CN115987632A - Network security emergency linkage device and system - Google Patents
Network security emergency linkage device and system Download PDFInfo
- Publication number
- CN115987632A CN115987632A CN202211656131.6A CN202211656131A CN115987632A CN 115987632 A CN115987632 A CN 115987632A CN 202211656131 A CN202211656131 A CN 202211656131A CN 115987632 A CN115987632 A CN 115987632A
- Authority
- CN
- China
- Prior art keywords
- module
- data
- network
- information
- intranet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000012545 processing Methods 0.000 claims abstract description 63
- 241000700605 Viruses Species 0.000 claims abstract description 33
- 230000009471 action Effects 0.000 claims abstract description 21
- 238000000034 method Methods 0.000 claims abstract description 20
- 230000008569 process Effects 0.000 claims abstract description 12
- 238000002955 isolation Methods 0.000 claims abstract description 10
- 238000011084 recovery Methods 0.000 claims description 43
- 230000005611 electricity Effects 0.000 claims description 36
- 238000013500 data storage Methods 0.000 claims description 34
- 238000007726 management method Methods 0.000 claims description 26
- 238000013523 data management Methods 0.000 claims description 20
- 238000012795 verification Methods 0.000 claims description 18
- 238000013144 data compression Methods 0.000 claims description 12
- 230000010354 integration Effects 0.000 claims description 12
- 238000006243 chemical reaction Methods 0.000 claims description 9
- 230000006378 damage Effects 0.000 claims description 8
- 238000011157 data evaluation Methods 0.000 claims description 7
- 238000001914 filtration Methods 0.000 claims description 5
- 206010033799 Paralysis Diseases 0.000 claims description 4
- 230000002457 bidirectional effect Effects 0.000 claims description 4
- 238000004458 analytical method Methods 0.000 claims description 3
- 238000013524 data verification Methods 0.000 claims description 2
- 230000000694 effects Effects 0.000 abstract description 8
- 238000012544 monitoring process Methods 0.000 description 6
- 238000001514 detection method Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000012502 risk assessment Methods 0.000 description 2
- 230000026676 system process Effects 0.000 description 2
- 230000009897 systematic effect Effects 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of network security, and discloses a network security emergency linkage device and a network security emergency linkage system. After the fact that no virus exists is confirmed under the processing of the virus checking and killing module in the process of storage of the temporary storage module, the data can be transmitted and the size and the consumed flow can be calculated under the action of the network data metering module, internal access is further limited under the action of the last intranet data protection module CISCOPIX-515E-UR-BUN firewall, then the data can enter the intranet unit and can be read by a user side, when the data are attacked maliciously, the emergency processing terminal reads log information recorded in the CISCOPIX-515E-UR-BUN firewall, the data source IP is tried to be tracked through the data tracking module, the connection between an external network and the intranet is disconnected through the network isolation module, important files are protected to enter a read-only protection state under the action of the locking module, the mode can prevent external continuous malice attacks, a good anti-loss effect can be achieved for the important files, and a good virus effect can be achieved when the data are used.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network security emergency linkage device and a network security emergency linkage system.
Background
The network security includes network device security, network information security and network software security, which means that the hardware, software and data in the system of the network system are protected and are not damaged, changed and leaked due to accidental or malicious reasons, the system continuously, reliably and normally operates, and the network service is not interrupted. The modern computer network management system mainly comprises 4 elements, namely a plurality of managed agents; at least one network manager; a public network management protocol; one or more management information bases, of which network management protocol is the most important part, defines a communication method between a network manager and a managed agent, and specifies a storage structure of the management information base, meanings of keywords in the information base, and a processing method of various events.
The currently influential network management protocol is SNMP. They represent two major current network management solutions. SNMP flows most widely, uses most widely, obtains the most widely, has become the actual industrial standard, wherein some present major network security risks reflect mainly in some aspects of internal local area network risk, application service security risk, internet risk, wherein some present company inside and even with government organization, use mostly closed intranet to work, adopt and protect with the mode that the external network does not communicate each other, it has great inconvenience while using, for example Chinese patent (publication No: CN 111740974A) discloses a network security emergency linkage device and system, enterprise such as present company often needs to call the transmission of relevant data and file with the external network with the intranet unit, make it connect with the external network indispensable, most present intranet protection is mostly simple several firewall protection, and there is no systematic reaction and processing mechanism, its leak that exists often causes the malicious destruction, the situation that the data is lost, make it easy to appear the great loss when using;
in addition, in other existing solutions, for example, CN114978584A in the prior art relates to a unit-based network security protection security system, which includes an internet threat detection and active response module, specifically, the module provides risk assessment, real-time monitoring, tamper handling, emergency countermeasure for internet services, and obtains a safer guarantee again; the risk assessment comprises: evaluating exposed surfaces, vulnerability and content safety, taking the evaluated exposed surfaces, the vulnerability and the content safety as base lines, carrying out continuous recheck at regular intervals, monitoring asset changes at regular intervals, and continuously analyzing the risk condition introduced by the newly added assets; the real-time monitoring comprises the following steps: monitoring page tampering, 0day, web horses, black links, DNS, availability security events in real time and generating reports to inform users in time; the tamper handling includes: rapidly replacing the tampered site through DNS technology; the emergency countermeasure comprises: the cloud emergency countermeasure guarantees sensitive data, and although the intranet protection system can practice whether the page connected with the extranet receives the invasion detection of extranet viruses or trojans, the intranet protection system cannot realize pre-filtering in the data access and access process, and cannot realize effective anti-tracking and tracing of data infected by viruses.
Disclosure of Invention
The invention provides a network safety emergency linkage device and system, aiming at the problems that most of the existing internal network protection is simple firewall protection, and has no systematic reaction and processing mechanism, the existing loophole is easy to cause malicious damage, the data loss occurs, and the larger loss is easy to occur during the use of the device.
In order to solve the technical problem, the invention is solved by the following technical scheme:
the utility model provides a network security emergent linked system, includes the emergent linked rack of network security, be provided with the intranet unit in the emergent linked rack of network security, the input of intranet unit is connected with the output electricity of network management unit, the input of network management unit is connected with the output electricity of emergency processing terminal, the output of emergency processing terminal is connected with the input electricity of data tracking module, the output of data tracking module is connected with the input electricity of extranet interface, the output of extranet interface is connected with the input electricity of network information supervision module, the output of network information supervision module is connected with the input electricity of network data protection module, the output of network data protection module is connected with the input electricity of network data processing module, the output of network data processing module is connected with the input electricity of temporary storage module, the output of temporary storage module is connected with the input electricity of network data metering module.
The output of network data measurement module is connected with intranet data protection module's input electricity, intranet data protection module's output is connected with the input electricity of intranet unit, the output of intranet unit is connected with intranet data integration module's input electricity, intranet data integration module's output is connected with network data compression module's input electricity, network data compression module's output is connected with data storage module's input electricity, data storage module's output is connected with information recovery system's input electricity, information recovery system's output is connected with data storage module's input electricity, information recovery system's output is connected with local data backup module's input electricity, information recovery system's input is connected with standby processing system's output electricity.
The input of intranet unit is connected with network data management module's input electricity, network data management module's input is connected with the output electricity of visiting the login unit, the input in the access login unit is connected with the output electricity of user side, network management unit's input is connected with read-only locking module's output electricity, network management unit's input is connected with the output electricity of network isolation module, the input of emergency treatment terminal is connected with the output electricity of upgrading the renewal module, network data protection module's input is connected with the output electricity of state early warning module, temporary storage module's input is connected with the output electricity of virus searching and killing module, intranet data protection module's input is connected with the output electricity of data evaluation module.
Preferably, the access login unit comprises an information acquisition module, an information verification module and an information comparison module, wherein the information acquisition module comprises account password and dynamic short message code verification, the information verification module is used for sending the dynamic short message verification code and verifying input data, and the information comparison module is used for searching and comparing the account password with a registered user.
Preferably, the network data processing module comprises a CISCOPIX-515E-UR-BUN firewall, has strong log recording and analysis, can record data packets flowing through a network in detail, and tracks and records users accessing confidential data, so that malicious damage with chapters can be found.
Preferably, the network data protection module is specifically a network data protection module accessing an external network interface, a CISCOPIX-515E-UR-BUN firewall DMZ area, and the control of the network data protection module is required to keep both the access of the internal network unit user and the access of the external network interface, meanwhile, bidirectional NAT conversion enables the internal network to access the Internet through an internal IP address, and an authorized user of a public external network interface can access the Internet through the bidirectional NAT conversion
The public network address mapped by the CISCOPIX-515E-UR-BUN firewall accesses the service provided by the server with the internal hidden legal address, starts a multi-level content filtering function, limits internal staff from accessing bad websites, and can filter programs possibly containing trojans in URLs and http so as to prevent the programs from being damaged by using an intranet system.
Preferably, the intranet data protection module is a Cisco PIX-515E-UR-BUN firewall, a Cisco PIX 515E firewall is arranged in the network information supervision module and is used for limiting access of an external network to intranet resources, and the network data protection module is arranged at a host interface of the temporary storage module.
Preferably, the network management unit is provided with a CISCO PIlX-515E-UR-BUN firewall, and based on rule control, each link in a TCP/IP protocol is subjected to security control to generate a complete and secure access control table, the access control table comprises the access control of Internet to an internal database server, a network function server and a DMZ zone server, the access of external to an internal network unit and the access of DMZ internal services are clearly limited, and illegal tampering to an internal important system is prevented.
Preferably, the upgrade updating module adopts independent upgrade updating set for the emergency processing terminal, and is convenient for increasing the set value of each firewall after being attacked.
Preferably, when a user side inside the network data management module accesses, the network data management module can keep recording data files and mode time accessed by the network data management module, limits the access and viewed files, and limits the viewing of corresponding file contents according to the authority size of the network data management module, the data storage module stores data of an intranet unit for subsequent access and retrieval, the information recovery system keeps backing up the data, when the data is lost or even a hardware fault occurs, the information recovery system copies the data of the local data backup module to the data storage module for recovery, and when the information recovery system is in fault or even under attack, the data is processed through the standby processing system.
Preferably, the network security emergency linkage cabinet and the local data backup module are connected with a hard disk bin in a clamping mode on the surface of a data interface, a groove is formed in the upper surface of the inner wall of the hard disk bin, the upper surface of the inner wall of the groove and the top end of a sliding rod are fixedly connected, the surface of the sliding rod is connected in a limiting groove in a sliding mode, the limiting groove is formed in the upper surface of a clamping block, a spring is arranged on the surface of the sliding rod, the left side surface of the clamping block is fixedly connected with the right side surface of a deflection block, the surface of the deflection block is in lap joint with the surface of a pressing key, the surface of the pressing key is in lap joint with the right side surface of the inner wall of the groove through a sliding sleeve, and the surface of the clamping block is in lap joint with the right side surface of the local data backup module.
A network security emergency linkage method comprises the following steps:
s1, when the system is used, a user logs in through an access login unit, information is input into an information acquisition module in the login process, then a dynamic code of the information is verified through an information verification module, account information of the user is inquired and compared through an information comparison module, the login can be completed after verification, then data and files specified by an intranet unit are accessed through a network data management module, when needed, the Internet is accessed through an extranet interface, the data enters a network data protection module under the protection of a network information supervision module, the accessed data is checked under the network data protection module, bad website information is blocked, and meanwhile information of different accessed websites is received by a state early warning module.
S2, accessing an external network, simultaneously carrying out early warning by an event early warning module according to the risk of the website, simultaneously recording an accessed address log by a network data processing module, when the data are attacked, calling log information of the network data storage module by an emergency processing terminal matched with a data tracking module to carry out anti-tracking work until the data reach a temporary storage module, scanning and checking the data in the temporary storage module under the action of a virus checking and killing module, and then entering an intranet unit, when the virus checking and killing module detects the virus, firstly, changing various system parameters and data in the intranet unit into a read-only mode by a network management unit through a read-only locking fixed die, avoiding malicious tampering, simultaneously, matching with the network isolation module to isolate a computer entering the virus from other user terminals, and processing the virus through the emergency processing terminal, and evaluating the risk degree according to the damage degree when the data evaluation module is maliciously attacked.
And S3, the emergency processing terminal makes corresponding-grade reactions for processing, the intranet unit stores submitted files and log contents, the files and the log contents are uniformly classified according to time and types under the action of the intranet data integration module, classified data are compressed through the network data compression module and then stored in the data storage module, the classified data are directly called in subsequent use, the data of the data storage module are processed by the information recovery system and then set to be read only and stored in the local data backup module for storage, when the information recovery system is attacked and paralyzed together with the data storage module, the information recovery system is replied through the standby processing system, and meanwhile, when different viruses and threats of the attack are processed, the update patch is uploaded through the update module.
Due to the adoption of the technical scheme, the invention has the remarkable technical effects that:
1. by adopting an intranet data protection module, a network data metering module, a temporary storage module, a network data processing module, a network data protection module, a network information supervision module, a data tracking module and an emergency processing terminal, when the system is used, data of an extranet is firstly sent to the network information supervision module, most illegal accesses of the extranet are limited under the action of a Cisco PIX 515E firewall, then the data is detected on the property and the legality of a website in the network data protection module, meanwhile, the early warning of different conditions can be made on different websites of the extranet by matching with a situation early warning module, the system can conveniently react in time when being attacked, then the log information accessed by the data is recorded and stored under the action of a CISCOPIX-515E-UR-BUN firewall in the network data processing module, and then files can be stored in a zero-hour storage module, after confirming no virus under the processing of the virus checking and killing module in the process of storing by the temporary storage module, the temporary storage module can transmit and calculate the size and the consumed flow under the action of the network data metering module, further limit the internal access under the action of the internal network data protection module CISCOPIX-515E-UR-BUN firewall, then can enter the data into the internal network unit to be read by the user end, when the malicious attack is received, the emergency processing terminal reads the log information recorded in the CISCOPIX-515E-UR-BUN firewall, tries to track the data source IP through the data tracking module, cooperates with the network isolation module to disconnect the connection between the external network and the internal network, and protects the important file to enter a read-only protection state under the action of the locking module, the mode can prevent the external continuous malicious attack, and can play a good anti-loss effect on the important file, meanwhile, the anti-virus mask has good virus protection effect when in use.
2. The intranet data integration module, the network data compression module, the data storage module, the information recovery system and the local data backup module are characterized in that an intranet unit stores submitted files, log contents are uniformly classified according to time and types under the action of the intranet data integration module, then classified data are compressed through the network data compression module and then stored in the data storage module, and only the files can be directly called when the intranet unit is used subsequently, meanwhile, the information recovery system processes the data of the data storage module and then sets the data as read-only data to be stored in the local data backup module, when the information recovery system is attacked and the data storage module is paralyzed together, the information recovery system replies through the standby processing system, the stored files can be kept under the attack and are not easy to lose, the data in the data storage module can be directly stolen when the information recovery system is attacked, meanwhile, the information recovery system is directly destroyed when the information recovery system is attacked, the data of the local data storage module can be called out and the backup files can be kept to be recovered when the information recovery system is restored when the information recovery system is used subsequently, and the attack loss is greatly reduced, and the use safety of the files is higher.
3. The network safety emergency linkage method comprises the steps that a data interface is arranged, a hard disk bin, a groove, a sliding rod, a limiting groove, a clamping block, a deflection block, a pressing key and a spring are arranged, when the network safety emergency linkage method is used, a local data backup module can drive the deflection block to start moving when moving by pressing the pressing key when the local data backup module is used, and simultaneously drive the clamping block to move when the deflection block moves until the clamping block is separated from the local data backup module, the local data backup module can be pulled out, when the local data backup module is replaced or installed, a hard disk is directly inserted into the hard disk bin, the clamping block resets under the action of the spring after being pressed to limit the local data backup module, the local data backup module can be taken out when needed, meanwhile, the stable installation of the local data backup module can be kept through the clamping block, and the situation that the local data backup cannot be backed up due to looseness is avoided.
Drawings
FIG. 1 is a schematic diagram of the system of the present invention;
FIG. 2 is a schematic cross-sectional view of a front view of a data storage module according to the present invention;
FIG. 3 is a schematic cross-sectional view of a local data backup module according to the present invention;
fig. 4 is an enlarged schematic view of the structure at the position A of the present invention.
The names of the parts indicated by the numerical references in the drawings are as follows:
the system comprises an intranet unit 1, a network management unit 2, an emergency processing terminal 3, a data tracking module 4, an extranet interface 5, a network information supervision module 6, a network data protection module 7, a network data processing module 8, a temporary storage module 9, a network data metering module 10, an intranet data protection module 11, an intranet data integration module 12, a network data compression module 13, a data storage module 14, a local data backup module 15, an information recovery system 16, a standby processing system 17, a network data management module 18, an access login unit 19, a client 20, a read-only locking module 21, a network isolation module 22, an upgrade update module 23, a situation early warning module 24, a virus checking and killing module 25, a data evaluation module 26, a data interface 27, a hard disk cabin 28, a groove 29, a sliding rod 30, a limiting groove 31, a clamping block 32, a deflection block 33, a key 34, a spring 35 and a network security emergency linkage cabinet 36.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
A network security emergency linkage system is shown in figures 1-4 and comprises a network security emergency linkage cabinet 36, wherein an intranet unit 1 is arranged in the network security emergency linkage cabinet 36, the input end of the intranet unit 1 is electrically connected with the output end of a network management unit 2, the input end of the network management unit 2 is electrically connected with the output end of an emergency processing terminal 3, the network management unit 2 is provided with a CISCO PIlX-515E-UR-BUN firewall and is controlled based on rules: each link in TCP/IP protocol is controlled safely, a complete and safe access control table is generated, which comprises access control of Internet to an internal database server, a network function server and a DMZ server, the access of external internal services of an internal intranet unit 1 and a DMZ is clearly limited, and illegal tampering to an internal important system is prevented, the output end of an emergency processing terminal 3 is electrically connected with the input end of a data tracking module 4, the output end of the data tracking module 4 is electrically connected with the input end of an external network interface 5, the output end of the external network interface 5 is electrically connected with the input end of a network information monitoring module 6, the output end of the network information monitoring module 6 is electrically connected with the input end of a network data protection module 7, the network data protection module 7 is specifically used for connecting the external network interface 5 into a CISCISCOPIX-515E-UR-BUN firewall DMZ area, the control of the internal network data protection module 7 is required for keeping the access of both the user of the internal network unit 1 and the external network interface 5, meanwhile, bidirectional NAT conversion enables the access to the Internet through an internal IP address to be hidden by a public network address of the internal firewall of the public network server which is required for access through the CISCIX-515-BUOPE-BUN firewall, the method comprises the steps of starting a multi-level content filtering function, limiting internal staff to access bad websites, filtering programs possibly containing trojans in URLs and http, and preventing the programs from being damaged by using an intranet system, wherein the output end of a network data protection module 7 is electrically connected with the input end of a network data processing module 8, the output end of the network data processing module 8 is electrically connected with the input end of a temporary storage module 9, the network data processing module 8 comprises a CISCOPIX-515E-UR-BUN firewall and has strong log recording and analysis functions, detailed records can be carried out on data packets flowing through a network, users accessing confidential data are tracked and recorded, malicious damage can be found, and the output end of the temporary storage module 9 is electrically connected with the input end of a network data metering module 10.
The output end of the network data metering module 10 is electrically connected with the input end of the intranet data protection module 11, the intranet data protection module 11 is a CISCO IX-515E-UR-BUN firewall, a Cisco PIX 515E firewall is arranged in the network information supervision module 6 and used for limiting access of external networks to intranet resources, the network data protection module 7 is arranged at the host interface of the temporary storage module 9 and has a good protection effect, the output end of the intranet data protection module 11 is electrically connected with the input end of the intranet unit 1, the output end of the intranet unit 1 is electrically connected with the input end of the intranet data integration module 12, the output end of the intranet data integration module 12 is electrically connected with the input end of the network data compression module 13, and the output end of the network data compression module 13 is electrically connected with the input end of the data storage module 14, the output end of the data storage module 14 is electrically connected with the input end of the information recovery system 16, the network security emergency linkage cabinet 36 is connected with the surface of the data interface 27 of the local data backup module 15 by the hard disk bin 28 in a clamping manner, the upper surface of the inner wall of the hard disk bin 28 is provided with a groove 29, the upper surface and the inner wall of the groove 29 are fixedly connected with the top end of a sliding rod 30, the surface of the sliding rod 30 is connected in a limiting groove 31 in a sliding manner, the limiting groove 31 is arranged on the upper surface of a clamping block 32, the surface of the sliding rod 30 is provided with a spring 35, the left side surface of the clamping block 32 is fixedly connected with the right side surface of a deflection block 33, the surface of the deflection block 33 is overlapped with the surface of a pressing key 34, the surface of the pressing key 34 is clamped on the right side surface of the inner wall of the groove 29 by a sliding sleeve, the surface of the clamping block 32 is overlapped with the right side surface of the local data backup module 15, the data storage module 14 stores the data of the intranet unit 1 for subsequent access and retrieval, meanwhile, the information recovery system 16 keeps backing up the data, when the data is lost or even a hardware fault occurs, the information recovery system 16 copies the data of the local data backup module 15 to the data storage module 14 for recovery, when the information recovery system 16 is in fault or even attacked, the information recovery system processes the data through the standby processing system 17, the output end of the information recovery system 16 is electrically connected with the input end of the data storage module 14, the output end of the information recovery system 16 is electrically connected with the input end of the local data backup module 15, and the input end of the information recovery system 16 is electrically connected with the output end of the standby processing system 17.
The input end of the intranet unit 1 is electrically connected with the input end of the network data management module 18, when a user end 20 inside the network data management module 18 accesses, the data file and mode time accessed by the network data management module can be kept to be recorded, the access and the viewed file are limited, the viewing of the corresponding file content is limited according to the authority of the file, the input end of the network data management module 18 is electrically connected with the output end of the access login unit 19, the access login unit 19 comprises an information acquisition module, an information verification module and an information comparison module, the information acquisition module comprises an account password and dynamic short message code verification, the information verification module is used for sending and inputting data verification of the dynamic short message verification code, the information comparison module is used for searching and comparing the account password with a registered user, the input end in the access login unit 19 is electrically connected with the output end of the user end 20, the input end of the network management unit 2 is electrically connected with the output end of the read-only locking module 21, the input end of the network management unit 2 is electrically connected with the output end of the network isolation module 22, the input end of the emergency processing terminal 3 is electrically connected with the output end of the upgrade updating module 23, the upgrade updating module 23 adopts independent upgrade updating set for the emergency processing terminal 3, and is convenient to perform upgrade setting values on various firewall after being attacked, the input end of the network data protection module 7 is electrically connected with the output end of the incident early warning module 24, the input end of the temporary storage module 9 is electrically connected with the output end of the virus checking and killing module 25, and the input end of the intranet data protection module 11 is electrically connected with the output end of the data evaluation module 26.
