WO2004036397A1 - Method and device for separating different segments of computer equipment - Google Patents

Method and device for separating different segments of computer equipment Download PDF

Info

Publication number
WO2004036397A1
WO2004036397A1 PCT/SE2003/000682 SE0300682W WO2004036397A1 WO 2004036397 A1 WO2004036397 A1 WO 2004036397A1 SE 0300682 W SE0300682 W SE 0300682W WO 2004036397 A1 WO2004036397 A1 WO 2004036397A1
Authority
WO
WIPO (PCT)
Prior art keywords
computer
switching unit
network connection
program
computer equipment
Prior art date
Application number
PCT/SE2003/000682
Other languages
French (fr)
Inventor
Zacharias Sahlberg
Original Assignee
Zacharias Sahlberg
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zacharias Sahlberg filed Critical Zacharias Sahlberg
Priority to AU2003235357A priority Critical patent/AU2003235357A1/en
Publication of WO2004036397A1 publication Critical patent/WO2004036397A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Definitions

  • the invention relates to a method for separating different segments of computer equipment where a physical network connection is provided between the segments. For security reasons the complete computer network or segments thereof can be disconnected from other segments or from the Internet.
  • viruses can be identified by so called antivirus programs which continu- ously have to be updated about new forms of viruses. Normally a new virus can be spread to some extent before the antivirus programs are updated.
  • a disadvantage in this regard is that computers and computer systems may be infected even though antivirus programs are installed in the computers.
  • Another problem is that some kind of viruses lack sections that can be identified and therefore can not be stopped di- rectly by antivirus programs.
  • viruses and other intruding programs that may reach one computer in a computer network can be spread within the computer network and may also reach the storing devices.
  • a disadvantage is that intruding programs that are not found and taken care of immedi- ately may have the effect that backup copies of information, which is stored in the storing device, also is infected.
  • An object of the present invention is to provide a method for separating differ- ent segments of computer equipment.
  • the separation is controlled by a program and is done in such a way that the different segments may remain in a functional state after separation.
  • An advantage with the invention is that the computer equipment does not have to be switched off to be completely and safely separated from the Internet and from other sections of a computer network.
  • a physical network connection such as a twisted pair cable or an optical fiber cable, is provided between the different segments.
  • the physical network connection runs through a switching unit which is connected to a computer which is included in the computer equipment.
  • the switching unit is controlled to enter a first mode, in which the network connection is closed, and into a second mode, in which the network connection is open. In this way a segment of computer equipment can be separated from the Internet, or from other segments in a computer network, but still be used independently.
  • a simple application of the invention can be a work station which only temporarily needs to be connected to the Internet, for instance in connection with sending or receiving emails.
  • the switching unit is arranged between the work station and a router, or another unit that is connected to the Internet.
  • a program executing in the work station will control the switching unit to change modes.
  • Another application is a computer network having one or a plurality of servers and at least one storage unit for backup of data from the server or servers.
  • a switching unit can be provided in the network connection that connects the server, or servers, to the storage unit.
  • the switching unit is controlled by a proc- essing unit associated to the storage unit and is normally in a mode where the network connection is open.
  • the switching unit By certain intervals the switching unit is pushed into the first mode and a transfer of information stored in the server to the storage unit takes place. After a finished transfer the switching unit is again pushed into the second mode in which no data transfer between the server and the storage unit is possible.
  • the processing unit processes the information that has been transferred by simulating a conventional utilization of the information. Any unexpected or erroneous modification of the information will be interpreted by the processing unit as an attack of an intruding program, and an error condition will be indicated. The changeover of the switching unit is discontinued in connection with the indication so as to prevent further the infected information from the server to be transferred to the storage unit.
  • the storage unit comprises a plurality of sets of storage means each of which is activated in connection with a transfer of data from the server. In a non activated state the storage means are completely inaccessible for data transfer.
  • Fig. 1 is a schematic overview of a computer configuration in which one embodiment of the invention is used and, Fig. 2 is a general circuit diagram shown one embodiment of a switching unit in accordance with the invention. It should be noted that in the drawings different objects are simplified in respect of size and proportions and the physical units have been connected in a simplified way for the purpose of facilitating the understanding of the specific features of the invention.
  • a plurality of computers are connected in a network having a central switch 10 effecting traffic between the computers through network connections 18.
  • the computers in the network are connected to the Internet 12 through a firewall 11.
  • the shown network comprises an email server 13 and a plurality of personal computers 14.
  • One personal computer is configured or prepared specifically and operates as a backup station 15.
  • Information from the computers in the network is stored as backup copies in a storage computer 16 connected to the backup station 15.
  • the storage computer 16 can include a plurality of storage units 21.
  • a computer network having the configuration as described above is a conventional network.
  • a switching unit 17 is provided in the network connection 18 between each computer and the switch 10.
  • the switching unit 17 can be switched between a first mode, in which the network con- nection is closed and traffic is allowed to take place between the computer and the switch through the switching unit, and a second mode, in which the network connection is open and traffic between the computer and the switch is not possible through this route.
  • the switch-over between the modes of the switching unit is made under control of the specific computer.
  • a program is executed in the computer. The program has a timing control which automatically handles the switch-over between the modes.
  • the program in the computer is designed to act on an event in the computer to change mode of the switching unit.
  • An example of such an event is the start up of another program, such as an email program or an- other program related to the Internet, and also some activity of a user of the specific computer, such as clicking the mouse or pressing the keyboard.
  • the personal computers are allowed to operate completely independently in this way without being available to any intruding programs, neither existing internally in the network nor intruding programs entering the network through an Internet connection.
  • the pro- gram in the computer performs a change-over of the modes of the switching unit so as to allow data transfer between the computer and the network.
  • the shorter connecting time between network and computer provided in this way dramatically decreases any chances an attack of intruding programs. It will also have the result that intruding programs existing internally in the network can not be spread directly to the computers.
  • a work station 19 operating completely independently from the network is connected through a switching unit of the type described above to a router 20, which in turn is connected to the Internet 12.
  • a control program in the work station 19 will operate controlled by events or by timing and can switch the switching unit into a de- sired mode so as connect the work station to the Internet or to disconnect it completely from the Internet.
  • the start up of email programs and other programs that require any time of network connection or communication with other computers can automatically activate the switching unit so as to effect the connection.
  • the switching unit can be automatically reset to interrupt the network connection.
  • the workstation 19 will operate completely safe with regard to intrusion attempts through the network and the Internet.
  • Fig. 2 shows an embodiment with a storage computer 16 and a plurality of storing storage units 21.
  • the storage computer 16 is connected to a switch unit 17 in which some specific functions are used.
  • To the left in Fig. 2 there are shown schematically two switching means 22 in form of single-pole relays.
  • the switching means 22 are connected to a network connection 18 in the form of a twin conductor. Both conductors in the twin conductor can be closed and opened, respectively, in dependence of the position of the switching means. This function is used first of all in the embodiment shown in Fig. 1.
  • a control unit 23 is connected to the switching means 22 and also to a computer, which in this case is a storage computer 16.
  • a program executing in the computer will control the control unit 23 to switch-over the switching means 22 so as to either close or open the network connection for transfer of data.
  • the control unit 23 is connected also to a set of switching means, preferably of the same type as described above. Each switching means in the set is connected between a power supply unit 24 and a storage unit 21. In an open mode of the switching means 22 the storage unit 21 will have no supply ⁇ of power and as a result can be used neither for writing new data nor for reading previously stored data.
  • a processing unit 25 arranged in the storage computer 16 and a program executing therein controls the control unit 23 to switch-over the switching means 22 in the set, so as to connect or disconnect a storage unit 21.
  • the storage computer can be used as follows. In the storage computer some kind of software for backup of data in servers, computers and workstations is executed. Within close time intervals the software for backup request access to a storage unit 21.
  • One of the storage units 21 connected to the switching unit 17 is connected by switching over the switching means 22 to a closed state. In the shown embodiment the connection of a storage unit is accomplished by supplying power to the storage unit. Also other connecting and disconnecting functions can be used within the scope of the invention.
  • the storage computer In connection with the switching unit being connected the storage computer also is connected through further switching means 21 to the network and as a result also to the selected computer. When the storage unit 21 is prepared to receive data the data trans- fer from a selected computer is started in a conventional manner.
  • the data that has been transferred from servers and other computers may include files that are infected with different types of viruses.
  • Conventional antivirus programs are able to locate only some viruses that can be identified while several types of viruses can not be detected only by analyzing an infected file.
  • one or plurality of simulating programs are started in the storage computer 16 when the computer has been disconnected from other computers in the network.
  • the simulation programs are designed to open commonly existing document files, such as files associated to the programs WORD ⁇ , EXCEL ⁇ , OUTLOOK ⁇ , and also other programs for using email, calendars, word processing, presentations and calculations.
  • the Simula- tion programs open the files associated to such programs in a way corresponding to the way the programs normally would have opened them, potential viruses will be activated. If no viruses are activated during simulation a further backup as described above can take place but then by utilization of another storage unit 21.
  • the number of storing units and the frequency that are used for backup can be chosen in dependence of the desired security level and existing resources.
  • the simulation program will record undesired and/or non-predictable changes of the files and possible other associated files. Such a change will be interpreted as an error condition and as an indication that an intruding program has entered the sys- tem, and a warning signal is transmitted through an alarm unit 26 in an appropriate way. Sound as well as light signals and other types of warning signals can be used.
  • the backup routine When an error condition has been detected the backup routine will be interrupted and the storage computer will not be reconnected to the network.
  • the information stored in the storage unit the second to last time lacks infected files and can be used so as to restore the computer system into a state as before the activation of the intruding program.
  • simulation it is possible to adjust repeatedly the clock system of the storage computer so as to force or compress a time sequence. Following each adjustment it is possible to execute again the simulation program so as to activate time controlled intruding programs.
  • One way of achieving simulation is to start each program respectively and to activate a macro or a similar program which activates relevant segments of the program.
  • controls that can be done during simulation can be found binary comparisons of such files that normally should not be changed during execution and also the determination of a control checksum for dif- ferent data blocks. It is appropriate to perform the check-ups after each new backup sequence.
  • a control checksum can be determined also for files that are included in the operative system of the storage computer.
  • One set of these files are normally stored in such a medium that can not be affected by an intruding program, for instance on a CD-ROM. In some applications it can be appropriate also to execute the operative system of the storage computer directly from such a medium.
  • the network connections 18 that can be opened and closed, respectively, with a switching unit 17 in accordance with the invention are for instance Twinax and Twisted Pair. Also optical conductors can be used within the scope of the invention. Mechanic relays can be used in the switching unit and also so called semi conductor switches.
  • the switching unit can be provided with connecting means for connecting to an associated computer through a serial interface, such as RS232 or a corresponding interface, and a serial cable 27. A serial connection reduces the risk of manipulation of the switching unit.

Abstract

A method for separating different segments of computer equipment, wherein a physical network connection (18) is provided between different segments. Said network connection is conveyed through a switching unit (17) operatively connected to said computer equipment, and the switching unit (17) is directed between a first mode, in which said network connection is closed, and a second mode, in which said network connection is open. The control of the switching unit is provided by a time or event controlled program executing in a computer (14; 16; 19) associated to said computer equipment.

Description

METHOD AND DEVICE FOR SEPARATING DIFFERENT SEGMENTS OF COMPUTER EQUIPMENT
TECHNICAL FIELD The invention relates to a method for separating different segments of computer equipment where a physical network connection is provided between the segments. For security reasons the complete computer network or segments thereof can be disconnected from other segments or from the Internet.
PRIOR ART
It is now common that computers and computer networks that are connected to the Internet and also computer networks comprising unprotected computers are attacked by different types of intruding programs. Among these programs are for instance viruses and worms. The intruding programs will affect programs and computer systems in different ways. Some intruding programs may cause severe damages to computer files and programs whereas other more has the effect of electronic graffiti or the like. A recently more common form is so called worms, which by itself can spread from an infected computer through email programs and in other ways.
Many viruses can be identified by so called antivirus programs which continu- ously have to be updated about new forms of viruses. Normally a new virus can be spread to some extent before the antivirus programs are updated. A disadvantage in this regard is that computers and computer systems may be infected even though antivirus programs are installed in the computers. Another problem is that some kind of viruses lack sections that can be identified and therefore can not be stopped di- rectly by antivirus programs.
When a computer is connected to a computer network, such as the Internet, there is a route of communication open both to and from the computer. As a result the computer can be reached from outside by unauthorized persons through other computers in the computer network. Such intrusions of unauthorized persons cause more and more damage as a result of information being destroyed and by allowing information to fall into wrong hands. In most computer networks there are computers which very seldom or even never during normal operation cooperate with other computers in the network or with other computers through the Internet or other similar networks. However, all computers are normally connected to each other and also to the Internet through the computer network and some kind of router or similar device. Also storing devices that are used for backup are connected in a similar way. As a result viruses and other intruding programs that may reach one computer in a computer network can be spread within the computer network and may also reach the storing devices. A disadvantage is that intruding programs that are not found and taken care of immedi- ately may have the effect that backup copies of information, which is stored in the storing device, also is infected.
SUMMARY OF THE INVENTION
An object of the present invention is to provide a method for separating differ- ent segments of computer equipment. The separation is controlled by a program and is done in such a way that the different segments may remain in a functional state after separation. An advantage with the invention is that the computer equipment does not have to be switched off to be completely and safely separated from the Internet and from other sections of a computer network. A physical network connection, such as a twisted pair cable or an optical fiber cable, is provided between the different segments. The physical network connection runs through a switching unit which is connected to a computer which is included in the computer equipment. By means of a program that is executed in the computer the switching unit is controlled to enter a first mode, in which the network connection is closed, and into a second mode, in which the network connection is open. In this way a segment of computer equipment can be separated from the Internet, or from other segments in a computer network, but still be used independently.
A simple application of the invention can be a work station which only temporarily needs to be connected to the Internet, for instance in connection with sending or receiving emails. The switching unit is arranged between the work station and a router, or another unit that is connected to the Internet. A program executing in the work station will control the switching unit to change modes. Another application is a computer network having one or a plurality of servers and at least one storage unit for backup of data from the server or servers. In this application a switching unit can be provided in the network connection that connects the server, or servers, to the storage unit. The switching unit is controlled by a proc- essing unit associated to the storage unit and is normally in a mode where the network connection is open.
By certain intervals the switching unit is pushed into the first mode and a transfer of information stored in the server to the storage unit takes place. After a finished transfer the switching unit is again pushed into the second mode in which no data transfer between the server and the storage unit is possible. In this separated mode the processing unit processes the information that has been transferred by simulating a conventional utilization of the information. Any unexpected or erroneous modification of the information will be interpreted by the processing unit as an attack of an intruding program, and an error condition will be indicated. The changeover of the switching unit is discontinued in connection with the indication so as to prevent further the infected information from the server to be transferred to the storage unit. In one embodiment the storage unit comprises a plurality of sets of storage means each of which is activated in connection with a transfer of data from the server. In a non activated state the storage means are completely inaccessible for data transfer. The embodiments described above can both be combined in different ways in the same computer network. In accordance with the invention it is possible also to combine several servers which periodically can be connected to each other and an associated computer network and periodically operate independently.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention will now be described by means of different embodiments, reference being made to the companying drawings, in which
Fig. 1 is a schematic overview of a computer configuration in which one embodiment of the invention is used and, Fig. 2 is a general circuit diagram shown one embodiment of a switching unit in accordance with the invention. It should be noted that in the drawings different objects are simplified in respect of size and proportions and the physical units have been connected in a simplified way for the purpose of facilitating the understanding of the specific features of the invention.
DETAILED DESCRIPTION
In the embodiment as shown in Fig. 1 a plurality of computers are connected in a network having a central switch 10 effecting traffic between the computers through network connections 18. The computers in the network are connected to the Internet 12 through a firewall 11. The shown network comprises an email server 13 and a plurality of personal computers 14. One personal computer is configured or prepared specifically and operates as a backup station 15. Information from the computers in the network is stored as backup copies in a storage computer 16 connected to the backup station 15. The storage computer 16 can include a plurality of storage units 21. A computer network having the configuration as described above is a conventional network.
In accordance with one embodiment of the invention a switching unit 17 is provided in the network connection 18 between each computer and the switch 10. The switching unit 17 can be switched between a first mode, in which the network con- nection is closed and traffic is allowed to take place between the computer and the switch through the switching unit, and a second mode, in which the network connection is open and traffic between the computer and the switch is not possible through this route. The switch-over between the modes of the switching unit is made under control of the specific computer. In a simple embodiment a program is executed in the computer. The program has a timing control which automatically handles the switch-over between the modes.
In an alternative embodiment the program in the computer is designed to act on an event in the computer to change mode of the switching unit. An example of such an event is the start up of another program, such as an email program or an- other program related to the Internet, and also some activity of a user of the specific computer, such as clicking the mouse or pressing the keyboard. The personal computers are allowed to operate completely independently in this way without being available to any intruding programs, neither existing internally in the network nor intruding programs entering the network through an Internet connection. During some circumstances, such as during specific points of time the pro- gram in the computer performs a change-over of the modes of the switching unit so as to allow data transfer between the computer and the network. The shorter connecting time between network and computer provided in this way dramatically decreases any chances an attack of intruding programs. It will also have the result that intruding programs existing internally in the network can not be spread directly to the computers.
A work station 19 operating completely independently from the network is connected through a switching unit of the type described above to a router 20, which in turn is connected to the Internet 12. A control program in the work station 19 will operate controlled by events or by timing and can switch the switching unit into a de- sired mode so as connect the work station to the Internet or to disconnect it completely from the Internet. The start up of email programs and other programs that require any time of network connection or communication with other computers can automatically activate the switching unit so as to effect the connection. At the end of such a program, or at the end of such measures that requires a network connection, the switching unit can be automatically reset to interrupt the network connection.
Then the workstation 19 will operate completely safe with regard to intrusion attempts through the network and the Internet.
Fig. 2 shows an embodiment with a storage computer 16 and a plurality of storing storage units 21. The storage computer 16 is connected to a switch unit 17 in which some specific functions are used. To the left in Fig. 2 there are shown schematically two switching means 22 in form of single-pole relays. The switching means 22 are connected to a network connection 18 in the form of a twin conductor. Both conductors in the twin conductor can be closed and opened, respectively, in dependence of the position of the switching means. This function is used first of all in the embodiment shown in Fig. 1. A control unit 23 is connected to the switching means 22 and also to a computer, which in this case is a storage computer 16. A program executing in the computer will control the control unit 23 to switch-over the switching means 22 so as to either close or open the network connection for transfer of data. In a similar way the control unit 23 is connected also to a set of switching means, preferably of the same type as described above. Each switching means in the set is connected between a power supply unit 24 and a storage unit 21. In an open mode of the switching means 22 the storage unit 21 will have no supply^of power and as a result can be used neither for writing new data nor for reading previously stored data. A processing unit 25 arranged in the storage computer 16 and a program executing therein controls the control unit 23 to switch-over the switching means 22 in the set, so as to connect or disconnect a storage unit 21.
In one embodiment used for a safe backup the storage computer can be used as follows. In the storage computer some kind of software for backup of data in servers, computers and workstations is executed. Within close time intervals the software for backup request access to a storage unit 21. One of the storage units 21 connected to the switching unit 17 is connected by switching over the switching means 22 to a closed state. In the shown embodiment the connection of a storage unit is accomplished by supplying power to the storage unit. Also other connecting and disconnecting functions can be used within the scope of the invention. In connection with the switching unit being connected the storage computer also is connected through further switching means 21 to the network and as a result also to the selected computer. When the storage unit 21 is prepared to receive data the data trans- fer from a selected computer is started in a conventional manner.
When the transfer has been completed the connection of the storage computer to the network is interrupted when the switching unit 17 connected to the storage computer interrupts the network connection. The data that has been transferred from servers and other computers may include files that are infected with different types of viruses. Conventional antivirus programs are able to locate only some viruses that can be identified while several types of viruses can not be detected only by analyzing an infected file.
In accordance with one embodiment of the invention one or plurality of simulating programs are started in the storage computer 16 when the computer has been disconnected from other computers in the network. The simulation programs are designed to open commonly existing document files, such as files associated to the programs WORD©, EXCEL ©, OUTLOOK©, and also other programs for using email, calendars, word processing, presentations and calculations. When the Simula- tion programs open the files associated to such programs in a way corresponding to the way the programs normally would have opened them, potential viruses will be activated. If no viruses are activated during simulation a further backup as described above can take place but then by utilization of another storage unit 21. The number of storing units and the frequency that are used for backup can be chosen in dependence of the desired security level and existing resources.
The simulation program will record undesired and/or non-predictable changes of the files and possible other associated files. Such a change will be interpreted as an error condition and as an indication that an intruding program has entered the sys- tem, and a warning signal is transmitted through an alarm unit 26 in an appropriate way. Sound as well as light signals and other types of warning signals can be used. When an error condition has been detected the backup routine will be interrupted and the storage computer will not be reconnected to the network. The information stored in the storage unit the second to last time lacks infected files and can be used so as to restore the computer system into a state as before the activation of the intruding program.
During simulation it is possible to adjust repeatedly the clock system of the storage computer so as to force or compress a time sequence. Following each adjustment it is possible to execute again the simulation program so as to activate time controlled intruding programs. One way of achieving simulation is to start each program respectively and to activate a macro or a similar program which activates relevant segments of the program. Among the controls that can be done during simulation can be found binary comparisons of such files that normally should not be changed during execution and also the determination of a control checksum for dif- ferent data blocks. It is appropriate to perform the check-ups after each new backup sequence.
A control checksum can be determined also for files that are included in the operative system of the storage computer. One set of these files are normally stored in such a medium that can not be affected by an intruding program, for instance on a CD-ROM. In some applications it can be appropriate also to execute the operative system of the storage computer directly from such a medium. The network connections 18 that can be opened and closed, respectively, with a switching unit 17 in accordance with the invention are for instance Twinax and Twisted Pair. Also optical conductors can be used within the scope of the invention. Mechanic relays can be used in the switching unit and also so called semi conductor switches. The switching unit can be provided with connecting means for connecting to an associated computer through a serial interface, such as RS232 or a corresponding interface, and a serial cable 27. A serial connection reduces the risk of manipulation of the switching unit.

Claims

1. Method for separating different segments of computer equipment, wherein a physical network connection (18) is provided between the segments, c h a r a d e - r i z e d by the steps of conveying the network connection through a switching unit (17) operatively connected to the computer equipment, directing said switching unit (17) into a first mode in which said network connection is closed, and into a second mode, in which said network connection is open, executing a time or event controlled program in a computer (14; 16; 19) associated to the computer equipment for enforcing the switching unit to change mode.
2. Method in accordance with claim 1 , wherein said switching unit is directed into said second mode to separate a segment of computer equipment from the Internet.
3. Method in accordance with claim 1 , wherein said switching unit is directed to said second mode for separating a first segment of computer equipment including at least one server (13) from at least a second segment of computer equipment (16) including at least one storage unit (21) and one processing unit (25).
4. Method in accordance with claim 3, further including the steps of repeatedly transferring data associated to a computer program from said server to a set of storage units (21), executing computer programs in said processing unit (25) utilizing said data, interpreting non expected change of information as an attack of an undesired intruding program in the computer program in the processing unit and indicating existence of an attack of an undesired intruding program.
5. Method in accordance with claim 3, further including the steps of determining a control checksum for program files included in an operative system of the processing unit (25) after executing said computer programs, comparing said control checksum with a control checksum stored in a read only medium, and indicating a discrepancy between said control checksums as an existence of an attack of an undesired intruding program.
6. Method in accordance with claim 3, further including the step of forcing a timing sequence of the processing unit (25) to provoke activity of a time controlled intruding program.
7. A device for separating difference segments of computer equipment, wherein a physical network connection (18) is provided between said segments, c h a ra c t e ri z e d in that a switching unit (17) operatively connected to said computer equipment is connected to said network connection, that switching unit (17) is capable to enter a first mode in which said network connection is closed and a second mode in which said network connection is open, that said switching unit (17) comprises means for receiving control signals from a computer (14; 19; 16) associated to said computer equipment and cooperating with said switching unit (17) and from a time or event controlled program in said computer.
8. A device in accordance with claim 7, wherein said switching unit (17) comprises at least one mechanic switch.
9. A device in accordance with claim 7, wherein said switching unit (17) comprises a plurality of switches adapted to be connected between a power supply unit and storage units (21).
10. A device in accordance with claim 7, wherein said switching unit (17) comprises connecting means to allow connection to an associated computer through a serial port.
PCT/SE2003/000682 2002-10-17 2003-04-29 Method and device for separating different segments of computer equipment WO2004036397A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003235357A AU2003235357A1 (en) 2002-10-17 2003-04-29 Method and device for separating different segments of computer equipment

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE0203098A SE0203098D0 (en) 2002-10-17 2002-10-17 Net-safe
SE0203098-9 2002-10-17

Publications (1)

Publication Number Publication Date
WO2004036397A1 true WO2004036397A1 (en) 2004-04-29

Family

ID=20289316

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2003/000682 WO2004036397A1 (en) 2002-10-17 2003-04-29 Method and device for separating different segments of computer equipment

Country Status (3)

Country Link
AU (1) AU2003235357A1 (en)
SE (1) SE0203098D0 (en)
WO (1) WO2004036397A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2459328A (en) * 2008-04-22 2009-10-28 Paul Anderson Dynamic access control to a computer network's switch port

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5434562A (en) * 1991-09-06 1995-07-18 Reardon; David C. Method for limiting computer access to peripheral devices
US5440723A (en) * 1993-01-19 1995-08-08 International Business Machines Corporation Automatic immune system for computers and computer networks
WO1998045778A2 (en) * 1997-04-08 1998-10-15 Marc Zuta Antivirus system and method
WO2001095069A2 (en) * 2000-06-09 2001-12-13 Saafnet Canada Incorporated Data line interrupter switch

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5434562A (en) * 1991-09-06 1995-07-18 Reardon; David C. Method for limiting computer access to peripheral devices
US5440723A (en) * 1993-01-19 1995-08-08 International Business Machines Corporation Automatic immune system for computers and computer networks
WO1998045778A2 (en) * 1997-04-08 1998-10-15 Marc Zuta Antivirus system and method
WO2001095069A2 (en) * 2000-06-09 2001-12-13 Saafnet Canada Incorporated Data line interrupter switch

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SHAW DENNIS F.: "Computer virology and aids", IF-PROCEEDINGS. 1989 INTERNATIONAL CARAHAN CONFERENCE ON SECURITY TECHNOLOGY (CAT. NO. 89CH2774-8), 3 October 1989 (1989-10-03) - 5 October 1989 (1989-10-05), ZURICH, SWITZERLAND, pages 11 - 14, XP010324625 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2459328A (en) * 2008-04-22 2009-10-28 Paul Anderson Dynamic access control to a computer network's switch port
GB2459328A9 (en) * 2008-04-22 2009-12-09 Paul Anderson Dynamic access control to a computer network's switch port

Also Published As

Publication number Publication date
AU2003235357A1 (en) 2004-05-04
SE0203098D0 (en) 2002-10-17

Similar Documents

Publication Publication Date Title
KR100604242B1 (en) File server storage arrangement
US7565567B2 (en) Highly available computing platform
US7577812B2 (en) Storage controlling unit
US7020669B2 (en) Apparatus, method and system for writing data to network accessible file system while minimizing risk of cache data loss/ data corruption
US8510592B1 (en) PCI error resilience
US6038618A (en) Bypass circuit for bypassing host computer which are connected to plurality of devices via two individual ports upon detecting lack of communication at both ports
KR20030066331A (en) Flexible remote data mirroring
JP2007524161A (en) Separation multiplexed multidimensional processing in virtual processing space with virus, spyware and hacker protection features
CN110692058A (en) Auxiliary storage device providing independent backup and recovery functions and apparatus using the same
US20070214331A1 (en) Selectable mass storage system
US5379437A (en) Reset of peripheral printing devices after a hot plug state
US8095828B1 (en) Using a data storage system for cluster I/O failure determination
EP1782202A2 (en) Computing system redundancy and fault tolerance
JP2003316521A (en) Storage controller
US11321186B2 (en) Data backup system and method
WO2004036397A1 (en) Method and device for separating different segments of computer equipment
JP3447347B2 (en) Failure detection method
JP2004094433A (en) Fault tolerant computer, its disk management mechanism and disk management program
CN101202658A (en) System and method for service take-over of multi-host system
KR20000033935A (en) Method for overcoming ethernet communication fault in duplicated switching system
JPH06230992A (en) Computer system and method for recovery of computer system from fault
CN110334501A (en) A kind of data guard method and device and equipment based on USB flash disk
CN108833155A (en) A kind of two-node cluster hot backup storage system
Araki et al. A non-stop updating technique for device driver programs on the IROS platform
CN117094038B (en) Programmable logic device and server

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP