GB2306862A - Switching data networks - Google Patents

Switching data networks Download PDF

Info

Publication number
GB2306862A
GB2306862A GB9602615A GB9602615A GB2306862A GB 2306862 A GB2306862 A GB 2306862A GB 9602615 A GB9602615 A GB 9602615A GB 9602615 A GB9602615 A GB 9602615A GB 2306862 A GB2306862 A GB 2306862A
Authority
GB
United Kingdom
Prior art keywords
computer
computer system
data
switching means
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB9602615A
Other versions
GB9602615D0 (en
Inventor
Leslie Christopher Holborow
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of GB9602615D0 publication Critical patent/GB9602615D0/en
Priority to AU73140/96A priority Critical patent/AU7314096A/en
Priority to PCT/GB1996/002561 priority patent/WO1997016782A2/en
Publication of GB2306862A publication Critical patent/GB2306862A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)

Abstract

A computer system comprises two or more independent data networks 7,8 and at least one computer terminal 3. The or each computer terminal has a switching device 13 associated with it, for selectively interfacing that terminal with any one of the data networks, one-at-a-time, via respective communication channels. The switching device 13 may include electronically reconfigurable data routing circuits e.g. relay devices driven by Darlington amplifiers. The switching device 13 may receive data and/or control signals either directly from the computer terminals or via an interfacing card. The second network 7 may be connected via a fire-wall 6 and a telephone system 5 to a remote site.

Description

Computer Network Security Arrangements The present invention relates to computer network security, and more particularly to arrangements for providing security to or between a plurality of computer data networks.
An increasingly important concern for computer system developers is that of data security. Where a computer system comprises more than one data network, or provides a link to some remote data network, then the potential exists for unauthorised access to or transfer of confidential information between those networks via the physical interfaces which are provided between them.
The conventional approach to securing a network interface is to provide a so-called 'fire-wall'. Such a device provides security by filtering the data traffic between two or more networks according to pre-defined software instructions.
A 'fire-wall' arrangement is, however, costly to install and maintain, remains susceptible to 'hacking', and is not resilient to the failure of its interface circuitry.
I have now devised arrangements which overcome the above-mentioned limitations associated with existing network security.
In accordance with the present invention, there is provided a computer system which comprises two or more independent data networks and at least one computer terminal, the or each computer terminal having a switching means associated therewith for selectively interfacing that computer terminal with any one of said data networks, one-at-a-time, via respective communication channels.
In this system, each computer terminal interfaces with the networks one-at-a-time, and therefore never with two (or more) networks simultaneously. Accordingly, there is never a direct communication channel or link established between different networks.
It is however possible to provide a link, such as an electronic mail (mail) link, between two networks, providing such a link does not provide direct access, from one network, to any data storage or processing equipment on the other network.
In the above-defined computer system, one of the networks may be an external network, e.g. the Internet. Two or more of the networks may be provided in a common organisation, in which it is required to restrict the access between those networks.
The switching means may be incorporated in the respective computer terminal or it may form a separate unit connected to that computer terminal. Typically each computer terminal comprises a personal computer (PC).
Preferably the switching means comprises a plurality of data routing circuits which are electrically or electronically re-configurable according to control signals issued by the respective computer terminal.
Preferably the electronically re-configurable data routing circuits comprise electromagnetic relay devices driven by Darlington amplifier circuits.
Preferably the switching means receives data and/or control signals either directly via the internal bus system of the respective computer terminal, or indirectly via a parallel or serial interface card.
Preferably the switching means is controlled via software driver routines running on the respective computer terminal.
Preferably the computer network data is carried by an 'unshielded twisted pair' cable but may instead be carried by other cable types such as shielded coaxial or fibre-optic.
Preferably the switching means routes data via one or other of two 4-way data channels comprising an 8-way 'splitter' cable.
Also in accordance with the present invention, there is provided a computer input/output interface card, comprising parallel and/or serial interface circuitry, and switching means for selectively interfacing said interface circuitry with any one of a plurality of independent computer data networks, oneat-a-time, vie respective communication channels.
Further in accordance with the present invention, there is provided a switching device for selectively interfacing a computer with any one of a plurality of independent data networks, one-at-a-time, via respective communication channels.
An embodiment of the present invention will now be described by way of example only and with reference to the accompanying drawings, in which: FIGURE 1 is a schematic diagram of a prior art computer system; FIGURE 2 is a schematic diagram of a computer system in accordance with the present invention; FIGURE 3 is a circuit diagram of an electronic switching device in accordance with the present invention; and FIGURE 4 is a schematic showing two possible data channel assignments which can be provided by the device of Figure 3.
Referring to Figure 1 of the drawings, there is shown a typical prior art computer system comprising first and second computer data networks 7,8 each supporting a variety of hardware elements such as file servers 1 and computer terminals 2. The two networks are interconnected by a common data channel via respective interface circuitry or 'hubs' 4. The second network 7 is additionally connected to a remote site via a telephone system 5.
A 'fire-wall' or programmable network access device 9 is provided between the two networks and another such device 6 is provided between the second network and the telephone system. These devices are intended to provide network security by filtering the data passing between respective networks, permitting data access and transfer only in accordance with pre-defined access tables, passwords etc.
Such a 'fire-wall' network interface has a number of significant disadvantages. Firstly, it is costly to install and maintain, often requiring a systems engineer to supervise its operation. Secondly, by sustaining a permanent hardware link between the two networks, such an interface is inherently susceptible to software 'hacking' or to malicious infection with a computer virus. Thirdly, as only a single data channel is provided between the two networks, the failure or incorrect functioning of the intermediate 'fire-wall' device will critically affect all communications between the two networks.
Figure 2 illustrates a computer system in accordance with the present invention, wherein the need for a 'fire-wall' device between the two data networks has be obviated. Each computer terminal e.g. 3 is provided with a re-configurable electronic switching device 13 that allows it to be connected to one or other of the data networks 7,8 according to a control signal 12 from the respective computer terminal 3. A splitter cable connects the appropriate cable cores from the computer terminal 3 to its respective interface hub 10.
Such an arrangement has the important advantage that no direct communications channel or link ever exists between the two networks, which might allow direct access to one network from the other. For example, in Figure 2, whilst computer terminal 3 may access either network 7 or network 8, network 8 is secure from any attempted access via a terminal not provided with an electronic switching device 13, or from a remote site connected to network 7 via the telephone system 5 and 'fire-wall' 6.
A further point to note is that in a system comprising a number of computer terminals, wherein each terminal is connected via a network switching device 13, that connection is fully independent of all others. Therefore, in the event that the network switching device associated with any one terminal should fail, full network access is still available to all other terminals It is however possible for the system to include a link between the two networks, providing this does not give direct access, from one network, to any data storage or processing equipment on the other network. Thus, an electronic mail (email) link 11 may be provided between the networks.
The switching between the networks is controlled by the respective computer terminal: this can be achieved through use of any suitable operating system run on that terminal (e.g.
Windows).
Figure 3 is a schematic diagram of an electronic circuit suitable for implementing the electronic switching device 13 and comprises a 4-way data input 20 from a computer 'PC', an 8-way data output 22 to a splitter cable 'SKT' and a control signal input 24 from an interface card 'I/O Card'.
With no voltage applied to any of the relays 'Rly 1' to 'Rly 4', inputs 1,2,3 and 6 from 'PC' are routed to the corresponding outputs of 'SKT' as shown in Figure 4A. However, the circuit is re-configurable by applying an appropriate pattern of control signals to '1/0 Card'. These signals are amplified by IC1, a 'Darlington driver' circuit, in order to produce corresponding output voltages capable of switching one or more of the relays 'Rly 1' to 'Rly 4', thereby re-routing certain of the 'PC' input data signals to alternative 'SKT' outputs.
Figure 4B illustrates the effect of applying an 'ALL l's' signal to inputs 4 to 7 of 'I/O Card', thereby switching all four relays so that inputs 1,2,3 and 6 of 'SKT' are rerouted to outputs 4,5,7 and 8 of 'SKT' respectively.
Inputs 1 and 2 of '1/0 Card' connect a supply voltage and a ground respectively. A signal applied to input 3 of 'I/O Card' will turn on light-emitting-diode Ledl which may be used to indicate the current state of the device.
In the example of Figure 4, outputs 1,2,3 and 6 of 'SKT' are connected via a splitter cable to the corresponding data lines of a local network bus, while outputs 4,5,7 and 8 are connected to a remote network e.g. the Internet.
It will be appreciated that the arrangement shown in Figure 2 can be achieved by reconfiguring the arrangement shown in Figure 1, that is to say the existing cable can be used, and no new cable installation is needed.

Claims (15)

Claims
1) A computer system comprising two or more independent data networks and at least one computer terminal, the or each computer terminal having a switching means associated therewith for selectively interfacing that computer terminal with any one of said data networks, one-at-a-time, via respective communication channels.
2) A computer system as claimed in Claim 1, wherein one of said data networks comprises an external network.
3) A computer system as claimed in Claim 1 or 2, wherein the or each said switching means is incorporated into its respective computer terminal.
4) A computer system as claimed in Claim 1 or 2, wherein the or each said switching means comprises a separate unit connected to its respective computer terminal.
5) A computer system as claimed in any preceding claim, wherein the or each said computer terminal comprises a personal computer (PC).
6) A computer system as claimed in any preceding claim, wherein the or each said switching means comprises a plurality of data routing circuits which are electrically or electronically re-configurable according to control signals issued by its respective computer terminal.
7) A computer system as claimed in Claim 6, wherein said electronically re-configurable data routing circuits comprise electromagnetic relay devices driven by Darlington amplifier circuits.
8) A computer system as claimed in any preceding claim, wherein the or each said switching means receives data and/or control signals either directly via the internal bus system of its respective computer terminal, or indirectly via a parallel or serial interface card.
9) A computer system as claimed in any preceding claim, wherein the or each said switching means is controlled via software driver routines running on its respective computer terminal.
10) A computer system as claimed in any preceding claim, wherein the or each said switching means routes data via one or other of two 4-way data channels comprising an 8-way 'splitter' cable.
11) A computer system as claimed in any preceding claim, wherein network data is carried by an unshielded twisted pair cable.
12) A computer system as claimed in any of claims 1 to 10, wherein network data is carried by a shielded coaxial cable.
13) A computer system as claimed in any of claims 1 to 10, wherein network data is carried by a fibre-optic cable.
14) A computer input/output interface card, comprising parallel and/or serial interface circuitry, and switching means for selectively interfacing said interface circuitry with any one of a plurality of independent computer data networks, oneat-a-time, vie respective communication channels.
15) A switching device for selectively interfacing a computer with any one of a plurality of independent data networks, one-at-a-time, via respective communication channels.
GB9602615A 1995-10-18 1996-02-09 Switching data networks Withdrawn GB2306862A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU73140/96A AU7314096A (en) 1995-10-18 1996-10-17 Computer network security arrangements
PCT/GB1996/002561 WO1997016782A2 (en) 1995-10-18 1996-10-17 Computer network security arrangements

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GBGB9521407.8A GB9521407D0 (en) 1995-10-18 1995-10-18 Network cable security switching system

Publications (2)

Publication Number Publication Date
GB9602615D0 GB9602615D0 (en) 1996-04-10
GB2306862A true GB2306862A (en) 1997-05-07

Family

ID=10782546

Family Applications (2)

Application Number Title Priority Date Filing Date
GBGB9521407.8A Pending GB9521407D0 (en) 1995-10-18 1995-10-18 Network cable security switching system
GB9602615A Withdrawn GB2306862A (en) 1995-10-18 1996-02-09 Switching data networks

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GBGB9521407.8A Pending GB9521407D0 (en) 1995-10-18 1995-10-18 Network cable security switching system

Country Status (1)

Country Link
GB (2) GB9521407D0 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2330991A (en) * 1997-11-04 1999-05-05 Ibm Routing data packets
US6578089B1 (en) * 1999-04-19 2003-06-10 Emcon Emanation Control Ltd. Multi-computer access secure switching system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3934088A (en) * 1974-06-13 1976-01-20 Redactron Corporation Data terminal for connection to telephone or teleprinter facilities
US5387902A (en) * 1989-05-25 1995-02-07 3Com Ireland Data networks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3934088A (en) * 1974-06-13 1976-01-20 Redactron Corporation Data terminal for connection to telephone or teleprinter facilities
US5387902A (en) * 1989-05-25 1995-02-07 3Com Ireland Data networks

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2330991A (en) * 1997-11-04 1999-05-05 Ibm Routing data packets
US6578089B1 (en) * 1999-04-19 2003-06-10 Emcon Emanation Control Ltd. Multi-computer access secure switching system

Also Published As

Publication number Publication date
GB9602615D0 (en) 1996-04-10
GB9521407D0 (en) 1995-12-20

Similar Documents

Publication Publication Date Title
KR940001692B1 (en) Variable length backplane bus
US8051210B2 (en) Server with LAN switch that connects ports based on connection information received from first and second LANs
US6578089B1 (en) Multi-computer access secure switching system
US20040073637A1 (en) Server with LAN switch that connects ports based on boot progress information
US7512781B2 (en) Firewall with stateful inspection
WO1997016782A2 (en) Computer network security arrangements
US5309569A (en) Self-configuring bus termination component
WO1998028883A1 (en) Network including multi-protocol cross-connect switch
US5150355A (en) Relating exchanges
GB2306862A (en) Switching data networks
JP3328723B2 (en) Communication processing device and programmable controller having the same
US5303387A (en) Arrangement for utilizing a passive line concentrator in a managed token ring network
US6628648B1 (en) Multi-interface point-to-point switching system (MIPPSS) with hot swappable boards
CA1180076A (en) Circuit for equipping a variable number of bus units on a closed loop bus
KR930024350A (en) Methods and systems for directly connecting and reswitching digital cross-connected networks
AU705430B2 (en) Demultiplexer, a protection switch unit, a telecommunication network and a method of demultiplexing
US20230353536A1 (en) Network security gateway onboard an aircraft to connect low and high trust domains of an avionics computing infrastructure
US6119169A (en) Network system having a secondary disk drive bypass circuit activated when all primary disk drive bypass circuits are activated
KR100197441B1 (en) Apparatus for watching a secession state by using by back board in switching system
SE503104C2 (en) Device for adapting services between first and second telecommunication and / or data communication systems
JP3053378B2 (en) ATM switching equipment
JPH1079963A (en) Failsafe circuit in inter-transmission device
KR100408809B1 (en) Network system including the network card with a hub
JPS61224001A (en) Receiver protecting circuit
JPH04304698A (en) Exclusion control system during package installation error

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)