A network security emergency linkage method comprises the following steps:
s1, when the system is used, a user side 20 logs in through an access login unit 19, information is input into an information acquisition module in the login process, then a dynamic code of the information is verified through an information verification module, account information of the user side is inquired and compared through an information comparison module, the login can be completed after verification, then data and files specified by an intranet unit 1 are accessed through a network data management module 18, when needed, in the Internet access process through an extranet interface 5, the data enters a network data protection module 7 under the protection of a network information supervision module 6, the accessed data is checked under the network data protection module 7, bad website information is blocked, and meanwhile information of different accessed websites is received by a state early warning module 24.
S2, visiting an external network and simultaneously carrying out early warning by the event early warning module 24 according to the risk degree of the website, simultaneously recording an accessed address log by the network data processing module 8, when the attack is received, the emergency processing terminal 3 can call log information of the network data storage module 14 to carry out anti-tracking work by matching with the data tracking module 4 until the data reaches the temporary storage module 9, then the data is scanned and checked in the temporary storage module 9 under the action of the virus searching and killing module 25 and then enters the intranet unit 1, when the virus searching and killing module 25 detects the virus, firstly, the network management unit 2 changes various system parameters and data in the intranet unit 1 into a mode by a read-only locking fixed die, avoids malicious tampering, simultaneously, the network isolation module 22 is matched to isolate a computer entering the virus from other user terminals 20, the virus is processed by the emergency processing terminal 3, and the intranet data evaluation module 26 can evaluate the risk degree according to the damage degree when the attack is matched with the data protection module 11.
S3, the emergency processing terminal 3 carries out corresponding grade reaction for processing, the intranet unit 1 stores submitted files and log contents, the files and the log contents are classified according to time and types under the action of the intranet data integration module 12, classified data are compressed through the network data compression module 13 and then stored in the data storage module 14, the classified data can be directly called when being used subsequently, the information recovery system 16 processes the data of the data storage module 14 and then sets the processed data as read-only data to be stored in the local data backup module 15, when the information recovery system 16 is attacked and paralyzed together with the data storage module 14, the information recovery system is replied through the standby processing system 17, and meanwhile, when different viruses and attacks are threatened, updating patches are uploaded through the upgrading module 23.
Therefore, the invention adopts the intranet data protection module, the network data metering module, the temporary storage module, the network data processing module, the network data protection module, the network information supervision module, the data tracking module and the emergency processing terminal, when in use, the data of the extranet is firstly sent to the network information supervision module, most illegal accesses are limited under the action of the Cisco PIX 515E firewall, then the data is detected on the website property and the legality in the network data protection module, meanwhile, the early warning of different conditions can be made on different websites by matching with the situation early warning module, the timely response is convenient when the data is attacked, then the log information accessed by the data is recorded and stored under the action of the CISCOPIX-515E-UR-BUN firewall in the network data processing module, then the file can be stored in a zero-time storage module, after the temporary storage module stores the process that no virus exists under the processing of a virus checking and killing module, the file can be transmitted and the size and the consumed flow can be calculated under the action of a network data metering module, the internal access is further limited under the action of a CISCOPIX-515E-UR-BUN firewall of the last intranet data protection module, then the data can enter an intranet unit to be read by a user end, when the malicious attack occurs, an emergency processing terminal reads log information recorded in the CISCOPIX-515E-UR-BUN firewall, the data source IP is tried to be tracked by a data tracking module, the connection between an external network and the intranet is disconnected by matching with a network isolation module, and important files are protected to enter a read-only protection state under the action of a read-only locking module, and the mode can prevent the external continuous malicious attack, the anti-loss data access method has the advantages that the anti-loss effect on important files can be well achieved, the good virus protection effect is achieved when the anti-loss data access method is used, and all-dimensional three-dimensional prevention and control are achieved before data access, in the access process and after the intrusion process.
In summary, the above is only a preferred embodiment of the present invention, and all equivalent changes and modifications made in the claims of the present invention should be covered by the claims of the present invention.
Claims (10)
1. The utility model provides an emergent linked systems of network security, includes emergent linked cabinets of network security, its characterized in that: an internal network unit is arranged in the network safety emergency linkage cabinet, the input end of the internal network unit is electrically connected with the output end of a network management unit, the input end of the network management unit is electrically connected with the output end of an emergency processing terminal, the output end of the emergency processing terminal is electrically connected with the input end of a data tracking module, the output end of the data tracking module is electrically connected with the input end of an external network interface, the output end of the external network interface is electrically connected with the input end of a network information supervision module, the output end of the network information supervision module is electrically connected with the input end of a network data protection module, the output end of the network data protection module is electrically connected with the input end of a network data processing module, the output end of the network data processing module is electrically connected with the input end of a temporary storage module, and the output end of the temporary storage module is electrically connected with the input end of a network data metering module;
the output end of the network data metering module is electrically connected with the input end of an intranet data protection module, the output end of the intranet data protection module is electrically connected with the input end of an intranet unit, the output end of the intranet unit is electrically connected with the input end of an intranet data integration module, the output end of the intranet data integration module is electrically connected with the input end of a network data compression module, the output end of the network data compression module is electrically connected with the input end of a data storage module, the output end of the data storage module is electrically connected with the input end of an information recovery system, the output end of the information recovery system is electrically connected with the input end of a local data backup module, and the input end of the information recovery system is electrically connected with the output end of a standby processing system;
the input of intranet unit is connected with network data management module's input electricity, network data management module's input is connected with the output electricity of visiting the login unit, the input in the access login unit is connected with the output electricity of user side, network management unit's input is connected with read-only locking module's output electricity, network management unit's input is connected with the output electricity of network isolation module, the input of emergency treatment terminal is connected with the output electricity of upgrading the renewal module, network data protection module's input is connected with the output electricity of state early warning module, temporary storage module's input is connected with the output electricity of virus searching and killing module, intranet data protection module's input is connected with the output electricity of data evaluation module.
2. The network security emergency linkage system according to claim 1, wherein: the access login unit comprises an information acquisition module, an information verification module and an information comparison module, wherein the information acquisition module comprises an account password and dynamic short message code verification, the information verification module is used for sending the dynamic short message verification code and inputting data verification, and the information comparison module is used for searching and comparing the account password with a registered user.
3. The network security emergency linkage system according to claim 1, wherein: the network data processing module comprises a CISCOPIX-515E-UR-BUN firewall, has strong log recording and analysis, can record data packets flowing through a network in detail, and tracks and records users accessing confidential data, so that malicious damage can be found.
4. The network security emergency linkage system according to claim 1, wherein: the network data protection module is characterized in that an external network interface is accessed into a CISCOPIX-515E-UR-BUN firewall DMZ area, the condition that both an internal network unit user and the external network interface need to access and need to be controlled by the network data protection module is kept, meanwhile, bidirectional NAT conversion enables an internal network to access the Internet through an internal IP address, an authorized user of a public external network interface can access services provided by a server with a hidden legal address through the public network address mapped by the CISCOPIX-515E-UR-BUN firewall, a multi-level content filtering function is started, internal staff are limited from accessing bad websites, programs possibly containing trojans in URLs and https can be filtered, and the internal network system is prevented from being damaged.
5. The network security emergency linkage system according to claim 1, wherein: the intranet data protection module is a CISCO PIX 515E firewall, a Cisco PIX 515E firewall is arranged in the network information supervision module and used for limiting access of an external network to intranet resources, and the network data protection module is arranged at a host interface of the temporary storage module.
6. The network security emergency linkage system according to claim 1, wherein: the network management unit is provided with a CISCO PIlX-515E-UR-BUN firewall, and based on rule control, each link in a TCP/IP protocol is subjected to security control to generate a complete and secure access control table, wherein the access control table comprises Internet access control on an internal database server, a network function server and a DMZ zone server, external access to an internal network unit and service access in the DMZ zone is clearly limited, and illegal tampering on an internal important system is prevented.
7. The network security emergency linkage system according to claim 1, wherein: the upgrade updating module adopts independent upgrade updating set for the emergency processing terminal, and is convenient for increasing the set value of each firewall after being attacked.
8. The network security emergency linkage system according to claim 1, wherein: when a user side inside the network data management module accesses, the network data management module can keep recording data files and mode time accessed by the network data management module, limits the access and viewed files, and limits the viewed corresponding file content according to the authority size of the network data management module, the data storage module stores data of an intranet unit for facilitating subsequent access and retrieval, the information recovery system keeps backing up the data, when the data is lost or even a hardware fault occurs, the information recovery system copies the data of a local data backup module to the data storage module for recovery, and when the information recovery system is in fault or even under attack, the data is processed through a standby processing system.
9. The network security emergency linkage system according to claim 1, wherein: the network safety emergency linkage cabinet is characterized in that a hard disk bin is connected with the surface of a data interface of a local data backup module in a clamping mode, a groove is formed in the upper surface of the inner wall of the hard disk bin, the upper surface of the inner wall of the groove and the top end of a sliding rod are fixedly connected, the surface of the sliding rod is connected in a limiting groove in a sliding mode, the limiting groove is formed in the upper surface of a clamping block, a spring is arranged on the surface of the sliding rod, the left side surface of the clamping block is fixedly connected with the right side surface of a deflection block, the surface of the deflection block is in lap joint with the surface of a pressing key, the surface of the pressing key is in lap joint with the right side surface of the inner wall of the groove through a sliding sleeve, and the surface of the clamping block is in lap joint with the right side surface of the local data backup module.
