GB2306862A - Switching data networks - Google Patents
Switching data networks Download PDFInfo
- Publication number
- GB2306862A GB2306862A GB9602615A GB9602615A GB2306862A GB 2306862 A GB2306862 A GB 2306862A GB 9602615 A GB9602615 A GB 9602615A GB 9602615 A GB9602615 A GB 9602615A GB 2306862 A GB2306862 A GB 2306862A
- Authority
- GB
- United Kingdom
- Prior art keywords
- computer
- computer system
- data
- switching means
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
Abstract
A computer system comprises two or more independent data networks 7,8 and at least one computer terminal 3. The or each computer terminal has a switching device 13 associated with it, for selectively interfacing that terminal with any one of the data networks, one-at-a-time, via respective communication channels. The switching device 13 may include electronically reconfigurable data routing circuits e.g. relay devices driven by Darlington amplifiers. The switching device 13 may receive data and/or control signals either directly from the computer terminals or via an interfacing card. The second network 7 may be connected via a fire-wall 6 and a telephone system 5 to a remote site.
Description
Computer Network Security Arrangements
The present invention relates to computer network security, and more particularly to arrangements for providing security to or between a plurality of computer data networks.
An increasingly important concern for computer system developers is that of data security. Where a computer system comprises more than one data network, or provides a link to some remote data network, then the potential exists for unauthorised access to or transfer of confidential information between those networks via the physical interfaces which are provided between them.
The conventional approach to securing a network interface is to provide a so-called 'fire-wall'. Such a device provides security by filtering the data traffic between two or more networks according to pre-defined software instructions.
A 'fire-wall' arrangement is, however, costly to install and maintain, remains susceptible to 'hacking', and is not resilient to the failure of its interface circuitry.
I have now devised arrangements which overcome the above-mentioned limitations associated with existing network security.
In accordance with the present invention, there is provided a computer system which comprises two or more independent data networks and at least one computer terminal, the or each computer terminal having a switching means associated therewith for selectively interfacing that computer terminal with any one of said data networks, one-at-a-time, via respective communication channels.
In this system, each computer terminal interfaces with the networks one-at-a-time, and therefore never with two (or more) networks simultaneously. Accordingly, there is never a direct communication channel or link established between different networks.
It is however possible to provide a link, such as an electronic mail (mail) link, between two networks, providing such a link does not provide direct access, from one network, to any data storage or processing equipment on the other network.
In the above-defined computer system, one of the networks may be an external network, e.g. the Internet. Two or more of the networks may be provided in a common organisation, in which it is required to restrict the access between those networks.
The switching means may be incorporated in the respective computer terminal or it may form a separate unit connected to that computer terminal. Typically each computer terminal comprises a personal computer (PC).
Preferably the switching means comprises a plurality of data routing circuits which are electrically or electronically re-configurable according to control signals issued by the respective computer terminal.
Preferably the electronically re-configurable data routing circuits comprise electromagnetic relay devices driven by Darlington amplifier circuits.
Preferably the switching means receives data and/or control signals either directly via the internal bus system of the respective computer terminal, or indirectly via a parallel or serial interface card.
Preferably the switching means is controlled via software driver routines running on the respective computer terminal.
Preferably the computer network data is carried by an 'unshielded twisted pair' cable but may instead be carried by other cable types such as shielded coaxial or fibre-optic.
Preferably the switching means routes data via one or other of two 4-way data channels comprising an 8-way 'splitter' cable.
Also in accordance with the present invention, there is provided a computer input/output interface card, comprising parallel and/or serial interface circuitry, and switching means for selectively interfacing said interface circuitry with any one of a plurality of independent computer data networks, oneat-a-time, vie respective communication channels.
Further in accordance with the present invention, there is provided a switching device for selectively interfacing a computer with any one of a plurality of independent data networks, one-at-a-time, via respective communication channels.
An embodiment of the present invention will now be described by way of example only and with reference to the accompanying drawings, in which:
FIGURE 1 is a schematic diagram of a prior art computer system;
FIGURE 2 is a schematic diagram of a computer system in accordance with the present invention;
FIGURE 3 is a circuit diagram of an electronic switching device in accordance with the present invention; and
FIGURE 4 is a schematic showing two possible data channel assignments which can be provided by the device of
Figure 3.
Referring to Figure 1 of the drawings, there is shown a typical prior art computer system comprising first and second computer data networks 7,8 each supporting a variety of hardware elements such as file servers 1 and computer terminals 2. The two networks are interconnected by a common data channel via respective interface circuitry or 'hubs' 4. The second network 7 is additionally connected to a remote site via a telephone system 5.
A 'fire-wall' or programmable network access device 9 is provided between the two networks and another such device 6 is provided between the second network and the telephone system. These devices are intended to provide network security by filtering the data passing between respective networks, permitting data access and transfer only in accordance with pre-defined access tables, passwords etc.
Such a 'fire-wall' network interface has a number of significant disadvantages. Firstly, it is costly to install and maintain, often requiring a systems engineer to supervise its operation. Secondly, by sustaining a permanent hardware link between the two networks, such an interface is inherently susceptible to software 'hacking' or to malicious infection with a computer virus. Thirdly, as only a single data channel is provided between the two networks, the failure or incorrect functioning of the intermediate 'fire-wall' device will critically affect all communications between the two networks.
Figure 2 illustrates a computer system in accordance with the present invention, wherein the need for a 'fire-wall' device between the two data networks has be obviated. Each computer terminal e.g. 3 is provided with a re-configurable electronic switching device 13 that allows it to be connected to one or other of the data networks 7,8 according to a control signal 12 from the respective computer terminal 3. A splitter cable connects the appropriate cable cores from the computer terminal 3 to its respective interface hub 10.
Such an arrangement has the important advantage that no direct communications channel or link ever exists between the two networks, which might allow direct access to one network from the other. For example, in Figure 2, whilst computer terminal 3 may access either network 7 or network 8, network 8 is secure from any attempted access via a terminal not provided with an electronic switching device 13, or from a remote site connected to network 7 via the telephone system 5 and 'fire-wall' 6.
A further point to note is that in a system comprising a number of computer terminals, wherein each terminal is connected via a network switching device 13, that connection is fully independent of all others. Therefore, in the event that the network switching device associated with any one terminal should fail, full network access is still available to all other terminals
It is however possible for the system to include a link between the two networks, providing this does not give direct access, from one network, to any data storage or processing equipment on the other network. Thus, an electronic mail (email) link 11 may be provided between the networks.
The switching between the networks is controlled by the respective computer terminal: this can be achieved through use of any suitable operating system run on that terminal (e.g.
Windows).
Figure 3 is a schematic diagram of an electronic circuit suitable for implementing the electronic switching device 13 and comprises a 4-way data input 20 from a computer 'PC', an 8-way data output 22 to a splitter cable 'SKT' and a control signal input 24 from an interface card 'I/O Card'.
With no voltage applied to any of the relays 'Rly 1' to 'Rly 4', inputs 1,2,3 and 6 from 'PC' are routed to the corresponding outputs of 'SKT' as shown in Figure 4A. However, the circuit is re-configurable by applying an appropriate pattern of control signals to '1/0 Card'. These signals are amplified by IC1, a 'Darlington driver' circuit, in order to produce corresponding output voltages capable of switching one or more of the relays 'Rly 1' to 'Rly 4', thereby re-routing certain of the 'PC' input data signals to alternative 'SKT' outputs.
Figure 4B illustrates the effect of applying an 'ALL l's' signal to inputs 4 to 7 of 'I/O Card', thereby switching all four relays so that inputs 1,2,3 and 6 of 'SKT' are rerouted to outputs 4,5,7 and 8 of 'SKT' respectively.
Inputs 1 and 2 of '1/0 Card' connect a supply voltage and a ground respectively. A signal applied to input 3 of 'I/O
Card' will turn on light-emitting-diode Ledl which may be used to indicate the current state of the device.
In the example of Figure 4, outputs 1,2,3 and 6 of 'SKT' are connected via a splitter cable to the corresponding data lines of a local network bus, while outputs 4,5,7 and 8 are connected to a remote network e.g. the Internet.
It will be appreciated that the arrangement shown in
Figure 2 can be achieved by reconfiguring the arrangement shown in Figure 1, that is to say the existing cable can be used, and no new cable installation is needed.
Claims (15)
1) A computer system comprising two or more independent data networks and at least one computer terminal, the or each computer terminal having a switching means associated therewith for selectively interfacing that computer terminal with any one of said data networks, one-at-a-time, via respective communication channels.
2) A computer system as claimed in Claim 1, wherein one of said data networks comprises an external network.
3) A computer system as claimed in Claim 1 or 2, wherein the or each said switching means is incorporated into its respective computer terminal.
4) A computer system as claimed in Claim 1 or 2, wherein the or each said switching means comprises a separate unit connected to its respective computer terminal.
5) A computer system as claimed in any preceding claim, wherein the or each said computer terminal comprises a personal computer (PC).
6) A computer system as claimed in any preceding claim, wherein the or each said switching means comprises a plurality of data routing circuits which are electrically or electronically re-configurable according to control signals issued by its respective computer terminal.
7) A computer system as claimed in Claim 6, wherein said electronically re-configurable data routing circuits comprise electromagnetic relay devices driven by Darlington amplifier circuits.
8) A computer system as claimed in any preceding claim, wherein the or each said switching means receives data and/or control signals either directly via the internal bus system of its respective computer terminal, or indirectly via a parallel or serial interface card.
9) A computer system as claimed in any preceding claim, wherein the or each said switching means is controlled via software driver routines running on its respective computer terminal.
10) A computer system as claimed in any preceding claim, wherein the or each said switching means routes data via one or other of two 4-way data channels comprising an 8-way 'splitter' cable.
11) A computer system as claimed in any preceding claim, wherein network data is carried by an unshielded twisted pair cable.
12) A computer system as claimed in any of claims 1 to 10, wherein network data is carried by a shielded coaxial cable.
13) A computer system as claimed in any of claims 1 to 10, wherein network data is carried by a fibre-optic cable.
14) A computer input/output interface card, comprising parallel and/or serial interface circuitry, and switching means for selectively interfacing said interface circuitry with any one of a plurality of independent computer data networks, oneat-a-time, vie respective communication channels.
15) A switching device for selectively interfacing a computer with any one of a plurality of independent data networks, one-at-a-time, via respective communication channels.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU73140/96A AU7314096A (en) | 1995-10-18 | 1996-10-17 | Computer network security arrangements |
PCT/GB1996/002561 WO1997016782A2 (en) | 1995-10-18 | 1996-10-17 | Computer network security arrangements |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GBGB9521407.8A GB9521407D0 (en) | 1995-10-18 | 1995-10-18 | Network cable security switching system |
Publications (2)
Publication Number | Publication Date |
---|---|
GB9602615D0 GB9602615D0 (en) | 1996-04-10 |
GB2306862A true GB2306862A (en) | 1997-05-07 |
Family
ID=10782546
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GBGB9521407.8A Pending GB9521407D0 (en) | 1995-10-18 | 1995-10-18 | Network cable security switching system |
GB9602615A Withdrawn GB2306862A (en) | 1995-10-18 | 1996-02-09 | Switching data networks |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GBGB9521407.8A Pending GB9521407D0 (en) | 1995-10-18 | 1995-10-18 | Network cable security switching system |
Country Status (1)
Country | Link |
---|---|
GB (2) | GB9521407D0 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2330991A (en) * | 1997-11-04 | 1999-05-05 | Ibm | Routing data packets |
US6578089B1 (en) * | 1999-04-19 | 2003-06-10 | Emcon Emanation Control Ltd. | Multi-computer access secure switching system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3934088A (en) * | 1974-06-13 | 1976-01-20 | Redactron Corporation | Data terminal for connection to telephone or teleprinter facilities |
US5387902A (en) * | 1989-05-25 | 1995-02-07 | 3Com Ireland | Data networks |
-
1995
- 1995-10-18 GB GBGB9521407.8A patent/GB9521407D0/en active Pending
-
1996
- 1996-02-09 GB GB9602615A patent/GB2306862A/en not_active Withdrawn
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3934088A (en) * | 1974-06-13 | 1976-01-20 | Redactron Corporation | Data terminal for connection to telephone or teleprinter facilities |
US5387902A (en) * | 1989-05-25 | 1995-02-07 | 3Com Ireland | Data networks |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2330991A (en) * | 1997-11-04 | 1999-05-05 | Ibm | Routing data packets |
US6578089B1 (en) * | 1999-04-19 | 2003-06-10 | Emcon Emanation Control Ltd. | Multi-computer access secure switching system |
Also Published As
Publication number | Publication date |
---|---|
GB9602615D0 (en) | 1996-04-10 |
GB9521407D0 (en) | 1995-12-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR940001692B1 (en) | Variable length backplane bus | |
US8051210B2 (en) | Server with LAN switch that connects ports based on connection information received from first and second LANs | |
US6578089B1 (en) | Multi-computer access secure switching system | |
US20040073637A1 (en) | Server with LAN switch that connects ports based on boot progress information | |
US7512781B2 (en) | Firewall with stateful inspection | |
WO1997016782A2 (en) | Computer network security arrangements | |
US5309569A (en) | Self-configuring bus termination component | |
WO1998028883A1 (en) | Network including multi-protocol cross-connect switch | |
US5150355A (en) | Relating exchanges | |
GB2306862A (en) | Switching data networks | |
JP3328723B2 (en) | Communication processing device and programmable controller having the same | |
US5303387A (en) | Arrangement for utilizing a passive line concentrator in a managed token ring network | |
US6628648B1 (en) | Multi-interface point-to-point switching system (MIPPSS) with hot swappable boards | |
CA1180076A (en) | Circuit for equipping a variable number of bus units on a closed loop bus | |
KR930024350A (en) | Methods and systems for directly connecting and reswitching digital cross-connected networks | |
AU705430B2 (en) | Demultiplexer, a protection switch unit, a telecommunication network and a method of demultiplexing | |
US20230353536A1 (en) | Network security gateway onboard an aircraft to connect low and high trust domains of an avionics computing infrastructure | |
US6119169A (en) | Network system having a secondary disk drive bypass circuit activated when all primary disk drive bypass circuits are activated | |
KR100197441B1 (en) | Apparatus for watching a secession state by using by back board in switching system | |
SE503104C2 (en) | Device for adapting services between first and second telecommunication and / or data communication systems | |
JP3053378B2 (en) | ATM switching equipment | |
JPH1079963A (en) | Failsafe circuit in inter-transmission device | |
KR100408809B1 (en) | Network system including the network card with a hub | |
JPS61224001A (en) | Receiver protecting circuit | |
JPH04304698A (en) | Exclusion control system during package installation error |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |