CN108965317A - A kind of network data guard system - Google Patents
A kind of network data guard system Download PDFInfo
- Publication number
- CN108965317A CN108965317A CN201810873801.7A CN201810873801A CN108965317A CN 108965317 A CN108965317 A CN 108965317A CN 201810873801 A CN201810873801 A CN 201810873801A CN 108965317 A CN108965317 A CN 108965317A
- Authority
- CN
- China
- Prior art keywords
- module
- alarm
- file
- data
- software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000009434 installation Methods 0.000 claims description 13
- 230000002265 prevention Effects 0.000 abstract description 8
- 230000001010 compromised effect Effects 0.000 abstract description 6
- 230000000694 effects Effects 0.000 abstract description 4
- 238000007726 management method Methods 0.000 description 45
- 230000006399 behavior Effects 0.000 description 8
- 238000004458 analytical method Methods 0.000 description 7
- 238000012550 audit Methods 0.000 description 7
- 238000000034 method Methods 0.000 description 5
- 238000012544 monitoring process Methods 0.000 description 5
- 238000013475 authorization Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000007781 pre-processing Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000013480 data collection Methods 0.000 description 2
- 238000013499 data model Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000009825 accumulation Methods 0.000 description 1
- 230000027455 binding Effects 0.000 description 1
- 238000009739 binding Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000007639 printing Methods 0.000 description 1
- 238000007670 refining Methods 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 238000009394 selective breeding Methods 0.000 description 1
- 230000006641 stabilisation Effects 0.000 description 1
- 238000011105 stabilization Methods 0.000 description 1
- 230000029305 taxis Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
- 230000003442 weekly effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/10—Tax strategies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Development Economics (AREA)
- Marketing (AREA)
- Economics (AREA)
- Software Systems (AREA)
- Strategic Management (AREA)
- Technology Law (AREA)
- General Business, Economics & Management (AREA)
- Power Engineering (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to technical field of network security, more particularly to a kind of network data guard system, including hardware and software, hardware include several clients, software includes information system entrance security management system and operation system, and information system entrance security management system receives the file from operation system;Hardware is connected with authentication means or software is provided with authentication module, the starting of authentication means or authentication module control information system entrance security management system and operation system;Information system entrance security management system includes data safety area and cloud disk, and data safety area is used under storing be downloaded from the file of operation system, and cloud disk is used for the file of switched data safety zone storage.Operation system includes online management module, enquiry module, alarm module, device management module, safety control module and task pushing module.The present invention has the effect of that the core data after prevention downloading is compromised and is tampered, and has something to base on.
Description
Technical field
The present invention relates to technical field of network security more particularly to a kind of network data guard systems.
Background technique
As Local Tax Bureau's construction of tax informatization is comprehensive and deeply develops and the online fortune of the important systems such as three phase of Golden Taxes
It goes, stores a large amount of data in all kinds of taxation informatization information systems, these data play in tax jurisdiction and service focuses on
The effect wanted.Under the background that " internet+tax " and " big data controls tax " tide arrive, data increasingly become tax work
With the core of technical management.
It is anti-that existing notification number is that the Chinese patent of CN107248975A discloses a kind of APT monitoring based on big data analysis
Imperial system, it includes data collection layer, information pre-processing layer, comprehensive analysis and data storage layer and presentation layer;The data
Acquisition layer is connected with information pre-processing layer, and information pre-processing layer is connected with comprehensive analysis with data storage layer, comprehensive analysis and number
It is connected according to accumulation layer with presentation layer;The data collection layer local data of terminal is acquired and to network data into
Row acquisition.The invention can be used for the information network securities such as finance, industry and commerce, the tax, party and government defence be used, have information flow detection with
Alarm, operating process supervision with audit, data convert and restore support etc. multiple functions, guarantee regular traffic application system conjunction
Method communication, escorts for information security infrastructure and critical network information system.
But it is stored in after the downloading of above-mentioned data information on the computer of operating side, but the data after the computer downloading of operating side
Information is easy leakage or is tampered, and the core data after how taking precautions against downloading is not leaked and distorts, and becoming subsequent will continue
The technical issues of solution.
Summary of the invention
The object of the present invention is to provide a kind of network data guard system, the core data after having prevention downloading is compromised
With the effect being tampered.
Above-mentioned technical purpose of the invention has the technical scheme that
A kind of network data guard system, including hardware and software, hardware include several clients, and the software includes information system
Entrance security management system of uniting and operation system, information system entrance security management system receive the file from operation system;
Information system entrance security management system and operation system are installed in every client;The hardware is connected with authentication dress
It sets or the software is provided with authentication module, the authentication means or authentication module control information system enter
The starting of mouth safety management system and operation system;The information system entrance security management system include data safety area and
Cloud disk, the data safety area are used under storing be downloaded from the file of operation system, and the cloud disk is deposited for switched data safety zone
The file put.
By using above-mentioned technical proposal, information system entrance security management system passes through biological identification technology fingerprint inspection
The identity at family is demonstrate,proved, ability authorized user enters operation system after identifying the identity of user.The data downloaded from operation system can be protected
There are in data safety environment.It can not read, replicate, propagate and delete in data safety environment by the user of authentication
The file being protected.After agent-protected file is detached from data safety environment, opening can only see encrypted messy code.To play
The effect that core data after prevention downloading is compromised and is tampered.
Further, the authentication means are fingerprint acquisition instrument or UKEY.
By using above-mentioned technical proposal, when user's access software system, subscriber identity information is verified, access is verified
Operation system can verify user's operation behavior from the background.Authentication is established with finger print identifying technology and digital certificate technique
System, it is ensured that the safety of file, prevention are compromised and are distorted by people's malice.
Further, the authentication module is short message password authentication module.
By using above-mentioned technical proposal, when user's access software system, pass through its body of the model validation of mobile phone plus password
Part, the user after can obtain skills for occupation and system can operating right, it is ensured that the safety of data file, prevention are compromised
And it is distorted by people's malice.
Further, the operation system include online management module, enquiry module, alarm module, device management module,
Safety control module and task pushing module;
The online management module is for counting online personnel's situation;
The enquiry module is for auditing to terminal user's behavior;
The device management module is used for the management of equipment installation;
The safety control module is controlled for software network;
The alarm module is used for illegal operation and the changed alarm of use environment;
The task pushing module is used for the distribution management of client file and software.
By using above-mentioned technical proposal, using completely new operation system, operation system audits to user's various actions
The collection of record establishes a system for intelligent analysis and refinement is done to the user behavior data collected for user
The intellectual analysis data model of change realizes intelligent supervision and the early warning of user's audit actions.
Further, the online management module is made of Online statistics database, and online axis database is equipped with tree-shaped point
Layer, respectively include the online list of primary department and the online list of second level personnel.
By using above-mentioned technical proposal, the real-time query that user can be online according to the carry out such as department, personnel shows certain
Operation system service condition in the section time.In this way, understand after line situation, user can be interacted in time, collaboration fill in,
Verification or modification data file.Administrator can also send a file to online client by task pushing module simultaneously.
Further, the enquiry module includes log meta data block, statistical report module and data security module;
The log meta data block is for recording use state;
The statistical report module is for counting storage service condition;
The data security module is used for the number of statistical data output.
By using above-mentioned technical proposal, after operation system is first recorded, stored for all information, then provides and look into
It askes, and the number of statistical query data, is comprehensively audited and analyzed, each node is accomplished in prevention illegal operation as far as possible
There is mark that can follow.
Further, the log meta data block includes controlled application access log list, controlled file usage log
List, controlled terminal log in log list, burst disk usage log list, USB usage log list.
By using above-mentioned technical proposal, operation system log meta data block can record the computer of client in detail
Usage log and internet behavior log assist in manager and understand client routine use situation in time, and then pass through day
The examination of will record, accomplishes that illegal operation has good grounds.
Further, the data security module includes safe operation disk number statistics, operation cloud disk number statistics, output
File number statistics, controlled terminal login times, client installation statistics, fingerprint instrument installation statistics and UKEY installation statistics.
By using above-mentioned technical proposal, data security module is to inside operation and exterior terminal about have can in
The behavior that can relate to data output is audited, and Audit data is showed by way of time shaft and classification, and is passed through
The examination of data security module, as far as possible prevention illegal operation, further accomplishes to have good grounds.
Further, the alarm module includes that the access of violation network address is alarmed, violation program is accessed using alarm, illegal IP
Alarm, the alarm of file outgoing, system security alarm, IP address variation alarm, hardware assets variation alarm and software asset variation
Alarm.
By using above-mentioned technical proposal, previous monitoring range and alarm range are expanded, each is possible to make
It at data leak, distorts or behavior that the case where illegal operation generates is alarmed, improves the safety of system.
Further, the task pushing module includes file distributing pushing module and software distribution pushing module.
By using above-mentioned technical proposal, operation system software provides file distributing and software distribution for catenet
Function, upload the file to be distributed or software program file, select the computer to be distributed, click and save distributed tasks, visitor
Machine booting in family executes file distributing task automatically after line.In this way, by the known user of artificial selection of administrator, recipient
Also the safety that file distributing is improved come online user, double shield can be logged into authenticate by operation system.
In conclusion the invention has the following advantages:
1, by two kinds of authentication means and/or a kind of authentication module, realize multiple bindings certification, reached people,
The perforation of equipment, post, permission makes system operation and management combine together;
2, by setting data safety area and cloud disk, file download functionally perfect is completed, the file security of user is made to circulate,
It is not easy to be compromised and be tampered;
3, by log unit module, internal system service condition and exterior terminal are audited and has been analyzed, is overcome
Traditional network only focuses on the problem of internal operation or local end completely, and prevention illegal operation as far as possible further accomplishes have
According to can look into;
4, by completely new operation system, Audit data is showed in a manner of time shaft, various to user's various actions to user
On the basis of the collection of record of the audit and data stack, does intelligent analysis for the user behavior data collected and mention
Refining establishes the intellectual analysis data model an of architecture for user, realizes intelligent supervision and the early warning of user's audit actions.
Detailed description of the invention
Fig. 1 is in embodiment for embodying hardware structural diagram;
Fig. 2 is in embodiment for embodying the block schematic illustration of software systems;
Fig. 3 is in embodiment for embodying the block schematic illustration of operation system.
In figure, 1, client;2, authentication means;3, operation system;31, authentication module;32, online management mould
Block;33, enquiry module;331, log meta data block;332, statistical report module;333, data security module;34, equipment pipe
Manage module;35, safety control module;36, alarm module;37, task pushing module;371, file distributing pushing module;372,
Software distributes pushing module;4, information system entrance security management system;41, data safety area;42, cloud disk;43, mould is encrypted
Block;44, logging modle;45, watermark module.
Specific embodiment
Below in conjunction with attached drawing, invention is further described in detail.
Embodiment:
As shown in Figure 1, present embodiments providing a kind of network data guard system, including hardware and software, hardware includes several
Client 1.The access of client 1 has biometric apparatus and/or password devices, verifies personnel identity and post, authorized user
Operating right.In addition authentication module 31 is also equipped in software systems, it is right when verifying equipment outside no access
The user identity that will be logged in is verified.In this way, from triple modes selection one weight or it is multiple verified, to reach
The perforation of people, terminal device, post, access right.
As shown in Fig. 2, software installation, in every client 1, software includes 4 He of information system entrance security management system
Operation system 3.Information system entrance security management system 4 receives the file from operation system 3.
As shown in Fig. 2, information system entrance security management system 4 includes 42 data safety of data safety area 41 and cloud disk
Area 41 is downloaded from the file of operation system 3, the file of 42 switched data safety zone 41 of cloud disk storage under storing.In use, user into
Privately owned cloud disk 42 is logged in while entering data safety environment, in data safety environment, chooses the data for needing to circulate with backup
File is uploaded to privately owned cloud disk 42;And the file for needing to circulate can be chosen, it is sent to specified online data document receivers.
In this way, can be saved in data safety environment from the data that operation system 3 is downloaded.Do not pass through the use of above-mentioned authentication simultaneously
The file being protected in data safety environment can not be read, replicate, propagate and be deleted in family.In addition, information system entrance security
Management system is also additionally provided with encrypting module 43, and after agent-protected file is detached from data safety environment, opening can only see encrypted
Messy code.Information system entrance security management system is equipped with logging modle 44, and convection current transfering the letter breath is recorded.Information system entrance peace
Full management system also has watermark module 45, watermark can be added in File Open editor, printing, watermark content includes user
The information such as name, IP, time ensure user's right.
As shown in figure 3, operation system 3 includes online management module 32, enquiry module 33, alarm module 36, equipment management
Module 34, safety control module 35 and task pushing module 37.
As shown in figure 3, online management module 32 is for counting online personnel's situation.Online management module 32 by uniting online
Library composition is counted, online axis database is equipped with tree-shaped layering, respectively includes existing with second level personnel for the online list of primary department
Alignment table.The online list of department mainly passes through administration parameter setting, belongs to system and starts the parameter configuration before commencement of commercial operation,
Purpose is in order to facilitate later real-name management.It is mainly responsible for and divides and work according to the administrative grade in actual management process
The corresponding supervisory level title of system and job site title is arranged in place name.After having part setting, user passes through
Client 1 can select administrative unit and work belonging to oneself in already existing setting parameter when registering user information
Place, so that member lays the foundation to relevant departments for everyone has responsibility later.User can carry out according to department, personnel etc. in informant
The real-time query of member, shows 3 service condition of operation system in certain time.User can cooperate, collaboration fill in,
Verification or modification data file.Administrator can also send a file to online client by task pushing module 37 simultaneously
1。
As shown in figure 3, enquiry module 33 is for auditing to terminal user's behavior.Enquiry module 33 includes log member number
According to module 331, statistical report module 332 and data security module 333.Log meta data block 331 is used to record use state,
Including internet log, program log, screen log, file operation log etc., such as internet log, some client computer is selected,
Network address log is selected in log management, then shows the internet log on the same day, can choose the inquiry of time progress history log.System
It is add-on module that Reports module 332, which is counted, for counting storage service condition, such as the memory space of safety zone, this module, is had more
It is good.Data security module 333 is used for the number of statistical data output, including safe operation disk number statistics, operation cloud disk 42 times
Number statistics, output file number statistics, controlled terminal login times, client 1 installation statistics, fingerprint instrument installation statistics and UKEY
Installation statistics.For convenience of the use of enquiry module 33, operation system 3 is equipped with the database of oneself, these logs are stored in data
In library.Database includes memory module, backup module and reservation module.Memory module is used for the storage of basic list, and common
Database is consistent.Backup module can set the data for daily, weekly or monthly backing up memory module of reception, while be equipped with text
The setting of this catalogue, sets the storing directory of backup file.Reservation module is that data file log of backup module etc. retains the time limit,
The reservation effective time limit of DB Backup journal file is set, the data file more than the time limit will be deleted.It simultaneously can be with
It setting authorisation device and uploads the log reservation time limit, host information retains the time limit, and network interface card and device port flow information retain the time limit,
Warning message retains time limit etc..For example, authorisation device, which uploads log, retains the time limit, sets authorisation device in database and upload log
The effective time limit of reservation, the offline host more than the time limit will be deleted.It is provided by the maintenance to database for query unit
Stabilization again safety use environment.
Device management module 34, the management for equipment installation.User can be helped quickly and accurately to realize to network
Keyholed back plate.User can be by the network equipment of 34 add-on system of device management module within the scope of authority, including the setting network equipment
IP and the community name for carrying out snmp management.The operation that device management module 34 can carry out has screening installation, addition equipment, deletes
Except equipment etc..The management of unknown device manufacturer and equipment redundancy IP management can also be arranged in device management module 34 simultaneously.It is unknown to set
Standby manufacturer's management, such as the equipment that system has found, but when can not identify manufacturer, " unknown device manufacturer can be passed through
Management " carries out manual setting.Addition can be clicked after being provided with, and equipment is allowed to show in the relevant list of equipment.Equipment redundancy
IP management, for example, for the network equipment there are multiple IP address the case where, system provides inquiry setting network device redundancy IP
Location, the redundancy IP address that system is found automatically will be listed in herein, for user query, the redundancy IP not yet found automatically for system
Address, user can voluntarily add equipment redundancy IP address and equipment management IP address is managed.
Safety control module 35, for software network control, safety control module 35 manage scanning probe to network set
It is standby, including network equipment communication link monitoring, network port Working Status Monitoring and port security condition monitoring and network set
Standby port positioning and operational administrative etc., match with device management module 34, there is abnormal report and submit to alarm module 36.
Alarm module 36 is used for illegal operation and the changed alarm of use environment.Alarm module 36 includes violation net
Location access alarm, violation program are become using alarm, illegal IP access alarm, the alarm of file outgoing, system security alarm, IP address
Change alarm, hardware assets variation alarm and software asset variation alarm.Such as the access alarm of violation network address, administrator setting visitor
1 computer of family end forbids the website of access, when computer user has accessed the website, in management end alarm center, online
In alarm, has relative alarm and show.Administrator can at any time 1 computer of viewing client-side violation network address access alarm.Example again
If violation program is using alarming, administrator setting client 1 computer forbids the program of access, when computer user uses
When the program, in management end alarm center, program alarm, has relative alarm and show.Administrator can check client at any time
The violation program of 1 computer is held to use alarm.The safety for guaranteeing Web vector graphic environment, accomplishes to have good grounds.
As shown in figure 3, task pushing module 37 includes that file distributing pushing module 371 and software distribute pushing module 372.
File distributing pushing module 371 provides the function of file distributing task to catenet, uploads the file to be distributed, and selection is wanted
The computer of distribution, clicks and saves distributed tasks, and client 1 executes file distributing task after being switched on automatically.Software distribution push
Module 372 selects the computer to be sent to the software program file to be uploaded, and point saves distributed tasks.After client 1 is switched on
The software installation task can be executed automatically.The update of operation system 3 is pushed also by this module.
This specific embodiment is only explanation of the invention, is not limitation of the present invention, those skilled in the art
Member can according to need the modification that not creative contribution is made to the present embodiment after reading this specification, but as long as at this
All by the protection of Patent Law in the scope of the claims of invention.
Claims (10)
1. a kind of network data guard system, including hardware and software, hardware includes several clients (1), it is characterized in that: described
Software includes information system entrance security management system (4) and operation system (3), information system entrance security management system (4)
Receive the file for coming from operation system (3);Information system entrance security management system (4) and operation system (3) are installed on every
In client (1);The hardware is connected with authentication means (2) or the software is provided with authentication module (31),
The authentication means (2) or authentication module (31) control information system entrance security management system and operation system
(3) starting;The information system entrance security management system (4) includes data safety area (41) and cloud disk (42), described
Data safety area (41) is used under storing be downloaded from the file of operation system (3), and the cloud disk (42) is used for switched data safety zone
(41) file stored.
2. a kind of network data guard system according to claim 1, it is characterized in that: the authentication means (2) are
Fingerprint acquisition instrument or UKEY.
3. a kind of network data guard system according to claim 1, it is characterized in that: the authentication module (31) is
Short message password authentication module.
4. described in any item a kind of network data guard systems according to claim 1~3, it is characterized in that: the operation system
It (3) include online management module (32), enquiry module (33), alarm module (36), device management module (34), security control mould
Block (35) and task pushing module (37);
The online management module (32) is for counting online personnel's situation;
The enquiry module (33) is for auditing to terminal user's behavior;
The device management module (34) is used for the management of equipment installation;
The safety control module (35) controls for software network;
The alarm module (36) is used for illegal operation and the changed alarm of use environment;
The task pushing module (37) is used for the updating and management of client (1).
5. a kind of network data guard system according to claim 4, it is characterized in that: the online management module (32) by
Online statistics database composition, online axis database are equipped with tree-shaped layering, respectively include the online list of primary department and second level
The online list of personnel.
6. a kind of network data guard system according to claim 5, it is characterized in that: the enquiry module (33) includes day
Will meta data block (331), statistical report module (332) and data security module (333);
The log meta data block (331) is for recording use state;
The statistical report module (332) is for counting storage service condition;
The data security module (333) is used for the number of statistical data output.
7. a kind of network data guard system according to claim 6, it is characterized in that: the log meta data block
It (331) include controlled application access log list, controlled file usage log list, controlled terminal logs in log list, safe
Disk usage log list, USB usage log list.
8. a kind of network data guard system according to claim 6, it is characterized in that: the data security module (333)
Including safe operation disk number statistics, operation cloud disk (42) number statistics, output file number statistics, controlled terminal login time
Number, client (1) installation statistics, fingerprint instrument installation statistics and UKEY installation statistics.
9. a kind of network data guard system according to claim 4, it is characterized in that: the alarm module (36) includes disobeying
Advise network address access alarm, violation program uses alarm, illegal IP access alarm, the alarm of file outgoing, system security alarm, IP
Location variation alarm, hardware assets variation alarm and software asset variation alarm.
10. a kind of network data guard system according to claim 4, it is characterized in that: the task pushing module (37)
Including file distributing pushing module (371) and software distribution pushing module (372).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810873801.7A CN108965317B (en) | 2018-08-02 | 2018-08-02 | Network data protection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810873801.7A CN108965317B (en) | 2018-08-02 | 2018-08-02 | Network data protection system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108965317A true CN108965317A (en) | 2018-12-07 |
| CN108965317B CN108965317B (en) | 2021-09-24 |
Family
ID=64467210
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810873801.7A Expired - Fee Related CN108965317B (en) | 2018-08-02 | 2018-08-02 | Network data protection system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108965317B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112149065A (en) * | 2020-09-16 | 2020-12-29 | 北京中电华大电子设计有限责任公司 | Software defense fault injection method |
| CN113194080A (en) * | 2021-04-25 | 2021-07-30 | 江苏欣业大数据科技有限公司 | Network security system based on cloud computing and artificial intelligence |
| CN117131492A (en) * | 2023-04-13 | 2023-11-28 | 杨杭杭 | Computer safety protection management system with feedback reminding function |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101064717A (en) * | 2006-04-26 | 2007-10-31 | 北京华科广通信息技术有限公司 | Safety protection system of information system or equipment and its working method |
| CN103218575A (en) * | 2013-04-17 | 2013-07-24 | 武汉元昊科技有限公司 | Host file security monitoring method |
| WO2013174813A1 (en) * | 2012-05-23 | 2013-11-28 | Gemalto S.A. | A method for protecting data on a mass storage device and a device for the same |
| CN104580083A (en) * | 2013-10-17 | 2015-04-29 | 苏州慧盾信息安全科技有限公司 | System and method for providing safety protection for financial system |
| CN106850593A (en) * | 2017-01-14 | 2017-06-13 | 河南工程学院 | A kind of computer network security guard system |
-
2018
- 2018-08-02 CN CN201810873801.7A patent/CN108965317B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101064717A (en) * | 2006-04-26 | 2007-10-31 | 北京华科广通信息技术有限公司 | Safety protection system of information system or equipment and its working method |
| WO2013174813A1 (en) * | 2012-05-23 | 2013-11-28 | Gemalto S.A. | A method for protecting data on a mass storage device and a device for the same |
| CN103218575A (en) * | 2013-04-17 | 2013-07-24 | 武汉元昊科技有限公司 | Host file security monitoring method |
| CN104580083A (en) * | 2013-10-17 | 2015-04-29 | 苏州慧盾信息安全科技有限公司 | System and method for providing safety protection for financial system |
| CN106850593A (en) * | 2017-01-14 | 2017-06-13 | 河南工程学院 | A kind of computer network security guard system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112149065A (en) * | 2020-09-16 | 2020-12-29 | 北京中电华大电子设计有限责任公司 | Software defense fault injection method |
| CN113194080A (en) * | 2021-04-25 | 2021-07-30 | 江苏欣业大数据科技有限公司 | Network security system based on cloud computing and artificial intelligence |
| CN117131492A (en) * | 2023-04-13 | 2023-11-28 | 杨杭杭 | Computer safety protection management system with feedback reminding function |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108965317B (en) | 2021-09-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11334682B2 (en) | Data subject access request processing systems and related methods | |
| CN105681276B (en) | A kind of sensitive information leakage actively monitoring and confirmation of responsibility method and apparatus | |
| US20200285770A1 (en) | Data subject access request processing systems and related methods | |
| CN109831327B (en) | IMS full-service network monitoring intelligent operation and maintenance support system based on big data analysis | |
| EP2866411A1 (en) | Method and system for detecting unauthorized access to and use of network resources with targeted analytics | |
| CN106776141B (en) | A kind of backup and recovery system enhanced safely | |
| US8943575B2 (en) | Method and system for policy simulation | |
| CN112765245A (en) | Electronic government affair big data processing platform | |
| US7577689B1 (en) | Method and system to archive data | |
| CN110957025A (en) | Medical health information safety management system | |
| CN103413083B (en) | Unit security protection system | |
| US12026237B2 (en) | Software license manager | |
| CN108965317A (en) | A kind of network data guard system | |
| CN107832602B (en) | Unified electronic seal system based on identification | |
| CN107786551B (en) | Method for accessing intranet server and device for controlling access to intranet server | |
| US11593463B2 (en) | Execution type software license management | |
| US20220277103A1 (en) | Data subject access request processing systems and related methods | |
| CN110719298A (en) | Method and device for supporting user-defined change of privileged account password | |
| US11983252B2 (en) | Software license manager security | |
| CN110290232A (en) | A kind of public platform management method and system | |
| CN110188517A (en) | A kind of the user account number login method and device of based role mode | |
| CN114092065A (en) | Data governance platform organizational structure and system management | |
| CN114244823B (en) | Penetration test method and system based on Http request automatic deformation | |
| US20130294647A1 (en) | Visual monitoring | |
| Axelrod | Creating data from applications for detecting stealth attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210924 |