10. The utility model provides a network security emergent aggregate unit which characterized in that: use of a network security emergency linkage system according to any of claims 1 to 9, comprising the steps of:
s1, when the system is used, a user logs in through an access login unit, information is input into an information acquisition module in the login process, then a dynamic code of the system is verified through an information verification module, account information of the system is inquired and compared through an information comparison module, the login can be completed after verification, then data and files specified by an intranet unit are accessed through a network data management module, when needed, in the process of accessing Internet through an extranet interface, the data enters a network data protection module under the protection of a network information supervision module, the data accessed by the system is checked under the network data protection module, bad website information is blocked, and meanwhile, the information of different accessed websites is received by a state early warning module according to the information of the different accessed websites;
s2, accessing an external network, simultaneously carrying out early warning by an event early warning module according to the risk of the website, simultaneously recording an accessed address log by a network data processing module, when the accessed address log is attacked, enabling an emergency processing terminal to be matched with a data tracking module to call log information of a network data storage module to carry out anti-tracking work on the log information until the data reaches a temporary storage module, scanning and checking the data in the temporary storage module under the action of a virus checking and killing module, and then entering an intranet unit, when the virus checking and killing module detects viruses, firstly changing various system parameters and data in the intranet unit into a read-only mode by a network management unit through a read-only locking fixed die, avoiding malicious tampering, simultaneously being matched with the network isolation module to isolate a computer entering the viruses from other user terminals, and processing the viruses through the emergency processing terminal, and when a data evaluation module is matched with the intranet data protection module to be attacked maliciously, evaluating the risk degree according to the damage degree;
and S3, the emergency processing terminal makes corresponding-grade reactions for processing, the intranet unit stores the submitted files and log contents, the files and the log contents are classified according to time and types under the action of the intranet data integration module, the classified data are compressed through the network data compression module and then stored in the data storage module, the classified data are directly called in subsequent use, the data of the data storage module are processed by the information recovery system and then set to be stored in the local data backup module for storage, when the information recovery system is attacked and paralyzed together with the data storage module, the information recovery system can reply through the standby processing system, and meanwhile, when different viruses and attacks are processed, the updating patch is uploaded through the updating module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211656131.6A CN115987632A (en) | 2022-12-22 | 2022-12-22 | Network security emergency linkage device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211656131.6A CN115987632A (en) | 2022-12-22 | 2022-12-22 | Network security emergency linkage device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115987632A true CN115987632A (en) | 2023-04-18 |
Family
ID=85961591
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211656131.6A Withdrawn CN115987632A (en) | 2022-12-22 | 2022-12-22 | Network security emergency linkage device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115987632A (en) |
-
2022
- 2022-12-22 CN CN202211656131.6A patent/CN115987632A/en not_active Withdrawn
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113660224B (en) | Situation awareness defense method, device and system based on network vulnerability scanning | |
| CN104468632A (en) | Loophole attack prevention method, device and system | |
| CN113839935B (en) | Network situation awareness method, device and system | |
| CN116827675A (en) | Network information security analysis system | |
| CN112149090A (en) | Computer network safety protection system based on data cloud | |
| CN113596028A (en) | Method and device for handling network abnormal behaviors | |
| KR102433928B1 (en) | System for Managing Cyber Security of Autonomous Ship | |
| CN103441926A (en) | Security gateway system of numerically-controlled machine tool network | |
| CN111404948A (en) | Security system and method based on computer network monitoring | |
| CN113411297A (en) | Situation awareness defense method and system based on attribute access control | |
| CN113411295A (en) | Role-based access control situation awareness defense method and system | |
| CN111556473A (en) | Abnormal access behavior detection method and device | |
| KR20020000225A (en) | A system and method for performing remote security management of multiple computer systems | |
| CN110087238B (en) | Information security protection system of mobile electronic equipment | |
| CN113132412B (en) | Computer network security test and inspection method | |
| CN110708340A (en) | Enterprise private network security supervision system | |
| CN113660222A (en) | Situation awareness defense method and system based on mandatory access control | |
| CN110086812B (en) | Safe and controllable internal network safety patrol system and method | |
| CN111756707A (en) | Back door safety protection device and method applied to global wide area network | |
| CN116668166A (en) | Software and hardware cooperated data security monitoring system | |
| CN116760572A (en) | Cloud security simulation detection method and system | |
| KR101910496B1 (en) | Network based proxy setting detection system through wide area network internet protocol(IP) validation and method of blocking harmful site access using the same | |
| CN115987632A (en) | Network security emergency linkage device and system | |
| CN115834205A (en) | Monitoring system illegal external connection alarm system | |
| CN112422501B (en) | Forward and reverse tunnel protection method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20230418 |
|
| WW01 | Invention patent application withdrawn after publication |