1, Jingtai physical isolation gateway
Jingtai physical isolation gateway adopts high-speed solid-state switch to switch internal and external networks. The physical characteristics of the switch determine that the system can only be on one side of the intranet or extranet at any time. When connecting to the external network, disconnect from the internal network and obtain the data to be exchanged from the external network; Disconnect the external network, connect the internal network and exchange data with the internal network. Constantly reciprocating, so as to complete the exchange of information between internal and external networks; After the connection is established, user-defined information exchange messages and protocols are used for information transmission and exchange to prevent hackers from using various vulnerabilities of standard network protocols to attack; Due to the user-defined secure transmission protocol, the system completes file fragmentation and transmission at the bottom, and is responsible for its reorganization and detection at the other end. The system provides an application interface to strictly detect and filter the form content of the application system to prevent the use of various illegal queries to obtain information or destroy information; Due to the exchange of information through the high-speed solid-state switch, the delay is very short, which is millisecond, providing a solid foundation for real-time online access of user application systems. The security gateway not only provides standard information exchange services, such as document exchange, database exchange and mail exchange. It also provides a secondary development interface for other specific application systems to help users build their own secure information exchange platform faster and better. Support third-party security software, such as anti-virus for data transmission and exchange. , designed with Linux operating system, passed the security certification of the Ministry of Public Security, the Secrecy Bureau, the National Information Security Evaluation and Certification Center and other authoritative departments, greatly improving the security of its own system.
Jingtai wangzha
Product Comments: Jingtai Network is the earliest security company engaged in physical isolation technology in the industry, and its products have won unanimous praise in the industry for their novel design, high security, high intelligence and good reliability. After several years of development, Jingtai network has formed a complete product line, the after-sales service system has been continuously improved, and the product quality has been continuously improved. The products have formed their own market in China and won the trust of users. Jingtai network physical isolation products have passed the inspection of all state organs such as the Ministry of Public Security, the State Secrecy Bureau and the Military Secrecy Committee, and Jingtai Network Technology has obtained the qualification certification of classified network security integrator.
2.Gatejia physical isolation gateway
Gatejia physical isolation gateway adopts fully transparent working mode and dynamic real-time data exchange technology to prevent attacks against known and unknown vulnerabilities of operating system and attacks based on TCP/IP network protocol weaknesses, and uses application-layer data extraction technology to completely block TCP/IP connections between internal and external networks. It adopts an optimized secure operating system for internal and external processing units. There is no TCP/IP network protocol stack in the system, and the internal and external network cards have no network addresses. Access to special hardware communication devices requires direct I/O technology without driving. The network card only monitors data and does not provide services to the outside world. The management console is completely independent of the internal and external networks. Built-in automatic anti-intrusion function, fine security access control function, support for routing and transparent bridge working mode, support for various network objects such as hosts, networks and network segments, support for standard network protocols such as HTTP, FTP and MAIL, support for IP and MAC address binding, support for keyword filtering of HTTP URL and content, support for logging, auditing and alarm, powerful application-layer attack protection function, and built-in high-performance security filtering engine, which can prevent Dos and DDos attacks, buffer overflow attacks, etc.
Gatejia physical isolation door
Product comments: Gatejia physical isolation gateway exchanges data between networks with different security levels through special communication equipment, proprietary security protocols and encryption verification mechanisms, and application-layer data extraction and authentication technologies, completely blocking TCP/IP connections between networks, and enforcing strict identity authentication, content filtering, security auditing and other security protection mechanisms. So as to ensure the security and controllability of data exchange between networks, and put an end to security risks caused by loopholes in operating systems and network protocols.
It is mainly used to isolate intranet and internet, business network and work network, intranet and related network, host server and database server.
3. top walk -GAP.
In 2000, China Beijing Tianxing Netan Company took the lead in developing the concept of GAP from the physical isolation technology, and cooperated closely with the Communication Bureau of the Ministry of Public Security to jointly develop the first GAP (Security Isolation and Information Exchange) product in China, namely Topwalk-GAP, which became the best scheme for network security protection in key areas. As a new generation of security isolation and information exchange products based on GAP technology in China, Topwalk-GAP can realize heterogeneous database exchange between isolated networks. The product passed the appraisal of the State Secrecy Bureau and was selected into the National Torch Program, which realized the message-based delivery mechanism. As the core component of the whole security isolation gateway, the basic module of this product is the security platform for other application modules. The database exchange module supports the controllable and secure data exchange between various mainstream database platform networks, the file exchange module provides the controllable and secure file transfer between networks, and the message module provides the API-based development interface for the upper application platform and fast and reliable message transmission for isolated upper network programs.
The technical concept of "self-centeredness and active defense" has enabled GAP Technology to successfully create a new category of security technology. GAP technology is a technology that enables two or more networks to realize connectionless secure data transmission and resource sharing through special hardware. GAP, also called security isolation gateway, is a technology to realize security information exchange and resource sharing on the basis of ensuring the security isolation of two networks. It adopts a unique hardware design and integrates a variety of software protection strategies, which can resist all kinds of known and unknown attacks, significantly improve the security intensity of the intranet and create a worry-free network application environment for users. GAP technology is an "active defense" technology based on physical isolation and the current situation of information security technology in China, which is suitable for e-government network security. GAP technology cuts off the protocol communication at all network levels from the physical layer to the application layer, so we can understand GAP as the abbreviation of "gap of all protocols". As long as the application data can be effectively transmitted and exchanged in a "white list" way, there are various implementation methods. However, the concept of GAP is obviously different from that of firewall and IDS/IPS.
Top walking clearance
Product Comments: Topwalk-GAP is usually deployed between trusted networks and untrusted networks. Through the original software and hardware architecture, security technologies such as protocol conversion, secure operating system kernel, authentication mechanism based on encryption and certificate, virus and malicious code filtering, and security audit management are adopted. , and transmit and exchange data according to the user-defined "white list" policy of application data, thoroughly eliminate harmful information and build various network threats. As an advocate and leader in the field of GAP in China, Topwalk-GAP has always been favored by users for its innovative practicality, security and reliability.
4. Lenovo network SIS-3000 security isolation gateway
SIS-3000 security isolation gateway is a network security device that can exchange data safely, quickly and reliably between two physically isolated networks. The system adopts proprietary isolation hardware and protocols, and adopts the latest international information ferry mechanism. It integrates a variety of security technologies, such as secure operating system, content filtering, digital signature, virus killing, access control, security audit, etc., checks and filters the types and contents of transmitted data, and provides reliable special information exchange services, which effectively overcomes the data exchange bottleneck caused by physical isolation between e-government and e-commerce, maintains the characteristics of physical isolation among multiple networks, and provides a kind of security.
This product adopts high-speed safety isolation electronic switch, which only supports one-way network connection, ensures that the internal and external networks of the physical link layer are completely disconnected, and can support millisecond high-speed switching and background high-speed response equipment; At the same time, SIS-3000 provides data exchange for designated applications. By combining with specific applications, the security factor of the system is greatly improved, and the security risks brought by opening TCP/IP universal services are avoided. Lenovo Internet SIS-3000 has a high-speed electronic switch and a proprietary protocol to ensure the physical isolation of the internal and external networks at any time, and improve the security of data transmission through the leading information ferry mechanism; Adopt a variety of security technologies to support reliable private information exchange services; It has an independent embedded security operating system, which effectively ensures the security of the system itself; Support various applications, including file exchange, mail exchange and database synchronization.
Lenovo Wang Yu SIS-3000
Product Comments: As a physical isolation device at the network link layer, Lenovo's SIS-3000 series security isolation gateway has higher security performance than a firewall. Information can be exchanged credibly between classified networks, between different security domains of classified networks, between classified networks and intranets, and between intranets and the Internet. It is suitable for the non-real-time information exchange environment among government, military, financial and other units.
5. X-gap of China network isolation gateway
The security isolation and information exchange system (X-Gap) developed by China Network Company can solve the problems of isolation disconnection and data exchange, and the physical isolation gateway of China Network really realizes the physical isolation between the two networks. X-Gap interrupts the link connection, communication connection, network connection and application connection between the two networks, and realizes data exchange in a non-network way under the condition of ensuring that the two networks are completely disconnected and the protocol is terminated. No data packets, commands and TCP/IP protocols (including UDP and ICMP) can penetrate X-Gap, which has the advantages of high security, high bandwidth, high speed and high availability. In addition, due to the adoption of SCSI technology, the backplane speed is as high as 5G, and the switching efficiency reaches nanosecond level, which completely solves the problems of slow speed and low efficiency. In addition, SCSI control system itself has non-programmable characteristics and conflict mechanism, forming a simple switching principle, thus completely solving the security problem of gateway switches.
Physical isolation is achieved by switches. At present, there are three common physical disconnector technologies: real-time switching, unidirectional link and network switching. Real-time switching and one-way connection are faster, and network switching is slower. People are generally worried about the switching speed, which directly affects the performance of the network. If the speed of the switch is low, the performance of the network will definitely be affected. Even if the speed of the switch is high, the performance of the gateway will be limited by the performance of the host. Regardless of the switching speed, the performance upper limit of the gateway will not exceed the upper limit of the host. The physical isolation gateway of China power grid uses the CPU clock of the host as the switch, which realizes the switching function in the system kernel and successfully achieves the highest performance of the gateway, which is superior to the three commonly used switching technologies. The efficiency of the kernel is much higher than that of the peripheral.
China net physical isolation door
Product comments: When users require physical isolation and need to exchange data in real time to solve problems such as physical isolation and information exchange, China Net's X-GAP series products can realize the necessary "ferry" between the two networks to ensure that there will be no security problems of mutual invasion. X-GAP can be easily integrated into the network and business environment of government, electric power, industry and commerce, taxation, public security, transportation, energy, finance and large enterprises, perfectly protecting core security and meeting customers' application requirements of high security, high performance and high reliability.
6.Weisi physical isolation gateway copgap200
Weisi Gateway CopGap consists of two embedded single-board computers and a security circuit board. Wherein, two embedded single-board computers are respectively connected with a trusted network and an untrusted network, and the two embedded single-board computers are connected together through a security circuit board. Security circuit board is a pure hardware device specially designed for physical isolation technology. It contains a unique high-speed LVDS bus, and the data flow in the system reaches 1056M bit/s, which exceeds1gbit/s.copgap. The operating system adopts a secure Linux operating system kernel certified by the Secret Service, which has high security.
Through the special high-speed security chip switch and advanced protocol termination/protocol analysis technology, the physical isolation and protocol isolation of trusted and untrusted networks are realized on CopGap, and the malicious attacks of hackers on trusted networks are eliminated. Through the advanced GAP reflection system, independent of any communication protocol and operating system, independent hardware logic circuit and independent bus technology are adopted to ensure the controllable, high-speed and safe data exchange between the internal and external networks. Through complex mathematical transformation, the format of the original raw data can be disrupted, the data structure can be changed, and malicious code can not be executed during transmission, thus fundamentally ensuring the security of data transmission. The security decision system is located in the internal trusted security server and physically disconnected from the untrusted network, which can ensure the integrity of the security decision system and the integrity of the decision-making process of the security decision system. So as to ensure the integrity of the whole security architecture. It uses protocol termination technology to prevent known and unknown attacks based on network protocol vulnerabilities; Resist attacks based on operating system vulnerabilities; Resist buffer overflow attack, overload attack, denial of service attack (DOS) and distributed denial of service attack (DDOS); Content review of data, analysis and review of network protocols; With audit function, it can record the behavior of network users in detail; Identity authentication and access control functions: support client's digital certificate authentication (CA); Double agent function, hiding internal network structure information.
Weiskop 200
Product comments: CopGap, the security isolation and information exchange system of Weisaibo, is a network security product with independent intellectual property rights developed and produced by Beijing Weisaibo Network Security Technology Research Institute with the support of the National 863 Program and after several years of physical isolation technology research. CopGap security isolation and information exchange system can disconnect internal and external networks from physical links, and carry out appropriate data exchange under safe and controllable conditions. Through the reflective GAP system based on hardware design, there is no actual network protocol connection between trusted network and untrusted network, which can prevent various attacks based on network layer and operating system layer and realize high-speed and safe data exchange. CopGap has the ability of two-way and one-way communication control, which can strictly limit the direction of information flow according to the actual security needs of users and protect the security of confidential information.
Second, the recommendation summary
The product development of physical isolation barrier in China is a matter of recent years. There are not many companies involved in the development, and there are fewer types of products. The performance index, quality index and technical level of products are in the first generation. The six gateway products we introduced above have all passed the inspection of the quality inspection center of computer information system security products of the Ministry of Public Security. Among them, Topwalk-GAP developed by Beijing Tianxing Netan Information Technology Co., Ltd. passed the technical appraisal of the State Secrecy Bureau in September 2002. Because the physical isolation gateway is located in the special position of the gateway of classified and non-classified networks, it is also the last line of defense for network security, and the user's background of product R&D personnel and R&D units is also an important condition for selecting products. The product sales of some companies with foreign investment background cannot but be affected. So there are very few products that can stand on the market. Therefore, when we choose the physical isolation gateway, we should pay special attention to its two main indicators, namely, the data exchange rate-the data exchange rate supporting 100-megabit networks and gigabit networks; Switching time-high-speed safety isolation electronic switch is adopted, which supports millisecond high-speed switching.
Finally, we emphasize that the physical isolation gateway is used in the following five occasions:
1) between classified network and non-classified network;
2) Between LAN and Internet (between intranet and extranet);
Some local area networks, especially government office networks, involve sensitive government information and sometimes need to be physically disconnected from the Internet. Using physical isolation gateway is a common method.
3) Between the office network and the business network;
Because the information sensitivity of office network and business network is different, for example, the office network and business network of banks are two typical networks with different information sensitivity. In order to improve work efficiency, office networks sometimes need to exchange information with business networks. In order to solve the security of business network, a better method is to use a physical isolation gateway between office network and business network to realize the physical isolation of the two types of networks.
4) Between e-government intranet and private network;
In the construction of e-government system, logical isolation is required between the internal view of the government and the external network, and physical isolation is required between the government private network and the internal network. At present, the common method is to use physical isolation barrier to realize it.
5) Between the business network and the Internet;
The e-commerce network is connected with the business network server and the general public through the Internet. In order to ensure the security of the service network server, physical isolation should be realized between the service network and the Internet.
Contact them for the quotation yourself. Personally, I think the network of Tianxing is better. Because gateways are usually purchased for security, their GAP3000 is highly secure.