CN202587022U - Network security isolation system - Google Patents
Network security isolation system Download PDFInfo
- Publication number
- CN202587022U CN202587022U CN 201220175058 CN201220175058U CN202587022U CN 202587022 U CN202587022 U CN 202587022U CN 201220175058 CN201220175058 CN 201220175058 CN 201220175058 U CN201220175058 U CN 201220175058U CN 202587022 U CN202587022 U CN 202587022U
- Authority
- CN
- China
- Prior art keywords
- network
- internal network
- isolator
- access device
- internal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The utility model provides a network security isolation system. The network security isolation system comprises: an internal network and external network isolator which is connected with an internal network and an external network respectively for performing physical isolation; an internal network access device isolator which is connected with the internal network and an internal network access device for performing physical isolation; and a data exchanger which is connected with the internal network and external network isolator and the internal network access device isolator for performing data temporary storage and data exchange. According to the utility model, the physical isolation and data exchange between the internal network and the external network can be realized, and the physical isolation and data exchange between the internal network and the internal access device are realized at the same time, so that the confidentiality and the security of the internal network are ensured in both the inner direction and the outer direction.
Description
Technical field
The utility model relates to field of information security technology, more specifically, relates to a kind of network security shielding system.
Background technology
For any computer network, ensuring information safety all is the key issue that at first will solve.Particularly the Intranet of some unit, enterprise, in-house foundation and private network must can't be invaded by the strict guarantee internal network, and internal data does not leak, and are not infected by the virus on the Internet, wooden horse simultaneously.
It is the basic means that guarantees internal network security that intranet and extranet are carried out physical isolation.Through physical isolation equipment Intranet and the Internet are separated, make Intranet can not directly set up being connected of physics and logic with the Internet, the transition through physical isolation equipment between the two realizes exchanges data.Practical application shows that the physical isolation means are basic means that internal network is taken precautions against intrusion, assurance internal data safety and internal network devices operate as normal from the Internet, in the high Intranet of various confidentiality, have obtained using widely.
But a remarkable deficiency of existing physical isolation equipment is only to pay attention to Intranet and outer net is isolation and strick precaution between the Internet, has but generally ignored isolation and control to the inside access device of Intranet.In fact, to the threat of intranet security and confidentiality not only from the outside, more from network internal.Under the situation of having used the physical isolation means; Invading internal network through the Internet carries out data theft or destroys very difficult; But the Internal users but can have no the access Intranet of obstacle through portable memory apparatus such as computer or portable hard drives; Carry out data manipulation, this just easily deliberately or be not intended to cause internal data operation or virus infections.It is thus clear that, for Intranet from the information security threats of inside much larger than the outside, and existing physical isolation equipment is not effectively taken precautions against this.
The utility model content
To above-mentioned defective of the prior art; The utility model provides a kind of network security shielding system; The thing that can realize internal network and external internet is from isolating and exchanges data; Realize physical isolation and exchanges data between internal network and the inner access device simultaneously, thereby guaranteed the confidentiality and the fail safe of internal network from inside and outside both direction.
The described network security shielding system of the utility model comprises:
Inside and outside network isolator connects internal network and external network respectively and carries out physical isolation;
Intranet access device isolator connects said internal network and Intranet access device and carries out physical isolation;
Data switching exchane connects the temporary and exchange of line data of going forward side by side of said inside and outside network isolator and Intranet access device isolator.
Preferably, said inside and outside network isolator comprises electronic switch and isolation controller.Said electronic switch is three port single-pole double-throw switch (SPDT)s, and said three ports connect said internal network, external network and data switching exchane respectively.Said isolation controller comprises the connection request input port of the connection request that is used to receive internal network and external network.
Preferably, said Intranet access device isolator comprises electronic switch, isolation controller and equipment access interface.Further preferably, said equipment access interface comprises USB port, wireless connections port and netting twine interface.Said electronic switch is three port single-pole double-throw switch (SPDT)s, and said three ports connect said internal network, equipment access interface and data switching exchane respectively.Said isolation controller comprises the connection request input port of the connection request that is used to receive internal network and Intranet access device.
The utility model makes internal network be connected with the data of external network and inner access device all to be under the physically-isolated protection; Exchanges data through control is arranged has guaranteed the confidentiality and the fail safe of internal network from inside and outside both direction, to taking precautions against from the intrusion of inside and destroying significant.
Description of drawings
Fig. 1 is the system global structure sketch map of the utility model embodiment;
Fig. 2 is the inside and outside network isolator structural representation of the utility model embodiment;
Fig. 3 is the Intranet access device spacer structures sketch map of the utility model embodiment.
Embodiment
By the technology contents, the structural feature that specify the utility model, realized purpose and effect, know clearly below in conjunction with embodiment and conjunction with figs. and give explanation.
Fig. 1 is the system configuration sketch map of the utility model embodiment.As shown in the figure; The function of the described network security shielding system 10 of the utility model is physical isolation and the exchanges data that realize between internal network 20 and the external network 30 (like the Internet); Realize physical isolation and exchanges data between internal network 20 and the inner access device 40 simultaneously; Inner access device 40 can be the portable equipment that inserts internal network through FPDPs such as USB interfaces; Like portable hard drive etc., also can be the Net-connected computer that inserts Intranet through netting twine interface such as RJ-45, also can be based on the radio reception device of agreement such as WIFI.
Network security shielding system 10 comprises inside and outside network isolator 101, Intranet access device isolator 102 and data switching exchane 103.Inside and outside network isolator 101 connects internal network 20 and external network 30 and carries out physical isolation; Intranet access device isolator 102 connects said internal network 20 and Intranet access device 40 and carries out physical isolation.Therefore, same time internal network 20 has only one of them can be connected inside and outside network isolator 101 with external network 30; When internal network 20 was connected to inside and outside network isolator 101, external network 30 must break off, and vice versa.Similarly, same time internal network 20 has only one of them can be connected Intranet access device isolator 102 with Intranet access device 40.The said inside and outside network isolator 101 of data switching exchane 103 connections is gone forward side by side with Intranet access device isolator 102, and line data is kept in and exchange, plays the effect of data ferry-boat and data filter.For example; External network 30 at first is temporarily stored in data switching exchane 103 to the data that internal network 20 transmits; Data switching exchane 103 can be checked said data; Filter bad datas such as virus wherein, when treating afterwards that internal network 20 connects inside and outside network isolators 101 with transfer of data to internal network 20; The also temporary and filtration of process data switching exchane 103 of data that internal network 20 transmits to external network 30, whether inspection exists the risk of revealing internal information, transfers to outer net afterwards.Similar, the data passes between 103 pairs of internal networks 20 of data switching exchane and the Intranet access device 40 also plays effect temporary and that filter.
Fig. 2 is the inside and outside network isolator structural representation of the utility model embodiment.Said inside and outside network isolator 101 comprises electronic switch 1011 and isolation controller 1012.Said electronic switch 1011 is three port single-pole double-throw switch (SPDT)s, and said three ports connect said internal network 20, external network 30 and data switching exchane 103 respectively, and its open and close receives the control of isolation controller 1012.Said isolation controller 1012 comprises the connection request input port 1012A and the 1012B of the connection request that is used to receive internal network 20 and external network 30; When connection request input port 1012A receives the connection request from internal network 20, then control electronic switch 1011 and connect internal networks 20 and carry out transfer of data with data switching exchane 103.
Fig. 3 is the Intranet access device spacer structures sketch map of the utility model embodiment.Intranet access device isolator 102 comprises electronic switch 1021, isolation controller 1022 and equipment access interface 1023.Said electronic switch 1021 is three port single-pole double-throw switch (SPDT)s, and said three ports connect said internal network 20, equipment access interface 1023 and data switching exchane 103 respectively.Said isolation controller 1022 comprises the connection request input port 1022A and the 1022B of the connection request that is used to receive internal network and Intranet access device, and correspondingly controls the open and close of electronic switch 1021.Said equipment access interface 1023 comprises USB port, wireless connections port and netting twine interface, to satisfy portable hard drive, Net-connected computer, the access demand of multiple inner access device such as radio reception device.
The utility model makes internal network be connected with the data of external network and inner access device all to be under the physically-isolated protection; Exchanges data through control is arranged has guaranteed the confidentiality and the fail safe of internal network from inside and outside both direction, to taking precautions against from the intrusion of inside and destroying significant.
The above is merely the embodiment of the utility model; Be not thus the restriction the utility model claim; Every equivalent structure or equivalent flow process conversion that utilizes the utility model specification and accompanying drawing content to be done; Or directly or indirectly be used in other relevant technical fields, all in like manner be included in the scope of patent protection of the utility model.
Claims (8)
1. a network security shielding system is characterized in that, comprising:
Inside and outside network isolator connects internal network and external network respectively and carries out physical isolation;
Intranet access device isolator connects said internal network and Intranet access device and carries out physical isolation; With
Data switching exchane connects the temporary and exchange of line data of going forward side by side of said inside and outside network isolator and Intranet access device isolator.
2. network security shielding system according to claim 1 is characterized in that said inside and outside network isolator comprises electronic switch and isolation controller.
3. network security shielding system according to claim 2 is characterized in that, said electronic switch is three port single-pole double-throw switch (SPDT)s, and said three ports connect said internal network, external network and data switching exchane respectively.
4. network security shielding system according to claim 2 is characterized in that, said isolation controller comprises the connection request input port of the connection request that is used to receive internal network and external network.
5. network security shielding system according to claim 1 is characterized in that, said Intranet access device isolator comprises electronic switch, isolation controller and equipment access interface.
6. network security shielding system according to claim 5 is characterized in that, said equipment access interface comprises USB port, wireless connections port and netting twine interface.
7. network security shielding system according to claim 5 is characterized in that, said electronic switch is three port single-pole double-throw switch (SPDT)s, and said three ports connect said internal network, equipment access interface and data switching exchane respectively.
8. network security shielding system according to claim 5 is characterized in that, said isolation controller comprises the connection request input port of the connection request that is used to receive internal network and Intranet access device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201220175058 CN202587022U (en) | 2012-04-24 | 2012-04-24 | Network security isolation system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201220175058 CN202587022U (en) | 2012-04-24 | 2012-04-24 | Network security isolation system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN202587022U true CN202587022U (en) | 2012-12-05 |
Family
ID=47256378
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201220175058 Expired - Fee Related CN202587022U (en) | 2012-04-24 | 2012-04-24 | Network security isolation system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN202587022U (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103248624A (en) * | 2013-04-22 | 2013-08-14 | 郑永春 | Data security network system based on digital high-definition picture transmission |
| CN115242446A (en) * | 2022-06-22 | 2022-10-25 | 中国电子科技集团公司第五十二研究所 | Cloud desktop one-way data importing system and method under intranet environment |
| CN116545749A (en) * | 2023-06-06 | 2023-08-04 | 智云算能科技(深圳)有限公司 | Intelligent data safety transmission system |
-
2012
- 2012-04-24 CN CN 201220175058 patent/CN202587022U/en not_active Expired - Fee Related
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103248624A (en) * | 2013-04-22 | 2013-08-14 | 郑永春 | Data security network system based on digital high-definition picture transmission |
| CN115242446A (en) * | 2022-06-22 | 2022-10-25 | 中国电子科技集团公司第五十二研究所 | Cloud desktop one-way data importing system and method under intranet environment |
| CN116545749A (en) * | 2023-06-06 | 2023-08-04 | 智云算能科技(深圳)有限公司 | Intelligent data safety transmission system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102859926B (en) | The system and method for multiple parallel virtual network | |
| CN204833406U (en) | Electronic lock based on user identity characteristic recognition | |
| CN202587022U (en) | Network security isolation system | |
| CN206162540U (en) | Intelligent computer network safety isolation device | |
| CN102571798B (en) | A kind of public security network system | |
| CN101127761A (en) | Unidirectional protocol isolation method and device in network | |
| CN108322484A (en) | A kind of industrial control data ferry-boat system | |
| CN102130808A (en) | Enhanced mixed physical isolation method | |
| CN101127760A (en) | Bidirectional protocol isolation method and its device in network | |
| CN105208352B (en) | A kind of network video safety monitoring system and physical isolation method | |
| CN203659017U (en) | USB interface lock | |
| CN101561855B (en) | Method and system for controlling computer to access USB device | |
| CN103916451A (en) | Security center system for intelligent terminal devices on basis of internet of things | |
| Zhang et al. | The security for power internet of things: Framework, policies, and countermeasures | |
| CN201854302U (en) | Active anti-disclosure based network security system | |
| CN203618018U (en) | Internal and external network security access terminal | |
| Adepu et al. | Access control in water distribution networks: A case study | |
| CN216819851U (en) | Safety access device in transformer substation | |
| CN202231742U (en) | Network isolation device | |
| Nie et al. | M2M security threat and security mechanism research | |
| CN102662873A (en) | Device for realizing insulation blocking of storage carrier data | |
| CN106899545A (en) | A kind of system and method for terminal security communication | |
| CN105653978B (en) | A kind of method and system for improving TEE orders and executing speed | |
| CN103744050A (en) | Field detection device of intelligent electric energy meter | |
| CN210112051U (en) | Multi-information-source communication management device based on security isolation network gate |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121205 Termination date: 20140424 |