The rapid development of Internet has been promoting information exchanging and resources sharing. It is an important problem in the domain of information security to prevent availably leak of network terminal device' information while ensuring sufficient sharing. This paper presents the security strategy of the "Depth defence" based on safety present situation and expansibility of network information.The strategy build multiple defence layer between hacker and user, prevent that hacker spy and filch the important information source of network terminal device.The defence characteristic of the strategy is territorial,multilayer and go-aheadism.The paper summarizes the anti-filch system of network terminal device' information based on the "Depth defence" , presents in detail two implement schemes , which are the scheme of hardware-based isolation and the scheme of software-based isolation, for the subsystem of Physical Isolation which is important part of consititutes. The subsystem isolate Intranet and Extranet in physical network connections and memory with design principle of economy and expansibility. Network terminal PC can connect time-sharingly Intranet or Extranet and guarantee security of Intranet data file on the control of the subsystem. The subsystem which is provided with high compatibility, simple control, flexible configure and low-cost,possess favorable foreground of application. |