CN1281190A - Network security computer with single motherboard - Google Patents
Network security computer with single motherboard Download PDFInfo
- Publication number
- CN1281190A CN1281190A CN 00123852 CN00123852A CN1281190A CN 1281190 A CN1281190 A CN 1281190A CN 00123852 CN00123852 CN 00123852 CN 00123852 A CN00123852 A CN 00123852A CN 1281190 A CN1281190 A CN 1281190A
- Authority
- CN
- China
- Prior art keywords
- network
- computer
- interface
- net
- network interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A network security computer with single motherboard is composed of a single-motherboard ordinary computer, read-only electronic hard disk where operating system is stored, and isolating control card for network security. Said control card is composed of switching switch array consisting of coupled dual-switching switch, trigger and relay group, internal/external metwork output port, internal network interface, external network interface, and internal/external network hard disk interfaces. The quick, smooth and safety switching between internal and external networks can be performed without resetting BIOS monitor system.
Description
The present invention relates to a kind of network security computer, relate to a kind of network security computer with single motherboard or rather, is a kind ofly to utilize single mainboard to realize being connected between Intranet and the outer net and guaranteeing physically-isolated network security computer between the two.
Develop rapidly along with the Internet technology; go up to government agencies at all levels down to a certain entity; advanced Internet (Internet) technology of numerous and confused employing is set up internal office work net (Intranet) or the classified network of oneself; the opening of Internet is when providing the user to fill part shared resource; also make internet security be subjected to serious threat; be subjected to hacker attacks or, also have spreading unchecked of computer virus etc. as the computer network regular meeting that is connected with Internet by rogue attacks.In order to ensure the safety of internal office work net, can fill the advantage that part is utilized Internet simultaneously again, this just requires the network user to make not connected between the two in Intranet and outer net intercropping physical isolation.The network security computer is exactly to be born under these circumstances.
The patent No. is 98206671.6 Chinese utility model patent " secure network computer that can connect Intranet and outer net simultaneously ", a kind of secure network computer technology that can connect Intranet and outer net is simultaneously disclosed, form by plural main frame, one of them main frame is connected with internal network, another main frame is connected with external network, two shared cover keyboards of main frame, Genius mouse, input-output apparatus and power supplys such as display are to be connected with two main frames respectively by the control module (switching controls card) that does not have the message exchange loop.Guaranteed can not communicate between two main frames by control module, user interface system is designed to unidirectional traffic, reaches from physically isolating.Control module mainly includes keyboard, mouse and display interface, the switch of keyboard, mouse and display, control switching circuit and handoff delay circuit thereof and shutdown delay circuit and off signal generator, be provided with two special function keys, be respectively applied for toggle screen and shutdown.
This secure network computer can connect two networks simultaneously, but physical isolation again, use operation yet convenient, though can when making full use of the heterogeneous networks resource, guarantee the safety of inside and outside net, but two main frames are set and baroque control module is set, obviously have that volume is big, cost is higher, difficult safeguard with because of the electromagnetic radiation between two cover systems and leak the problem of aspects such as caused mutual interference mutually, another serious deficiency then is must to shut down earlier and then restart when inside and outside net switches doing, and brings greatly inconvenience to the user.This be since any computer in when work, all keep in certain information and date in its storage system, if under the condition of not shutting down, carry out the switching of Intranet and outer net, the data of storage system and information will cause leakage when switching, this network security computer, what take is exactly the method that shutdown is earlier switched again.
The objective of the invention is to design a kind of network security computer with single motherboard, can realize that inside and outside net physical isolation guarantees network security, lower, the characteristic of simple structure of cost is arranged again, particularly can be in the switching of carrying out under the situation of not shutting down between Intranet and outer net, and, all has the intelligent and safe preventing function no matter switch the back in Intranet work still off the net outside.
