CN202424768U - Network safety isolator - Google Patents
Network safety isolator Download PDFInfo
- Publication number
- CN202424768U CN202424768U CN2011204350190U CN201120435019U CN202424768U CN 202424768 U CN202424768 U CN 202424768U CN 2011204350190 U CN2011204350190 U CN 2011204350190U CN 201120435019 U CN201120435019 U CN 201120435019U CN 202424768 U CN202424768 U CN 202424768U
- Authority
- CN
- China
- Prior art keywords
- network
- interface
- computer
- card chip
- security isolator
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The utility model discloses a network safety isolator, which comprises a computer interface circuit, a network card chip, a switching control circuit, an outer network interface, an inner network interface and an EEPROM (electrically erasable programmable read-only memory). The computer interface circuit is connected to a computer, the network card chip is connected to the computer interface circuit to provide a network interface for the network safety isolator, the switching control circuit is connected to the network card chip and carries out physical switching between an inner network and an outer network, the outer network interface and the inner network interface are respectively connected with the switching control circuit so that the network safety isolator is connected with a standard twisted pair and connected to an outer network switch and an inner network switch, and the EEPROM is connected to the network card chip and stores startup configuration parameters of the network safety isolator. By the aid of the network safety isolator, safe data exchange between the networks can be realized by means of controlling hardware on a physical layer without changing existing network topology.
Description
Technical field
The utility model relates to computer network security field, particularly relates to a kind of network security isolator of single hard disk.
Background technology
Developing rapidly of Along with computer technology; The business of handling on computers is also by mathematical operation, file process based on unit, develops into enterprise-class computers treatment system and the worldwide information sharing and the Business Processing of in-house network (Intranet) based on complicacy, extranet (Extranet), Global Internet (Internet) based on the interior business processing of the internal network of simple connection, office automation etc.When system processing power improved, the concatenation ability of system was also in continuous improve.But when concatenation ability information, negotiability improved, the safety problem of connection Network Based also became increasingly conspicuous.
At present, generally adopt fire compartment wall (Firewall) to guarantee network security.Being meant in the system of defense of local network between extraneous network of fire compartment wall is this type precautionary measures general names.Fire compartment wall is a kind of access control yardstick of when two network service, carrying out; It can allow the people of " by agreeing " and data to get into your network; People and data that simultaneously will " by agree " be kept outside of the door, stop hacker in the network to visit your network to greatest extent.Through fire compartment wall can make between enterprises lan and the Internet or isolate mutually with other external networks, limiting network exchanges visits, thereby reaches protection internal network purpose.Yet, this isolation in logic and imperfect, the hacker can break through the obstruct of fire compartment wall through technological means, and intranet data is stolen and distorted.
The partition method of another kind of physics realizes through isolating card.Isolating card is a kind of hardware device that two networks (being called " Intranet " and " outer net " respectively) are isolated; Its effect comprises " Network Isolation " and " data isolation " two aspects; " Network Isolation " is meant inside and outside two networks isolated, make between two networks to have physical connection." data isolation " is the main function of isolating card; Be meant and isolate the data information of inside and outside net; Guarantee can not visit the data of another network at a network, with prevent that classified information from leaking, outer net virus and hacker attacks, thereby guarantee the safety of intranet data.
What generally adopt at present is that a kind of pair of hard disc physical isolated card technique; Its operation principle is in existing computer, to increase a hard disk; Through isolating control and the switching circuit on the card, realize work station in the dual operating state of intranet and extranet, two states are complete physical isolation.When a hard disk job, another hard disk is in the outage off position.During the work of Intranet hard disk, have only the Intranet netting twine to insert; During the work of outer net hard disk, have only the outer net netting twine to insert.Like this, there are not electrical path in intranet data and outer net data, each other complete physical isolation.During use, through a selector switch, selected " interior " or " outward " working method that gets into after the start, with corresponding startup " interior " or " outward " hard disk, and inserts corresponding " interior " or " outward " netting twine before the start.When needing in the use to switch " interior " or " outward " working method, then should normally withdraw from powered-down, the selected selector switch of row is started shooting again again.
Obviously, although this pair of hard disc physical isolated the physical isolation that card technique has been realized intranet and extranet preferably, need be on user's computer hard disk of extra installation, and need carry out the dual wired work of intranet and extranet, this has increased the restriction of its range of application.
The schematic diagram of the Network Isolation that another kind of prior art scheme realizes is as shown in Figure 1.Its specific practice is; On computers the electricity initial stage; Utilizing fpga chip to gather the data-signal and the network seletion signals of hard disk, whether be power on initial stage reach the network that whether will select, then control signal is latched if differentiating; And then accomplish control to relay, reach the purpose that internal-external network is isolated.This scheme has a lot of shortcomings:
(1) owing to utilized data-signal; And the time-delay of relay switching; Make that the switching of relay is after initial several exchanges data; Cause the information (specifically looking the hard disk that internal-external network connects decides with the hard disk of system default) of the acquisition piece hard disk that the IDE controller can not be complete, cause hard disk and mainboard generation compatibility issue;
(2) this scheme must could be accomplished the handoff functionality of internal-external network under the charged situation of computer; Get under the sleep mode at computer,, cause the correctly employed network of instruct computer of indicator light because used power supply is cut off; Under park mode, switch,, can cause the whole system collapse because relevant information is kept in the internal memory.
(3) owing to the frequent outage of two net systems, power on, influence the service efficiency of computer, and can shorten the useful life of hard disk.
The utility model content
The purpose of the utility model provides a kind of network security isolator, and it can realize the secure exchange of the data between the network on the basis that does not change the existing network topological structure.
According to the first aspect of the utility model, a kind of network security isolator is provided, comprising: the computer interface circuit is connected to computer; Network card chip is connected to said computer interface circuit, to said network security isolator network interface is provided; Control switching circuit is connected to said network card chip, between Intranet/outer net, carries out physics and switches; Outer network interface and interior network interface are connected to said control switching circuit respectively, and said network security isolator is connected with the standard twisted-pair feeder, thereby are connected to outer network switch or interior network switch; And EEPROM, be connected to said network card chip, store the startup configuration parameter of said network security isolator.
Utilize the network security isolator of the utility model, can on the basis that does not change the existing network topological structure,, realize the secure exchange of the data between the network through control to physical layer hardware.
Description of drawings
Fig. 1 is the schematic diagram that existing network security separate card is shown;
Fig. 2 is the structural representation that the network security isolator of the utility model is shown
Fig. 3 is that the network of the network security isolator of the utility model connects sketch map; And
Fig. 4 is the circuit diagram of the control switching circuit in the network security isolator of the utility model.
Embodiment
Below, will specify the preferred implementation of the utility model with reference to accompanying drawing.
As shown in Figure 2, the network security isolator 20 of the utility model comprises: computer interface circuit 22 is connected to computer; Network card chip 21 is connected to said computer interface circuit 22, to said network security isolator 20 network interface is provided; Control switching circuit 23 is connected to said network card chip 21, between Intranet/outer net, carries out physics and switches; Outer network interface 25 and interior network interface 26 are connected to said control switching circuit 23 respectively, said network security isolator 20 is connected with the twisted-pair feeder of standard, thereby is connected to outer network switch or interior network switch; And EEPROM 24, be connected to said network card chip 21, store the startup configuration parameter of said network security isolator 20.
Said network card chip 21 makes the network security isolator 20 of the utility model have the function of surfing the Net of common network interface card.This network card chip 21 for example can be selected the RTL8139 chip of Realtek for use.
Said computer interface circuit 22 can be to communicate any interface that is connected, for example pci interface, USB interface, serial line interface or parallel interface with computer.
Fig. 3 illustrates the network connection state of the network security isolator 20 of the utility model.As shown in Figure 3, this network security isolator 20 is connected between personal computer 31 and outer net hub 32 and the Intranet hub 33, realizes that the physics between outer net and the Intranet switches.
Referring to Fig. 4, be the circuit diagram of the control switching circuit 23 in the network security isolator 20 of the utility model.J1 is the RJ45 socket that network card chip 21 inserts, and J2 is an Intranet output RJ45 socket, and J3 is that outer net output RJ45 inserts, and DL is a relay, and four groups of switches are arranged.When switch-over control signal is high level, be added to the base stage of triode Q through the CH1 input, the triode conducting, the relay adhesive, J1 and J3 connect; When otherwise control signal was low level, J1 and J2 connected.
Below, the use instance of the network security isolator 20 of the utility model is described.Network security isolator 20 is inserted in the pci bus slot of computer; And outer net netting twine and Intranet netting twine are connected respectively in outer network interface 25 of the present invention and the interior network interface 26, thereby make this network security isolator 20 can be connected to outer net hub and Intranet hub.Under common mode of operation, network security isolator 20 is equivalent to a common network interface card, and the user can be connected to Intranet or outer net through this network security isolator 20.And when carrying out the intranet and extranet switch operating, system at first sends switch-over control signal.This switch-over control signal through pci bus slot on the mainboard and network security isolator 20 computer interface circuit 22 and with network card chip 21, arrival control switching circuit 23.This control switching circuit 23 is realized the switching of intranet and extranet operating state according to said switch-over control signal.
Utilize the network security isolator of the utility model, can on the basis that does not change the existing network topological structure,, realize the secure exchange of the data between the network through control to physical layer hardware.
Above-described structure only is exemplary with handling, and is not the scope that is used to limit the utility model.Those skilled in the art will appreciate that and to carry out various changes to the utility model, and do not break away from the spirit and the scope of the utility model.
Claims (5)
1. network security isolator comprises:
The computer interface circuit is connected to computer;
Network card chip is connected to said computer interface circuit, to said network security isolator network interface is provided;
Control switching circuit is connected to said network card chip, between Intranet/outer net, carries out physics and switches;
Outer network interface and interior network interface are connected to said control switching circuit respectively, and said network security isolator is connected with the standard twisted-pair feeder, thereby are connected to outer network switch or interior network switch; And
EEPROM is connected to said network card chip, stores the startup configuration parameter of said network security isolator.
2. network security isolator as claimed in claim 1, wherein said network card chip are the RTL8139 chips.
3. network security isolator as claimed in claim 1, wherein said computer interface circuit be can with computer communicate the pci interface, USB interface, serial line interface or the parallel interface that are connected it
4. network security isolator as claimed in claim 1, wherein said outer network interface and interior network interface are RJ8-45 netting twine seats.
5. network security isolator as claimed in claim 1, wherein said control switching circuit comprises relay and triode, by the adhesive of the conducting control relay of triode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011204350190U CN202424768U (en) | 2011-11-04 | 2011-11-04 | Network safety isolator |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011204350190U CN202424768U (en) | 2011-11-04 | 2011-11-04 | Network safety isolator |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN202424768U true CN202424768U (en) | 2012-09-05 |
Family
ID=46749490
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011204350190U Expired - Fee Related CN202424768U (en) | 2011-11-04 | 2011-11-04 | Network safety isolator |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN202424768U (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111131280A (en) * | 2019-12-30 | 2020-05-08 | 网络通信与安全紫金山实验室 | Internal and external network isolation system |
| CN113438197A (en) * | 2020-03-23 | 2021-09-24 | ***通信集团云南有限公司 | Multi-stage cascade communication system, method, computer device and medium for cross-network acquisition |
| CN114640540A (en) * | 2022-04-07 | 2022-06-17 | 国网河北省电力有限公司电力科学研究院 | Communication control and signal processing device, photovoltaic management system and control method thereof |
-
2011
- 2011-11-04 CN CN2011204350190U patent/CN202424768U/en not_active Expired - Fee Related
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111131280A (en) * | 2019-12-30 | 2020-05-08 | 网络通信与安全紫金山实验室 | Internal and external network isolation system |
| CN113438197A (en) * | 2020-03-23 | 2021-09-24 | ***通信集团云南有限公司 | Multi-stage cascade communication system, method, computer device and medium for cross-network acquisition |
| CN113438197B (en) * | 2020-03-23 | 2022-11-01 | ***通信集团云南有限公司 | Multi-stage cascade communication system, method, computer device and medium for cross-network acquisition |
| CN114640540A (en) * | 2022-04-07 | 2022-06-17 | 国网河北省电力有限公司电力科学研究院 | Communication control and signal processing device, photovoltaic management system and control method thereof |
| CN114640540B (en) * | 2022-04-07 | 2024-01-09 | 国网河北省电力有限公司电力科学研究院 | Photovoltaic management system and control method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102868780A (en) | RS-485 slave computer addressing network system and addressing method thereof | |
| CN104378729B (en) | Mobile communications network service implementation method and mobile terminal system | |
| CN202424770U (en) | Safety isolator for network data | |
| EP2543157B1 (en) | System and method for multiple concurrent virtual networks | |
| CN102387022A (en) | Power over Ethernet method and device | |
| CN106060909A (en) | Network access method and mobile terminal | |
| CN104158706B (en) | Loop detection method and device | |
| CN105095037A (en) | Wire card, backboard of wire card and wire card test method | |
| CN202424768U (en) | Network safety isolator | |
| CN103914418A (en) | Processor module, micro-server, and method of using processor module | |
| CN103020546A (en) | Intelligent physical isolation secure data exchange equipment and method | |
| CN104461716A (en) | Access method of multi-nucleus heterogeneous system and multi-nucleus heterogeneous system | |
| CN104935390A (en) | Synchronized low-energy detection technique | |
| CN103338125B (en) | A kind of method of batch network device configuration | |
| CN103927279A (en) | FPGA configuration method, FPGA configuration system and processor | |
| CN102867158B (en) | A kind of switch internal memory method, device and there is the terminal of dual system | |
| CN102353118B (en) | Control method for judging master-slave relation of double wire controllers of air conditioner | |
| CN104270317A (en) | Control method and system for operating application program on router and router | |
| CN103226533A (en) | Device for extending MDIO (management data input/output) interface through parallel buses and realizing method thereof | |
| CN108664325B (en) | Handle the method and electronic equipment of data | |
| CN103442160A (en) | Network switching method and intelligent television | |
| CN103368944A (en) | Memory shared network architecture and protocol specifications for same | |
| CN105049294A (en) | Automatic testing method for port state switching of EAPS (Ethernet Automatic Protection Switching) protocol MASTER switch | |
| CN100428671C (en) | Network insulating apparatus and method | |
| CN110046108A (en) | USB peripheral control device, system and its control method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120905 Termination date: 20151104 |
|
| EXPY | Termination of patent right or utility model |