35 results about "DMZ" patented technology

A client-server-communication comprises at least one internet-based client and at least one intranet-based server located in an intranet system. A demilitarized zone is defined between an outbound firewall system to the internet and an inbound firewall system to the intranet system. A proxy server is located in this demilitarized zone and provides for any communication connection to at least one of the intranet-based servers required from one of the internet-based clients.

A system, method and apparatus for securing communications between a trusted network and an untrusted network are disclosed. A perimeter client is deployed within the trusted network and communicates over a session multiplexing enabled protocol with a perimeter server deployed within a demilitarized zone network. The perimeter client presents requests to make available and communication initiation requests to the perimeter server which presents corresponding sockets to the untrustred network. The session multiplexing capabilities of the protocol used between the perimeter server and perimeter client permit a single communication session therebetween to support a plurality of communication sessions between the perimeter server and untrusted network. In the event data flows across the communication sessions are encrypted, decryption of the data flows is left to the components at the end points of the communication session, thereby restricting exposure of privileged information to areas within trusted networks.

The invention discloses an SIP WebRTC gateway system capable of penetrating through a DMZ network. The system comprises an extranet module, a DMZ network module and an intranet module. The extranet module comprises a softphone SDK and a WebRTC terminal SDK; the DMZ network module comprises an SIP boundary server and a DMZ media server; the intranet module comprises an intranet internal media server and a registration server/load balancing server, wherein the registration server is used for realizing registration, and the load balancing server is used for interacting with the DMZ media server or interacting with the internal media server; and the DMZ media server is used for establishing a media transmission channel with a calling party and establishing a media transmission channel with the intranet media server, or respectively establishing a media transmission channel with the calling party and the called party, and establishing a media transmission channel with the intranet media server. According to the application, through the DMZ network module, the media transmission channel between the intranet media server and the extranet terminal is established, and voice communication between the extranet and the intranet is realized.

The invention discloses an enterprise network security management method, which comprises the following steps of: constructing a DMZ firewall between an enterprise network and an extranet to realize the functions of real IP hiding and access control, and establishing an IPSecVPN between a head office and a branch company to realize security information transmission of intranets in different regions, so that the risk is reduced, and the security is improved. Port security is configured on a two-layer switch, a data packet threshold value through which the port passes is preset, or MAC addresses allowed to be connected to the switch port are recorded through an MAC address table, a specific number or specific MAC addresses are allowed to use the port for communication, illegal equipment is prevented from accessing a network, MAC address table overflow caused by MAC address flooding can also be prevented, and by dividing vlan, the broadcast storm is reduced, and the pressure of the two-layer switch is fully shared; and in addition, link binding aggregation is used, the transmission bandwidth between the switches is increased, bidirectional authentication is carried out by configuring a PPP protocol and adopting chap, connection of illegal users is prevented, and the safety is further improved.

The invention discloses a method and device for improving safety of data interaction between enterprises. The device is arranged in a DMZ space deployed between an enterprise intranet and an externalnetwork. The device comprises an MQ module used for organizing external incoming data in a message queue mode; a preprocessing module used for sequentially preprocessing the data organized by the message queue, wherein preprocessing comprises data cleaning, data integration and data transformation; and a CDC module used for synchronizing the preprocessed data flow to an enterprise intranet database in real time by adopting a changed data capture mode. According to the device and the method, high security and high stability of data exchange between enterprises are improved.

The invention provides a data acquisition and access system, and belongs to the technical field of oil field information. The system comprises a data acquisition part, a cloud server, a DMZ channel and an intranet server, the data acquisition part is located at an acquisition site, the cloud server is located outside an enterprise, the intranet server is located inside the enterprise, and the cloud server is used for sending a data acquisition request to the data acquisition part when data acquisition conditions are met, and receiving the target data sent by the data acquisition part, and sending a first message comprising the target data to the DMZ server through address information of the DMZ server in the DMZ channel. And the DMZ server is used for determining the address information of the intranet server according to the corresponding relationship between the stored address information of the DMZ server and the address information of the intranet server, and sending a second message comprising the target data to the intranet server through the address information of the intranet server. According to the invention, the system for accessing the collected data to the internal network of the oilfield enterprise is provided.

The invention relates to a security system and method based on data exchange between a cloud end and an edge end. The system comprises a data exchange front agent, which is disposed in a non-military area of an enterprise network, is connected with a public cloud network through an enterprise firewall, and carries out the bidirectional identity authentication based on a digital certificate. A security data exchange device is arranged between the management information area and the production control area of the enterprise; a data exchange post agent is arranged in the enterprise production control area; the rear agent exchanges data with the front agent in the non-military area through the security data exchange equipment; and the edge computing node in the enterprise production control area downloads the artificial intelligence model and parameters from the cloud through the rear agent, collects process data from the production equipment, and operates an artificial intelligence algorithm. The method accords with the existing security policy of an industrial enterprise, and solves the security problem of data exchange between the cloud end and the edge end in the industrial internet artificial intelligence application at three levels of a network layer, a transmission layer and an application layer.

An asset whole-process management system comprises a DMZ network, an inventory management network, a network security asset network, an IT asset network, a physical security network and an asset management platform. The asset management platform is connected with the other four network spaces through a DMZ network, acquires asset data from the other network spaces through an API, and can perform batch online and offline operation on equipment in the network; and when the risk information is found, the risk information is transmitted to the safety equipment through the API to be handled. The system can be compatible with an existing asset management system, can record, track, audit and monitor IT assets, and has the advantages of being good in integration, high in compatibility degree, excellent in performance, comprehensive in management type and good in safety.

The invention discloses a method for realizing an LTE/5G bridge mode and wireless routing equipment, and belongs to the technical field of data communication. The method comprises the steps of judging whether a Module is registered and allocated with a public network address A, if so, continuing, and otherwise, ending; an AP starting a DHCP client in an EMC mode to obtain a private network address B from the Module; the AP sending an instruction to the Module, and a DMZ function is started for the private network address B; the AP starting a DHCP server, a gateway modifies and configuring a gateway address calculated by a public network address A and an 8-bit mask, and an address pool only comprising the public network address A; the AP starting a DMZ function, wherein a destination IP address of the AP is a public network address A; and a downlink PC using the public network address A to communicate with the external server through twice NAT. According to the invention, the downlink equipment is connected with the public network through the bridge mode; and the public server communicates with the downlink equipment through the public network IP address allocated to the equipment.

Systems and methods for providing access to historical data over a real-time tunnel are disclosed. The method provides a mechanism for secure communication between one or more historians. In an example, attack surfaces on historians in an industrial control system operational technology (OT) network and in an information technology (IT) networks are reduced and possibly entirely eliminated by tunneling through a DMZ (de-militarized zone) or “secured network”.

The invention provides an NBIoT technology-based oil and gas internet-of-things data acquisition system, which comprises an NB-IoT area, a DMZ area, an oil field industrial network area and an oil field office network area, and is characterized in that the NB-IoT area acquires and stores real-time data of an oil and gas production site and transmits the real-time data to the DMZ area, the DMZ area acquires and stores data of wireless communication equipment, the field data and the data of the wireless communication equipment are transmitted to the oil field industrial network area, and the oil field industrial network area collects and stores the data of the wired communication equipment and transmits the field data, the data of the wireless communication equipment and the data of the wired communication equipment to the oil field office network area. The oil field office network area receives the data, stores the data and applies the data to oil field production command work. According to the oil and gas internet-of-things data acquisition system based on the NBIoT technology, the engineering cost is greatly reduced, the information safety of an oil field industrial network is ensured, and the production efficiency is improved.

The invention provides a DMZ-based oil and gas industry internet data processing system, which comprises a plurality of DTU acquisition and transmission units, a DMZ subsystem and an industrial control subsystem; the plurality of DTU acquisition and transmission units are used for collecting field data signals of long-distance well stations of oil and gas fields and carrying out data interaction with the DMZ subsystem through a communication operation network; the DMZ subsystem is deployed in an isolation service area of a communication operator, on one hand, the DMZ subsystem communicates with the DTU acquisition and transmission units, on the other hand, the DMZ subsystem respondsto a data acquisition request and a remote control request of an internal network of an oil and gas field enterprise; the industrial control subsystem is deployed in a certain industrial control network of the oil and gas field and communicates with an office network and the DMZ subsystem through a gatekeeper or a firewall so as to collect, monitor and control data of all well stations. According to the system, the network security and the data transmission rate of data processing are fully considered, and the information privacy, the high speed and the industrial control security of remote data acquisition of the oil and gas field are guaranteed.

The invention discloses an information network virus intrusion detection system and method, and relates to the technical field of information networks. The host unit is in network connection with a firewall through an intranet router, the firewall is in network connection with an extranet through an extranet router, and the firewall is in bidirectional electrical connection with the central processing unit. The output end of the central processing unit is bidirectionally and electrically connected with the input ends of a data transmission unit, a data encryption unit and a virus isolation unit, the firewall is electrically connected with a DMZ area, and the DMZ area is electrically connected with a network threat engine III, a server I and a server II. The information network virus intrusion detection system and the information network virus intrusion detection method are high in safety, can realize detection, isolation, searching and killing of network viruses, can encrypt network data, can encrypt and transmit the data, effectively prevent data leakage, and further improve the safety performance of information network data transmission.

The invention relates to a cross-data-center data dictionary sharing method for financial institutions, and the method is characterized in that a data dictionary sharing management system is created for the data center of each financial institution; and message queue middleware for creating message channels for transmission of data dictionaries of data centers of financial institutions of all parties is deployed in respective DMZ areas, and the message queue middleware reads and writes the shared data dictionaries through a synchronization module. Compared with the prior art, the method has the advantages that the efficiency of data dictionary sharing application work is effectively improved, and management is more convenient and intelligent.

The invention discloses an application store system and a method for developing by using the application store system. The application store system includes an operation terminal, wherein the operation terminal is electrically connected with a DMZ firewall through a wire; the DMZ firewall is electrically connected with a mobile terminal APP module through a wire; the DMZ firewall is electrically connected with a service provider operation module through a wire; the DMZ firewall is electrically connected with a store operation management module through a wire; and the mobile terminal APP moduleis electrically connected with a product provider information unit through a wire. According to the application store system and the method for developing by using the application store system, the B/S has unified browser client software; investment of client software development is saved, and time and energy for maintaining client software, client training and other work are reduced; cross-platform use can be achieved; the workload of developers at the client is reduced; and the developers focus on how to reasonably organize information and provide programming work of a server side of clientservice.

The present invention provides a physical object deposit traceability system based on block chain edge computing service. The system uses the edge computing client to collect basic data and further sends this data to the edge computing server, which performs preliminary processing on the edge computing server, and is received by the cloud platform client under the network security protection of the DMZ control area , and then the cloud platform client directly submits this data to the blockchain network for deposit (certificate data stored on the chain of physical information), and at the same time, sends it to the AI ​​cloud platform server for judgment, and then passes the cloud platform client Submit to the blockchain network for deposit (off-chain certificate data of physical information), so as to effectively ensure the real correlation between the certificate data circulating on the chain and the physical objects under the chain.