 1 18 into one of the connected state and disconnected state under control of a first control signal
  • the second activa- tion means may comprise a second relay that is arranged to set the second air gap switch 120 into one of the connected state and disconnected state under control of a second control signal.
  • the first and second control signals may be derived e.g.
  • the first and second control signals may also be derived e.g. on basis of respective positions of one or more user-operable switches or knobs (or user input means of a different type), as a backup control system, for example.
  • the above-described operation of the first air gap switch 118 and the second air gap switch 120 may be implemented, for example, by an interconnection or in- terlocking arrangement that is configured to control at least one of the first air gap switch 118 and the second air gap switch 120 such that at any given time at most one of the secure computer network 112 and the unsecured computer network 116 is connected to the intermediate computer network 114.
  • the interlocking arrangement may be configured to control the first activa- tion means and the second activation means to ensure that at any given time at most one of the secure computer network 112 and the unsecured computer net- work 116 is connected to the intermediate computer network 114.
  • the above-described operation of the interlocking ar- rangement with respect to ensuring that the unsecured computer network 116 is not connected to the intermediate computer network 114 when the secure computer network 112 is connected thereto may be accomplished by arranging the interlocking arrangement to carry out one or more of the following:
  • the above-described operation of the interlocking arrangement with respect to ensuring that the secure computer network 112 is not connected to the intermediate computer network 114 when the unsecured computer network 116 is connected thereto may be accomplished by arranging the interlocking arrangement to carry out one or more of the following:
  • the interlocking arrangement may be provided ac- cording to an arrangement illustrated in Figure 4.
  • the first activation means comprises the first relay 130 and a switch S1 , where the switch S1 is set into an open state or a closed state in accordance with a first control signal C1 .
  • the first relay 130, the switch S1 and a switch S3 are arranged in a first current path between a first potential N1 and a second potential N2 (that is different from the first potential N1 ).
  • the second activation means comprises the second relay 132 and a switch S2, where the switch S2 is set into the open state or the closed state in accordance with a second control signal C2.
  • the second relay 132, the switch S2 and a switch S4 are arranged in a second current path between a third potential N3 and a fourth potential N4 (that is different from the third poten- tial N3).
  • the first relay 130 sets the first air gap switch 1 18 into the connected state and sets the switch S4 into an open state when electric current passes through the first relay 130, whereas the first relay 130 sets the first air gap switch 1 18 into the disconnected state and sets the switch S4 into a closed state when no elec- tric current passes through the first relay 130.
  • the second relay 132 sets the second air gap switch 120 into the connected state and sets the switch S3 into an open state when electric current passes through the sec- ond relay 132, whereas the second relay 132 sets the second air gap switch 120 into the disconnected state and sets the switch S3 into a closed state when no electric current passes through the second relay 132.
  • the switch S3 If the switch S3 is in the open state (which implies that the second air gap switch 120 is in the connected state), closing the switch S1 fails to com- plete the first current path, which results in electric current not flowing through the first relay 130. Consequently, the first relay 130 keeps the first air gap switch 1 18 in the disconnected state (in other words, the first relay 130 does not set the first air gap switch 1 18 into the connected state), thereby ensuring that the secure computer network 1 12 is kept isolated from the intermediate computer network 1 14 and from the unse- cured computer network 1 16.
  • the switch S4 If the switch S4 is in the open state (which implies that the first air gap switch 118 is in the connected state), closing the switch S2 fails to com- plete the second current path, which results in electric current not flowing through the second relay 132. Consequently, the second relay 132 keeps the second air gap switch 120 in the disconnected state (in other words, the second relay 132 does not set the second air gap switch 120 into the connected state), thereby ensuring that the unsecured computer network 116 is kept isolated from the intermediate computer network 114 and from the secure computer network 112.
  • Figure 5 depicts a block diagram of some elements of a computer network ar- rangement 102, which is another non-limiting example of making use of the com- puter network arrangement 100.
  • the switching arrangement 1 10 comprises a toggle switch arrangement 140 comprising a tog- gle switch 141 for selectively connecting the intermediate computer network 1 14 to one of the secure computer network 1 12 or the unsecured computer network 1 16 and, optionally, an enabler switch 142 for selectively connecting the inter- mediate computer network 1 14 to the toggle switch 141 or disconnecting the intermediate computer network 1 14 from the toggle switch 141 .
  • the toggle switch 141 also serves as the interlocking arrangement that ensures that at any given time at most one of the secure com- puter network (1 12) and the unsecured computer network (1 16) is connected to the computer network (1 14).
  • the toggle switch 141 may be provided with a respective activation means for selectively connecting the intermediate computer network 1 14 to one of the se- cure computer network 1 12 and the unsecured computer network 1 16, where the activation means may be controlled in accordance with a respective control signal.
  • the control signal may be derived e.g. on basis of one or more timer signals, on basis of one or more control signals from a computer-controlled control system operating e.g. in the server entity 128 or in another host or entity of the intermediate computer network 1 14.
  • the control signals may also be de- rived e.g. on basis of respective positions of one or more user-operable switches or knobs (or user input means of a different type), as a backup control system, for example.
  • Figure 6 depicts a block diagram of some elements of a computer network ar- rangement 103, which is a further non-limiting example of making use of the computer network arrangement 100.
  • the switching arrangement 1 10 comprises the first firewall (FW1 ) 122 arranged be- tween the secure computer network 1 12 and the intermediate computer network 1 14 and the second firewall (FW2) 124 arranged between the unsecured com- puter network 1 16 and the intermediate computer network 1 14.
  • the first firewall 122 is provided for selectively con- necting the intermediate computer network 1 14 to the secure computer network 1 12 or disconnecting the intermediate computer network 1 14 from the secure computer network 1 12, whereas the second firewall 124 is provided for selec- tively connecting the intermediate computer network 1 14 to the unsecured com- puter network 1 16 or disconnecting the intermediate computer network 1 14 from the unsecured computer network 1 16.
  • the interlocking arrangement is con- figured to control the first and second firewalls 122, 124 such that at any given time at most one of the secure computer network 1 12 and the unsecured com- puter network 1 16 is connected to the intermediate computer network 1 14.
  • Con- trolling one of the first and second firewalls 122, 124 to disconnect respective one of the secure computer network 1 12 and the unsecured computer network 1 16 form the intermediate computer network 1 14 may be provided, for example, by controlling the respective one of the first and second firewalls 122, 124 to block network traffic therethrough in accordance with a respective control signal that may be provided e.g. from a computer-controlled control system operating e.g. in the server entity 128 or in another host or entity of the intermediate com- puter network 1 14.
  • the computer network arrangements 100, 101 , 102, 103 may be employed for transferring information between the secure computer network 1 12 and the un- secured computer network 1 16 via the intermediate computer network 1 14 with- out compromising the security and/or integrity of the secure computer network 1 12.
  • An example of such data transfer involves transfer of data from one or more hosts in the unsecured computer network 1 16 to one or more hosts in the secure computer network 1 12 via one or more hosts of the intermediate computer net- work 1 14, e.g. via the server entity 128.
  • An example of such a data transfer scenario involves acquiring and installing a software update for one or more hosts in the secure computer network 1 12 from one or more hosts in the unse- cured computer network 1 16.
  • Transfer of data from the unsecured computer network 1 16 via the server entity 128 of the intermediate computer network 1 14 to the secure computer network 1 12 or vice versa may involve an analysis and/or verification of the data in the server entity 128 before passing it forward e.g. to avoid relaying malicious soft- ware.
  • the analysis and/or verification may be provided, for example, via usage of antivirus software, intrusion detection system and/or intrusion prevention sys- tem, digital signature validation system etc. operating in the server entity 128.
  • the method commences from controlling the switching arrangement 1 10 to dis- connect the secure computer network 1 12 from the intermediate computer net- work 1 14 and to connect the unsecured computer network 1 16 to the intermedi- ate computer network 1 14, as indicated in block 202.
  • this may involve setting the first air gap switch 1 18 into the disconnected state and setting the second air gap switch 120 into the connected state.
  • the method proceeds to transferring (e.g. download- ing) data from the one or more hosts in the unsecured computer network 1 16 to the server entity 128, as indicated in block 204.
  • the data that is transferred from the one or more hosts in the unsecured computer network 1 16 may include, for example, a software update to be transferred to and installed in the one or more hosts of the secure computer network 1 12.
  • the method further proceeds to controlling the switching arrangement 1 10 to disconnect the unsecured computer network 1 16 from the intermediate com- puter network 1 14 and to connect the secure computer network 1 12 to the inter- mediate computer network 1 14, as indicated in block 206.
  • this may involve setting the first air gap switch 1 18 into the connected state and setting the second air gap switch 120 into the disconnected state.
  • the method further proceeds to trans- ferring (e.g. relaying) the data obtained from the one or more hosts in the unse- cured computer network 1 16 from the server entity 128 to the one or more hosts in the secure computer network 1 12, as indicated in block 208.
  • the method proceeds into controlling the switching arrangement 1 10 to disconnect the secure computer network 1 12 from the intermediate computer network 1 14, as indicated in block 210.
  • this may involve setting the first air gap switch 1 18 into the dis connected state to ensure isolating the secure computer network 1 12 from the other networks.
  • the operations pertaining to block 204 involve both transfer of data from the one or more hosts of the unse- cured computer network 1 16 to the server entity 128 and from the server entity 128 to the one or more hosts in the unsecured computer network 1 16 and/or the operations pertaining to block 208 involve both transfer of data from the server entity 128 to the one or more hosts in the secure computer network 1 12 and from the one or more hosts in the secure computer network 1 12 to the server entity 128.
  • the transfer of data may be carried out in the opposite direction, i.e. from one or more hosts in the secure computer network 1 12 to one or more hosts of the unsecured computer network 1 16.
  • Figure 8 schematically depicts some components of an apparatus 400 that may be employed to implement the server entity 128 and cause it to perform the method described in the foregoing.
  • the apparatus 400 comprises a processor 410 and a memory 420.
  • the memory 420 may store data and computer program code 425.
  • the apparatus 400 may further comprise communication means 430 for wired or wireless communica- tion with other apparatuses and/or user I/O (input/output) components 440 that may be arranged, together with the processor 410 and a portion of the computer program code 425, to provide the user interface for receiving input from a user and/or providing output to the user.
  • the user I/O components may include user input means, such as one or more keys or buttons, a keyboard, a touchscreen or a touchpad, etc.
  • the user I/O components may include output means, such as a display or a touchscreen.
  • the components of the apparatus 400 are communicatively coupled to each other via a bus 450 that enables trans- fer of data and control information between the components.
  • the memory 420 and a portion of the computer program code 425 stored therein may be further arranged, with the processor 410, to cause the apparatus 400 to perform the method described in the foregoing.
  • the processor 410 is configured to read from and write to the memory 420.
  • the processor 410 is de- picted as a respective single component, it may be implemented as respective one or more separate processing components.
  • the memory 420 is depicted as a respective single component, it may be implemented as respective one or more separate components, some or all of which may be in- tegrated/removable and/or may provide permanent / semi-permanent/ dy- namic/cached storage.
  • the computer program code 425 may comprise computer-executable instruc- tions that implement functions that correspond to steps of the method described in the foregoing when loaded into the processor 410.
  • the com- puter program code 425 may include a computer program consisting of one or more sequences of one or more instructions.
  • the processor 410 is able to load and execute the computer program by reading the one or more sequences of one or more instructions included therein from the memory 420.
  • the one or more sequences of one or more instructions may be configured to, when executed by the processor 410, cause the apparatus 400 to perform the method described in the foregoing.
  • the apparatus 400 may comprise at least one processor 410 and at least one memory 420 including the computer program code 425 for one or more programs, the at least one memory 420 and the computer program code 425 configured to, with the at least one processor 410, cause the appa- ratus 400 to perform the method described in the foregoing.
  • the computer program code 425 may be provided e.g. a computer program product comprising at least one computer-readable non-transitory medium hav- ing the computer program code 425 stored thereon, which computer program code 425, when executed by the processor 410 causes the apparatus 400 to perform the method described in the foregoing.
  • the computer-readable non- transitory medium may comprise a memory device or a record medium such as a CD-ROM, a DVD, a Blu-ray disc or another article of manufacture that tangibly embodies the computer program.
  • the computer program may be provided as a signal configured to reliably transfer the computer pro- gram.
  • references(s) to a processor herein should not be understood to encompass only programmable processors, but also dedicated circuits such as field-programma- ble gate arrays (FPGA), application specific circuits (ASIC), signal processors, etc.
  • FPGA field-programma- ble gate arrays
  • ASIC application specific circuits
  • signal processors etc.
  • Features described in the preceding description may be used in combina- tions other than the combinations explicitly described.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Selon un mode de réalisation donné à titre d'exemple, l'invention concerne un agencement de réseau pour le transfert sécurisé de données, l'agencement de réseau comprenant un réseau informatique ; et un agencement de commutation destiné à connecter sélectivement le réseau informatique à un réseau informatique sécurisé ou à déconnecter le réseau informatique dudit réseau informatique sécurisé et à connecter sélectivement le réseau informatique à un réseau informatique non sécurisé ou à déconnecter le réseau informatique dudit réseau informatique non sécurisé.
PCT/FI2018/050488 2018-06-21 2018-06-21 Accès à un réseau informatique sécurisé WO2019243657A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/FI2018/050488 WO2019243657A1 (fr) 2018-06-21 2018-06-21 Accès à un réseau informatique sécurisé

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/FI2018/050488 WO2019243657A1 (fr) 2018-06-21 2018-06-21 Accès à un réseau informatique sécurisé

Publications (1)

Publication Number Publication Date
WO2019243657A1 true WO2019243657A1 (fr) 2019-12-26

Family

ID=62904505

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2018/050488 WO2019243657A1 (fr) 2018-06-21 2018-06-21 Accès à un réseau informatique sécurisé

Country Status (1)

Country Link
WO (1) WO2019243657A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220060476A1 (en) * 2017-12-05 2022-02-24 Goldilock Secure s.r.o. Air gap-based network isolation device
US20220191204A1 (en) * 2017-12-05 2022-06-16 Goldilock Secure s.r.o. Air gap-based network isolation device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1164766A2 (fr) * 2000-06-16 2001-12-19 Ionos Co., Ltd. Dispositif de contrôle de connections de commutation
US20100070638A1 (en) * 2006-07-07 2010-03-18 Department Of Space, Isro System and a method for secured data communication in computer networks by phantom connectivity
US20100199083A1 (en) * 2007-06-06 2010-08-05 Airbus Operations Incorporated As a Societe Par Actions Simpl Fiee Onboard access control system for communication from the open domain to the avionics domain

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1164766A2 (fr) * 2000-06-16 2001-12-19 Ionos Co., Ltd. Dispositif de contrôle de connections de commutation
US20100070638A1 (en) * 2006-07-07 2010-03-18 Department Of Space, Isro System and a method for secured data communication in computer networks by phantom connectivity
US20100199083A1 (en) * 2007-06-06 2010-08-05 Airbus Operations Incorporated As a Societe Par Actions Simpl Fiee Onboard access control system for communication from the open domain to the avionics domain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
HTTPS://WWW.L-COM.COM/MULTIMEDIA/MANUALS/M_AB-SWITCH.PDF: "D1000 LAYER 1 A/B SWITCH WITH REMOTE INTERFACE", 31 January 2011 (2011-01-31), XP055560649, Retrieved from the Internet <URL:https://web.archive.org/web/20170428084524if_/http://www.l-com.com:80/multimedia/manuals/M_AB-SWITCH.PDF> [retrieved on 20190222] *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220060476A1 (en) * 2017-12-05 2022-02-24 Goldilock Secure s.r.o. Air gap-based network isolation device
US20220191204A1 (en) * 2017-12-05 2022-06-16 Goldilock Secure s.r.o. Air gap-based network isolation device
US11616781B2 (en) * 2017-12-05 2023-03-28 Goldilock Secure s.r.o. Air gap-based network isolation device

Similar Documents

Publication Publication Date Title
US11184323B2 (en) Threat isolation using a plurality of containers
US10104120B2 (en) Command and control cyber vaccine
Case Analysis of the cyber attack on the Ukrainian power grid
US10558798B2 (en) Sandbox based Internet isolation in a trusted network
US10554475B2 (en) Sandbox based internet isolation in an untrusted network
CN108259226B (zh) 网络接口设备管理方法与装置
US11252183B1 (en) System and method for ransomware lateral movement protection in on-prem and cloud data center environments
US10592668B2 (en) Computer system security with redundant diverse secondary control system with incompatible primary control system
US20120317569A1 (en) Multi-domain information sharing
JP5411916B2 (ja) 保護継電器とこれを備えるネットワークシステム
US10193868B2 (en) Safe security proxy
KR101290963B1 (ko) 가상화 기반 망분리 시스템 및 방법
WO2019243657A1 (fr) Accès à un réseau informatique sécurisé
US20140245422A1 (en) System and method for network virtualization and security using computer systems and software
CN106548096A (zh) 数据传输方法及装置
US11537412B2 (en) System and method of utilizing security device plugin for external device monitoring and control in a secured environment
Mesbah et al. Cyber threats and policies for industrial control systems
CN113067780B (zh) 虚拟交换矩阵的流量处理方法及电子设备
Choi et al. Hardware-Based Isolation Technique to Guarantee Availability of Security Controls in a Gateway for Industrial Networks
US20200374266A1 (en) Mission Critical Security Zone
Wang et al. Research on Secure Cloud Networking Plan Based on Industry-Specific Cloud Platform
WO2023039669A1 (fr) Appareil et procédé d&#39;accès à distance à des systèmes de communication
ZASTOSOWANIA Protection of resources of an SDN virtual network that utilises hidden ID tags, a hidden network driver and HSwitch hidden switching
Gulati et al. A review on secure channel establishment technique to increase security of IoT
JP2024538844A (ja) 通信システムへのリモートアクセスのための装置及び方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18740264

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18740264

Country of ref document: EP

Kind code of ref document: A1