CN1690960A - Safety network computer - Google Patents
Safety network computer Download PDFInfo
- Publication number
- CN1690960A CN1690960A CN 200410027022 CN200410027022A CN1690960A CN 1690960 A CN1690960 A CN 1690960A CN 200410027022 CN200410027022 CN 200410027022 CN 200410027022 A CN200410027022 A CN 200410027022A CN 1690960 A CN1690960 A CN 1690960A
- Authority
- CN
- China
- Prior art keywords
- network
- processor
- computer
- lan
- over switch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
A security network computer is used to network application environment with inside and outside network systems synchronous, which comprises a main computer case with mainboard and power, all display, keyboard, mouse and power connector are on back of the case, and two network connectors for separated inside and outside network; there is a diverter switch between two network connectors and CPU, it is controlled by BIOS command sequence in flash memory run by CPU and makes CPU connect to one of inside and outside network systems at any time by a network connector. Compared with existing technique, this security network computer can supply more safer network task guarantee, which not only ensures to prevent itself from attack of outside network system, but also efficient to inside network attack.
Description
Technical field
The present invention relates to electric numerical data and handle, relate in particular to and be exclusively used in the digital computation treatment facility that network security is used, particularly secure network computer.
Background technology
Along with popularizing of network application, internal institution network system (INTRANET) is set up one after another in government and enterprise, and increasing business is finished by these internal network systems.Simultaneously, computing machine is connected to the external network system, becomes business and government such as internet (INTERNET) and carry out movable effective way such as information search, issue, public service, ecommerce.As people more and more dependency network the time, network security problem causes that day by day people pay close attention to.For enterprise, government bodies especially, the safety of internal network and data is vital.Internal network and data security problem mainly are to prevent the attack from internal network system and/or external network system.
In order to prevent attack, as steal, revise or destruction etc., adopt the hardware/software firewall technology to defend substantially usually from the external network system.But along with the development and change of attack means, fire wall may be broken up.Simultaneously, because fire wall mostly is imported product, potential safety problem is arranged, be in the needs of national security, Chinese Government has issued " Regulations of Internet Security of Computer Information System ", wherein " computer information system that relates to state secret must not link with Internet or other public information network regulation directly or indirectly, must carry out physical isolation.″
For the attack that prevents from the internal network system, mainly be meant by the computing machine in the Intranet and steal, revise, destroy significant data in the internal network system, and the stability by virus damage internal network system, even make its paralysis.
Realize that the simple solution that network physical is isolated is to set up two cover network systems in enterprise or government bodies inside, a cover is internal network system (abbreviation Intranet); Another set of is external network system (abbreviation outer net).On physical hardware Intranet and outer net are separated, isolated, the information medium of Intranet and outer net is strict to be distinguished, and phenomenon can not occur using with.But adopt this method, just must be equipped with two computers, will cause the waste of resource thus, also can strengthen the workload of system maintenance simultaneously for the personnel that last internet demand is arranged.
The secure network computer of prior art and construction method thereof, general structure based on standard personal computer, dispose mainboard, processor, internal memory, video card, mouse, keyboard, display and hard disk, as Chinese patent application 99121960.0 disclosed technical schemes about the network security computing machine, mention this computing machine and comprise at least two independently hard disks, be used in Intranet and outer net respectively.These existing secure network computers, its technical thought, be by on multi-purpose computer, increasing Intranet/outer net switching controls module, realize the physical isolation of Intranet and outer net such as the switching controls personality card, do not have to consider the application feature of computing machine itself is carried out safe reinforcement,, adopt local hard drive application storing and data such as still adopting general operating system, the network computer of this structure is to the attack from internal network, and actual do not have a protective capacities.
Summary of the invention
The technical problem to be solved in the present invention is to avoid above-mentioned the deficiencies in the prior art part, and proposes a kind of realization Intranet, outer net physical isolation, and Intranet and outer net are all possessed the network computer that protects attack.
The technical scheme that the present invention solves the problems of the technologies described above employing is, manufacture a kind of secure network computer, be used for existing simultaneously the network application environment of internal network system and external network system, comprise a mainframe box, be positioned at mainboard, the power supply of this cabinet, the back side of cabinet is furnished with display, keyboard, mouse, power connector, also is furnished with two network connectors, one links to each other with the internal network system, and another links to each other with the external network system; Be provided with one between described two network connectors and processor and switch switch, it is controlled by the instruction sequence of processor operation bios program, makes any moment of processor link to each other via one in one of them network connector and internal network system and the external network system.
Also be provided with the network connecting circuit between described network connector and processor.This network connecting circuit comprises two covers between two network connectors and change-over switch, every cover network connecting circuit only is connected with a network connector; If the network connecting circuit between described processor and change-over switch the time, then need only be provided with a cover network connecting circuit.
Described secure network computer is not provided with local hard drive, and the local operation system is stored in flash (flash) storer, and all application programs and data are stored on the webserver.
Described secure network computer, each change-over switch action all can cause the instruction sequence of bios program in the processor operation flash storer that internal memory is removed.
Compare with prior art, secure network computer of the present invention provides safer network work to guarantee, not only guarantees self to avoid the attack from the external network system, can also effectively block the attack from the internal network system.
Description of drawings
Fig. 1 is the distribution connection diagram of secure network computer of the present invention in the dual network application system.
Fig. 2 is the workflow synoptic diagram of secure network computer of the present invention.
Fig. 3 is the circuit diagram of control module described in the secure network computer of the present invention.
Embodiment
Most preferred embodiment below in conjunction with shown in the accompanying drawing is elaborated the present invention.
Secure network computer of the present invention (hereinafter to be referred as safety NC), 2 network application environments that are used for existing simultaneously internal network system and external network system as shown in Figure 1, at this environment, be provided with Intranet application server and Intranet terminal server, outer net application server and outer net terminal server.Safe NC inner structure (not shown) comprises a mainframe box, be positioned at mainboard, internal memory and the power supply of this cabinet, the back side of cabinet is furnished with display, keyboard, mouse, power connector, also are furnished with two network connectors, one links to each other with the internal network system, and another links to each other with the external network system; Be provided with one between described two network connectors and processor and switch switch, it is controlled by the instruction sequence of bios program among the processor operation flash, make any moment of processor link to each other, obtain the application that the server in this network system provides via one in one of them network connector and internal network system and the external network system.
Described safe NC, an integrated flush bonding processor on mainboard, video card and other functional chip, its inside does not have hard disk, and the application program that move is provided by the relevant terminal server, and relevant application data also is to be kept on the terminal server.
Described safe NC is integrated with network selecting control module, Single Switch of Soft Switching and two cover 10/100M Ethernet pci interface chip groups on mainboard, every cover chipset links to each other with a RJ-45 connector.
Described safe NC, dispose the FLASH storer and (or) corresponding electric board slot, in order to deposit local LINUX operating system.
Described safe NC, the control program that carries out the switch switching is kept in the FLASH storer, as shown in Figure 2, its workflow comprises: enter bios program after the start, this moment, the user can select the relevant work network interface card: corresponding to intranet and extranet, simultaneously can only a network interface card job, bios program activates corresponding network interface card according to user's selection by network control module and shields another piece network interface card simultaneously, BIOS continues guiding until the operation system then, when operating system is normally moved, if the user wants to switch intranet and extranet, can be by Macintosh reporting system specific on the keyboard, system is carrying out restarting the selected network interface card of excited users after the corresponding sequence of operations.Described safe NC before switch switches, also comprises the processing procedure of removing data in EMS memory.
By network control module, system guarantees only to power in the machine start/when restarting, could activate corresponding network interface card, shield another piece network interface card simultaneously, if want to change the work network interface card, can only re-power startup NC, so just guaranteed the physical isolation of intranet and extranet from hardware.Fig. 3 is the network interface card control module, and as seen it comprises a latch LD and a trigger FDS; The input end D of described latch LD is connected with the signal GPA4_LAN of from processor, the Enable Pin LAN_En that its output terminal Q is connected with network links to each other, the output terminal Q short circuit of the control input end G of described latch LD and trigger FDS, this signal is delivered to the input pin of two inputs or door OR2 after anti-phase, another input pin of OR2 is connected with the signal GPA5_LAN_SET_OK of from processor, OR2 output pin and the control input end G short circuit of FDS; The input end S that is provided with of FDS links to each other with RESET signal on the mainboard; The duty of described control module comprises: after starting shooting/restarting, the RESET signal becomes low level by high level, and the default value of GPA4_LAN is a high level, and the default value of GPA5_LAN_SET_OK is a low level; When the GPA4_LAN signal level variation, change-over switch selects different networks to connect; After the work at present network connected the initialization end, GPA5_LAN_SET_OK became high level.
Safety NC of the present invention from physically separating, has ensured the security of intranet data with Intranet and outer net; And the user uses a safe NC, resource utilization height, saving cost and work space when connecting inside and outside net.
Claims (10)
1, a kind of secure network computer, be used for internal network system and external network system and dis environment, comprise mainframe box and place its interior mainboard, power supply, the cabinet back side is provided with the socket that is used to connect display, keyboard, mouse and power supply, it is characterized in that:
Also be equipped with two network connectors, link to each other with the external network system with the internal network system respectively; Be provided with change-over switch between described two network connectors and processor, be provided with control module between the control end of this change-over switch and the processor, this module is controlled by the instruction sequence of processor operation bios program, make any moment of processor via the two one of network connector and internal network system and external network system in one link to each other.
2, secure network computer as claimed in claim 1 is characterized in that: also be provided with the network connecting circuit between described network connector and processor.
3, secure network computer as claimed in claim 2, it is characterized in that: described network connecting circuit has two covers, between two network connectors and change-over switch, every cover network connecting circuit each has an end and connects a network connector, and the other end connects a selection branch road of described change-over switch.
4, secure network computer as claimed in claim 2 is characterized in that: described network connecting circuit has a cover, and between change-over switch and processor, an end of this network connecting circuit connects the common port of change-over switch, other end connection processing device.
5, secure network computer as claimed in claim 1 is characterized in that: its inside does not contain the local storage that is used for application storing and/or application data.
6, secure network computer as claimed in claim 1 is characterized in that: described local storage refers to hard disk.
7, secure network computer as claimed in claim 1 is characterized in that: its inside is provided with the storer of storage local operation system.
8, secure network computer as claimed in claim 7 is characterized in that: described storer refers to electric board.
9, as the arbitrary described secure network computer of claim 1 to 8, it is characterized in that: its course of work comprises: after powering up startup/warm start, startup load module among the operation BIOS, the network system that this program prompts user selection will connect, the network that excited users is selected connects, and shields another network connection; The load operation system; Operating system detects the work at present network connection state, and enters operate as normal.
10, secure network computer as claimed in claim 9 is characterized in that: described control module comprises a latch LD and a trigger FDS; The input end D of described latch LD is connected with the signal GPA4_LAN of from processor, the Enable Pin LAN_En that its output terminal Q is connected with network links to each other, the output terminal Q short circuit of the control input end G of described latch LD and trigger FDS, this signal is delivered to the input pin of two inputs or door OR2 after anti-phase, another input pin of OR2 is connected with the signal GPA5_LAN_SET_OK of from processor, OR2 output pin and the control input end G short circuit of FDS; The input end S that is provided with of FDS links to each other with RESET signal on the mainboard; The duty of described control module comprises: after starting shooting/restarting, the RESET signal becomes low level by high level, and the default value of GPA4_LAN is a high level, and the default value of GPA5_LAN_SET_OK is a low level; When the GPA4_LAN signal level variation, change-over switch selects different networks to connect; After the work at present network connected the initialization end, GPA5_LAN_SET_OK became high level.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200410027022 CN1690960A (en) | 2004-04-21 | 2004-04-21 | Safety network computer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200410027022 CN1690960A (en) | 2004-04-21 | 2004-04-21 | Safety network computer |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1690960A true CN1690960A (en) | 2005-11-02 |
Family
ID=35346421
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200410027022 Pending CN1690960A (en) | 2004-04-21 | 2004-04-21 | Safety network computer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1690960A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102778924A (en) * | 2011-05-12 | 2012-11-14 | 北京牡丹电子集团有限责任公司 | Liquid crystal cloud display terminal |
| CN106203317A (en) * | 2016-06-29 | 2016-12-07 | 韦醒妃 | It is capable of the computer that user is identified |
| CN107329735A (en) * | 2017-05-19 | 2017-11-07 | 北京北信源软件股份有限公司 | A kind of intranet patch update method and device |
| CN107566146A (en) * | 2016-06-30 | 2018-01-09 | 北京北信源软件股份有限公司 | A kind of method for carrying out network interface card automatic switchover |
| CN111464516A (en) * | 2020-03-23 | 2020-07-28 | 青岛黄海学院 | Safety network computer for effectively blocking attack from internal network system |
-
2004
- 2004-04-21 CN CN 200410027022 patent/CN1690960A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102778924A (en) * | 2011-05-12 | 2012-11-14 | 北京牡丹电子集团有限责任公司 | Liquid crystal cloud display terminal |
| CN106203317A (en) * | 2016-06-29 | 2016-12-07 | 韦醒妃 | It is capable of the computer that user is identified |
| CN107566146A (en) * | 2016-06-30 | 2018-01-09 | 北京北信源软件股份有限公司 | A kind of method for carrying out network interface card automatic switchover |
| CN107329735A (en) * | 2017-05-19 | 2017-11-07 | 北京北信源软件股份有限公司 | A kind of intranet patch update method and device |
| CN111464516A (en) * | 2020-03-23 | 2020-07-28 | 青岛黄海学院 | Safety network computer for effectively blocking attack from internal network system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9038068B2 (en) | Capacity reclamation and resource adjustment | |
| CN100517246C (en) | Computer remote control method and system | |
| US20110119344A1 (en) | Apparatus And Method For Using Distributed Servers As Mainframe Class Computers | |
| US20140137073A1 (en) | End to end modular information technology system | |
| CN110995480B (en) | Block chain network deployment method, device, electronic equipment and medium | |
| US9329653B2 (en) | Server systems having segregated power circuits for high availability applications | |
| CN102419719A (en) | Computer system and method for starting same | |
| CN101902491A (en) | Remote management system and control device | |
| CN105245523A (en) | Storage service platform applied to desktop virtual scene and implementing method thereof | |
| CN102147763A (en) | Method, system and computer for recording weblog | |
| Rao et al. | Energy efficiency in datacenters through virtualization: A case study | |
| CN201467145U (en) | Remote management system and control device | |
| CN102708027A (en) | Method and system for avoiding outage of communication device | |
| CN100470484C (en) | Hot-swap processing method based on HPI model | |
| CN1690960A (en) | Safety network computer | |
| CN108228308A (en) | The monitoring method and device of virtual machine | |
| CN115686872A (en) | Memory resource processing equipment, method, device and medium based on BMC (baseboard management controller) | |
| CN2785015Y (en) | Network safe system based on NC system | |
| Kumon | Overview of next-generation green data center | |
| CN102567251B (en) | Control method and control device for BIOS (basic input/output system) | |
| CN102736908A (en) | System, device and method for remotely setting CMOS (Complementary Metal-Oxide-Semiconductor Transistor) parameters | |
| CN1220132C (en) | Intelligent type switcher for computers | |
| US20180159718A1 (en) | Computer and method of operation of its network | |
| CN109543420B (en) | Permission configuration method and device based on sud, electronic equipment and storage medium | |
| CN112912848B (en) | Power supply request management method in cluster operation process |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |