Search

苏ICP备12065982号-1    powered by: www.300.cn 
changzhouWebpag © Changzhou Jinlong Yiqun Medical Materials Co.,Ltd. All Rights Reserved.

WeChat 

Monday to Sunday 9:00-16:00

0086-519-8660-3026

 

SOLUTION

Social resource security access plan

Page view
[Abstract]:
ForewordWiththeincreasingemphasisonsecuritymonitoringbythesocietyandresidents,manygovernmentagencies,enterprisesandinstitutions,commercialofficebuildings,commercialcomplexes,campuses,hospitals,places,

Foreword

With the increasing emphasis on security monitoring by the society and residents, many government agencies, enterprises and institutions, commercial office buildings, commercial complexes, campuses, hospitals, places, communities, shops, etc. have established video surveillance systems. Most of these systems are self-contained. One, not connected with the public security; if the public security department can directly call social video resources on practical application platforms at all levels, it will effectively improve law enforcement efficiency and detection efficiency. Direct access to and utilization of these social resources will save a lot of construction resources and greatly accelerate the pace of social monitoring and perfection to achieve true video big data.

However, the public security system calls for social resources and has the following problems:

1. The private network address conflict of the original device of the access unit;

2. After access, it is necessary to solve the security risks of the image private network and the social resource network. Recently, foreign countries have already launched cyber security incidents in the Internet of Things in half of the countries through IPC attacks;

3. access unit equipment brand miscellaneous, many types, access equipment may exist NVR, IPC, platform, and equipment also has different agreements, may have national standard 28181, onvif or SDK;

4. After the access, there may be multiple application requirements such as the single-direction call by the public security department or the limited-directed shared resources of the access unit and the public security department;

5. The provider provides links such as VPN, broadband or bare fiber.

Some areas have discovered the importance of social resource access earlier and have implemented it locally. The general solution is to use the Internet, add firewalls or routers, etc., with high cost, large number of accesses, address conflicts of private network segments, and social resources. Information protection, security after access, and access policies all have hidden dangers. At the same time, the back-end equipment room cannot monitor the working status of the front-end camera in real time, and the camera damage cannot be found in time. Once the case occurs, it may cause immeasurable loss.

How to be compatible with multiple protocols and multiple devices, adapt to different links and solve network security, and direct call resource sharing has become a major topic in the research and development of the industry.

In response to new applications and new applications, Hengxin and An independently developed a series of social resource security access gateways, and integrated system solutions to access social resources without changing the original social resource network planning. Protocols, access to multiple devices, address conflicts on private network segments, protection of social resource information, security after access, access policies, etc., and access to the network management platform for unified management, real-time monitoring of port and camera working status, Proactively report faults and exceptions.

First, the network infrastructure planning

According to different networked image resources, bearer networks, and sharing requirements, the network deployed by the public security generally includes three networks: the public security service network, the image private network, and the social resource sharing network. The security interaction platform is used to set up the portal between the networks.

The public security service network refers to the network specially set up by the public security organs for the purpose of work. It is relatively independent and is not connected to the Internet in the society. It contains various information resources and combines multiple public security business application system data to realize various resources. Includes deep applications of video assets.

The image private network is used to integrate various video resources built by public security. It is also relatively independent. It is not connected to the Internet in the society and is connected to the public security service network through a secure access platform.

The social resource sharing network refers to the social video surveillance resources including the hotel industry, education industry, entertainment industry and key key units through the link of public network, VPN, bare fiber, etc., and the image is dedicated to the image through the secure access platform. Network access.

The social resource sharing network generally chooses one or more operators to build, and two construction directions:

Direction 1: The public security department establishes a simple platform as a social resource sharing platform. The monitoring images of various social units are connected to the social resource sharing platform through bare fiber, VPN or broadband and external resource security access gateways provided by various operators. In. The social resource sharing platform connects all social unit video resources to the image private network through the secure interaction platform, and the image private network and the public security service network can call any image.

Direction 2: A number of operators integrate various social units to monitor images and build platforms through bare fiber, VPN or broadband. The public security establishes a virtual social resource cloud network through external resource security access gateways, and multiple operators access their respective platforms. The social resource cloud network accesses the image private network through the secure interactive platform, and the image private network and the public security service network can call any image.

Second, different access application scenarios

The following units or devices or protocol types are connected to the social resource network:

2.1 SDK Protocol Camera\NVR\DVR Access

Generally used for monitoring video access in social units such as communities, schools, hospitals, shops, etc., using bare fiber or VPN links, requiring fewer concurrent numbers, only mapping and access control functions, and finally accessing the platform through web pages or SDKs. Access the image.

Implementation case:

2.2 national standard, Onvif camera \NVR\DVR\ platform access (small unit)

Generally used for monitoring video access in small units and small platforms, using bare fiber or VPN links, requiring fewer concurrent numbers, supporting bidirectional mapping, access control and message parsing functions, and finally accessing the platform through Onvif or GB 28181 Access the image.

Implementation case:

2.3 SDK, national standard, Onvif camera \NVR\DVR\ platform access (large unit)

Generally used for large-scale units and large-scale monitoring video access, using bare fiber or VPN links, requiring a large number of concurrent, need to support two-way mapping, access control and message parsing functions, and finally through the SDK, Onvif or national standard 28181 Access the image into the platform.

Implementation case:

2.4 Government Department Resource Sharing Program:

Generally, other government departments use the shared video to access the social resource sharing network while sharing the other resources of the social resource sharing network. The bare fiber or VPN link is required, and the number of concurrent requests is large. , message parsing and identity authentication functions, and finally access images through web pages or national standard 28181 access platform.

Implementation case:

2.5 Multi-operator multi-platform docking

Generally, it is constructed by multiple operators and the monitoring network of multiple independent platforms is integrated. For example, the monitoring networks of each branch are contracted by different operators. Even the projects of the same branch are contracted by different operators. The network planning of the first batch of construction has been fixed. In the later period, other operators can only use the original carrier network plan and use the original carrier transmission line, which leads to construction difficulties. In this case, a virtual social resource cloud network can be established through the external resource security access gateway, and multiple operators' respective platforms access the social resource cloud network, and access the image private network through the secure interactive platform, the image private network and the public security The service network can call any image.

Implementation case:

2.6 Double Protection Login Authentication

Achieve function

Security protection---protecting the device itself against attack, effectively avoiding similar broiler attacks

Method to realize

1. User name and password authentication. You can set a strong user name and password to prevent unauthorized users from logging in to the device.

2. The external resource security access gateway supports dongle authentication. Only the computer with the dongle is allowed to log in to the management interface using the username and password, effectively avoiding the possibility of being hijacked by a hacker into a broiler.

The social resource security access gateway installs the IP address requirement (taking a single social resource unit access as an example):

SDK, Onvif protocol access IP address requirements:

IP address type

Configuration object

Quantity (single social resource unit)

status

Private network address (LAN port)

Access device

N

original

Private network address

Security gateway LAN port

1

increase

Image private network address

Access device mapping address

N (the same number of devices)

increase

Image private network address

Security gateway WAN port

1

increase

Image private network address

Security gateway management address

1

increase

National Standard 28181 protocol access IP address requirements:

IP address type

Configuration object

Quantity (single social resource unit)

status

Private network address (LAN port)

National Standard Platform Mapping Address

1

increase

Private network address

Security gateway LAN port

1

increase

Image private network address

Security gateway WAN port

1

increase

Image private network address

Security gateway management address

1

increase