Design And Implementation Of Secure Bank File Transfer System Based On Physical Isolation Network Gap

The development of Internet information technology brings great convenience toinformation exchange and sharing, and Internet are more and more important inbusiness. However, computer networks are confronted with increasing security threatsat the same time. Especially for the bank network systems with high securityrequirements, their own private information must be protected in their private networksand isolated from public networks.The technology of network gap based on physical isolation is a new securitytechnology being paid more and more attentions. It provides a secure and real-time dataexchange environment between the internal network and the external network. Filetransfer system is an independent and one of the most important functional modules inbank network system. It is responsible for secure data exchange between the twophysical isolated networks.The thesis firstly analyzes the serious network security problems existed in thecurrent information society, and sums up that network isolation is an effective networksecurity technology. Then the thesis studies on the technology of network isolation andGap, including the principles, structures and working flows. Further, the thesis proposesand implements a new file transfer system based on Gap, which achieves across-platform, efficient and secure file transfer means.The system is based on a private isolating hardware, which ensures thedisconnection of date link layer between non-trusted network and trusted network, byindependent controlling circuit and reading/writing protection circuit. The systemarchitecture includes the external processing unit, the internal processing unit and theprivate isolation hardware. The key technical points of the new way includes applicationdata oriented,"white list" policy, highly controlled data exchanges and file transfer. Atlast, integration test and system test are carried out, it is proved that the system is stableenough to run inside of commercial bank network, and provide secure and stable filetransfer service.