CN1203396A - Method for protecting computer network data and corresponding apparatus - Google Patents
Method for protecting computer network data and corresponding apparatus Download PDFInfo
- Publication number
- CN1203396A CN1203396A CN 97111083 CN97111083A CN1203396A CN 1203396 A CN1203396 A CN 1203396A CN 97111083 CN97111083 CN 97111083 CN 97111083 A CN97111083 A CN 97111083A CN 1203396 A CN1203396 A CN 1203396A
- Authority
- CN
- China
- Prior art keywords
- network
- workstation
- data
- domain
- computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 9
- 230000006855 networking Effects 0.000 claims description 19
- 230000009471 action Effects 0.000 claims description 8
- 238000006243 chemical reaction Methods 0.000 claims 2
- 230000009385 viral infection Effects 0.000 abstract 1
- 241000700605 Viruses Species 0.000 description 27
- 238000002955 isolation Methods 0.000 description 8
- 230000000694 effects Effects 0.000 description 6
- 230000002155 anti-virotic effect Effects 0.000 description 5
- 230000006378 damage Effects 0.000 description 4
- 230000007812 deficiency Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 238000009792 diffusion process Methods 0.000 description 3
- 238000009434 installation Methods 0.000 description 2
- 230000001681 protective effect Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 238000004883 computer application Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
Landscapes
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
A method for protecting computer network data is aimed at preventing the virus infection and the stealing of data on local area network features that a device is plugged in the expansion slot on host machine board of workstation to control the workstation in such manner that local disk is isolated from network disk, that is, data exchange between them does not take place, and data are only separately used.
Description
The present invention is a kind of method and device of protecting the computer lan data security; this method is that a kind of custom-designed isolation card is installed in the workstation of computer lan; soft to workstation; hard disk drive (calling this domain in the following text) and network interface unit (calling network interface card in the following text) produce control action; this domain of workstation and the exchanges data between the network disk are isolated; the two can only be used respectively; promptly at one time; can only use network disk maybe can only use this domain; and make between the two and can not carry out any exchanges data; can prevent effectively that any known or unknown " computer virus " (calling virus in the following text) from entering network from workstation; simultaneously can prevent that again network data is downloaded to this domain of workstation and carries out bootlegging or diffusion, plays the effect of protecting network data.
Along with development of computer and application, the applications of computer network is universal day by day, and computer network can enlarge the computer application scope, carries out resource sharing, reduces equipment investment, brings more convenience.Computer lan use amount maximum wherein, installation amount is maximum, and be the basis of wide area network, but along with the development of computer utility and the application of network, also expose simultaneously variety of issue: wherein, network is easier of virus damage and easy stolen these two problems of network data, has become important topic anxious to be solved in the current computer networking technology area.
In the technique known, the common method that adopts and the deficiency of existence:
One, in network, adopts " non-disk workstation " promptly: any soft, hard disk drive is not installed in the workstation; or with original soft, hard disk drive complete removal; make the user use disk therein, network data is hedged off from the outer world, play a protective role.But this computing machine as workstation only can use the finite data in the network when networking.When not networking, can't use separately, its deficiency is that function singleness, usable range are limited, particularly many for example need the use under the situation that this domain operates: school instruction machine room network, computeach compucetres Ltd, enterprises and institutions etc., then can't utilize it to carry out any operation and application when off-grid.
Two, anti-virus software or antivirus card, the characteristics of this type of technology are based on the analysis to known viruse, carry out virus identification and prophylactico-therapeutic measures is provided at distinctive feature code wherein.Its deficiency is: can not provide safety precautions completely at the destruction and the influence of virus.Because virus is of a great variety, ever-changing, and constant have new virus to produce, known viruse can only be prevented and treated and remove to this type of technology, new virus to the unknown can not be discerned and remove, though make it to increase the anti-ability of killing to new virus by continuous upgrading, also can only alleviate harm to a certain extent to computing machine and network data, along with the quantity of known viruse increases sharply, the corresponding work amount also can continue to roll up, hard case of being difficult to deal with finally can occur, and frequent software upgrading is made troubles to the user also and is born, so this is a kind of means of passive control.In addition, most antivirus softwares can not be monitored at any time and check virus, and are only just effective when being used execution, check and once also will take the more time, and the situation that under-enumeration is failed to report takes place unavoidably.Though be that the technology of representative can be accomplished at any time computer virus is monitored with the antivirus card, but often take the working time of processor (CPU) again, the result causes machine works speed obviously slack-off, performance obviously descends, cause many users to be reluctant to accept, and upgrading is difficulty more, all deficiencies that simultaneously also have above-mentioned anti-virus software and had.
Technological thought of the present invention is: invade and thief-proof these two major issues that urgency is to be solved of data at the virus in the safety problem of network data, in computer network each has inserts a kind of " isolation card " in the expansion slot of disk workstation main circuit board, the use-pattern of workstation is produced control action: the exchanges data of local soft or hard dish and network disk is isolated; Prevent that any virus from invading network system and preventing that network internal information from from the effect to external world's diffusion of disk that disk workstation is arranged, obtaining the effect of strengthening network data confidentiality, protecting network data security, improving network operation stability thereby play simultaneously.
Specific embodiments: design a kind of isolation card: relevant software, hardware are produced on the printed circuit board (PCB), are inserted in the expansion slot of workstation main circuit board, workstation is produced following control action;
1, makes this domain of workstation and the network disk can not transform data, the two is isolated;
2, make this workstation have " networking " and " unit " two kinds of use-patterns promptly: can only use network disk during " networking " mode; Can only use this domain during " unit " mode; Dual mode is mutually exclusive but can select easily or change.
3, " networking " is when mode is used network disk, the user can only be networked by boot (BOOTROM) login of solidifying on the network interface card, and losing efficacy simultaneously in this domain, forbids networking from this domain guiding login, can not carry out read-write operation to this domain after the networking, allow the normal network disk of using; Use this domain normally to read and write during " unit " mode, forbid that simultaneously the user logins the use network disk that networks.
Computing machine is resetted, utilize its function of initializing cleaning internal memory; The data or the computer virus that are retained in the internal memory when preventing last use-pattern enter next use-pattern.
By the producible following effect of above function, can reliably realize protective effect to network data:
1, when the user uses network data by the mode of network interface card login networking (calling networking in the following text), because the buffer action of this isolation card, lost efficacy in this domain, this moment, workstation was equivalent to the use-pattern of " non-disk workstation ", the user can't download to the network disk data this domain, can prevent that network data is diffused into beyond the network, prevents bootlegging and copy.Help maintaining secrecy of the network information, do not influence the user and normally use network data this moment, because this domain is temporarily invalid, so any computer virus that may exist in this domain also can't enter network, protected network data security.
2, when the user need use this domain; open this domain of this device then after the user must reset workstation or restart; while isolation network dish; the user can normally use existing soft, the hard disk drive operation of this machine by " unit " mode; because the buffer action of isolation card, the user can not network, and any operation of this machine and network are irrelevant; same user can not download of network data or is imported the presumable virus in this domain into network, plays the effect of protecting network data.
3, when the user changed between two kinds of use-patterns at every turn, this isolation card will make workstation reset, or restarts, and then the computer virus that maybe may exist of the original information in the workstation memory is inevitable all be eliminated; When being transformed into " networking " mode, because the user can not guide login from this domain, and the program curing on the network interface card can not be subjected to virus to influence or infect, so any virus that this domain may exist all can not enter network.
Adopt the mode of operation of this method workstation can only be in a word in " networking ", optional one in " unit " two kinds of mutually exclusive modes, avoid network data to be subjected to virus harm or be replicated diffusion, the any virus that had both prevented local disk enters network, can prevent that again network data is equipped with from illegally copying of this machine dish.Thereby reach the safety of protecting network data and the stable order ground of the network operation; the user can conveniently change use-pattern again and make the effect that produces dual-use as the computing machine of workstation simultaneously; can improve the utilization factor of existing equipment, reduce investment outlay and expense, bring more convenience.
Advantage of the present invention is:
1, can prevent reliably that any known and unknown computer virus from entering and destroying network data from workstation, and need often not upgrade, revise at the new virus that occurs again, one-step installation, permanently effective;
2, can prevent reliably that network data from downloading to any replicate run in this domain of workstation, just prevent also that therefore any illegally copying is equipped with, and helps network data is maintained secrecy;
3, do not influence original performance index of computing machine, the user can select any mode arbitrarily when operation, and change simultaneously in mode, utilize the original function of initializing of computing machine thoroughly to remove any residual risk in the internal memory, make computing machine when networking, not need line disconnection or dismounting local drive, workstation computer can be used as a normal unit when not networking, existing soft, hard disk drive recovers normal effective status automatically:
4, because isolation card adopts hardware circuit to control, so the debugging of any software mode, modification means and virus attack all can not make its inefficacy; Therefore can the reliably protecting network data security, be convenient to have the convenient networking of dish computing machine, enlarge the range of application of Net-connected computer, shared resource is reduced investment outlay, and is a kind of safe and convenient computer networking scheme.
Claims (4)
- One, a kind of method of protecting the data security of computer lan; be characterized in reaching this workstation generation control action by the attachment device that is inserted on the workstation mainboard expansion slot; make its this domain can not with the network disk swap data, but can use network disk or this domain respectively.
- Two, be to make workstation that two kinds of use-patterns can be arranged according to claim 1, its control action: i.e. networking mode and unit use-pattern, networking mode are meant can normally use network data, but this domain can not be used.The unit use-pattern is meant that this domain can normally use, but network disk can not be used.
- Three, according to claim 1,2, can be between networking mode and unit use-pattern conversion arbitrarily, can not there be it down in any data in the internal memory in a kind of mode during a kind of mode before each conversion makes computer initialization simultaneously, removes.
- Four, according to containing control circuit and program in claim 1,2,3, this attachment device, be produced on the printed circuit board (PCB), can insert in the expansion slot on the interior main circuit board of workstation computer, produce above-mentioned control action.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 97111083 CN1203396A (en) | 1997-06-25 | 1997-06-25 | Method for protecting computer network data and corresponding apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 97111083 CN1203396A (en) | 1997-06-25 | 1997-06-25 | Method for protecting computer network data and corresponding apparatus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1203396A true CN1203396A (en) | 1998-12-30 |
Family
ID=5171646
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 97111083 Pending CN1203396A (en) | 1997-06-25 | 1997-06-25 | Method for protecting computer network data and corresponding apparatus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1203396A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100530208C (en) * | 2003-08-29 | 2009-08-19 | 株式会社特伦德麦克罗 | Network isolation techniques suitable for virus protection |
-
1997
- 1997-06-25 CN CN 97111083 patent/CN1203396A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100530208C (en) * | 2003-08-29 | 2009-08-19 | 株式会社特伦德麦克罗 | Network isolation techniques suitable for virus protection |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP0516682B1 (en) | Method and apparatus for controlling access to and corruption of information in computer systems | |
| US8341369B2 (en) | Providing protected access to critical memory regions | |
| US8458791B2 (en) | Hardware-implemented hypervisor for root-of-trust monitoring and control of computer system | |
| JP4759059B2 (en) | Page coloring that maps memory pages to programs | |
| CN100416501C (en) | Computer system employing a trusted execution environment including a memory controller configured to clear memory | |
| US6941473B2 (en) | Memory device, stack protection system, computer system, compiler, stack protection method, storage medium and program transmission apparatus | |
| CN100524154C (en) | A computer system including a bus bridge for connection to a security services processor | |
| US7287283B1 (en) | Return-to-LIBC attack blocking system and method | |
| KR20000048718A (en) | Secure boot | |
| CN101578589A (en) | User space virtualization system | |
| US20080244108A1 (en) | Per-port universal serial bus disable | |
| CN100547515C (en) | Virtual machine system supporting trusted computing and method for realizing trusted computing on it | |
| CN101963929B (en) | The method preserving/resume work scene | |
| Breuk et al. | Integrating DMA attacks in exploitation frameworks | |
| Van Eyck et al. | Mr-tee: Practical trusted execution of mixed-criticality code | |
| Molina et al. | Using independent auditors as intrusion detection systems | |
| Ször | Memory scanning under windows NT | |
| US7281271B1 (en) | Exception handling validation system and method | |
| CN1203396A (en) | Method for protecting computer network data and corresponding apparatus | |
| US7540026B1 (en) | No-execute processor feature global disabling prevention system and method | |
| CN1163431A (en) | Method and device for controlling read and write of hard disc in computer | |
| CN101964029B (en) | The method of online switching between multiple subdata processing systems | |
| CN116992502A (en) | Trusted management and control method, system, equipment and medium for mobile storage medium | |
| CN201576288U (en) | Network service providing equipment based on high-safety information system | |
| AU2010202883B2 (en) | Systems and Methods for Preventing Unauthorized Use of Digital Content |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |