基于网络隔离与数据交换的安全系统研究与实现

【作者】 王帮海；

【导师】 李振坤；

【作者基本信息】 广东工业大学 ， 计算机应用技术， 2003， 硕士

【摘要】 计算机安全问题几乎随着计算机的产生而产生，特别是计算机网络的出现及其迅速发展，计算机安全问题越来越重要。 我们在进行“广东工业大学继续教育学院网络管理信息系统”的项目研发过程中遇到了这样的问题：学生通过外网查询成绩，教师通过外网录入成绩到内网。在外网防火墙等防护机制都失效的情况下，必须保证内网的重要数据 (如，学生成绩)的安全。这就必须有一种机制来保证内外网间的隔离和内外网间数据自动交换。 论文基于以上问题的解决，实现和研究的是一个多级安全防护系统。系统通过传统的入侵检测、包过滤等防火墙机制来保护外网的安全，在内网和外网之间设有一个网络隔离和数据自动交换的装置(称作隔离交换器)系统来保证内外网间的隔离和数据自动交换，它是系统的核心部分。这个核心部分不使用 TCP/IP协议，用自主独立研发的驱动程序软件，通过串／并口或者USB口将自定义格式的数据进行传输。在数据传输过程中，通过电路互锁机制使内网或外网任何一方与隔离交换器进行数据交换时，另一方保持相当于物理隔离的隔离状态。为了保证外网数据的时效性，系统定时传送数据到外网，同时为了保证数据库的安全性，最终的成绩数据还必须打印经教师签名确认存档。 最后，论文提出了一种教师从公网录入成绩数据的安全传输机制。 经调查，还没有发现真正解决内网和外网间隔离和数据自动交换的方案系统。系统已经成功应用于“广东工业大学继续教育学院网络管理信息系统”，也将在“广州王府井电子商务系统”、“广东电器市场电子商务网站系统”中使用。实际上，任何涉及内外网隔离和数据交换的系统都可以直接或者稍作修改应用该系统。系统先进，具有很大的实用性和推广性。更多还原

【Abstract】 The problem of computer security was almost born with the presence of computer, and especially with presence and rapid development of the computer network, it takes on more and more important.when we developed the project The network management information system of the college of continuing education of Guangdong University of Technology, such a problem was faced: students inquire about scores via extranet, and teachers enter scores into intranet via extranet ,the security of the important data in intranet must be ensured once the firewall, etc. is void. Therefore, there must be a mechanism to ensure the isolation and exchanging data between intranet and extranet.In this paper based on the solution of that problem, a multilevel defense system is researched and implemented. The system ensures the extranet by traditional technology, such as IDS and filtering the packet, and ensures the internet by installing a set (called isolation & exchange set)between intranet and extranet , which is the core of the system and isolates networks & automatically exchanges data between intranet and extranet. The core part doesn’t use the protocol of TCP/IP, and it transfers especial format data defined by myself by a serial port/parallel port or a USB port with driver software researched by myself and keeps isolated state which is equal to physical disconnect when one side exchanges data with the part of the core by the circuit locking each other. To ensure the efficiency and availability of data, the system transfer data at fixed time. At the same time, the data of the score must be with signature of a teacher when it is printed on the paper that is saved.Finally, a security mechanism the teacher enters data via the Internet is finally put forward to ensure the security of transferring data.A system which indubitably resolves the isolation between intranet and extranet and exchanging data was not found by research. The system was successfully used on The network management information system of the college of continuing education ofGuangdong University of Technology and will be used on Guangzhou Wangfujin Electronic Commerce System and Guangdong Electronic Appliances Market Electronic Commerce System. In fact, any project system involved in network security and isolation between intranet and extranet can use the system directly or with little modification. The system is very advanced, and it has practicability and generalization.更多还原