First, user demand.
1. File isolation and interaction are needed between office network and intranet.
2. Copy files of two networks with a USB flash drive, which may have viruses, Trojans, etc. In the copied file, this will spread malicious code from the external network to the internal network.
3. Only document types used by hospitals, such as documents, pictures, audio and video, can be transmitted.
4. The files passed into the intranet need antivirus.
5. The files copied from the intranet should be recorded and checked afterwards to avoid the outflow of important files.
6. Each department is independent of each other and has a common folder.
7. Many machines cannot install the client on every machine. You need to use standard FTP to enter it directly in the address bar, and you can use it.
Second, the status quo.
1. Through the penetration of firewall and gateway, an FTP is deployed in the intranet to realize the file interaction between the intranet and the intranet.
2. The whole hospital uses the same account.
3. If there is no anti-virus and file type restrictions, dangerous files such as viruses and Trojans will be introduced.
Third, deployment
Now the ferry products are deployed at both ends of the internal and external networks, and the office network is connected to the public network through the firewall. As shown below, the red frame equipment in the middle is a ferry product.
Fourth, the platform function.
1, realizing Ethernet isolation through IB communication;
2. Detect the file depth through MIME (Multipurpose Internet Mail Extension Type) to realize the type restriction.
3. Kaspersky is used for external network call command killing, and clamav is used for internal network call interface killing.
4. Record user, IP, time, directory, file and other information in the log.
5. The exported files will be automatically backed up to the specified directory to prevent users from deleting files and being unable to verify them.
6. Mount the file fstab through Linux, and hang the public file in the directory of each user, so that each department is independent of each other and has a public folder.
Verb (abbreviation of verb) is used.
1. User access is as follows
The path of the external network through FTP is FTP://AAA: AAA @192.168.0.11.
The inverse path of intranet through FTP is FTP://AAA: AAA @192 438+068.438+030.247.
2. By adding a network location, it is very convenient to use. For example, the network location shown below can be opened directly like a local disk.
3. After opening the network disk, as follows, gg is the public directory, and others are the internal directories and files of the department.
4. The configuration information of each department is as follows:
Serial Number Department User Name Password Path Remarks?
1 Security Section/Data /aqbwk
2 Finance Section/Data /cwk
3 Party and Government Office /data/dzzhbgs
4 cadre health office/data /gbbjbgs
5 Trade Union/Data /gh
6 male * * */data /gg
7 Ministry of Public Health/Data /ggwsk
8 Logistics Support Center/Data /hqbzzx
9 Nursing Department/Data /hlb
10 Infrastructure Section/Data /jjk
1 1 Supervision Office of Commission for Discipline Inspection /data/jwjcs
12 Health Management Center/Data /jkglzx
13 health education section /data/jkjyk
14 science and education section /data/kjk
15 clinic/data /mzb
16 Registration Office/Data/Public Security Bureau
17 login form template/data /qd DBM
18 Personnel Section/Data /rsk
19 Equipment Section/Data /sbk
20 Ministry of Social Work/Data /sgk
2 1 Youth League Committee /data/tw
22 external network information/data /wwzl
23 information part/data /xxk
24 Information System Problem Statistics/Data /xxxtwttj
25 Propaganda United Front Work Department /data/xctzb
26 medical insurance (price) office/data /ybbgs
27 Medical Sports Office/Data /ygtbgs
28 doctor-patient communication office /data/yhgtbgs
29 Medical Department/Data /yjks
30 Medical Management Center/Data /ywglzx
3 1 hospital development center/data /yyfzx
32 Hospital Infection Management Section /data/yygrglk
33 hospital leaders/data /yld
34 Quality Management Office/Data /zlglbgs
35 Inpatient Department/Data /zyb
Administrator/Data/?