The object of the present invention is achieved like this: a kind of network security computer with single motherboard, comprise that one contains the common computer of single mainboard, it is characterized in that: also comprise an electronic hard disc that only deposits operating system in and under a read states, move, be connected with the ISA slot of common computer; Also comprise a network security isolated controlling card, include the application program hard disk of change-over switch array, inside/outside net network output mouth, inner-mesh network interface, outer net network interface, Intranet, the application program hard disk and the inside/outside net hard-disk interface of outer net; Described inside/outside net network output mouth is connected with the network interface card interface of described common computer, described inside/outside net hard-disk interface is connected with the hard-disk interface of described common computer, described inner-mesh network interface, outer net network interface are connected with inside/outside net network output mouth by described change-over switch array, and the application program hard disk of described Intranet, the application program hard disk of outer net are connected with described inside/outside net hard-disk interface by described change-over switch array; Inner-mesh network interface, outer net network interface then connect inner-mesh network, outer net network respectively.
Described change-over switch array also includes two change-over switches of interlock, and one switches switch one end earth terminal, the mainboard that the other end the connects described common computer pin that resets; Another change-over switch one termination power end, the other end connects described change-over switch array.
Described change-over switch array is to connect the switching connection array that the relay group constitutes by trigger, the trigger pip input end of trigger connects two change-over switches of described interlock, the contact of described relay is connected between described inner-mesh network interface, outer net network interface and inside/outside net network output mouth, and between the application program hard disk and inside/outside net hard-disk interface of the application program hard disk of described Intranet, outer net.
Described electronic hard disc is a plug-in card with isa bus, in start or when making inside and outside net and switching, at first sends the read operation application to mainboard, and described running program is positioned in the low memory of mainboard internal memory.
Also include an intelligent and safe module, be connected with the PCI slot of common computer, link and path in the monitoring state, record visitor information by being provided with network interface, judging visitingly during, network security computer with single motherboard is broken away from from network and reporting to the police for illegal invasion.
Network security computer with single motherboard of the present invention, be on the basis of single mainboard common computer configuration, be used to switch with one that the network security isolated controlling card that is connected realizes by configuration two hard disks (the application program hard disk of Intranet, the application program hard disk of outer net) in machine, electronic hard disc that only deposits operating system in and under a read states, move, network security computer with respect to duplex computer mainboard type, structure is greatly simplified and has been dwindled volume significantly, all control all is unidirectional the connection with data acquisition fully, can not produce any information circuits.Network security computer with single motherboard of the present invention, can under the condition of not shutting down, carry out inside and outside net blocked operation, the two change-over switches that only deposit operating system and the electronic hard disc that only moves in and interlock is set under a read states are set, and are not shut down to switch the protection technical measures that can realize.Because what electronic hard disc deposited in is operating system fully, without any application systems software and data, thereby can only under a read states, move and not be afraid of the problem of divulging a secret that has when switching, when computer booting or when making inside and outside net and switch, computer motherboard will at first be accepted the read operation application of electronic hard disc, and be " C " dish by logical definition, put into the base memory (low memory) of computer by storage management management, and then define other dish and driver.In the operation change-over switch to the mainboard of the common computer pin output reset signal that resets, be that upper memory or the exented memory that stores program except that operating system carried out clear operation, promptly the information in all read-write memory banks of computer main system is carried out reset operation, therefore, after providing switching signal, need not shutdown, need not to restart, when changing inside and outside network rapidly, will not cause leakage of information and guarantee that classified network is immune against attacks.Network security isolated controlling card switches by two complete physically-isolated passages, makes the network security computer can only connect a physical hard disk of Intranet or outer net, a network interface at one time.Pass through the intelligent and safe module that installed additional, effectively prevent and stop, guaranteeing also to guarantee outer net safety under the situation of intranet security by rogue attacks.
Further specify technology of the present invention below in conjunction with embodiment and accompanying drawing.
