CN2435881Y - Network safety switching device - Google Patents
Network safety switching device Download PDFInfo
- Publication number
- CN2435881Y CN2435881Y CN 00242053 CN00242053U CN2435881Y CN 2435881 Y CN2435881 Y CN 2435881Y CN 00242053 CN00242053 CN 00242053 CN 00242053 U CN00242053 U CN 00242053U CN 2435881 Y CN2435881 Y CN 2435881Y
- Authority
- CN
- China
- Prior art keywords
- network
- switch
- port
- intranet
- network port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The utility model discloses a network safety switching device which can simultaneously connect with an internal network and an external network, accomplish information interchange and ensure absolute safety. The utility model comprises three network ports which are respectively connected with the internal network, the external network and an intermediate network server. A timing controller automatically controls a switch to be switched off and switched on during time intervals set by users, and information sent to the external network from the internal network and information sent to the internal network from the external network are provisionally stored in the intermediate server, and then the information is transmitted to a destination server. In the process, the utility model always ensures the internal network and the external network to be physically isolated.
Description
The utility model relates to a kind of network security switch, realizes the information exchange of Intranet and outer net and guarantees network security.
Informationization produces more and more huger and far-reaching influence over against human social development, and network just progressively is deep into aspect of social life.From world wide, advance government department's office automation, networking, electronization, realize that it has been trend of the times that comprehensive information is shared.1999, initiated " project of government's surfing the net " by units such as the China Telecom and the Economic Information Center of the State Economic and Trade Commission, by in May, 1999, existingly surpass 300 government website and begin society is released news, service is provided.Comprehensive startup of project of government's surfing the net directly promotes and influences central and local government information work plan, and the enthusiasm of each province and city government organs online is generally surging.Along with the raising of degree is built in the networking of mechanism of the Chinese government, mechanism of China governments at all levels has possessed and has progressively implemented " E-Government " necessary network condition.
E-government implementation, safety first.Fail safe is one of most important demand of e-government project, because government department relates to a large amount of national security informations that get, it is perfectly safe to guarantee.Government department's information network relates generally to two networks: one is Intranet, handles internal office work and government services information; Another is an outer net, is used for externally releasing news and receives the public feeding back.How to solve intranet and extranet information exchange, ensure information security, be an important problem.
The major product of the network information security is a fire compartment wall at present, according to certain security strategy, the IP bag by fire compartment wall is filtered, and assurance has only the Intranet authorized user can visit outer net and the outer net authorized user can be visited Intranet, to prevent unauthorized access.But because fire compartment wall is a software product, itself exists security breaches, and the operating system platform of firewall product, software be external product mostly, and safety problem is just more serious.In order to overcome the safety problem of system platform, some enterprise and institutions of China develop some homemade firewall products at present, but because there is connection between the intranet and extranet, exist the possibility of being broken through by the hacker, can not guarantee being perfectly safe of intranet and extranet.Therefore, the Ministry of Information Industry, national security agency, National Administration for the Protection of State Secrets dispatch a joint document, and stipulate that clearly Party and government offices' internal office work network must not link to each other with the internet, must accomplish Intranet and outer net physical isolation.This way has fundamentally solved the intrusion system problem from outer net, but also causes internal user can't send and receive e-mail and browse the problems such as content of Internet.
For solve guarantee the internal office work net safe, can use the problem of Internet again, safe isolation computer has appearred, Chinese patent publication number: CN2337611Y, adopt two computers that are synthesized together, configuration two cover mainboard, network interface card and hard disks, one connects Intranet, and one connects outer net, shared cover keyboard, mouse and a monitor.In use, carry out the switching of intranet and extranet computer with a special button.The safe coefficient of this method is very high, but has some defectives: the one, and each user needs two network interfaces, can't use for the unit of the good line of cloth; The 2nd, need to buy this kind computer, if the user of existing computer all changes, both needed substantial contribution, existing equipment then will be wasted; The 3rd, personal information exchange difficulty, the external Email that for example receives if inside will be used, must be changed by floppy disk, and is very inconvenient.
The purpose of this utility model is in order to overcome the above-mentioned defective of prior art, a kind of network security switch to be provided, and it connects Intranet and outer net simultaneously on the one hand, makes Intranet and outer net automatic exchange message; Guarantee physical isolation between Intranet and the outer net on the other hand, not connected, thus the information channel of a safety is provided for Intranet user.
The utility model realizes that the scheme of above-mentioned purpose is: a kind of network security switch, comprise first and second network port, link to each other with outer net with Intranet respectively, it is characterized in that: also comprise the 3rd network port, switch, described the 3rd network port links to each other with an intermediate server, described switch one end links to each other with the three-terminal network port, and the other end links to each other with first network port or second network port, only connects first network port or second network port at synchronization.
Adopt the beneficial effect of above scheme: pass through switch, realize the forwarding of intranet and extranet information with intermediate server, realize Intranet and outer net information exchange, only one of them is connected with transfer server at one time and Intranet is with outer net, thereby makes intranet and extranet from physically isolating.Like this, the present networks safety switch can definitely guarantee Intranet and outer net physical isolation, and the information such as Email of intranet and extranet can be exchanged, thereby overcome everyone and needed the restriction of two computers, provide cost savings, and information exchange carries out automatically, it is extremely convenient to use.
Fig. 1 is a functional-block diagram of the present utility model.
Fig. 2 is a kind of working state schematic representation of the present utility model.
Fig. 3 is an another kind of working state schematic representation of the present utility model.
Fig. 4 is the physical circuit figure of embodiment of the present utility model.
Also in conjunction with the accompanying drawings the utility model is described in further detail below by specific embodiment.
With reference to Fig. 1, the utility model network security switch comprises 3 network interface A, B, C, two K switch a, Kb (also can two contact a, b be arranged with a single-pole double-throw switch (SPDT)) and a timing controller T.First network port A connects Intranet (being the internal office work net) server S erverA, and second network port B connects outer net (as the internet etc., link to each other with the external world) server S erverB, the 3rd network interface C connection intermediate server ServerC.K switch a (or the contact of commutator a) controls being switched on or switched off of first network port A and the 3rd network port C, and K switch b (or contact b of commutator) control second network port B and the 3rd network port C are switched on or switched off.Timing controller T is responsible for closing Kb in certain time interval (as 5 minutes) and opens Ka then or close Ka and open Kb then, thereby guarantee to have only Intranet server S erverA and intermediate server ServerC to connect, perhaps outer net server S erverB and intermediate server ServerC connect, exchange I/O information when connecting, and definitely guarantee Intranet and outer net physical isolation.Timing controller T also can adopt other control systems, as with manually realizing control, or with the open and close of certain trigger pulse control switch.
As shown in Figures 2 and 3, the utility model has two kinds of operating states.In Fig. 2, K switch a opens, K switch b connects, outer net server S erverB and intermediate server ServerC connect, information from outer net is transferred to intermediate server ServerC from outer net server S erverB, and the Intranet message transmission that is buffered in simultaneously on the intermediate server ServerC arrives outer net ServerB.In Fig. 3, K switch a connects, K switch b opens, Intranet server S erverA and intermediate server ServerC connect, the information that sends to outer net is transferred to intermediate server ServerC from Intranet ServerA, is buffered in outer net message transmission on the intermediate server ServerC simultaneously to Intranet server S erverA.Timing controller T guarantees to have only above two kinds of connection situations to exist, thereby guarantees that inside and outside network physical isolates when making the intranet and extranet information exchange all the time.
Network interface A, B, C support the connection of 10/100M Ethernet, ATM (asynchronous transfer mode) net connection and serial ports, parallel port to connect.K switch a, Kb can adopt relay or electronic switch.The fixed time interval of timing controller T can be regulated within the specific limits by the user, to adapt to the requirement of different types of information exchange.
With reference to Fig. 4, the utility model comprises power module, timing control module and switch module.Power module is responsible for this device power supply is provided.Control module realizes that by integrated circuit U2 and peripheral cell timing is set by S1.Switch module is responsible for the switching of the network port, and promptly NET1 or NET2 and com port are connected.Should be the employing single-pole double-throw switch (SPDT), can guarantee between port A and the port B physical isolation at any time.According to the quantity difference of line, control switch Ka, Kb can be the switches set of a plurality of switch gearings.Because Ethernet and ATM net are used 4 lines, so control switch Ka, Kb are made up of the K switch 1-K4 of four interlocks among the figure.
The operation principle of present embodiment is: the switching time of user by S1 setting network safe connection equipment, as 5 minutes, timing control module was every a switching time, on the contrary with the position of switch from port A switch to port B or.
The above is embodiment of the present utility model; it or not qualification to protection range of the present invention; within the protection range that the application's claims are limited, those skilled in the art can carry out various improvement, comprise formation of the selecting for use of device, physical circuit etc.
Claims (9)
1. network security switch, comprise first and second network port (A, B), link to each other with outer net (Server2) with Intranet (Server1) respectively, it is characterized in that: also comprise the 3rd network port (C), switch (Ka, Kb), described the 3rd network port (C) links to each other with an intermediate server (Server3), described switch (Ka, a Kb) end links to each other with three-terminal network port (C), the other end links to each other with first network port (A) or second network port (B), only connects first network port (A) or second network port (B) at synchronization.
2. network security switch as claimed in claim 1 is characterized in that: described switch (Ka, Kb) is electronic switch or relay.
3. network security switch as claimed in claim 1 or 2 is characterized in that: the switches set that described switch (Ka, Kb) is made up of the switch of a plurality of mutual interlocks.
4. network security switch as claimed in claim 1 or 2 is characterized in that: also comprise controller (T), it links to each other with switch (Ka, Kb).
5. network security switch as claimed in claim 3 is characterized in that: also comprise controller (T), it links to each other with switch (Ka, Kb).
6. network security switch as claimed in claim 1 or 2 is characterized in that: described first, second and third network port (A, B, C) is Ethernet interface, asynchronous transfer Fabric Interface, parallel port or serial port.
7. network security switch as claimed in claim 3 is characterized in that: described first, second and third network port (A, B, C) is Ethernet interface, asynchronous transfer mode interface, parallel port or serial port.
8. network security switch as claimed in claim 4 is characterized in that: described first, second and third network port (A, B, C) is Ethernet interface, asynchronous transfer Fabric Interface, parallel port or serial port.
9. network security switch as claimed in claim 5 is characterized in that: described first, second and third network port (A, B, C) is Ethernet interface, asynchronous transfer Fabric Interface, parallel port or serial port; Described controller (T) is a time controller.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 00242053 CN2435881Y (en) | 2000-07-11 | 2000-07-11 | Network safety switching device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 00242053 CN2435881Y (en) | 2000-07-11 | 2000-07-11 | Network safety switching device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN2435881Y true CN2435881Y (en) | 2001-06-20 |
Family
ID=33602316
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 00242053 Expired - Fee Related CN2435881Y (en) | 2000-07-11 | 2000-07-11 | Network safety switching device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN2435881Y (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100373867C (en) * | 2005-01-14 | 2008-03-05 | 北邮英科(北京)信息技术研究所有限公司 | Massive parallel processing apparatus and method for network isolation and information exchange module |
| CN100375440C (en) * | 2005-01-18 | 2008-03-12 | 英业达股份有限公司 | Network connectivity backup system |
