Police station-level social resource security access one-point integrated access solution
With the increasing emphasis on security monitoring by the society and residents, many government agencies, enterprises and institutions, commercial office buildings, commercial complexes, campuses, hospitals, places, communities, shops, etc. have established video surveillance systems. Most of these systems are self-contained. One, not connected with the public security; if the public security department can directly call social video resources on practical application platforms at all levels, it will effectively improve law enforcement efficiency and detection efficiency. Direct access to and utilization of these social resources will save a lot of construction resources and greatly accelerate the pace of social monitoring and perfection to achieve true video big data.
However, the public security system calls for social resources and has the following problems:
1. The private network address conflict of the original device of the access unit;
2. After access, it is necessary to solve the security risks of the image private network and the social resource network. Recently, foreign countries have already launched cyber security incidents in the Internet of Things in half of the countries through IPC attacks;
3. access unit equipment brand miscellaneous, many types, access equipment may exist NVR, IPC, platform, and equipment also has different agreements, may have national standard 28181, onvif or SDK;
4. After the access, there may be multiple application requirements such as the single-direction call by the public security department or the limited-directed shared resources of the access unit and the public security department;
5. the public security network IP address is limited, you need to access a large number of social resources images through the interface of fewer docks;
6. The provider provides links such as VPN, broadband or bare fiber.
Some areas have discovered the importance of social resource access earlier and have implemented it locally. The general solution is to use the Internet, add firewalls or routers, etc., with high cost, large number of accesses, address conflicts of private network segments, and social resources. Information protection, security after access, and access policies all have hidden dangers. At the same time, the back-end equipment room cannot monitor the working status of the front-end camera in real time, and the camera damage cannot be found in time. Once the case occurs, it may cause immeasurable loss.
How to be compatible with multiple protocols and multiple devices, adapt to different links and solve network security, and direct call resource sharing has become a major topic in the research and development of the industry.
In response to new applications and new applications, Hengxin and An independently developed a series of social resource security access gateways, and integrated system solutions to access social resources without changing the original social resource network planning. Protocols, access to multiple devices, address conflicts on private network segments, protection of social resource information, security after access, access policies, etc., and access to the network management platform for unified management, real-time monitoring of port and camera working status, Proactively report faults and exceptions.
First, the network infrastructure planning
According to different networked image resources, bearer networks, and sharing requirements, the network deployed by the public security generally includes three networks: the public security service network, the image private network, and the social resource sharing network. The security interaction platform is used to set up the portal between the networks.
The public security service network refers to the network specially set up by the public security organs for the purpose of work. It is relatively independent and is not connected to the Internet in the society. It contains various information resources and combines multiple public security business application system data to realize various resources. Includes deep applications of video assets.
The image private network is used to integrate various video resources built by public security. It is also relatively independent. It is not connected to the Internet in the society and is connected to the public security service network through a secure access platform.
The social resource sharing network refers to the social video surveillance resources including the hotel industry, education industry, entertainment industry and key key units through the link of public network, VPN, bare fiber, etc., and the image is dedicated to the image through the secure access platform. Network access.
The social resource sharing network generally chooses one or more operators to build, and two construction directions:
Direction 1: The public security department establishes a simple platform as a social resource sharing platform. The monitoring images of various social units are connected to the social resource sharing platform through bare fiber, VPN or broadband and external resource security access gateways provided by various operators. In. The social resource sharing platform connects all social unit video resources to the image private network through the secure interaction platform, and the image private network and the public security service network can call any image.
Direction 2: A number of operators integrate various social units to monitor images and build platforms through bare fiber, VPN or broadband. The public security establishes a virtual social resource cloud network through external resource security access gateways, and multiple operators access their respective platforms. The social resource cloud network accesses the image private network through the secure interactive platform, and the image private network and the public security service network can call any image.
Second, the application scenario
Applicable Objectives: A centralized access solution for social resource security access at the police station level (external resource security access (convergence))
Generally used in large-scale public security social resource monitoring projects, the IP address provided by the public security is limited, and the social resource unit uploads more links, such as VPN, PPOE, static IP, etc., and the social resource unit monitors the image through the external resource security access gateway. The front-end device establishes a connection with the external resource security access gateway background device through the carrier network through the broadband cat and other devices, and generates an independent data channel between the external resource security access gateway front device and the external resource security access gateway background device. Encrypt the transmitted data to ensure the security of data transmission. The external resource security access gateway background device converts the integrated social image into a national standard code stream and has the function of a video management platform corresponding to the area. The social image sharing platform only needs to use the national standard to connect the external resources of each area to secure access to the gateway background device. To access social image information, the public security image private network integrates social images only by accessing the social image sharing platform.
● Supports 1:100 convergence, that is, one external resource security access gateway backend device supports access to 100 social resource units.
● It has strong network compatibility and is suitable for accessing a variety of complex networks. It can support multiple networking modes such as accessing public networks and private networks.
● Supports the VPN virtual private network channel function, which can establish virtual private network channels on the public network and private network to achieve secure access across networks.
● Supports network penetration. The external resource security access gateway convergence front-end can penetrate multiple networks (VPN, PPOE, static ip, etc.) and establish a connection with the external resource security access gateway convergence backend.
● With strong device compatibility, the mainstream NVR/DVR/IPC products are accessed by the secure access gateway through SDK/national standard/ONVIF, which can realize video service functions such as live broadcast, video playback, video download, and PTZ control;
● Supports encrypted transmission of code streams, avoids being monitored in the transmission link, and ensures secure call of video resources;
● Supports whitelist control, allowing only devices with specified MAC addresses to access and access control of external resource devices.
● Supports filtering of non-video services to avoid various types of illegal network attacks.
● Supports abnormal attacks such as scanning system vulnerabilities, and implements security protection for accessing video devices, and avoids attacks on the entire video system through system vulnerabilities of these devices.
● Supports access device traffic monitoring function to monitor device traffic status through SNMP in real time.
Police station-level social resource security access one-point integrated access solution
1. Each social resource unit monitoring network accesses the external resource security access gateway pre-device (convergent front-end) LAN port through the network cable
2. The external resource security access gateway front-end device (converged front-end) WAN port is connected to the optical cat LAN port, and the optical cat accesses the carrier network through various methods (VPN, PPOE, static IP).
3. External resource security access gateway background device WAN port accesses carrier network through static IP
4. The external resource security access gateway front-end device (converged front-end) penetrates the carrier network and establishes an independent data channel with the external resource security access gateway background device to ensure the security of data transmission.
5. External resource security access gateways in each area receive the social image information transmitted by the front end and convert various social image information into the national standard code stream.
6. External resource security access gateway background device supports local image call viewing, control and other video management platform functions
7. The social image information sharing platform only needs to connect to the external resources of each region to securely access the gateway background device to access all social image information in the region.
8. Only the social image sharing platform accesses the public security image private network through the firewall, and the image private network platform can retrieve the social resource image by accessing or accessing the social image information sharing platform.
9. The networks at both ends of the security gateway are shielded from each other to protect the network at both ends.
10. Supports the SNMP protocol. It can be added to the network management platform for unified management. It monitors the status of the device port in real time, monitors the traffic status of the access device in real time, determines whether the device is running normally, and actively reports the fault information.