基于物理隔离技术的网闸系统的设计与实现

发布时间：2018-04-13 14:16

本文选题：物理隔离 + 网闸　；参考：《西安电子科技大学》2014年硕士论文

【摘要】：近些年，互联网的发展突飞猛进，使用互联网的领域也越来越多，互联网的灵活性、开放性以及可远程通信的特点也受到越来越多用户的支持，互联网已经成为人们学习、生活、工作中必不可少的工具。但也正是由于这些特性，互联网的安全防护变得非常的困难，安全隐患日益加深，各种因为网络安全而造成的重大损失频繁发生，因此网络的安全是非常重要的，而对于一些比如政府、军队、银行等特殊单位，网络的安全更成为了重中之重。如何保证这些特殊单位内部网络信息的安全，而且还要在此前提下尽可能的和外部网络进行适当的数据交换来满足某些业务方面的需要，物理隔离网闸系统的设计与实现，就具有了重要的意义。本文实现了在了解物理隔离技术的原理和基本知识的同时，还对现有物理隔离网闸及网闸使用环境和需求进行了分析，根据使用需求和实际情况，提出了基于物理隔离技术的网闸系统的框架以及设计方案，主要工作如下：（1）结合物理隔离技术的原理和基本知识，设计出能够具有数据摆渡功能的硬件板卡的具体结构，结合数据信号的控制传递数据以达到物理隔离的效果，并根据具体使用的部件芯片编写硬件板卡的驱动程序，驱动控制硬件板卡正常工作。（2）在软件上完成网闸系统在网络协议上的物理隔离，通过强行捕获送往内部网络的数据包，并对这些数据包进行处理，利用剥离和重组TCP/IP协议的方法，完全消除TCP/IP协议在传输过程起到的作用，，使得最终在硬件部分传输的数据为不带有任何协议因素的原始数据，排除TCP/IP协议存在的漏洞所带来的安全威胁，消除现存的大部分常见攻击，更好的保障网络安全。（3）对整个系统进行一系列的测试，利用网络压力测试对数据传输的安全性进行测试，来保证数据传输可以抵抗常见攻击；利用长时间不间断传输数据来测试系统的稳定性，以保证数据可以准确无误的进行交换，实现物理隔离设备的最终目的。
[Abstract]:In recent years , the development of the Internet has soared , and the Internet has become more and more popular in the field of Internet . The Internet has become a necessary tool for people to study , live and work . But it is also because of these characteristics , the security of the Internet becomes very difficult , and the security of the network is becoming more and more important .

Based on the principle and basic knowledge of physical isolation technology , this paper analyzes the use environment and demand of the existing physical isolation network gate and gateway , and puts forward the framework and design scheme of the gateway system based on the physical isolation technology according to the use demand and the actual situation . The main work is as follows :

( 1 ) combining the principle and the basic knowledge of the physical isolation technology , designing the specific structure of the hardware board card capable of having the data ferry function , transmitting the data in combination with the control of the data signal to achieve the effect of physical isolation , and writing the driver of the hardware board card according to the specific used part chip , and driving the control hardware board to work normally .

and ( 2 ) the physical isolation of the gateway system on the network protocol is completed on the software , and the data packets sent to the internal network are forcibly captured , the data packets are processed , the TCP / IP protocol is completely eliminated by the method of stripping and recombining TCP / IP protocols , so that the data finally transmitted in the hardware part is the original data without any protocol factor , the security threat caused by the vulnerability in the TCP / IP protocol is eliminated , the existing most common attacks are eliminated , and the network security is better guaranteed .

( 3 ) a series of tests are carried out on the whole system , and the security of the data transmission is tested by using the network pressure test to ensure the data transmission can resist the common attack ;
the stability of the system is tested by using the long - time uninterrupted transmission data so as to ensure that the data can be exchanged correctly and the final purpose of the physical isolation device is realized .

【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】