Fig. 1 is the principle structure block diagram of network security computer with single motherboard of the present invention
Fig. 2 is two change-over switch connecting circuit synoptic diagram of interlock of the present invention
The major function of network security computer with single motherboard of the present invention is the switch operating that can carry out Intranet and outer net under the situation of not shutting down, and after switching, working under any network all has the function that intelligent and safe is taken precautions against.Network security computer with single motherboard includes: cabinet, mainboard, a CPU (central processing unit) (CPU), a power supply, a network interface card, a sound card, a display card, a floppy drive, a CD-ROM drive, a Genius mouse, a keyboard, a display, more than all parts all the common computer with single mainboard is identical, just use with regard to inside and outside net respectively and be provided with two hard disks and two network interfaces, and be provided with an electronic hard disc, a network security isolated controlling card in addition.Mainboard of the present invention is the same with the mainboard of common computer, and just the BIOS to mainboard has done change, to match with technology of the present invention.The operation of network security computer with single motherboard of the present invention is also the same with the operation of common computer, has just increased the switching of inside and outside net and the processing after the quilt attack.
Referring to Fig. 1, network security computer with single motherboard of the present invention mainly comprises the application program hard disk 50 of mainboard 10, network security isolated controlling card 20, electronic hard disc 30, intelligent and safe module 40, Intranet and the application program hard disk 60 of outer net.Other is as power supply, network interface card, sound card, display card, floppy drive, CD-ROM drive, Genius mouse, keyboard, display etc., because of all identical with being provided with of common computer, so do not illustrate in the drawings.
The present invention has done change to the BIOS of mainboard 10, and its fundamental purpose is be to realize that the inside and outside net that does not shut down switches, realize except that permanent storage bodies such as electronic hard disc, physical hard disk other memory bank refresh zero clearing.Thereby the BIOS watchdog routine of mainboard must be sent the interruption reset condition request to the address of some storeies, and refresh these storeies when switching.The present invention utilizes embedded PC technology, the watchdog routine and the relevant hardware (electronic hard disc) that add an extension, accept and send instruction to the mainboard control module in, automatically guide the running program of electronic hard disc, and be located in the base memory (low memory) of mainboard internal memory, other application program then can be passed through human-machine operation, call in upper memory or the exented memory from the physical hard disk that switching is come, carry out read-write operation, thereby realize level and smooth and switching and the interior omnidistance work of operating system of electronic hard disc apace.When the user carries out inside and outside net when switching, mainboard needs promptly the high address internal memory of computer and high-speed cache, the mainboard high-speed cache of CPU to be read zero, bring Intranet into Tempest with the virus of outer net, the internal memory to mainboard carries out strict management in addition.
A high capacity (as the 640K byte) electronic hard disc 30 that the present invention increases is made as read-only disk, can read-write capability manually be set by wire jumper, and this electronic hard disc 30 is the plug-in cards with isa bus, can directly insert in the isa bus groove of computer.The present invention independently is provided with electronic hard disc 30, and what deposit in is operating system fully, because without any application systems software and data, thereby can under a read states, move.Start or when making inside and outside net and switching, the BIOS of computer main board 1O at first accepts the operation application (fracture in preferential) of electronic hard disc 30, and is defined as " C " dish, and then defines other dish and driver.Therefore after start, running program in the electronic hard disc 30 is promptly read, and put into the base memory of computer by storage management management, because of the memory size of this part less relatively, so this operating process can be finished in moment, other program then is placed in upper memory or the exented memory.Batch order of computer starting can just set when equipment dispatches from the factory, and need not to change.
Adopt the application program hard disk 50 of two physical hard disk one Intranets and the application program hard disk 60 of outer net, to guarantee the physical isolation of information, switching by change-over switch array 201 is connected with inside/outside net hard-disk interface 205 respectively, and 205 of inside/outside net hard-disk interfaces are fixedlyed connected with the hard-disk interface 104 (IDE) of computer main board 10.Two hard disks 50,60 are under the single duty of Intranet or outer net, and the same time has only one to carry out read-write operation, moves on the single network platform, and another piece then is in physical segregation state.
The inner-mesh network interface 203 and the outer net network interface 204 that connect internal network and external network respectively, switching by change-over switch array 201 is connected with inside/outside net network output mouth 202 respectively, and 202 in inside/outside net network output mouth is fixedlyed connected with the network interface card interface 103 of computer main board 10.
In conjunction with referring to Fig. 2, change-over switch array 201 on the network security isolated controlling card 20, connecting the relay group by trigger constitutes, and be subjected to the control (not shown relay part) of the two change-over switch K of manual interlock, the action of trigger output drive signal pilot relay group, the contact of relay group then is connected 202 in inner-mesh network interface 203, outer net network interface 204 and inside/outside net network output mouth, and is connected 205 of the application program hard disk 60 of application program hard disk 50, outer net of Intranet and inside/outside net hard-disk interfaces.The number of relay group is pressed the sum of hard disc data line and grid line and is set, as is 42+8 (or 4).
Press K and carry out inside and outside net when switching, export two switching signals simultaneously, comprise: one switches switch makes the computer main board pin ground connection that resets, remove the information in all processors, the readable and writable memory in the computer, carrying out main system resets, promptly provide the switching signal aft engine and do not shut down, need not to restart, also can not cause the information leakage after network switches; Another change-over switch then makes the trigger output drive signal, makes the relay group work in conducting or cut-off state, and the inside and outside net of finishing hard disc data line and grid line switches.Above-mentioned technology of the present invention can be in the switching of finishing under the situation that the network security computer does not shut down between inside and outside net, and switches that toggle speed is fast, the user manipulates simply.
Though physical isolation can guarantee the network security between the inside and outside net, uncertain safety concerning any one single network; When in Intranet, moving, under the situations such as indivedual internal staff's illegal operation, mischief, equally also can cause and divulge a secret and information is damaged.The present invention solves this problem by intelligent and safe module 40 is set.
Intelligent and safe module 40 is an intelligentized disposal system, and is in running order all the time, can judge the visit of outside unauthorized person.Because present employed network major applications TCP/IP procotol, in the IP packet, specific data ordering and information are arranged, the IP address, MAC Address and the target ip address that include user itself in the information, thereby can be resolved to these information by certain technological means, judge and intellectual analysis thereby follow the tracks of.
In addition, each user has the password of oneself to constitute elementary security system in computer, but for an assailant, this password is easy to untie, and just can decipher and implement to attack as it is repeatedly scanned.
The present invention is provided with a path specially in intelligent and safe module 40 and network interface links, and under in the monitoring state, each visitor is write down time of its IP address, MAC Address, visit and number of times etc., under invador's state that repeatedly (predeterminable, as three times) visits, judge rapidly and automatic off-grid, be in the self-insurance state, and send warning message simultaneously, when guaranteeing classified network safety, also can guarantee the safety of outer net.
Network security computer of the present invention is by designing the network peace that does not definitely have the information exchange loop Full isolated controlling card makes between two or more networks and must not communicate by letter, and carries out physically Isolation; In the internal, external network handoff procedure, need not shutdown and reset; Owing to use the BIOS mould of extension Piece is so selectively not high to mainboard is convenient to produce; Owing to do not adopt shutdown to reset, thereby cut The throw-over degree is fast, and is easy to operate; Add simultaneously intelligentized judgement system, thus can effectively prevent with The prevention system in the situation that guarantees intranet security, also can be guaranteed the safety of outer net by rogue attacks. In addition, also has the advantage that cost is lower, maintain easily, expand easily.
Claims (5)
1. a network security computer with single motherboard comprises that one contains the common computer of single mainboard, it is characterized in that: also comprise an electronic hard disc that only deposits operating system in and move under a read states, be connected with the ISA slot of common computer; Also comprise a network security isolated controlling card, include the application program hard disk of change-over switch array, inside/outside net network output mouth, inner-mesh network interface, outer net network interface, Intranet, the application program hard disk and the inside/outside net hard-disk interface of outer net; Described inside/outside net network output mouth is connected with the network interface card interface of described common computer, described inside/outside net hard-disk interface is connected with the hard-disk interface of described common computer, described inner-mesh network interface, outer net network interface are connected with inside/outside net network output mouth by described change-over switch array, and the application program hard disk of described Intranet, the application program hard disk of outer net are connected with described inside/outside net hard-disk interface by described change-over switch array; Inner-mesh network interface, outer net network interface then connect inner-mesh network, outer net network respectively.
2. a kind of network security computer with single motherboard according to claim 1, it is characterized in that: described change-over switch array also includes two change-over switches of interlock, one switches switch one end earth terminal, the mainboard that the other end the connects described common computer pin that resets; Another change-over switch one termination power end, the other end connects described change-over switch array.
3. a kind of network security computer with single motherboard according to claim 1 and 2, it is characterized in that: described change-over switch array is to connect the switching connection array that the relay group constitutes by trigger, the trigger pip input end of trigger connects two change-over switches of described interlock, the contact of described relay is connected between described inner-mesh network interface, outer net network interface and inside/outside net network output mouth, and between the application program hard disk and inside/outside net hard-disk interface of the application program hard disk of described Intranet, outer net.
4. a kind of network security computer with single motherboard according to claim 1, it is characterized in that: described electronic hard disc is a plug-in card with isa bus, in start or when making inside and outside net and switching, at first send the read operation application to mainboard, described running program is positioned in the low memory of mainboard internal memory.
5. a kind of network security computer with single motherboard according to claim 1, it is characterized in that: also include an intelligent and safe module, be connected with the PCI slot of common computer, link and path in the monitoring state by being provided with network interface, record visitor information, judging visitingly during, network security computer with single motherboard is broken away from from network and reporting to the police for illegal invasion.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 00123852 CN1281190A (en) | 2000-08-23 | 2000-08-23 | Network security computer with single motherboard |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 00123852 CN1281190A (en) | 2000-08-23 | 2000-08-23 | Network security computer with single motherboard |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1281190A true CN1281190A (en) | 2001-01-24 |
Family
ID=4590171
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 00123852 Pending CN1281190A (en) | 2000-08-23 | 2000-08-23 | Network security computer with single motherboard |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1281190A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1783811B (en) * | 2004-09-29 | 2010-10-06 | 微软公司 | Isolating software deployment over a network from external malicious intrusion |
| CN103532978A (en) * | 2013-10-30 | 2014-01-22 | 北京艾斯蒙科技有限公司 | Secure access mode for intranet and extranet |
| CN103532977A (en) * | 2013-10-30 | 2014-01-22 | 北京艾斯蒙科技有限公司 | Secure access equipment for intranet and extranet |
| CN101640595B (en) * | 2008-07-28 | 2015-03-25 | 联想(北京)有限公司 | Method, device and system for controlling switching of isolation card |
| CN106790151A (en) * | 2016-12-29 | 2017-05-31 | 中铁信安(北京)信息安全技术有限公司 | A kind of data isolation Transmission system and method |
| CN108108621A (en) * | 2016-11-25 | 2018-06-01 | 联想(上海)信息技术有限公司 | Indicate that control card realizes the method, apparatus and electronic equipment of self-protection |
| CN108734617A (en) * | 2018-04-25 | 2018-11-02 | 黄冈职业技术学院 | A kind of intelligence municipal works cost information storage system |
-
2000
- 2000-08-23 CN CN 00123852 patent/CN1281190A/en active Pending
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1783811B (en) * | 2004-09-29 | 2010-10-06 | 微软公司 | Isolating software deployment over a network from external malicious intrusion |
| CN101640595B (en) * | 2008-07-28 | 2015-03-25 | 联想(北京)有限公司 | Method, device and system for controlling switching of isolation card |
| CN103532978A (en) * | 2013-10-30 | 2014-01-22 | 北京艾斯蒙科技有限公司 | Secure access mode for intranet and extranet |
| CN103532977A (en) * | 2013-10-30 | 2014-01-22 | 北京艾斯蒙科技有限公司 | Secure access equipment for intranet and extranet |
| CN108108621A (en) * | 2016-11-25 | 2018-06-01 | 联想(上海)信息技术有限公司 | Indicate that control card realizes the method, apparatus and electronic equipment of self-protection |
| CN106790151A (en) * | 2016-12-29 | 2017-05-31 | 中铁信安(北京)信息安全技术有限公司 | A kind of data isolation Transmission system and method |
| CN106790151B (en) * | 2016-12-29 | 2023-02-10 | 中铁信安(北京)信息安全技术有限公司 | Data isolation transmission system and method |
| CN108734617A (en) * | 2018-04-25 | 2018-11-02 | 黄冈职业技术学院 | A kind of intelligence municipal works cost information storage system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9166988B1 (en) | System and method for controlling virtual network including security function | |
| Radoglou-Grammatikis et al. | Attacking iec-60870-5-104 scada systems | |
| CN107493265A (en) | A kind of network security monitoring method towards industrial control system | |
| CN101873318B (en) | Application and data security method aiming at application system on application basis supporting platform | |
| WO2002008870A2 (en) | Distributive access controller | |
| CN105516189B (en) | Network security enforcement system and method based on big data platform | |
| CN107566359A (en) | A kind of intelligent fire-proofing wall system and means of defence | |
| CN205103825U (en) | Computer information safety control | |
| CN101520833A (en) | Anti-data-leakage system and method based on virtual machine | |
| WO2021227465A1 (en) | Security defense method and system for industrial control system network | |
| CN102902597B (en) | A kind of method and chip improving chip security | |
| CN112202704A (en) | Block chain intelligent contract safety protection system | |
| CN1281190A (en) | Network security computer with single motherboard | |
| CN2337611Y (en) | Safety network computer capable of simultaneously connecting internal network and external network | |
| CN111431914A (en) | Energy internet cloud platform safety protection method and system | |
| CN1283826A (en) | Single-motherboard network security computer | |
| KR102545488B1 (en) | Security Managing Method For Industrial Control System To Detect DLL Injection | |
| CN115549950A (en) | Safety protection system of industrial control equipment based on virtualization | |
| CN2440228Y (en) | Isolation control card for single-master-board type network safety computer | |
| CN1421794A (en) | Network safety control equipment based on physical isolation and data exchange monitoring | |
| CN111404917B (en) | Industrial control simulation equipment-based threat information analysis and detection method and system | |
| CN103942503B (en) | Safe state switching system and switching method | |
| CN112565246A (en) | Network anti-attack system and method based on artificial intelligence | |
| CN100367230C (en) | Action control method based on LSM programme | |
| CN105701400A (en) | Virtual machine platform safety control method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C53 | Correction of patent for invention or patent application | ||
| CB02 | Change of applicant information |
Applicant after: Liu Xing Applicant before: Hongwan Industry Co., Ltd., Shenzhen City |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: HONGWAN INDUSTRY CO., LTD., SHENZHEN CITY TO: LIU XING |
|
| ASS | Succession or assignment of patent right |
Owner name: SHENZHEN ANWANGDA NETWORKS TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: LIU XING Effective date: 20011019 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20011019 Applicant after: Shenzhen Network Technology Co., LIMITED Applicant before: Liu Xing |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| AD01 | Patent right deemed abandoned | ||
| C20 | Patent right or utility model deemed to be abandoned or is abandoned |