• Title/Summary/Keyword: 물리적 망분리

Search Result 46, Processing Time 0.026 seconds

A Study on Network Partition to Cope with Cyber Attack (사이버 공격에 대응할 수 있는 망분리 방안 연구)

  • Lee, Ji-Sang;Jee, Jung-Eun;Shin, Yong-Tae
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2011.06a
    • /
    • pp.313-315
    • /
    • 2011
  • 인터넷의 급속한 발달로 빈번히 발생하고 있는 해킹 및 악성프로그램과 같은 사이버 공격으로부터 중요 정보를 보호하기 위한 망분리 기술이 요구되고 있다. 망분리에는 외부와 내부망을 물리적으로 분리하는 물리적 망분리와 가상화 기술을 이용하여 분리하는 논리적 망분리가 있다. 물리적 망분리는 망구축 및 유지비용이 높으며, 논리적 망분리는 보안 신뢰성이 낮다. 제안하는 LNP는 사이버 공격을 대응할 수 있는 논리적 망분리 방안으로 트래픽 유형을 탐지하여 망을 분리하고, 위협 요소 제거 시 망분리를 해제한다. 논리적으로 망을 분리하는 LNP는 트래픽 경로를 차단하여 중요 정보를 안전하게 보호할 수 있다.

The Construction of Logical, Physical Network Separation by Virtualization (가상화를 이용한 논리적, 물리적 망분리 구축)

  • Lee, YongHui;Yoo, SeungJae
    • Convergence Security Journal
    • /
    • v.14 no.2
    • /
    • pp.25-33
    • /
    • 2014
  • With the development of information and communication, public institutions and enterprises utilize the business continuity using the Internet and Intranet. In this environment, public institutions and enterprises is to be introduced the number of solutions and appliances equipment to protect the risk of leakage of inside information. However, this is also the perfect external network connection is not enough to prevent leakage of information. To overcome these separate internal and external networks are needed. In this paper, we constructed the physical and logical network separation is applied to the network using the virtualization and thus the network configuration and network technical review of the various schemes were proposed for the separation.

방위산업기술 자료의 외부 반출 시 보호 방안

  • Jang, Kyung Jun
    • Review of KIISC
    • /
    • v.28 no.6
    • /
    • pp.50-55
    • /
    • 2018
  • 방산업체는 물리적 망분리를 의무적으로 구축하고 군사기밀 및 방위산업기술을 보호하는 정보보호체계를 운용 중이다. 그러나, 물리적 망분리를 운용하더라도 다양한 경로로 방위산업기술 자료가 외부로 반출되어 불법적인 유출이 발생할 수 있다. 본 논문에서는 물리적 망분리 시스템의 문제점을 진단해 보고 방위산업기술 자료가 협력업체 등 외부로 반출되는 경우와 출력물에 의해 유출되는 경우에 대해 유출 방지 방안을 제시하였다.

Design and Implementation of a Physical Network Separation System using Virtual Desktop Service based on I/O Virtualization (입출력 가상화 기반 가상 데스크탑 서비스를 이용한 물리적 네트워크 망분리 시스템 설계 및 구현)

  • Kim, Sunwook;Kim, Seongwoon;Kim, Hakyoung;Chung, Seongkwon;Lee, Sookyoung
    • KIISE Transactions on Computing Practices
    • /
    • v.21 no.7
    • /
    • pp.506-511
    • /
    • 2015
  • IOV is a technology that supports one or more virtual desktops, and can share a single physical device. In general, the virtual desktop uses the virtual IO devices which are provided by virtualization SW, using SW emulation technology. Virtual desktops that use the IO devices based on SW emulation have a problem in which service quality and performance are declining. Also, they cannot support the high-end application operations such as 3D-based CAD and game applications. In this paper, we propose a physical network separation system using Virtual Desktop Service based on HW direct assignments to overcome these problems. The proposed system provides independent desktops that are used to access the intranet or internet using server virtualization technology in a physical desktop computer for the user. In addition, this system can also support a network separation without network performance degradation caused by inspection of the network packet for logical network separations and additional installations of the desktop for physical network separations.

망 분리기반의 정보보호에 대한 고찰

  • Lee, Eun-Bae;Kim, Ki-Young
    • Review of KIISC
    • /
    • v.20 no.1
    • /
    • pp.39-46
    • /
    • 2010
  • 정보 통신의 발전으로 인하여 모든 장소에서 인터넷, 인트라넷을 적용하여 외부와의 업무 연속성을 활용하고 있다. 그러나 이러한 환경은 계속적인 기업 내의 정보 유출에 대한 위험으로 내부 정보보호를 위해업무 영역과 개인 영역으로 구분된 환경을 조성하고 있다. 이를 위한 망 분리는 IT기술의 발전으로 물리적인 망 분리에서 가상화를 접목한 논리적 망 분리가 제시되고 있다. 업무 환경의 보호를 위한 망 분리에 대한 다양한 방안과 그에 대한 장단점을 소개하도록 한다.

제어망 보안을 위한 일방향자료전달시스템의 송수신 에이전트 개발

  • O, Yeong-Cheol;Han, Mi-Ran;Sin, Yong-Tae;Kim, Jong-Bae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2015.05a
    • /
    • pp.708-709
    • /
    • 2015
  • 최근 외부의 악의적인 공격으로부터 내부의 시스템을 보호하기 위하여 논리적, 물리적으로 망을 분리하고 있다. 하지만 사회공학적 해킹에는 물리적 망 분리도 취약할 수밖에 없다. 이러한 이유로 국가기반시설들을 담당하는 주요 기관들은 좀 더 안전한 네트워크 망을 구성할 필요가 있다. 따라서 본 논문에서는 일방향자료전달 시스템을 제안한다. 본 논문에서 제시한 일방향자료전달시스템은 제어시스템으로부터 업무망으로 전달되어지는 정보를 수신하여 처리하고, 업무망의 제어 정보는 송신되지 않도록 구성한다. 이 방식을 통해 어떠한 경우에도 외부로부터 내부의 제어망을 통해 기간시스템에 접근하는 것이 불가능하기 때문에 국가기반시설을 안전하게 보호할 수 있다.

  • PDF

A study on a security model for the establishment of a non-face-to-face smart work working environment in a physical network separation environment of public institutions (공공기관 물리적 망분리 환경에서의 비대면 스마트워크 근무 환경구축을 위한 보안 모델 연구)

  • Park, Sang-Kil;Kim, Gi-Bong;Son, Gyeong-Ja;Lee, Won-Suk;Park, Jae-Pyo
    • Journal of the Korea Convergence Society
    • /
    • v.11 no.10
    • /
    • pp.37-44
    • /
    • 2020
  • Due to the recent COVID 19 pandemic, public institutions are increasingly working from home. Working in public institutions is rapidly changing into a smart work environment where time and space constraints disappear. However, many public institutions currently lack a security model for an efficient smart work environment due to the physical network separation system that separates the Internet network and the business network. Therefore, in this paper, we describe the current limitations for implementing smart work in a physical network separation environment of public institutions, and propose a security model necessary for a work environment to supplement them. As a related study, explain SSL VPN and explain smart work business model through security model research of SDP (Software Defined Perimeter), RDP (Remote Desktop Protocol), and VDI (Virtual Desktop Infrastructure) to overcome the security limitations of SSL VPN. As a result, we intend to propose a security model for a smart work environment suitable for public institutions while complying with the physical network separation security guide.

A Study on NAS-Linked Network Separation System Using AHP (AHP를 이용한 NAS 연동형 망분리 시스템에 관한 연구)

  • Kim, Min Su;Shin, Sang Il;Lee, Dong Hwi;Kim, Kui Nam J.
    • Convergence Security Journal
    • /
    • v.13 no.3
    • /
    • pp.85-90
    • /
    • 2013
  • To provide high-quality services, national public institutions and companies have provided information and materials over the internet network. However, a risk of malware infection between transmission and reception of data leads to exposure to various security threats. For this reason, national institutions have proceeded with projects for network separation since 2008, and data linkage has been made using network connection storage through network separation technologies, along with physical network separation. However, the network connection storage has caused waste of resources and problems with data management due to the presence of the same data in internal network storage and external network storage. In this regard, this study proposes a method to connect internal and external network data using NAS storage as a way to overcome the limitations of physical network separation, and attempts to verify the priority of items for the optimization of network separation by means of AHP techniques.

A Study on the Security Enhancement for Personal Healthcare Information of CloudHIS (CloudHIS의 개인 의료정보를 위한 보안강화에 관한 연구)

  • Cho, Young-Sung;Chung, Ji-Moon;Na, Won-Shik
    • Journal of Convergence for Information Technology
    • /
    • v.9 no.9
    • /
    • pp.27-32
    • /
    • 2019
  • Along with the growth of u-Healthcare, we propose a security enhancement based on network separation for CloudHIS with for handling healthcare information to cope with cyber attack. To protect against all security threats and to establish clear data security policies, we apply desktop computing servers to cloud computing services for CloudHIS. Use two PCs with a hypervisor architecture to apply physical network isolation and select the network using KVM switched controller. The other is a logical network separation using one PC with two OSs, but the network is divided through virtualization. Physical network separation is the physical connection of a PC to each network to block the access path from both the Internet and the business network. The proposed system is an independent desktop used to access an intranet or the Internet through server virtualization technology on a user's physical desktop computer. We can implement an adaptive solution to prevent hacking by configuring the CloudHIS, a cloud system that handles medical hospital information, through network separation for handling security enhancement.

A Case Study on Logical Network Separation through HCI method (HCI 방식을 통한 논리적 망분리 사례 연구)

  • Choi, Seoung Pyo;Shin, Sang Uk
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2017.05a
    • /
    • pp.747-749
    • /
    • 2017
  • To protect financial services against danger of financial accidents and customer information leakage caused by malware, injection attack and so on, Financial Services Commission announced "Financial Networks Security Enhancement Comprehensive Plan", which suggests the guideline of protecting customer information and providing secure financial services by separating network topology and then makes the financial company use network partitioning system. In consequence of this policy, financial companies respectively chose between the physical partitioning mechanism or the logical partitioning mechanism according to their IT environment. This paper suggests an efficient infrastructure configuration plan for making the logical network partition, by comparison of a construction of traditional general equipment and an integrated HCI(Hyper Converged Infrastructure) through 'Hyper Converged' which is one of virualization techniques for developing currently, and the case study of the integrated HCI method.

  • PDF