METHOD AND DEVICE FOR SEPARATING DIFFERENT SEGMENTS OF COMPUTER EQUIPMENT
TECHNICAL FIELD The invention relates to a method for separating different segments of computer equipment where a physical network connection is provided between the segments. For security reasons the complete computer network or segments thereof can be disconnected from other segments or from the Internet.
PRIOR ART
It is now common that computers and computer networks that are connected to the Internet and also computer networks comprising unprotected computers are attacked by different types of intruding programs. Among these programs are for instance viruses and worms. The intruding programs will affect programs and computer systems in different ways. Some intruding programs may cause severe damages to computer files and programs whereas other more has the effect of electronic graffiti or the like. A recently more common form is so called worms, which by itself can spread from an infected computer through email programs and in other ways.
Many viruses can be identified by so called antivirus programs which continu- ously have to be updated about new forms of viruses. Normally a new virus can be spread to some extent before the antivirus programs are updated. A disadvantage in this regard is that computers and computer systems may be infected even though antivirus programs are installed in the computers. Another problem is that some kind of viruses lack sections that can be identified and therefore can not be stopped di- rectly by antivirus programs.
When a computer is connected to a computer network, such as the Internet, there is a route of communication open both to and from the computer. As a result the computer can be reached from outside by unauthorized persons through other computers in the computer network. Such intrusions of unauthorized persons cause more and more damage as a result of information being destroyed and by allowing information to fall into wrong hands.
In most computer networks there are computers which very seldom or even never during normal operation cooperate with other computers in the network or with other computers through the Internet or other similar networks. However, all computers are normally connected to each other and also to the Internet through the computer network and some kind of router or similar device. Also storing devices that are used for backup are connected in a similar way. As a result viruses and other intruding programs that may reach one computer in a computer network can be spread within the computer network and may also reach the storing devices. A disadvantage is that intruding programs that are not found and taken care of immedi- ately may have the effect that backup copies of information, which is stored in the storing device, also is infected.
SUMMARY OF THE INVENTION
An object of the present invention is to provide a method for separating differ- ent segments of computer equipment. The separation is controlled by a program and is done in such a way that the different segments may remain in a functional state after separation. An advantage with the invention is that the computer equipment does not have to be switched off to be completely and safely separated from the Internet and from other sections of a computer network. A physical network connection, such as a twisted pair cable or an optical fiber cable, is provided between the different segments. The physical network connection runs through a switching unit which is connected to a computer which is included in the computer equipment. By means of a program that is executed in the computer the switching unit is controlled to enter a first mode, in which the network connection is closed, and into a second mode, in which the network connection is open. In this way a segment of computer equipment can be separated from the Internet, or from other segments in a computer network, but still be used independently.
A simple application of the invention can be a work station which only temporarily needs to be connected to the Internet, for instance in connection with sending or receiving emails. The switching unit is arranged between the work station and a router, or another unit that is connected to the Internet. A program executing in the work station will control the switching unit to change modes.
Another application is a computer network having one or a plurality of servers and at least one storage unit for backup of data from the server or servers. In this application a switching unit can be provided in the network connection that connects the server, or servers, to the storage unit. The switching unit is controlled by a proc- essing unit associated to the storage unit and is normally in a mode where the network connection is open.
By certain intervals the switching unit is pushed into the first mode and a transfer of information stored in the server to the storage unit takes place. After a finished transfer the switching unit is again pushed into the second mode in which no data transfer between the server and the storage unit is possible. In this separated mode the processing unit processes the information that has been transferred by simulating a conventional utilization of the information. Any unexpected or erroneous modification of the information will be interpreted by the processing unit as an attack of an intruding program, and an error condition will be indicated. The changeover of the switching unit is discontinued in connection with the indication so as to prevent further the infected information from the server to be transferred to the storage unit. In one embodiment the storage unit comprises a plurality of sets of storage means each of which is activated in connection with a transfer of data from the server. In a non activated state the storage means are completely inaccessible for data transfer. The embodiments described above can both be combined in different ways in the same computer network. In accordance with the invention it is possible also to combine several servers which periodically can be connected to each other and an associated computer network and periodically operate independently.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention will now be described by means of different embodiments, reference being made to the companying drawings, in which
Fig. 1 is a schematic overview of a computer configuration in which one embodiment of the invention is used and, Fig. 2 is a general circuit diagram shown one embodiment of a switching unit in accordance with the invention.
It should be noted that in the drawings different objects are simplified in respect of size and proportions and the physical units have been connected in a simplified way for the purpose of facilitating the understanding of the specific features of the invention.
DETAILED DESCRIPTION
In the embodiment as shown in Fig. 1 a plurality of computers are connected in a network having a central switch 10 effecting traffic between the computers through network connections 18. The computers in the network are connected to the Internet 12 through a firewall 11. The shown network comprises an email server 13 and a plurality of personal computers 14. One personal computer is configured or prepared specifically and operates as a backup station 15. Information from the computers in the network is stored as backup copies in a storage computer 16 connected to the backup station 15. The storage computer 16 can include a plurality of storage units 21. A computer network having the configuration as described above is a conventional network.
In accordance with one embodiment of the invention a switching unit 17 is provided in the network connection 18 between each computer and the switch 10. The switching unit 17 can be switched between a first mode, in which the network con- nection is closed and traffic is allowed to take place between the computer and the switch through the switching unit, and a second mode, in which the network connection is open and traffic between the computer and the switch is not possible through this route. The switch-over between the modes of the switching unit is made under control of the specific computer. In a simple embodiment a program is executed in the computer. The program has a timing control which automatically handles the switch-over between the modes.
In an alternative embodiment the program in the computer is designed to act on an event in the computer to change mode of the switching unit. An example of such an event is the start up of another program, such as an email program or an- other program related to the Internet, and also some activity of a user of the specific computer, such as clicking the mouse or pressing the keyboard.
The personal computers are allowed to operate completely independently in this way without being available to any intruding programs, neither existing internally in the network nor intruding programs entering the network through an Internet connection. During some circumstances, such as during specific points of time the pro- gram in the computer performs a change-over of the modes of the switching unit so as to allow data transfer between the computer and the network. The shorter connecting time between network and computer provided in this way dramatically decreases any chances an attack of intruding programs. It will also have the result that intruding programs existing internally in the network can not be spread directly to the computers.
A work station 19 operating completely independently from the network is connected through a switching unit of the type described above to a router 20, which in turn is connected to the Internet 12. A control program in the work station 19 will operate controlled by events or by timing and can switch the switching unit into a de- sired mode so as connect the work station to the Internet or to disconnect it completely from the Internet. The start up of email programs and other programs that require any time of network connection or communication with other computers can automatically activate the switching unit so as to effect the connection. At the end of such a program, or at the end of such measures that requires a network connection, the switching unit can be automatically reset to interrupt the network connection.
Then the workstation 19 will operate completely safe with regard to intrusion attempts through the network and the Internet.
Fig. 2 shows an embodiment with a storage computer 16 and a plurality of storing storage units 21. The storage computer 16 is connected to a switch unit 17 in which some specific functions are used. To the left in Fig. 2 there are shown schematically two switching means 22 in form of single-pole relays. The switching means 22 are connected to a network connection 18 in the form of a twin conductor. Both conductors in the twin conductor can be closed and opened, respectively, in dependence of the position of the switching means. This function is used first of all in the embodiment shown in Fig. 1. A control unit 23 is connected to the switching means 22 and also to a computer, which in this case is a storage computer 16. A program executing in the computer will control the control unit 23 to switch-over the switching means 22 so as to either close or open the network connection for transfer of data.
In a similar way the control unit 23 is connected also to a set of switching means, preferably of the same type as described above. Each switching means in the set is connected between a power supply unit 24 and a storage unit 21. In an open mode of the switching means 22 the storage unit 21 will have no supply^of power and as a result can be used neither for writing new data nor for reading previously stored data. A processing unit 25 arranged in the storage computer 16 and a program executing therein controls the control unit 23 to switch-over the switching means 22 in the set, so as to connect or disconnect a storage unit 21.
In one embodiment used for a safe backup the storage computer can be used as follows. In the storage computer some kind of software for backup of data in servers, computers and workstations is executed. Within close time intervals the software for backup request access to a storage unit 21. One of the storage units 21 connected to the switching unit 17 is connected by switching over the switching means 22 to a closed state. In the shown embodiment the connection of a storage unit is accomplished by supplying power to the storage unit. Also other connecting and disconnecting functions can be used within the scope of the invention. In connection with the switching unit being connected the storage computer also is connected through further switching means 21 to the network and as a result also to the selected computer. When the storage unit 21 is prepared to receive data the data trans- fer from a selected computer is started in a conventional manner.
When the transfer has been completed the connection of the storage computer to the network is interrupted when the switching unit 17 connected to the storage computer interrupts the network connection. The data that has been transferred from servers and other computers may include files that are infected with different types of viruses. Conventional antivirus programs are able to locate only some viruses that can be identified while several types of viruses can not be detected only by analyzing an infected file.
In accordance with one embodiment of the invention one or plurality of simulating programs are started in the storage computer 16 when the computer has been disconnected from other computers in the network. The simulation programs are designed to open commonly existing document files, such as files associated to the programs WORD©, EXCEL ©, OUTLOOK©, and also other programs for using email, calendars, word processing, presentations and calculations. When the Simula-
tion programs open the files associated to such programs in a way corresponding to the way the programs normally would have opened them, potential viruses will be activated. If no viruses are activated during simulation a further backup as described above can take place but then by utilization of another storage unit 21. The number of storing units and the frequency that are used for backup can be chosen in dependence of the desired security level and existing resources.
The simulation program will record undesired and/or non-predictable changes of the files and possible other associated files. Such a change will be interpreted as an error condition and as an indication that an intruding program has entered the sys- tem, and a warning signal is transmitted through an alarm unit 26 in an appropriate way. Sound as well as light signals and other types of warning signals can be used. When an error condition has been detected the backup routine will be interrupted and the storage computer will not be reconnected to the network. The information stored in the storage unit the second to last time lacks infected files and can be used so as to restore the computer system into a state as before the activation of the intruding program.
During simulation it is possible to adjust repeatedly the clock system of the storage computer so as to force or compress a time sequence. Following each adjustment it is possible to execute again the simulation program so as to activate time controlled intruding programs. One way of achieving simulation is to start each program respectively and to activate a macro or a similar program which activates relevant segments of the program. Among the controls that can be done during simulation can be found binary comparisons of such files that normally should not be changed during execution and also the determination of a control checksum for dif- ferent data blocks. It is appropriate to perform the check-ups after each new backup sequence.
A control checksum can be determined also for files that are included in the operative system of the storage computer. One set of these files are normally stored in such a medium that can not be affected by an intruding program, for instance on a CD-ROM. In some applications it can be appropriate also to execute the operative system of the storage computer directly from such a medium.
The network connections 18 that can be opened and closed, respectively, with a switching unit 17 in accordance with the invention are for instance Twinax and Twisted Pair. Also optical conductors can be used within the scope of the invention. Mechanic relays can be used in the switching unit and also so called semi conductor switches. The switching unit can be provided with connecting means for connecting to an associated computer through a serial interface, such as RS232 or a corresponding interface, and a serial cable 27. A serial connection reduces the risk of manipulation of the switching unit.