Security system and actual operation benefit of data transmission on heterogeneous network

According to statistics, there are currently over a million website which provides knowledge of how to code a computer virus and how to be a cyber cracker. Coding malware and computer virus is different from traditional weapon system research and development, the high investment is not needed and there is also no policy-related constrain, people can launch cyber attack all the time. Due to hacking techniques renovates constantly, since from Distribute Denial of Service (DDoS), Session Hijacking, to Advance Persistent Threat (APT) that lead to paralysis of six corporations. In addition to protection of firewall, anti-virus software, and packet-filtering devices, it is more effective to isolate internal network from web to form several heterogeneous networks in a corporation. To satisfy data exchange or transmission requirements between heterogeneous networks, it is described in this paper on how to design and construct "Heterogeneous Network System of Data transmission and Control" based on requirements. The security of data transmission is designed based on cyber security requirements; data transmitted from network A to network B should be inspected through multiple specific areas which are equipped with different anti-virus software and information security policy, abnormal data will be blocked and logged. In order to isolate heterogeneous network A from network B, the Enable/Disable is utilized on switches of the first and the last inspection area to control data transmission. The switches are also ruled by tens of policies to assure one and only control system (ex. Access Control List). The whole process of data transmission is conducted automatically and single event and transmission result will be logged in the supervisory control apparatus for administrators. The security system is developed based on "labor-cost effective", "high-security assurance", "highly hardware compatible", and "data transmission inspected".