• Title/Summary/Keyword: VPN Detection

Search Result 20, Processing Time 0.024 seconds

A Method for Original IP Detection of VPN Accessor (VPN 접속자의 원점 IP 탐지 방법)

  • Kim, Inhwan;Kim, Dukyun;Cho, Sungkuk;Jeon, Byungkook
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.21 no.3
    • /
    • pp.91-98
    • /
    • 2021
  • In most hacking attacks, hackers tend to access target systems in a variety of circumvent connection methods to hide their original IP. Therefore, finding the attacker's IP(Internet Protocol) from the defender's point of view is one of important issue to recognize hackers. If an attacker uses a proxy, original IP can be obtained through a program other than web browser in attacker's computer. Unfortunately, this method has no effect on the connection through VPN(Virtual Private Network), because VPN affects all applications. In an academic domain, various IP traceback methods using network equipments such as routers have been studied, but it is very difficult to be realized due to various problems including standardization and privacy. To overcome this limitation, this paper proposes a practical way to use client's network configuration temporarily until it can detect original IP. The proposed method does not only restrict usage of network, but also does not violate any privacy. We implemented and verified the proposed method in real internet with various VPN tools.

A study on Preventing Data Leakage using Abnormal Behavior Detection in a Virtual Private Network (VPN에서의 이상행동 탐지를 활용한 정보유출 방지에 관한 연구)

  • Park, Jang-Su;Kim, Su-Hyun;Lee, Im-Yeong
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2015.04a
    • /
    • pp.404-405
    • /
    • 2015
  • 최근 IT기술과 인터넷의 발전으로 시간과 공간에 제한을 두지 않고 업무를 처리해야 하는 상황으로 업무환경이 급격히 변화되고 있다. 특히 기업에서는 외부 네트워크와 정보교환의 필요성이 증가되었고, 구성원들의 잦은 외근, 출장 등 사무실 밖에서 업무를 처리하는 비중이 높아져, 내부뿐만 아니라 외부와의 정보공유를 하는데 있어 안전한 네트워크 구조를 요구하고 있다. 외부에서 효율적이고 안전하게 내부시스템에 접속할 수 있게 사용되는 것이 VPN(가상사설망: Virtual Private Network)으로, 기관 및 기업에서 VPN을 지속적으로 도입하여 운영하고 있다. 하지만 VPN에 인증이 성공되면 다양한 업무시스템에 접근이 용이하기 때문에, 악의적인 사용자로부터 정보유출이 손쉽게 이루어질 수 있다. 따라서 본 연구에서는 사용되고 있는 VPN에 대해 관리가 잘 이루어지는지 확인하는 실태점검 리스트를 제시하고, VPN에 대한 정보유출방지 모니터링을 위해 VPN의 접속로그를 분석하여 정보유출 보안위협행위를 탐지할 수 있는 시나리오를 도출하고자 한다.

A Study on Access Control Through SSL VPN-Based Behavioral and Sequential Patterns (SSL VPN기반의 행위.순서패턴을 활용한 접근제어에 관한 연구)

  • Jang, Eun-Gyeom;Cho, Min-Hee;Park, Young-Shin
    • Journal of the Korea Society of Computer and Information
    • /
    • v.18 no.11
    • /
    • pp.125-136
    • /
    • 2013
  • In this paper, we proposed SSL VPN-based network access control technology which can verify user authentication and integrity of user terminal. Using this technology, user can carry out a safety test to check security services such as security patch and virus vaccine for user authentication and user terminal, during the VPN-based access to an internal network. Moreover, this system protects a system from external security threats, by detecting malicious codes, based on behavioral patterns from user terminal's window API information, and comparing the similarity of sequential patterns to improve the reliability of detection.

A Study on Building an Optimized Defense System According to the Application of Integrated Security Policy Algorithm (통합 보안정책 알고리즘 적용에 따른 최적화 방어 시스템 구축에 관한 연구)

  • Seo, Woo-Seok;Jun, Moon-Seog
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.4
    • /
    • pp.39-46
    • /
    • 2011
  • This study is conducted to examine the optimal integrated security policy based on network in case of attacks by implementing unique security policies of various network security equipments as an algorithm within one system. To this end, the policies conduct the experiment to implement the optimal security system through the process of mutually integrating the unique defense policy of Firewall, VPN(Virtual Private Network), IDS(Intrusion Detection System), and IPS(Intrusion Prevention System). In addition, this study is meaningful in that it designs integrated mechanism for rapid detection of system load caused by establishment of the security policy and rapid and efficient defense and secures basic network infrastructure implementation.

Design and Implementation of Network Access Control based on IPv6 (IPv6 기반의 네트워크 접근제어 시스템 설계 및 구현)

  • Shin, HaeJoon
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.15 no.10
    • /
    • pp.6310-6316
    • /
    • 2014
  • The increase in the Internet and smart device users requires high-level network security. Network security consists of Web Firewall, Network Firewall, IPS, DDoS system, UTM (Unified Treat Management), VPN, NAC (Network Access Control), Wireless security, Mobile security, and Virtualization. Most network security solutions running on IPv4, and IPv6 network services are not sufficiently ready. Therefore, in this paper, this study designed and implemented important functions of Network Access Control (NAC), which include IPv6 host detection, isolation, blocking and domain assignment for the IPv6 network. In particular, domain assignment function makes 128 bits IPv6 address management easy. This system was implemented on a KISA IPv6 test-bed using well known devices. Finally, the test result showed that all IPv6 based wired and wireless devices were well-controlled (detection, blocking, isolation and domain assignment).

인터넷 보안: 가상사설망, 방화벽 그리고 침입탐지시스템

  • 임채훈;강명희
    • Information and Communications Magazine
    • /
    • v.17 no.3
    • /
    • pp.97-110
    • /
    • 2000
  • 인터넷은 본질적으로 신뢰할 수 없는 네트웍들의 집합체로, 정보의 흐름을 통제하기가 대단히 어렵기 때문에, 인터넷에 산재한 자원을 충분히 활용하면서, 내부의 중요한 자원을 인터넷으로부터 보호해 줄 수 있는 인터넷 보안이 가장 심각한 문제로 대두되고 있다. 본 고에서는 현재 인터넷 보안의 주류를 이루는 있는 가상사설망(VPN : Virtual Private Network)과 방화벽(Firewall), 그리고 방화벽의 부족한 부분을 보강해 줄 수 있는 침입탐지시스템(IDS: Intrusion Detection System)에 대한 기본 구현 기술들을 비교 분석해 본다.

  • PDF

Policy-bsed Security Management for Intrusion Detection (침입 탐지를 위한 정책 기반의 보안 관리)

  • 조수형;김정녀
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2002.10c
    • /
    • pp.574-576
    • /
    • 2002
  • VPN, 전자상거래 등의 인터넷 서비스들이 인터넷을 통해 빠르게 퍼져가고 있지만, 인터넷이 가지고 있는 보안 취약성 때문에 항상 해킹의 위험에 노출되어 있다. 이러한 해킹의 피해를 최소화하고 동적으로 침입을 감지할 수 있는 침입 탐지 시스템과 같은 보안 솔루션이 필요하다. 그리고, 보안 정책이 없는 관리 시스템은 보안 환경의 변화에 민첩하게 대처하지 못하고 통합된 관리 방법을 제시하지 못한다 이 논문에서는 표준화된 보안 정책과 분석, 유지, 복구 기능을 가지고 정책을 기반으로 동작하는 보안 관리 시스템을 설계하였다. 보안 관리 시스템은 정책에 따라 관리 상태를 설정하고, 정책의 통신을 위해 COPS를 이용한다. 그리고, 네트워크상의 패킷을 필터링하고 침입을 탐지하며 불법 침입을 통보한다.

  • PDF

Design and Implementation of Unified Network Security System support for Traffic Management (종단간 트래픽 관리를 지원하는 통합 네트워크 보안시스템 설계 및 구현)

  • Hwang, Ho-Young;Kim, Seung-Cheon
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.11 no.6
    • /
    • pp.267-273
    • /
    • 2011
  • The importance of networking capability is gaining more weight for enterprise business and high-speed Internet access with guaranteed security management is essential to companies. This paper presents a unified network security management solution to support high-speed Internet access, active security management, traffic classification and control. The presented system provides firewall, VPN, intrusion detection, contents filtering, traffic management, QoS management, and history log functions in unified manner implemented in a single appliance device located at the edge of enterprise networks. This will enable cost effective unified network security solution to companies.

A Study on Security Hole Attack According to the Establishment of Policies to Limit Particular IP Area (특정 IP 영역 제한정책 설정에 따른 보안 취약점 공격에 관한 연구)

  • Seo, Woo-Seok;Jun, Moon-Seog
    • The Journal of the Korea institute of electronic communication sciences
    • /
    • v.5 no.6
    • /
    • pp.625-630
    • /
    • 2010
  • With regard to the examples of establishing various sorts of information security, it can be seen that there are gradual, developmental procedures including Firewall and VPN (Virtual Private Network), IDS (Intrusion Detection System), or ESM(Enterprise Security Management). Each of the security solutions and equipments analyzes both defense and attack for information security with the criteria of classifying the problems of security policies by TCP/IP layers or resulted from attack patterns, attack types, or invasion through specialized security technology. The direction of this study is to examine latency time vulnerable to invasion which occurs when L2-stratum or lower grade equipments or policies are applied to the existing network through TCP/IP layer's L3-stratum or higher grade security policies or equipments and analyze security holes which may generate due to the IP preoccupation in the process of establishing policies to limit particular IP area regarding the policies for security equipments to figure out technological problems lying in it.

A study on the threat hunting model for threat detection of circumvent connection remote attack (우회 원격공격의 위협탐지를 위한 위협 헌팅 모델 연구)

  • Kim, Inhwan;Ryu, Hochan;Jo, Kyeongmin;Jeon, Byungkook
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.21 no.4
    • /
    • pp.15-23
    • /
    • 2021
  • In most hacking attacks, hackers intrudes inside for a long period of time and attempts to communicate with the outside using a circumvent connection to achieve purpose. research in response to advanced and intelligent cyber threats has been mainly conducted with signature-based detection and blocking methods, but recently it has been extended to threat hunting methods. attacks from organized hacking groups are advanced persistent attacks over a long period of time, and bypass remote attacks account for the majority. however, even in the intrusion detection system using intelligent recognition technology, it only shows detection performance of the existing intrusion status. therefore, countermeasures against targeted bypass rwjqthrwkemote attacks still have limitations with existing detection methods and threat hunting methods. in this paper, to overcome theses limitations, we propose a model that can detect the targeted circumvent connection remote attack threat of an organized hacking group. this model designed a threat hunting process model that applied the method of verifying the origin IP of the remote circumvent connection, and verified the effectiveness by implementing the proposed method in actual defense information system environment.