CN103338198A - Method for solving problems of network safety and data silos by using Linux system - Google Patents
Method for solving problems of network safety and data silos by using Linux system Download PDFInfo
- Publication number
- CN103338198A CN103338198A CN2013102526360A CN201310252636A CN103338198A CN 103338198 A CN103338198 A CN 103338198A CN 2013102526360 A CN2013102526360 A CN 2013102526360A CN 201310252636 A CN201310252636 A CN 201310252636A CN 103338198 A CN103338198 A CN 103338198A
- Authority
- CN
- China
- Prior art keywords
- linux
- data
- oracle
- network
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004519 manufacturing process Methods 0.000 abstract description 30
- 238000000034 method Methods 0.000 abstract description 17
- 230000009977 dual effect Effects 0.000 abstract 2
- 231100000817 safety factor Toxicity 0.000 abstract 1
- 241000700605 Viruses Species 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 238000007789 sealing Methods 0.000 description 1
- 238000005303 weighing Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for solving the problems of network safety and data silos by using the Linux system. The method is characterized in that a Linux operating system platform is mounted on an X86 dual network interface card server, meanwhile respective IP address and gateway of dual network interface cards are arranged from the inside out according to respective network segments of internal and external networks, and an Oracle data base software is mounted on the Linux operating system platform; necessary network ports for non-Oracle data exchange in the Linux system are blocked; the monitoring program (TNS) of the well mounted Oracle software is set, and data visits to data bases of related production internal network and external network are performed; in the setting of the production internal network and the production external network, data base information is hunted through mirroring or information is obtained through writing programs to visit the data base. The method has the advantages as follows: under the premise of ensuring the safety of the production internal network, internal and external network data exchange visits can be achieved, the problems of data silos caused by safety factors on the production internal network can be solved, the quality is high and the price is low.
Description
Technical field
The present invention relates to data security switching technology field, particularly relates to a kind of method that adopts linux system to solve network security and data silo.
Background technology
Information-based and the networking national all trades and professions fast development of enterprise production management at present, and promoting the modernized scientific process of business administration and production greatly, the informationization of enterprise and automatization level have become the important symbol of weighing enterprise's advanced level.In the past, each produces network is enclosed mostly, therefore guarantees that than being easier to its fail safe, this fail safe are to be based upon on the basis of sealing, though guaranteed the fail safe of network, has but produced new problem, is exactly data silo.And can guarantee the network security of production Intranet, and can the intranet and extranet related data be exchanged visits again, become the trend of current information development.
Summary of the invention
Purpose of the present invention just provides and a kind ofly adapts to production management to the demand of the data interaction of the network security of production Intranet and intranet and extranet, and the method for developing of high quality and at a reasonable price, to satisfy the method that the employing linux system that solves the data silo problem under the prerequisite that guarantees the production network security solves network security and data silo.
Solution of the present invention is such: the present invention includes step:
(1), builds Linux intermediate layer step: at the two network card servers of X86 the (SuSE) Linux OS platform is installed, simultaneously by intranet and extranet separately the network segment two network interface cards ip address and gateway separately are set, on the (SuSE) Linux OS platform, oracle database software is installed;
(2), the Linux intermediate layer arranges step:
Block the necessary network port of non-Oracle exchanges data in the linux system;
Oracle listener (TNS) to mounted oracle software arranges, and carries out data access with the database platform of associated production Intranet and outer net;
(3), production Intranet and outer net obtain information by the visit oracle database respectively.
Technical scheme also comprises more specifically: production Intranet and outer net by the method step that the visit oracle database obtains information are respectively in the described step (3): production Intranet server A and outer net server B are set are used for the intranet and extranet data interaction and oracle software is installed, simultaneously oracle listener (TNS) is arranged, carry out communication with the mode of DB_LINK and the last Oracle that installs of server C in Linux intermediate layer.
Further: the method that described production Intranet server A and outer net server B and Linux middle tier server C carry out communication is: adopt data-base content to be mirrored to Linux middle tier server C, hunt the mode of database information again by mirror image.
Further: production Intranet and outer net by the method step that the visit oracle database obtains information are respectively in the described step (3): will need mutual data to write oracle database on the server C in Linux intermediate layer at production Intranet coding, outer net obtains information by this database of visit of writing a program; To need mutual data to write oracle database on the server C in Linux intermediate layer at the outer net coding, the production Intranet is obtained information by this database of visit of writing a program.
Advantage of the present invention is:
1, (have only the Individual testwas chamber whether can propagate the test code of writing specially mutually for 2 kinds of operating system viruses of test by the characteristics of utilizing computer virus or trojan horse program under Windows series and Linux series operating system, not to propagate simultaneously, confirmation still might be propagated mutually, but only exists in the laboratory).
2, block the non-essential PORT COM of intermediate layer Linux, and necessary Linux fire compartment wall is installed, almost avoided the virus of outer net to propagate into production Intranet.
3, by this mode, under the prerequisite that has guaranteed production inner-mesh network safety, realized the exchanging visit of intranet and extranet data, solved because the production intranet data isolated island problem that safety factor causes.
4, the price of an X86 server is far below the price of a hardware firewall.
Description of drawings
Accompanying drawing is embodiments of the invention.
Fig. 1 is first kind of method to set up schematic diagram of production Intranet and outer net.
Fig. 2 is second kind of method to set up schematic diagram of production Intranet and outer net.
Embodiment
The software and hardware demand of present embodiment is:
(1) the two network card servers of X86 are one.
(2) Linux server version operating system one cover.
(3) Oracle for Linux database software one cover.
Concrete steps are:
(1), build Linux intermediate layer step: at the two network card servers of X86 the linux operating system platform is installed, simultaneously by intranet and extranet separately the network segment two network interface cards ip address and gateway separately are set.
(2), on the (SuSE) Linux OS platform, oracle database software is installed.
(3), block the necessary network port of non-Oracle exchanges data in the linux system.
(4), the oracle listener (TNS) of mounted oracle software is arranged, the database platform with associated production Intranet and outer net carries out data access.
(5), production Intranet and outer net obtain information by the visit oracle database respectively.
Production Intranet and outer net have following two kinds by the method step that the visit oracle database obtains information respectively:
Method one: as shown in Figure 1, ad hoc 2 station servers, production Intranet server A and outer net server B are used for the intranet and extranet data interaction and oracle software are installed, simultaneously oracle listener (TNS) is arranged, carry out communication with the mode of DB_LINK and the last Oracle that installs of server C in Linux intermediate layer, this method can realize the data-base content on the A server is mirrored on the server C, server B is obtained A data in server library information by the mirror image on the visit C server, and in like manner server A can be obtained the information of server B.
Method two: as shown in Figure 2, production Intranet coding will need mutual data to write oracle database on the Linux server C, and outer net obtains information by this database of visit of writing a program, and realize that in like manner the production Intranet obtains outer net information.
Claims (4)
1. adopt linux system to solve the method for network security and data silo, it is characterized in that: comprise step:
(1), builds Linux intermediate layer step: at the two network card servers of X86 the (SuSE) Linux OS platform is installed, simultaneously by intranet and extranet separately the network segment two network interface cards ip address and gateway separately are set, on the (SuSE) Linux OS platform, oracle database software is installed;
(2), the Linux intermediate layer arranges step:
Block the necessary network port of non-Oracle exchanges data in the linux system;
Oracle listener (TNS) to mounted oracle software arranges, and carries out data access with the database platform of associated production Intranet and outer net;
(3), production Intranet and outer net obtain information by the visit oracle database respectively.
2. employing linux system according to claim 1 solves the method for network security and data silo, it is characterized in that: production Intranet and outer net by the method step that the visit oracle database obtains information are respectively in the described step (3): production Intranet server A and outer net server B are set are used for the intranet and extranet data interaction and oracle software is installed, simultaneously oracle listener (TNS) is arranged, carry out communication with the mode of DB_LINK and the last Oracle that installs of server C in Linux intermediate layer.
3. employing linux system according to claim 2 solves the method for network security and data silo, it is characterized in that: the method that described production Intranet server A and outer net server B and Linux middle tier server C carry out communication is: adopt data-base content to be mirrored to Linux middle tier server C, hunt the mode of database information again by mirror image.
4. employing linux system according to claim 1 solves the method for network security and data silo, it is characterized in that: production Intranet and outer net by the method step that the visit oracle database obtains information are respectively in the described step (3): will need mutual data to write oracle database on the server C in Linux intermediate layer at production Intranet coding, outer net obtains information by this database of visit of writing a program; To need mutual data to write oracle database on the server C in Linux intermediate layer at the outer net coding, the production Intranet is obtained information by this database of visit of writing a program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013102526360A CN103338198A (en) | 2013-06-24 | 2013-06-24 | Method for solving problems of network safety and data silos by using Linux system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013102526360A CN103338198A (en) | 2013-06-24 | 2013-06-24 | Method for solving problems of network safety and data silos by using Linux system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103338198A true CN103338198A (en) | 2013-10-02 |
Family
ID=49246295
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013102526360A Pending CN103338198A (en) | 2013-06-24 | 2013-06-24 | Method for solving problems of network safety and data silos by using Linux system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103338198A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040025008A1 (en) * | 2002-08-02 | 2004-02-05 | The Boeing Company | System, method and apparatus for securing network data |
| CN1522019A (en) * | 2003-02-12 | 2004-08-18 | 联想(北京)有限公司 | Dynamically switching on/off TNS protocol communication port in firewall packet filtering |
| CN101977179A (en) * | 2010-08-20 | 2011-02-16 | 河南省电力公司 | Dual-network dual-system computer communication method |
-
2013
- 2013-06-24 CN CN2013102526360A patent/CN103338198A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040025008A1 (en) * | 2002-08-02 | 2004-02-05 | The Boeing Company | System, method and apparatus for securing network data |
| CN1522019A (en) * | 2003-02-12 | 2004-08-18 | 联想(北京)有限公司 | Dynamically switching on/off TNS protocol communication port in firewall packet filtering |
| CN101977179A (en) * | 2010-08-20 | 2011-02-16 | 河南省电力公司 | Dual-network dual-system computer communication method |
Non-Patent Citations (1)
| Title |
|---|
| 徐晓林: "基于Linux服务器的安全网闸的设计与实现", 《工矿自动化》, 31 July 2010 (2010-07-31) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111835794B (en) | Firewall policy control method and device, electronic equipment and storage medium | |
| CN106506314B (en) | Network high-availability method and device based on docker | |
| US9552249B1 (en) | Systems and methods for troubleshooting errors within computing tasks using models of log files | |
| US9298084B2 (en) | Preventing double patterning odd cycles | |
| US8893114B1 (en) | Systems and methods for executing a software package from within random access memory | |
| CN112115116A (en) | A construction method of a high-performance anti-tampering database based on blockchain | |
| CN111061741B (en) | Power test data management method, system, terminal and storage medium | |
| CN113711570B (en) | Method and system for enabling a computing device to communicate with a cloud network | |
| CN114650223B (en) | Network configuration method and device of Kubernetes cluster and electronic equipment | |
| CN109409882A (en) | A kind of credit accreditation storage method and device based on block chain | |
| US11941127B2 (en) | Firmware password management | |
| WO2020143199A1 (en) | Application program plug-in method and system, and related apparatus | |
| CN104468811B (en) | Upgrade method and device | |
| CN108959313A (en) | Concurrent processing method, device and storage medium towards mass small documents | |
| CN114116337A (en) | Hard disk test method, system, terminal and storage medium based on PCIE link configuration | |
| CN114281399A (en) | Distributed application packaging delivery method, system, terminal and storage medium | |
| CN103338198A (en) | Method for solving problems of network safety and data silos by using Linux system | |
| US9509718B1 (en) | Network-attached storage solution for application servers | |
| CN112003730A (en) | A method, system, terminal and storage medium for rapid cluster deployment | |
| CN107463638A (en) | File sharing method and equipment between offline virtual machine | |
| US10325096B1 (en) | Modifying a portion of a read-only file system | |
| CN105450727B (en) | A kind of network communication method and network communication architectures | |
| US9460046B1 (en) | Common computer hierarchal system for virtualization of network function | |
| CN114564211A (en) | Cluster deployment method, cluster deployment device, equipment and medium | |
| US11122040B1 (en) | Systems and methods for fingerprinting devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20131002 |