| Once the information resources involving state secrets leak, it makes the security of country suffer serious damages. As the carrier of information resources, confidential information systems have always been the main target to be attacked by the domestic and foreign hostile forces. With the rapid development of modern information techniques, it brings big challenges for protecting the confidential information systems, and it also proposes higher requirements for the security of our confidential information. Since the security of the confidential information system concerns the national security and interest, the security techniques of the confidential information systems should to be improved.According to the statistics of the state secrecy bureau, the issues of leaking information show an increasing trend in the last few years. The main reasons of the leakages include the illegal internet connections of the confidential computers or networks, the cross usage of the removable storage media, or the mismanagement of the confidential local networks. These activities directly or indirectly destroy the physical isolation of systems, so it is important to study the protection technologies of physical isolation of confidential information systems. As an important part of protecting confidential information systems, physical isolation may cut off the possibility of the outflows of unauthorized information from the network environment. To achieve physical isolation of the network environment and build a secure and reliable network, we should continuing improve our network construction, and enhance our management capabilities of networks. Currently, the physical isolation techniques mainly rely on firewalls, invasion detections, illegal connection, host monitoring and audit.In this paper, we will firstly introduce the status of the protection techniques of confidential information systems in our country. Secondly, after introducing the operation principles of the illegal connecting equipment, invasion detection systems and host monitoring and auditing systems based on the physical isolation techniques, these various types of products will be analyzed and compared with each other. Finally, a protection scheme of physical isolation for confidential information system has been designed. The detailed anlysis of scheme design, equipment selection, policy configuration, system testing and system evaluation for the scheme has been carried out. The scheme proposes a reference for our government to design this system. |
PDF Full Text Request