| CN102377697A (en) * | 2011-11-16 | 2012-03-14 | 华为技术有限公司 | Data processing method under condition of network physical isolation |
| CN101697180B (en) * | 2009-11-06 | 2012-07-04 | 深圳市优特普科技有限公司 | Computer data communication isolation management system and data monitoring method |
| CN102771090A (en) * | 2009-12-23 | 2012-11-07 | 思杰***有限公司 | Systems and methods for policy based transparent client IP prosecution |
| CN105072020A (en) * | 2015-08-04 | 2015-11-18 | 广州华多网络科技有限公司 | Instant message processing method and system |
| CN112333286A (en) * | 2020-11-24 | 2021-02-05 | 北京紫云智能科技有限公司 | Pre-hospital information and emergency department information data safety sharing system |
-
2000
- 2000-07-11 CN CN 00242053 patent/CN2435881Y/en not_active Expired - Fee Related
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100373867C (en) * | 2005-01-14 | 2008-03-05 | 北邮英科(北京)信息技术研究所有限公司 | Massive parallel processing apparatus and method for network isolation and information exchange module |
| CN100375440C (en) * | 2005-01-18 | 2008-03-12 | 英业达股份有限公司 | Network connectivity backup system |
| CN101697180B (en) * | 2009-11-06 | 2012-07-04 | 深圳市优特普科技有限公司 | Computer data communication isolation management system and data monitoring method |
| CN102771090A (en) * | 2009-12-23 | 2012-11-07 | 思杰***有限公司 | Systems and methods for policy based transparent client IP prosecution |
| CN102771090B (en) * | 2009-12-23 | 2016-05-25 | 思杰***有限公司 | The system and method inserting for the transparent client computer IP based on strategy |
| CN102377697A (en) * | 2011-11-16 | 2012-03-14 | 华为技术有限公司 | Data processing method under condition of network physical isolation |
| CN105072020A (en) * | 2015-08-04 | 2015-11-18 | 广州华多网络科技有限公司 | Instant message processing method and system |
| CN105072020B (en) * | 2015-08-04 | 2019-12-10 | 广州华多网络科技有限公司 | method and system for processing instant communication message |
| CN112333286A (en) * | 2020-11-24 | 2021-02-05 | 北京紫云智能科技有限公司 | Pre-hospital information and emergency department information data safety sharing system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Ornstein et al. | The terminal IMP for the ARPA computer network | |
| US9009288B2 (en) | Remote power control system | |
| EP1068693B1 (en) | System and method for transmitting voice and data using intelligent bridged tdm and packet buses | |
| CN101790108B (en) | Automatic wiring device, management system and method | |
| CN100571191C (en) | Keep the VRRP technology of VR confidentiality | |
| CN2435881Y (en) | Network safety switching device | |
| CN100419606C (en) | Interface method and apparatus for plant-level monitoring system and decentralized control system for power plant | |
| CN103036876B (en) | A kind of Integral computer equipment and application thereof realizing unified operation under Network Isolation state | |
| CN108810871A (en) | A kind of SIM card cell system of pyramid frame-type | |
| Modiri | The ISO reference model entities | |
| CN2337611Y (en) | Safety network computer capable of simultaneously connecting internal network and external network | |
| CN2588677Y (en) | Safety isolation network gate | |
| CN108566325A (en) | Ciphering type ring exchanger system | |
| CN1142506C (en) | Information bridge network safety isolator | |
| US5548710A (en) | Method and apparatus for an ISDN communication system using active and stand-by ISDN communication adaptors to maintain operation when trouble occurs | |
| CN100385866C (en) | Realizing method for long-range maintenance | |
| KR100690042B1 (en) | The embodiment of ip interface pyh level duplication in ip based using dual active device | |
| CN209390103U (en) | A kind of safety device that industrial control network and Office Network interconnection may be implemented | |
| CN108366002A (en) | A kind of multi-action computer network guard system | |
| Cisco | Preparing for Configuration | |
| CN114301948A (en) | Industrial control network architecture for blast furnace production | |
| Cabral et al. | SDN Advantages for Ethernet-Based Control | |
| CN206946437U (en) | Optical fiber kvm system with active and standby hot turn function | |
| JPH0622028A (en) | Management system in communication network | |
| CN216391046U (en) | Telecontrol communication isolating device with bypass control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C19 | Lapse of patent right due to non-payment of the annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |