[go: up one dir, main page]

CN105786730A - Intelligent computer hardware port control device - Google Patents

Intelligent computer hardware port control device Download PDF

Info

Publication number
CN105786730A
CN105786730A CN201610152883.7A CN201610152883A CN105786730A CN 105786730 A CN105786730 A CN 105786730A CN 201610152883 A CN201610152883 A CN 201610152883A CN 105786730 A CN105786730 A CN 105786730A
Authority
CN
China
Prior art keywords
unit
computer
control device
address
central server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610152883.7A
Other languages
Chinese (zh)
Inventor
谢成荣
张仁愉
尹志浩
殷超
童啸霄
倪利
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Zhejiang Electric Power Co Ltd
Shaoxing Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Shengzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
State Grid Corp of China SGCC
Original Assignee
State Grid Zhejiang Electric Power Co Ltd
Shaoxing Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Shengzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
State Grid Corp of China SGCC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Zhejiang Electric Power Co Ltd, Shaoxing Power Supply Co of State Grid Zhejiang Electric Power Co Ltd, Shengzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd, State Grid Corp of China SGCC filed Critical State Grid Zhejiang Electric Power Co Ltd
Priority to CN201610152883.7A priority Critical patent/CN105786730A/en
Publication of CN105786730A publication Critical patent/CN105786730A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/10Program control for peripheral devices
    • G06F13/102Program control for peripheral devices where the programme performs an interfacing function, e.g. device driver
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/3041Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is an input/output interface
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Quality & Reliability (AREA)
  • Mathematical Physics (AREA)
  • Automation & Control Theory (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to the technical field of local area network information security, in particular to an intelligent computer hardware port control device.The intelligent computer hardware port control device comprises a central server and at least one computer, wherein the central server and at least one computer jointly form an internal information network, a control device is connected at any computer, the central server comprises a checkout unit and a control unit, and each control device comprises an interface unit, a processing unit, a detecting unit, a distributing unit, a monitoring unit and a communicating unit.The intelligent computer hardware port control device can better improve the data security of the internal information network.

Description

计算机硬件端口智能管控装置Computer hardware port intelligent management and control device

技术领域technical field

本发明涉及局域网信息安全技术领域,具体地说,涉及一种计算机硬件端口智能管控装置。The invention relates to the technical field of local area network information security, in particular to an intelligent management and control device for computer hardware ports.

背景技术Background technique

互联网的普及,在极大地提高信息传播速度的同时,也为信息的安全带来了严重的隐患。对于一些企业或者是政府机关机构等,为了能够保证信息的较高安全性,通常做法是通过一台或数台中心服务器将所有在用计算机组建成一个内部信息网。在某种程度上,该种做法能够较佳地保护内部信息网中信息的安全性。但是,上述的内部信息网往往无法避免的需要接入外网(如互联网)中,这就无法避免地为内部信息网提供了信息泄露的接口。现有技术中,缺少一种能够较佳地对如内部信息网等局域网中的信息进行保护的机制。The popularity of the Internet has greatly increased the speed of information dissemination, but it has also brought serious hidden dangers to information security. For some enterprises or government agencies, in order to ensure higher security of information, it is common practice to form all the computers in use into an internal information network through one or several central servers. To a certain extent, this approach can better protect the security of information in the internal information network. However, the above-mentioned internal information network often inevitably needs to be connected to an external network (such as the Internet), which inevitably provides an interface for information leakage for the internal information network. In the prior art, there is a lack of a mechanism that can better protect information in a local area network such as an internal information network.

发明内容Contents of the invention

本发明的内容是提供一种计算机硬件端口智能管控装置,其能够克服现有技术的某种或某些缺陷。The content of the present invention is to provide an intelligent computer hardware port management and control device, which can overcome some or some defects of the prior art.

根据本发明的计算机硬件端口智能管控装置,其包括中心服务器和至少一台计算机,中心服务器与所述至少一台计算机共同组建内部信息网,任一计算机处均连接一管控装置;中心服务器包括校验单元和控制单元,管控装置包括接口单元、处理单元、检测单元、分配单元、监视单元和通信单元;According to the computer hardware port intelligent management and control device of the present invention, it includes a central server and at least one computer, the central server and the at least one computer jointly form an internal information network, and any computer is connected to a management and control device; the central server includes a school An inspection unit and a control unit, and the management and control device includes an interface unit, a processing unit, a detection unit, a distribution unit, a monitoring unit and a communication unit;

接口单元用于实现处理单元与相应计算机间的数据交互,分配单元用于存储默认IP地址并经处理单元控制分配给相应计算机,检测单元用于实时检测相应计算机的实际IP地址并发送给处理单元,监视单元用于实时监测相应计算机内的进程并在相应计算机运行任意自动程序时产生用于发送给处理单元的进程异常信号;处理单元在实际IP地址与默认IP地址不同时以及在接收到进程异常信号时,均产生报警信号并同时经接口单元、相应计算机发送给中心服务器和经通信单元发送给外接设备;The interface unit is used to realize the data interaction between the processing unit and the corresponding computer, the allocation unit is used to store the default IP address and distribute it to the corresponding computer under the control of the processing unit, and the detection unit is used to detect the actual IP address of the corresponding computer in real time and send it to the processing unit , the monitoring unit is used to monitor the process in the corresponding computer in real time and generate a process abnormal signal for sending to the processing unit when the corresponding computer runs any automatic program; when the actual IP address is different from the default IP address and when the processing unit receives the process When an abnormal signal occurs, an alarm signal is generated and sent to the central server through the interface unit and the corresponding computer and sent to the external device through the communication unit at the same time;

校验单元用于对即将接入内部信息网的预接入计算机的IP地址进行校验,并在所述IP地址不为任一默认IP地址时,通过中心服务器拒绝所述预接入计算机接入内部信息网;管控装置用于接收报警信号,并在接收到报警信号时通过中心服务器对相应计算机进行锁定。The verification unit is used to verify the IP address of the pre-access computer that is about to access the internal information network, and when the IP address is not any default IP address, reject the pre-access computer through the central server. access to the internal information network; the management and control device is used to receive the alarm signal, and lock the corresponding computer through the central server when receiving the alarm signal.

本发明中,管控装置的分配单元能够为计算机分配一默认IP地址,管控装置中的检测单元能够实时检测相应计算机的实际IP地址,在实际IP地址与默认IP地址不同时,管控装置能够产生报警信号并发送给中心服务器和外接设备,在中心服务器接收到报警信号时能够对相应的计算机进行锁定(即将该计算机从内部信息网中隔离),从而能够防止计算机通过其它网卡或智能手机接入外网(如互联网),进而能够较佳地防止内部信息网中的信息从计算机处泄露。In the present invention, the allocation unit of the management and control device can assign a default IP address to the computer, and the detection unit in the management and control device can detect the actual IP address of the corresponding computer in real time. When the actual IP address is different from the default IP address, the management and control device can generate an alarm When the central server receives the alarm signal, it can lock the corresponding computer (that is, isolate the computer from the internal information network), so as to prevent the computer from accessing the external network through other network cards or smart phones. Network (such as the Internet), and then can preferably prevent the information in the internal information network from leaking from the computer.

本发明中,中心服务器处的校验单元能够对任一即将接入内部信息网的预接入计算机的IP地址进行校验,并在所述IP地址不为任一默认IP地址时,通过中心服务器拒绝所述预接入计算机接入内部信息网,从而能够较佳地拒绝身份不明的计算机接入内部信息网。In the present invention, the verification unit at the central server can verify the IP address of any pre-access computer that is about to access the internal information network, and when the IP address is not any default IP address, the The server refuses the pre-access computer to access the internal information network, thereby preferably denying unidentified computers from accessing the internal information network.

除上述之外,管控装置的监视单元还能够对相应计算机内的进程进行监视,从而能够较佳放置不法份子通过运行木马程序对内部信息网中的信息进行盗取。In addition to the above, the monitoring unit of the management and control device can also monitor the processes in the corresponding computer, so as to prevent criminals from stealing information in the internal information network by running Trojan horse programs.

通过本发明,能够有效地提高对内部信息网(内网)中的计算机的安全管控能力,能够较佳地将信息安全违章行为的隐患消灭在萌芽期。The present invention can effectively improve the security management and control capability of computers in the internal information network (intranet), and can preferably eliminate hidden dangers of information security violations in the bud.

作为优选,处理单元采用单片机。Preferably, the processing unit adopts a single-chip microcomputer.

本发明中,处理单元能够采用例如单片机,从而能够较佳地降低本发明的制作成本。In the present invention, the processing unit can adopt, for example, a single-chip microcomputer, so that the production cost of the present invention can be preferably reduced.

作为优选,通信单元包括无线通信模块。Preferably, the communication unit includes a wireless communication module.

本发明中,通信单元能够包括例如无线通信模块,从而能够较佳地将报警信号以无线的方式发送给外接设备。In the present invention, the communication unit can include, for example, a wireless communication module, so that the alarm signal can preferably be sent to the external device in a wireless manner.

作为优选,外接设备包括手机。Preferably, the external device includes a mobile phone.

本发明中,外接设备能够包括例如手机,从而使得管理者能够实时接收到报警信号。In the present invention, the external device can include, for example, a mobile phone, so that the manager can receive the alarm signal in real time.

附图说明Description of drawings

图1为实施例1中的计算机硬件端口智能管控装置的结构框图;Fig. 1 is the structural block diagram of the computer hardware port intelligent management and control device in embodiment 1;

图2为实施例1中的计算机硬件端口智能管控装置的系统架构示意图。FIG. 2 is a schematic diagram of the system architecture of the computer hardware port intelligent management and control device in Embodiment 1.

具体实施方式detailed description

为进一步了解本发明的内容,结合附图和实施例对本发明作详细描述。应当理解的是,实施例仅仅是对本发明进行解释而并非限定。In order to further understand the content of the present invention, the present invention will be described in detail in conjunction with the accompanying drawings and embodiments. It should be understood that the examples are only for explaining the present invention and not for limiting it.

实施例1Example 1

如图1、2所示,本实施例提供了一种计算机硬件端口智能管控装置,其包括中心服务器和至少一台计算机,中心服务器与所述至少一台计算机共同组建内部信息网,任一计算机处均连接一管控装置;中心服务器包括校验单元和控制单元,管控装置包括接口单元、处理单元、检测单元、分配单元、监视单元和通信单元。As shown in Figures 1 and 2, this embodiment provides a computer hardware port intelligent management and control device, which includes a central server and at least one computer, the central server and the at least one computer jointly form an internal information network, any computer Each place is connected with a management and control device; the central server includes a verification unit and a control unit, and the management and control device includes an interface unit, a processing unit, a detection unit, a distribution unit, a monitoring unit and a communication unit.

接口单元用于实现处理单元与相应计算机间的数据交互,分配单元用于存储默认IP地址并经处理单元控制分配给相应计算机,检测单元用于实时检测相应计算机的实际IP地址并发送给处理单元,监视单元用于实时监测相应计算机内的进程并在相应计算机运行任意自动程序时产生用于发送给处理单元的进程异常信号;处理单元在实际IP地址与默认IP地址不同时以及在接收到进程异常信号时,均产生报警信号并同时经接口单元、相应计算机发送给中心服务器和经通信单元发送给外接设备。The interface unit is used to realize the data interaction between the processing unit and the corresponding computer, the allocation unit is used to store the default IP address and distribute it to the corresponding computer under the control of the processing unit, and the detection unit is used to detect the actual IP address of the corresponding computer in real time and send it to the processing unit , the monitoring unit is used to monitor the process in the corresponding computer in real time and generate a process abnormal signal for sending to the processing unit when the corresponding computer runs any automatic program; when the actual IP address is different from the default IP address and when the processing unit receives the process When an abnormal signal occurs, an alarm signal is generated and simultaneously sent to the central server via the interface unit and the corresponding computer and sent to the external device via the communication unit.

校验单元用于对即将接入内部信息网的预接入计算机的IP地址进行校验,并在所述IP地址不为任一默认IP地址时,通过中心服务器拒绝所述预接入计算机接入内部信息网;管控装置用于接收报警信号,并在接收到报警信号时通过中心服务器对相应计算机进行锁定。The verification unit is used to verify the IP address of the pre-access computer that is about to access the internal information network, and when the IP address is not any default IP address, reject the pre-access computer through the central server. access to the internal information network; the management and control device is used to receive the alarm signal, and lock the corresponding computer through the central server when receiving the alarm signal.

本实施例中,处理单元采用单片机,通信单元包括无线通信模块,外接设备包括手机。其中,无线通信模块能够以短信方式将报警信号发送给手机。In this embodiment, the processing unit adopts a single chip microcomputer, the communication unit includes a wireless communication module, and the external device includes a mobile phone. Wherein, the wireless communication module can send the alarm signal to the mobile phone in the form of a short message.

以上示意性地对本发明及其实施方式进行了描述,该描述没有限制性,附图中所示的也只是本发明的实施方式之一,实际的结构并不局限于此。所以,如果本领域的普通技术人员受其启示,在不脱离本发明创造宗旨的情况下,不经创造性地设计出与该技术方案相似的结构方式及实施例,均应属于本发明的保护范围。The present invention and its implementations have been schematically described above, and the description is not restrictive. What is shown in the drawings is only one of the implementations of the present invention, and the actual structure is not limited thereto. Therefore, if a person of ordinary skill in the art is inspired by it, without departing from the inventive concept of the present invention, without creatively designing a structure and an embodiment similar to the technical solution, it shall fall within the scope of protection of the present invention .

Claims (4)

1.计算机硬件端口智能管控装置,其特征在于:包括中心服务器和至少一台计算机,中心服务器与所述至少一台计算机共同组建内部信息网,任一计算机处均连接一管控装置;中心服务器包括校验单元和控制单元,管控装置包括接口单元、处理单元、检测单元、分配单元、监视单元和通信单元;1. The computer hardware port intelligent management and control device is characterized in that: it includes a central server and at least one computer, the central server and the at least one computer jointly form an internal information network, and any computer is connected to a management and control device; the central server includes A verification unit and a control unit, and the management and control device includes an interface unit, a processing unit, a detection unit, a distribution unit, a monitoring unit and a communication unit; 接口单元用于实现处理单元与相应计算机间的数据交互,分配单元用于存储默认IP地址并经处理单元控制分配给相应计算机,检测单元用于实时检测相应计算机的实际IP地址并发送给处理单元,监视单元用于实时监测相应计算机内的进程并在相应计算机运行任意自动程序时产生用于发送给处理单元的进程异常信号;处理单元在实际IP地址与默认IP地址不同时以及在接收到进程异常信号时,均产生报警信号并同时经接口单元、相应计算机发送给中心服务器和经通信单元发送给外接设备;The interface unit is used to realize the data interaction between the processing unit and the corresponding computer, the allocation unit is used to store the default IP address and distribute it to the corresponding computer under the control of the processing unit, and the detection unit is used to detect the actual IP address of the corresponding computer in real time and send it to the processing unit , the monitoring unit is used to monitor the process in the corresponding computer in real time and generate a process abnormal signal for sending to the processing unit when the corresponding computer runs any automatic program; when the actual IP address is different from the default IP address and when the processing unit receives the process When an abnormal signal occurs, an alarm signal is generated and sent to the central server through the interface unit and the corresponding computer and sent to the external device through the communication unit at the same time; 校验单元用于对即将接入内部信息网的预接入计算机的IP地址进行校验,并在所述IP地址不为任一默认IP地址时,通过中心服务器拒绝所述预接入计算机接入内部信息网;管控装置用于接收报警信号,并在接收到报警信号时通过中心服务器对相应计算机进行锁定。The verification unit is used to verify the IP address of the pre-access computer that is about to access the internal information network, and when the IP address is not any default IP address, reject the pre-access computer through the central server. access to the internal information network; the management and control device is used to receive the alarm signal, and lock the corresponding computer through the central server when receiving the alarm signal. 2.根据权利要求1所述的计算机硬件端口智能管控装置,其特征在于:处理单元采用单片机。2. The computer hardware port intelligent management and control device according to claim 1, wherein the processing unit is a single-chip microcomputer. 3.根据权利要求1所述的计算机硬件端口智能管控装置,其特征在于:通信单元包括无线通信模块。3. The computer hardware port intelligent management and control device according to claim 1, wherein the communication unit includes a wireless communication module. 4.根据权利要求1所述的计算机硬件端口智能管控装置,其特征在于:外接设备包括手机。4. The computer hardware port intelligent management and control device according to claim 1, wherein the external device includes a mobile phone.
CN201610152883.7A 2016-03-17 2016-03-17 Intelligent computer hardware port control device Pending CN105786730A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610152883.7A CN105786730A (en) 2016-03-17 2016-03-17 Intelligent computer hardware port control device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610152883.7A CN105786730A (en) 2016-03-17 2016-03-17 Intelligent computer hardware port control device

Publications (1)

Publication Number Publication Date
CN105786730A true CN105786730A (en) 2016-07-20

Family

ID=56392821

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610152883.7A Pending CN105786730A (en) 2016-03-17 2016-03-17 Intelligent computer hardware port control device

Country Status (1)

Country Link
CN (1) CN105786730A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101414927A (en) * 2008-11-20 2009-04-22 浙江大学 Alarm and response system for inner-mesh network aggression detection
CN201479143U (en) * 2009-09-17 2010-05-19 北京鼎普科技股份有限公司 Intranet safety management system
US20120209407A1 (en) * 2008-12-10 2012-08-16 International Business Machines Corporation Network driven actuator mapping agent and bus and method of use
CN203645692U (en) * 2013-11-01 2014-06-11 国网安徽省电力公司铜陵供电公司 Isolating device for enterprise intranet violation access terminal
US9216509B2 (en) * 2014-04-10 2015-12-22 Smartvue Corporation Systems and methods for automated cloud-based analytics for security and/or surveillance
CN205485381U (en) * 2015-12-31 2016-08-17 国网浙江嵊州市供电公司 Computer hardware port intelligence management and control system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101414927A (en) * 2008-11-20 2009-04-22 浙江大学 Alarm and response system for inner-mesh network aggression detection
US20120209407A1 (en) * 2008-12-10 2012-08-16 International Business Machines Corporation Network driven actuator mapping agent and bus and method of use
CN201479143U (en) * 2009-09-17 2010-05-19 北京鼎普科技股份有限公司 Intranet safety management system
CN203645692U (en) * 2013-11-01 2014-06-11 国网安徽省电力公司铜陵供电公司 Isolating device for enterprise intranet violation access terminal
US9216509B2 (en) * 2014-04-10 2015-12-22 Smartvue Corporation Systems and methods for automated cloud-based analytics for security and/or surveillance
CN205485381U (en) * 2015-12-31 2016-08-17 国网浙江嵊州市供电公司 Computer hardware port intelligence management and control system

Similar Documents

Publication Publication Date Title
CN101309180B (en) A Safe Network Intrusion Detection System Suitable for Virtual Machine Environment
US9734343B2 (en) Detection and prevention of sensitive information leaks
EP3149582B1 (en) Method and apparatus for a scoring service for security threat management
TWI453624B (en) Information security protection host
US20150347773A1 (en) Method and system for implementing data security policies using database classification
CN102999716B (en) virtual machine monitoring system and method
CN107580005A (en) Website protection method, device, website safeguard and readable storage medium storing program for executing
CN114268481A (en) Method, device, equipment and medium for processing illegal external connection information of intranet terminal
US20160269380A1 (en) Vpn communication terminal compatible with captive portals, and communication control method and program therefor
US12225022B2 (en) Systems and methods for secure communication in cloud computing environments
US20170372311A1 (en) Secure payment-protecting method and related electronic device
CN110351275A (en) A kind of host port flux monitoring method, system, device and storage equipment
CN106850562A (en) A kind of malice peripheral hardware detecting system and method
US11251976B2 (en) Data security processing method and terminal thereof, and server
CN106713246A (en) Method and apparatus for detecting application program page hijacking, and mobile terminal
CN205485381U (en) Computer hardware port intelligence management and control system
CN108270735A (en) A kind of data leakage prevention method and equipment
CN105786730A (en) Intelligent computer hardware port control device
KR101273519B1 (en) Service access control device and method
US11019496B2 (en) Method and electronic device for identifying a pseudo wireless access point
CN104021351A (en) Method and device for data resource access
CN113301053B (en) High-performance network boundary protection detection system and method based on expandability
CN105939374A (en) Online user offline processing method and device
CN104702456A (en) Method for monitoring local area network transmission data risk based on keyword extraction strategy
CN105743904B (en) Leak detection method and system for website user information

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20160720