CN113132379A - Intelligent security system of warehousing system - Google Patents

Intelligent security system of warehousing system Download PDF

Info

Publication number
CN113132379A
CN113132379A CN202110412522.2A CN202110412522A CN113132379A CN 113132379 A CN113132379 A CN 113132379A CN 202110412522 A CN202110412522 A CN 202110412522A CN 113132379 A CN113132379 A CN 113132379A
Authority
CN
China
Prior art keywords
data
network
security
server
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110412522.2A
Other languages
Chinese (zh)
Inventor
王钊
龚祥岳
蒋雪峰
杨昌明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Huaning Technology Co ltd
Original Assignee
Guizhou Huaning Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Huaning Technology Co ltd filed Critical Guizhou Huaning Technology Co ltd
Priority to CN202110412522.2A priority Critical patent/CN113132379A/en
Publication of CN113132379A publication Critical patent/CN113132379A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention belongs to the field of data security, and particularly provides a storage system intelligent security system, which comprises: the system comprises a network data platform, a warehouse environment security system and an information security system; the warehouse environment security system consists of monitoring equipment, fire safety equipment, security equipment, a lightning protection system and a central machine room air conditioner; data of the monitoring equipment, the fire safety equipment, the security equipment, the lightning protection system and the central machine room air conditioner are uploaded to a network data platform; the information security system comprises an application security detection system, an information security backup system and an identity authentication system, and is characterized in that the data transmission process is carried out by adopting an https mode aiming at a B/S program and is carried out by encryption aiming at a C/S program. By using the method and the system, a safe warehousing data environment and a field environment are constructed, and the management of the whole warehousing system is facilitated.

Description

Intelligent security system of warehousing system
Technical Field
The invention belongs to the technical field of warehousing data management, and particularly relates to a warehousing system intelligent security system.
Background
At present, warehouse data management enters a coordination point where modern data management needs to be perfected at multiple levels, and particularly, how to effectively integrate, use and manage information resources so as to promote department cooperation and quantitative decision making are work tasks which are mainly considered in the field of relatively rapid information development and all departments at present; although data integration can be achieved through modern communication technology and data processing mode, information security is an important guarantee for data transmission aiming at the existing complicated data channel, especially for a unit capable of scheduling public resources uniformly, not only the security of the public resources itself but also the security of the public resource information need to be guaranteed. The grain is a civil guarantee, and one link for ensuring the grain safety is the safety management of a storage system; the problem that needs to be solved urgently is to realize the security protection of each link of the warehousing system.
Disclosure of Invention
The invention aims to solve the problem of how to perfect security in a warehousing system under the framework of digital management.
The basic scheme provided by the invention is as follows: the warehouse system intelligent security system includes: the system comprises a network data platform, a warehouse environment security system and an information security system; the network data platform consists of an independent internal network and a public external network, and the independent internal network and the public external network are isolated by physical isolation equipment, a network firewall, intrusion detection equipment and a network operation monitoring system; the warehouse environment security system consists of monitoring equipment, fire safety equipment, security equipment, a lightning protection system and a central machine room air conditioner; data of the monitoring equipment, the fire safety equipment, the security equipment, the lightning protection system and the central machine room air conditioner are uploaded to a network data platform;
the information security system comprises an application security detection system for detecting whether the application is safe or not, wherein the application security monitoring system consists of a patch security detection module, a database administrator password authentication module and a regular inspection system;
the information safety backup system comprises two groups of servers which run simultaneously, wherein a backup server is formed between the two groups of servers, the two groups of servers are provided with data storages, and the data storages are used for disaster recovery backup in different places;
the identity authentication system comprises an authorization unit, a log audit unit and a data transmission unit, wherein the authorization unit is used for carrying out identity authentication on user login, data browsing, downloading, editing, deleting, application program access and data exchange, and the log audit unit is used for recording and permission alarm of the user login, the data browsing, downloading, editing, deleting, the application program access and the data exchange; the data transmission unit adopts https mode transmission for B/S programs and encryption transmission for C/S programs.
The intelligent security system of the warehousing system firstly divides a network data platform into an independent internal network and a public external network through a first security, and the two networks are isolated through a physical isolation device, a network firewall, an intrusion detection device and a network operation monitoring system; therefore, the data between the two networks is prevented from being unintentionally exchanged to the maximum extent, and the attack of some network viruses and hackers is also avoided; the storage environment monitoring system is used for establishing physical safety measures for site environment, the most important overall and local temperature and humidity in storage and the picture condition of a storage site, and can effectively monitor the safety of the storage environment and avoid disasters. The system adopts a self-built identity authentication system, which comprises an authorization unit, a log audit unit and a data transmission unit, wherein the authorization unit is used for carrying out identity authentication on user login, data browsing, editing, deleting, application program access and data exchange, and the log audit unit is used for recording and permission alarm of the user login, the data browsing, downloading, editing, deleting, the application program access and the data exchange; the data transmission unit adopts https mode transmission for B/S programs and encryption transmission for C/S programs, so that data security is guaranteed from the side.
Furthermore, the network data platform takes two sets of application servers as a data processing unit, and a first set of server is provided with network management software which is used as a server for accessing data by a user to enter a monitoring server and is used as backup data to use the server; the second set of server is also provided with network management software, and the second set of server is accessed to the data output end of the first set of server and is used for data operation during normal operation; the second set of server is also accessed to the user data access end through the network switch, and is used as an emergency data security entrance after the first set of server is abnormal.
In order to comprehensively monitor the security of the storage place, the monitoring equipment comprises a camera, a temperature sensor, a humidity sensor, an audio sensor and a thermal radiation sensor, the data of the camera, the temperature sensor, the humidity sensor, the audio sensor and the thermal radiation sensor are received through a local server, and the local server is communicated with a network data platform. Wherein the camera data is provided with an independent memory card.
The local server and the network data platform acquire and update data in a bidirectional way, the local server obtains a new instruction in the data exchange process, the network data platform realizes data update, and the local server and the network data platform exchange data at regular intervals and exchange data at least once within 2 hours. The data exchange mode is divided into an active pull mode and an active push mode, wherein the active pull mode is that a network data platform actively discovers the change of a local server and actively pulls an update part according to the change content; the active push mode is that after the data of the network data platform or the local server finds changes, the two sides actively release the changed contents for the other side to find and pull.
The system strengthens access security measures, wherein a log auditing unit comprises a multi-dimensional model composed of a firewall multi-dimensional model, an intrusion detection multi-dimensional model and an anti-virus multi-dimensional model, each multi-dimensional model has a time dimension, each multi-dimensional model has an address dimension or a dimension related to user information, the dimensions are abstracted and a user dimension is created according to actual user information in a network, each user has basic information of the user, and each multi-dimensional model is connected through the user dimension and the time dimension to form an information security network.
In order to strengthen the security protection effect of the warehousing system, the physical isolation between the independent intranet and the public extranet is connected in a mode of serially connecting an isolation network gate and a physical isolation card, so that an independent intranet and the public extranet form a physical isolation channel, and the physical isolation card is connected to the network access end of the independent intranet and used for switching the input state of the independent intranet and sending received data to the independent intranet for processing.
Drawings
FIG. 1 is a logic block diagram of the smart security system of the warehousing system of the present invention;
FIG. 2 is a schematic diagram of data exchange between an external network and an internal network in the smart security system of the warehousing system of the present invention.
Detailed Description
The following is further detailed by way of specific embodiments:
example one
As shown in fig. 1, the warehouse system intelligent security system includes: the system comprises a network data platform 1, a warehouse environment security system 7 and an information security system; the network data platform 1 consists of an independent internal network and a public external network, and the independent internal network 8-9 and the public external network 4-7 are isolated by a physical isolation device 3, a network firewall, an intrusion detection device and a network operation monitoring system; the warehouse environment security system 7 consists of monitoring equipment, fire safety equipment, security equipment, a lightning protection system and a central machine room air conditioner; data of the monitoring equipment, the fire safety equipment, the security equipment 72, the lightning protection system and the central computer room air conditioner are uploaded to a network data platform;
the information security system 4 comprises an application security detection system for detecting whether the application is safe or not, wherein the application security monitoring system consists of a patch security detection module, a database administrator password authentication module and a regular inspection system;
the information safety backup system 5 comprises two groups of servers which run simultaneously, wherein a backup server is formed between the two groups of servers, the two groups of servers are provided with data storages, and the data storages are used for disaster recovery backup in different places;
the identity authentication system 6 comprises an authorization unit, a log audit unit and a data transmission unit, wherein the authorization unit is used for identity authentication of user login, data browsing, downloading, editing, deleting, application program access and data exchange, and the log audit unit is used for recording and permission alarm of user login, data browsing, downloading, editing, deleting, application program access and data exchange; the data transmission unit adopts https mode transmission for B/S programs and encryption transmission for C/S programs.
The intelligent security system of the warehousing system firstly divides a network data platform into an independent internal network and a public external network through a first security, and the two networks are isolated through a physical isolation device, a network firewall, an intrusion detection device and a network operation monitoring system; therefore, the data between the two networks is prevented from being unintentionally exchanged to the maximum extent, and the attack of some network viruses and hackers is also avoided; the storage environment monitoring system is used for establishing physical safety measures for site environment, the most important overall and local temperature and humidity in storage and the picture condition of a storage site, and can effectively monitor the safety of the storage environment and avoid disasters. The system adopts a self-built identity authentication system, which comprises an authorization unit, a log audit unit and a data transmission unit, wherein the authorization unit is used for carrying out identity authentication on user login, data browsing, editing, deleting, application program access and data exchange, and the log audit unit is used for recording and permission alarm of the user login, the data browsing, downloading, editing, deleting, the application program access and the data exchange; the data transmission unit adopts https mode transmission for B/S programs and encryption transmission for C/S programs, so that data security is guaranteed from the side.
Example two
As shown in fig. 1 and 2: the network data platform takes two sets of application servers as a data processing unit, a first set of server 21 is provided with network management software, and the network management software is used as user access data to enter a monitoring server and is used as backup data to use the server; the second set of server 22 is also provided with network management software, the second set of server 22 is connected to the data output end of the first set of server 21, and is used for data operation during normal operation; the second set of servers 22 is also connected to the user data access end through a network switch, and is used as an emergency data security entrance when the first set of servers 21 is abnormal.
In order to comprehensively monitor the security of the storage place, the monitoring equipment comprises a camera, a temperature sensor, a humidity sensor, an audio sensor and a thermal radiation sensor, the data of the camera, the temperature sensor, the humidity sensor, the audio sensor and the thermal radiation sensor are received through a local server, and the local server is communicated with a network data platform. Wherein the camera data is provided with an independent memory card.
The local server 71 and the network data platform 1 adopt bidirectional data acquisition and updating, and in the data exchange process, the local server obtains a new instruction, the network data platform 1 realizes data updating, and the two parties exchange data periodically and exchange data at least once within 2 hours. The data exchange mode is divided into an active pull mode and an active push mode, wherein the active pull mode is that a network data platform actively discovers the change of a local server and actively pulls an update part according to the change content; the active push mode is that after the data of the network data platform or the local server finds changes, the two sides actively release the changed contents for the other side to find and pull.
The system strengthens access security measures, wherein a log auditing unit comprises a multi-dimensional model composed of a firewall multi-dimensional model, an intrusion detection multi-dimensional model and an anti-virus multi-dimensional model, each multi-dimensional model has a time dimension, each multi-dimensional model has an address dimension or a dimension related to user information, the dimensions are abstracted and a user dimension is created according to actual user information in a network, each user has basic information of the user, and each multi-dimensional model is connected through the user dimension and the time dimension to form an information security network.
In order to enhance the security effect of the warehousing system, the physical isolation between the independent intranet 4-7 and the public extranet 8-9 is connected in series by adopting an isolation network gate 31 and a physical isolation card 32, so that the independent intranet 4-7 and the public extranet 8-9 form a physical isolation channel, and the physical isolation card 32 is connected to the network access end of the independent intranet and used for switching the input state of the independent intranet and sending the received data to the independent intranet for processing.
The foregoing is merely an example of the present invention, and common general knowledge in the field of known specific structures and characteristics is not described herein in any greater extent than that known in the art at the filing date or prior to the priority date of the application, so that those skilled in the art can now appreciate that all of the above-described techniques in this field and have the ability to apply routine experimentation before this date can be combined with one or more of the present teachings to complete and implement the present invention, and that certain typical known structures or known methods do not pose any impediments to the implementation of the present invention by those skilled in the art. It should be noted that, for those skilled in the art, without departing from the structure of the present invention, several changes and modifications can be made, which should also be regarded as the protection scope of the present invention, and these will not affect the effect of the implementation of the present invention and the practicability of the patent. The scope of the claims of the present application shall be determined by the contents of the claims, and the description of the embodiments and the like in the specification shall be used to explain the contents of the claims.

Claims (7)

1. Storage system wisdom security protection system, its characterized in that includes: the system comprises a network data platform, a warehouse environment security system and an information security system;
the network data platform consists of an independent internal network and a public external network, and the independent internal network and the public external network are isolated by physical isolation equipment, a network firewall, intrusion detection equipment and a network operation monitoring system;
the warehouse environment security system consists of monitoring equipment, fire safety equipment, security equipment, a lightning protection system and a central machine room air conditioner; data of the monitoring equipment, the fire safety equipment, the security equipment, the lightning protection system and the central machine room air conditioner are uploaded to a network data platform;
the information security system comprises an application security detection system for detecting whether the application is safe or not, wherein the application security monitoring system consists of a patch security detection module, a database administrator password authentication module and a regular inspection system;
the information safety backup system comprises two groups of servers which run simultaneously, wherein a backup server is formed between the two groups of servers, the two groups of servers are provided with data storages, and the data storages are used for disaster recovery backup in different places;
the identity authentication system comprises an authorization unit, a log audit unit and a data transmission unit, wherein the authorization unit is used for carrying out identity authentication on user login, data browsing, downloading, editing, deleting, application program access and data exchange, and the log audit unit is used for recording and permission alarm of the user login, the data browsing, downloading, editing, deleting, the application program access and the data exchange; the data transmission unit adopts https mode transmission for B/S programs and encryption transmission for C/S programs.
2. The warehousing system intelligent security system of claim 1, wherein: the network data platform takes two sets of servers as a data processing unit, and a first set of servers are provided with network management software and used as user access data to enter a monitoring server and used as backup data to use the server; the second set of server is also provided with network management software, and the second set of server is accessed to the data output end of the first set of server and is used for data operation during normal operation; the second set of server is also accessed to the user data access end through the network switch, and is used as an emergency data security entrance after the first set of server is abnormal.
3. The warehousing system intelligent security system of claim 1, wherein: the monitoring equipment comprises a camera, a temperature sensor, a humidity sensor, an audio sensor and a thermal radiation sensor, wherein data of the camera, the temperature sensor, the humidity sensor, the audio sensor and the thermal radiation sensor are received through a local server, and the local server is communicated with a network data platform. Wherein the camera data is provided with an independent memory card.
4. The warehousing system intelligent security system of claim 1, wherein: the local server and the network data platform respectively acquire and update data, the local server obtains a new instruction through data exchange, the network data platform realizes data update, and the local server and the network data platform exchange data at regular intervals and exchange data at least once within 2 hours.
5. The warehousing system intelligent security system of claim 4, wherein: the data exchange mode is divided into an active pulling mode and an active pushing mode, wherein the active pulling mode is that a network data platform actively discovers the change of a local server and actively pulls an updating part according to the change content; the active push mode is that after the data of the network data platform or the local server finds changes, the two sides actively release the changed contents for the other side to find and pull.
6. The warehousing system intelligent security system of claim 1, wherein: the log auditing unit comprises a multi-dimensional model composed of a firewall multi-dimensional model, an intrusion detection multi-dimensional model and an anti-virus multi-dimensional model, wherein each multi-dimensional model has a time dimension, each multi-dimensional model has an address dimension or a dimension related to user information, the dimensions are abstracted, a user dimension is created according to actual user information in a network, each user has basic information of the user, and each multi-dimensional model is connected through the user dimension and the time dimension to form an information security network.
7. The warehousing system intelligent security system of claim 1, wherein: the utility model discloses a system for processing data, including isolated intranet, public intranet, physical isolation card, isolation network gate, isolation intranet, the card is kept apart to physics, the isolation network gate is in between independent intranet, the public extranet to electric connection forms independent intranet and public extranet and forms the physics and keeps apart the passageway, the network end of going into in independent intranet is connected to the card is kept apart to physics for switch the input state of independent intranet and with receiving data transmission to independent intranet and handle.
CN202110412522.2A 2021-04-16 2021-04-16 Intelligent security system of warehousing system Withdrawn CN113132379A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110412522.2A CN113132379A (en) 2021-04-16 2021-04-16 Intelligent security system of warehousing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110412522.2A CN113132379A (en) 2021-04-16 2021-04-16 Intelligent security system of warehousing system

Publications (1)

Publication Number Publication Date
CN113132379A true CN113132379A (en) 2021-07-16

Family

ID=76776862

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110412522.2A Withdrawn CN113132379A (en) 2021-04-16 2021-04-16 Intelligent security system of warehousing system

Country Status (1)

Country Link
CN (1) CN113132379A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116757603A (en) * 2023-06-27 2023-09-15 四川中环再生信息科技有限公司 Intelligent warehouse management and control system and method based on big data application

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116757603A (en) * 2023-06-27 2023-09-15 四川中环再生信息科技有限公司 Intelligent warehouse management and control system and method based on big data application

Similar Documents

Publication Publication Date Title
WO2023216641A1 (en) Security protection method and system for power terminal
US10917417B2 (en) Method, apparatus, server, and storage medium for network security joint defense
Ahmed et al. Scada systems: Challenges for forensic investigators
US10140453B1 (en) Vulnerability management using taxonomy-based normalization
US20070050777A1 (en) Duration of alerts and scanning of large data stores
Eden et al. A forensic taxonomy of SCADA systems and approach to incident response
Wang et al. A centralized HIDS framework for private cloud
EP1894443A2 (en) Duration of alerts and scanning of large data stores
DE102020113808A1 (en) SYSTEMS AND PROCEDURES FOR MANAGING END POINT SAFETY STATES USING PASSIVE DATA INTEGRITY ATTENTION STATIONS
Pichan et al. A logging model for enabling digital forensics in iot, in an inter-connected iot, cloud eco-systems
CN102752289A (en) Master station for power utilization information collecting system
CN114584366B (en) Power monitoring network safety detection system and method
CN113132379A (en) Intelligent security system of warehousing system
Raju et al. An advanced forensic readiness model for the cloud environment
CN110708340A (en) Enterprise private network security supervision system
CN116886409B (en) Network security policy management method based on network slicing
Rencelj Ling et al. Securing Communication and Identifying Threats in RTUs: A Vulnerability Analysis
Kong et al. A small LAN zero trust network model based on elastic stack
CN102970188B (en) A kind of 110kV digital transformer substation secure network
CN114301669A (en) Security defense method, device, equipment and medium for power grid station host
KR20200054495A (en) Method for security operation service and apparatus therefor
Salem et al. A Comprehensive Review of Digital Forensics Frameworks for Internet of Things (IoT) Devices
Nabiyev Investigation of computer incidents for cyber-physical infrastructures in industrial control systems
CN115473712B (en) Cloud security service security management platform and cloud security service management method
Shang et al. Comprehensive security management system for Hadoop platforms

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20210716

WW01 Invention patent application withdrawn after publication