CN214067629U - Network risk early warning and management and control system of industrial control system - Google Patents
Network risk early warning and management and control system of industrial control system Download PDFInfo
- Publication number
- CN214067629U CN214067629U CN202023236389.XU CN202023236389U CN214067629U CN 214067629 U CN214067629 U CN 214067629U CN 202023236389 U CN202023236389 U CN 202023236389U CN 214067629 U CN214067629 U CN 214067629U
- Authority
- CN
- China
- Prior art keywords
- control system
- server
- early warning
- switch
- risk early
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The utility model discloses a network risk early warning and management and control system of an industrial control system, which comprises an internal risk early warning and management and control system and an external risk early warning and management and control system, wherein the internal risk early warning and management and control system comprises a monitoring server and an isolation room provided with an access control system and a camera, a control cabinet and a plurality of internal switches are arranged in the isolation room, and a hardware firewall is arranged between the control cabinet and the internal switches; the external risk early warning and management and control system comprises an anti-virus server, an external server, a core switch and an external switch, and the outer end of the core switch is also connected with a next-generation firewall. The utility model is provided with the entrance guard, the camera and the isolation room, thereby effectively reducing the influence of the internal personnel on the stable operation of the control system; and a next-generation firewall is arranged for upgrading and isolating to avoid external invasion or attack threat.
Description
Technical Field
The utility model relates to an industrial control system network risk early warning and management and control technique, in particular to industrial control system's network risk early warning and management and control system.
Background
The traditional industrial control system network safety only depends on a network firewall to carry out port matching and allow protocol matching to finish isolation with an information network, firstly, the network firewall has the common problem of easy acceptance, secondly, the network firewall cannot effectively prevent invasion or virus transmission in the system, and finally, the network risk of the system cannot be pre-judged and identified in advance.
SUMMERY OF THE UTILITY MODEL
The utility model aims to solve the technical problem that to prior art not enough, provide a reasonable in design, have the network risk early warning and the management and control system of the industrial control system of disconnected discernment ability in advance.
In order to achieve the above purpose, the utility model adopts the following technical scheme:
a network risk early warning and management and control system of an industrial control system is characterized in that the system comprises an internal risk early warning and management and control system and an external risk early warning and management and control system,
the internal risk early warning and control system comprises a monitoring server and an isolation room provided with an access control system and a camera, wherein the access control system and the camera are both connected with the monitoring server through network switches;
external risk early warning and management and control system includes the antivirus server, outside server, the core switch, outside switch and operation station, and the operation station is connected with outside switch, and the core switch is inner to be connected with inside switch through outside switch, and the core switch outer end links to each other with the antivirus server, and outside server is connected with outside switch, and the core switch outer end still is connected with guarantee control system and information network data security's next generation and prevents hot wall.
The utility model discloses the technical problem that will solve can also be realized through following technical scheme, all be equipped with domain accuse module or wind-operated module on monitoring server, antivirus server and the outside server.
The utility model discloses the technical problem that will solve can also realize through following technical scheme, the camera is for having the camera of video recording function.
The utility model discloses the technical problem that will solve can also realize through following technical scheme, and this system still includes the fire wall control computer of effective monitoring network risk, prevents that fire wall control computer and next generation prevent the hot wall connection.
The utility model discloses the technical problem that will solve can also realize through following technical scheme prevent that the wall control computer is equipped with in and prevents hot wall virus storehouse.
The utility model discloses the technical problem that will solve can also be realized through following technical scheme, the antivirus server is equipped with system virus storehouse.
Compared with the prior art, the utility model effectively reduces the influence of internal personnel or other system reasons on the stable operation of the control system by setting access mechanisms such as entrance guard, camera and physical isolation of the isolation room; an anti-virus server is arranged in the network according to network configuration, internal protection and processing are carried out in real time, a domain control module and a wind control module are arranged, and system security judgment and suggestion disposal are carried out; and a next-generation firewall is additionally arranged, upgrading and isolation are realized, the safety and controllability of the control system and the information network data are guaranteed, a firewall virus library is updated regularly, and external invasion or attack threat is avoided.
Drawings
Fig. 1 is a working schematic diagram of the system of the present invention.
In the figure: 1-monitoring server, 2-network switch, 3-camera, 4-isolation house, 5-CF9 hardware firewall, 6-door control system, 7-internal switch, 8-external server, 9-external switch, 10-operation station, 11-antivirus server, 12-firewall control computer, 13-next generation firewall, 14-core switch, 15-dofano hardware firewall, 16-APC server, 17-control cabinet.
Detailed Description
The technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only some embodiments of the present invention, not all embodiments.
In the description of the present invention, it is to be understood that the terms "upper", "lower", "front", "rear", "left", "right", "top", "bottom", "inner", "outer", and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, and do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and therefore, should not be construed as limiting the present invention.
Referring to fig. 1, a network risk early warning and management and control system of an industrial control system, the system includes an internal risk early warning and management and control system and an external risk early warning and management and control system,
the internal risk early warning and control system comprises a monitoring server 1 and an isolation room 4 provided with an access control system 6 and a camera 3, wherein the access control system 6 and the camera 3 are both connected with the monitoring server 1 through a network switch 2, a control cabinet 17 and a plurality of internal switches 7 are arranged in the isolation room 4, the control cabinet 17 is connected with the internal switches 7, a hardware firewall is arranged between the control cabinet 17 and the internal switches 7, and the hardware firewall is a CF9 hardware firewall 5;
the external risk early warning and management and control system comprises an anti-virus server 11, an external server 8, a core switch 14, an external switch 9 and an operation station 10, wherein the inner end of the core switch 14 is connected with an internal switch 7 through the external switch 9, the outer end of the core switch 14 is connected with the anti-virus server 11, the outer end of the external server 8 is respectively connected with the external switch 9 and the operation station 10, and the outer end of the core switch 14 is also connected with a next-generation firewall 13 which can ensure the safety and the controllability of a control system and information network data;
the monitoring server 1, the anti-virus server 11 and the external server 8 are all provided with a domain control module or a wind control module;
the camera 3 is a camera with a video recording function;
the system also comprises a firewall control computer 12 for effectively monitoring the network risk, and the firewall control computer is connected with a next-generation firewall 13;
a firewall virus library is arranged in the firewall control computer 12, the anti-virus server 11 is provided with a system virus library,
the utility model discloses in internal exchange 7, external exchange 9 and core switch 14 all be equipped with switch A and switch B two kinds, external server is server A/B or APC server 16, add many fenno hardware between APC server 16 and the external exchange and prevent hot wall 15.
The system according to industrial control system network framework, the successive layer is disposed and is built, sets up the four layers altogether, specifically does:
a first layer: the control system is provided with a hardware firewall to ensure the intrinsic safety of a control layer, and the specific structure comprises a control cabinet, an internal switch and the hardware firewall;
a second layer: the influence of internal personnel or other system reasons on the stable operation of the control system is effectively reduced by means of physical isolation, software configuration, hardware setting, personnel management and the like; the concrete structure comprises an isolation room used as physical isolation, a network switch, a monitoring server, an external switch, an external server and an operation station consisting of a plurality of computers,
and a third layer: and a domain control system, a wind control system and an anti-virus system are additionally arranged to effectively monitor the network risk of the control system, and the virus database is updated and released regularly, so that the internal safety of the system is guaranteed. The specific structure is a domain control module or a wind control module arranged in each server and a next-generation firewall;
the next-generation firewall deployment is added to ensure the safety and controllability of the control system and the information network data, and the firewall virus library is updated regularly to avoid external invasion or attack threat;
a fourth layer: and linking with company information departments, and performing boundary protection and internal supervision according to the highest configuration of the Internet.
The above, only be the concrete implementation of the preferred embodiment of the present invention, but the protection scope of the present invention is not limited thereto, and any person skilled in the art is in the technical scope of the present invention, according to the technical solution of the present invention and the utility model, the concept of which is equivalent to replace or change, should be covered within the protection scope of the present invention.
Claims (5)
1. The utility model provides an industrial control system's network risk early warning and management and control system which characterized in that: the system comprises an internal risk early warning and control system and an external risk early warning and control system,
the internal risk early warning and control system comprises a monitoring server and an isolation room provided with an access control system and a camera, wherein the access control system and the camera are both connected with the monitoring server through network switches;
external risk early warning and management and control system includes the antivirus server, outside server, the core switch, outside switch and operation station, and the operation station is connected with outside switch, and the core switch is inner to be connected with inside switch through outside switch, and the core switch outer end links to each other with the antivirus server, and outside server is connected with outside switch, and the core switch outer end still is connected with guarantee control system and information network data security's next generation and prevents hot wall.
2. The system as claimed in claim 1, wherein the monitoring server, the anti-virus server and the external server are respectively provided with a domain control module or a wind control module.
3. The system as claimed in claim 1 or 2, wherein the camera is a video camera with video recording function.
4. The system as claimed in claim 1, further comprising a firewall control computer for effectively monitoring cyber risk, wherein the firewall control computer is connected to the next generation firewall.
5. The system as claimed in claim 1, wherein the operation station comprises a plurality of computers, and each computer is connected to an external switch.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202023236389.XU CN214067629U (en) | 2020-12-29 | 2020-12-29 | Network risk early warning and management and control system of industrial control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202023236389.XU CN214067629U (en) | 2020-12-29 | 2020-12-29 | Network risk early warning and management and control system of industrial control system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN214067629U true CN214067629U (en) | 2021-08-27 |
Family
ID=77367551
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202023236389.XU Active CN214067629U (en) | 2020-12-29 | 2020-12-29 | Network risk early warning and management and control system of industrial control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN214067629U (en) |
-
2020
- 2020-12-29 CN CN202023236389.XU patent/CN214067629U/en active Active
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN201821366U (en) | Real-time monitoring system for temperature and humidity of computer room environment | |
| Zhu et al. | Research on the security technology of big data information | |
| CN106027495A (en) | Multi-network selection type computer network monitor | |
| CN214067629U (en) | Network risk early warning and management and control system of industrial control system | |
| CN203271342U (en) | Internet of Things coded lock | |
| Guo et al. | Cyber security risk analysis of physical protection systems of nuclear power plants and research on the cyber security test platform using digital twin technology | |
| CN112350858A (en) | Cloud intelligent home data security management system | |
| Guan et al. | Notice of Retraction: An New Intrusion Prevention Attack System Model Based on Immune Principle | |
| CN109600365A (en) | Gene similitude intrusion detection method based on electric power networks IEC specification | |
| CN103164891B (en) | Multi-channel intelligent access control management system and working method thereof | |
| EP3018878B1 (en) | Firewall based prevention of the malicious information flows in smart home | |
| CN108765838A (en) | A kind of electric fire monitoring system based on the LoRa communication technologys | |
| CN108134792A (en) | The method for realizing defending against network virus attack in computer systems based on virtualization technology | |
| CN211047505U (en) | Cabinet for accurate positioning management of IT assets | |
| Wang | Internet of Things Computer Network Security and Remote Control Technology Application | |
| CN209312031U (en) | A kind of computerized information engineering anti-theft device | |
| Zhu et al. | Discussion on information security technology of big data system | |
| Tian et al. | Analysis on solid protection system of industrial control network security in intelligent factory | |
| CN107070913A (en) | A kind of detection and means of defence and system based on webshell attacks | |
| CN203673587U (en) | Supermarket remote shelf-monitoring antitheft system | |
| CN108021828A (en) | A kind of computer information data multi-stage protection system | |
| CN216795016U (en) | Safety monitoring device suitable for industrial control network | |
| CN212543925U (en) | Video network access safety device | |
| CN219124212U (en) | Network security protection system | |
| CN202353603U (en) | Safety protection system for emergency commanding platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |