KR20110077834A - Method and system for network service with security reinforcement using directory system - Google Patents

Method and system for network service with security reinforcement using directory system Download PDF

Info

Publication number
KR20110077834A
KR20110077834A KR1020090134499A KR20090134499A KR20110077834A KR 20110077834 A KR20110077834 A KR 20110077834A KR 1020090134499 A KR1020090134499 A KR 1020090134499A KR 20090134499 A KR20090134499 A KR 20090134499A KR 20110077834 A KR20110077834 A KR 20110077834A
Authority
KR
South Korea
Prior art keywords
service
server
client terminal
directory
client
Prior art date
Application number
KR1020090134499A
Other languages
Korean (ko)
Inventor
한성종
Original Assignee
한성종
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한성종 filed Critical 한성종
Priority to KR1020090134499A priority Critical patent/KR20110077834A/en
Publication of KR20110077834A publication Critical patent/KR20110077834A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

PURPOSE: A system thereof and a security reinforcing network service of realizing method by using directory system are provided to protect a network resource from the DoS(Denial of Service) or the DDoS(Distributed Denial of Service). CONSTITUTION: A client terminal transmits a connection information including a service identification to a directory system(500). The directory system searches a service server by using the service information as a key value. The directory system transmits the connection information including the client terminal of a IP(internet protocol) and a communication port of the client terminal to a service server. The service server is connected to the terminal of the IP(internet protocol) and the communication port. The directory system comprises a client connection unit(510), a service connection unit and a service data base(520).

Description

Method and System for Implementing Security Enhancement Network Service Using Directory System. {Method and System for Network Service with Security reinforcement Using Directory System}

The present invention relates to a network service system, and more particularly, to construct a directory system using a client server connection method having a distributed form of communication ports. The directory system has a proactive protection against DDOS attacks in its structural form.

In general, Denial of Service (DoS) attacks destroy network nodes such as websites, Internet service providers (ISPs), and other servers with a large amount of traffic that exceeds their processing capacity, and thus the duration of the attack. It is defined as destroying a node that has been broken in the network.

In addition, in distributed denial of service (DDoS) attacks that are stronger than DoS, an attacker attempting to launch an attack destroys many nodes through well-known security loopholes. This compromised node must become the attacker's slave controller and act as a launch point for injecting traffic into the network. Thus, an attacker can launch a broad attack on a large network by cascading traffic from multiple starting points.

DDoS attack is a simple and very powerful attack that can deplete not only one system resource but also network resource by distributing multiple attack agents at the same time. In fact, there are a growing number of cases that cause connection failures or slowdowns in Internet use due to massive abnormal traffic caused by DDoS attacks along with worm viruses, and the damages are getting worse. In particular, many local area networks (LANs) have a hierarchical network structure, such as a tree. In this case, if a specific router is paralyzed by an attack, the subordinate network also loses its connection to the Internet, which can disrupt communication. Can be made larger.

For the sake of simplicity, I will explain the general case of DDOS attack by drawing. N100 of FIG. 7 shows a service model type of a general client server type. In order for a server to provide services to clients, it must connect with all clients over the network.

N300 of FIG. 7 and 8B of FIG. 8 are diagrams showing a connection direction between the client and the server and the communication port resource information used.

Referring to N300 of FIG. 7, it can be seen that each client is connected to the server. In particular, pay attention to the direction of the arrows. This means that the server must always wait for the client to connect. The client accesses the server by referring to server IP information or URL information and communication port information. The server allocates resources for the connection of the client attempting to connect. In such a structure, if clients attempt to connect at the same time as the server's bandwidth or more than the server can handle, the server may cause a system failure or a circuit failure to a routing device located in a network connection path.

In order to prepare a countermeasure against a conventional DDoS attack, various studies on a Denial of Service (DoS) attack or a DDoS attack have recently been conducted. However, the security mechanisms proposed to date are focused on detection, filtering of attack traffic, and tracking of attack agents.

There is no way to solve the original problem of DDOS.

Therefore, there is a need for groundbreaking ways to protect networks and servers from large-scale DDOS attacks.

Network service method and system using a directory system having a DDOS avoidance effect.

The present invention relates to a network configuration method of a client server model. Specifically, a client terminal transmits a service request to a service server through a directory system, and as a result, the existing client directly connects to the server by allowing the service server to access the client terminal. The present invention provides a method and system for protecting a server from Dos and DDoS attacks that may be a problem by connecting. Unlike the existing client server connection model, the N200 of FIG. 7 has an initial connection direction from the server to the client. This results in the server providing the service not being able to access the client directly. In addition, while using the communication port, the existing server uses a single communication port, while allowing a variety of communication ports to be used. Referring to 8A of FIG. 8, it can be seen that communication ports used in the server are distributed. Also, the server's URL or IP and communication port information are no longer needed for the connection between the client and the server.

A network service configuration method using a directory system having a DDoS attack prevention effect of the present invention includes a service request step of a client terminal requesting a service from a directory system; A service call step of the directory system transmitting a service request to a service server; A service connection step of the service server accessing the service terminal; A service connection method and system including a directory system including a client connection, a service database, and a server connection are provided.

The client terminal may download the current service list from the directory system, store and output the list.

There are two methods for the client terminal to connect communication from the server. The first method is an indirect connection method in which the client terminal initiates a communication port and the service server connects to the communication port. The second method is a service program or a client terminal. Is a direct connection method where a communication port is started and a service server connects to the communication port.

In the case of using the direct connection method, the client terminal selects a service from a service list. At this time, the client terminal allocates the communication port, which is the connection information to be used for the service, delivers the communication port information as a parameter value when calling the service program that selects the communication port information, and also includes the communication port information when requesting the service to the directory server. Pass together. Eventually, the communication port information transmitted to the service server is used for the service server to access the service program.

In the case of using the indirect connection method, the service server connects to the client terminal, and the client terminal performs relay communication between the service program and the service server. As a technical method of relay communication, methods such as memory sharing or messaging technology can be used. Therefore, the client terminal initiates the communication port and transmits it to the directory system so that the service server can connect to the client terminal and make a communication connection.

In the process of receiving, storing and outputting the service list from the directory system, the client terminal may output whether or not the service programs are installed. The user can obtain the effect of being notified in advance of whether the installation is convenient.

If a service is not selected from the service list, the client terminal requests an installation service to the directory system. The directory system can handle the installation request in two ways. First, there is a direct installation method for transmitting an installation program directly to a client terminal, and second, an indirect installation method for requesting an installation service from a service server. Preferably, if the size of the installation program is small, it may be advisable to recommend the direct installation method, otherwise install it indirectly. Due to the nature of the directory system, the indirect installation method may be useful when considering the handling of service requests for a large number of users. The directory system contains an account database for the service server. The account database contains the installation method as a data field whether to indirectly handle the installation request or install it yourself. Once the downloaded installation file is completed, the client terminal installs the service program.

In the process of waiting for command processing in the directory server by the client terminal requesting a service connection to the directory system, the directory server sets a processing reference time. The command input from the client terminal is analyzed within the processing reference time, and a duplicate command is deleted when a plurality of identical commands are requested. In addition, when a plurality of commands exceeding the threshold value are input within the processing reference time, it is determined as a hacking attempt, the input commands are deleted, and the processing is notified to the client terminal.

The client terminal may search using a search word in a service list received from the directory system. Since the registered service is inconvenient to output on the screen at once, the user can input the desired feature of the service as a search word and output the search result on the screen.

When the client terminal is connected to the client connection of the directory system, the number of routers located in the communication path between the client terminal and the directory server may be calculated, and the service may be blocked if it is greater than or equal to a threshold. It can be used when the provider operating the client connection does not want to provide the service in the area outside the specific area. In general, the number of routers in two communication sections can be obtained using TraceRoute technology.

 The client terminal may register and use a specific search service as a main search service. The client terminal not only outputs the search result in the service list search function, but when the client terminal uses the search function, a search word is input to the main search service together with the search in the service list, and the main search service is in operation. If not, the request command can be sent to the directory service, or if the main search service is already in operation, the search word can be delivered to the main search service program and the result can be output.

The client terminal includes an advertising database. When a search word is input to the client terminal, an advertisement corresponding to the search word may be searched for and output.

The directory server contains the maximum number of users. When a client terminal exceeding the maximum number of clients requests a connection, it refuses the connection or transmits other directory server information to induce the client terminal to connect to another directory server.

When more than one directory server is operating, in order to effectively operate a network of directory servers, the statistics of the connection status of the directory servers are tracked and the statistics are notified to all directory servers. Based on the notice information, the directory server may determine the reconnection command of the new user.

The client terminal may control a firewall. When the client terminal manages the resource for using the communication port, the network resource can be used only in the communication port approved by the client terminal and the registered service. Therefore, it is possible to prevent accidents caused by temporary hacking or temporary program operation by worm virus.

Referring to the present invention, when a person skilled in the art provides a network access service using a directory system, the network resources can be protected from DOS and DDoS, which are unhealthy attacks using client terminals, thereby providing a more secure Internet service.

Service providers that use Internet data centers now rent or purchase expensive security hardware equipment. In comparison, a person skilled in the art can build a directory system by using existing server equipment, and a service provider does not need to receive a directory service from a carrier and build or purchase expensive equipment. This leads to increased sales of service providers and cost reductions of service providers.

If the openness of the existing Internet communication is emphasized, the use of the present invention enhances the controllability and security of the Internet communication, and if any client terminal performs abnormal behavior in the network use, the information can be determined and blocked by those skilled in the art. Can provide. It may also provide information to identify service programs that use inappropriate network resources. This can be very helpful in obtaining information on the cause and the responsible material in case of unfavorable network accidents.

Hereinafter, a network service method and system using a directory system will be described in detail with reference to the accompanying drawings.

1 is a block diagram schematically illustrating a network service method and system using a directory system according to the present invention.

Referring to FIG. 1, it can be seen that the directory system 500 includes a connection unit 510, a database unit 520, and a service connection unit 530. n services 550: S1 -Sn and m client terminals 540: CL1-CLm are connected to the directory system 500.

In configuring the present embodiment, each unit may be operated independently. Therefore, by utilizing a plurality of servers can implement a directory system that can provide services to large client terminals.

The service server 550 may access the service connection unit 530 and transmit a service state of the service server 550. Preferably, the service server 550 updates the service database unit 520 in real time with additional information such as login, logoff, service stop, service start, and service capacity.

Since the client terminal 540 preferably holds the service list information before the service request step, the client terminal 540 has the latest service list from the directory server 500 in the initial process of connecting to the directory server 500. 560 is preferably received and stored.

When the client terminal 540 loads the latest service list 560 from the memory and outputs it to the screen, the client terminal 540 preferably outputs the status information of the current services. In particular, it would be desirable to indicate whether or not the service program is installed and the status of the service server with a brief description.

In addition, the client terminal 540 may search through a search word in the service list. This is useful when it is difficult to display the contents of the service list on the screen of the client terminal. In addition, the service list may be classified and output by type.

When there is a change in the connection state, service state, and installation method of the service server 550, the directory system 500 may transmit the modified additional information to the client terminal to update the service list of the client terminal. .

When the client terminal 540 requests a service to the directory system 500, the directory system 500 sets a reference processing time and performs only one process within the reference time, and in this case, a plurality of commands within the reference time. If is input, duplicate command can be deleted. This can have the effect of preventing hacking or overloading of service requests.

Preferably, the directory system 500 estimates the number of routers located between the client terminal 540 and the directory system 500, and stops the service when the number of routers above the threshold is calculated.

Preferably, the client terminal 540 may monitor the network communication port assignment and stop using the communication port of other services. This can prevent the service program from using the communication port without permission of the client terminal. In a broad sense, this can prevent hacking of client terminals and invasion of network resources by viruses.

2 is a block diagram illustrating a network service method and system using a directory system according to the present invention as a simple example suitable for a small access service. 2B is a block diagram showing the configuration of the whole system. 2A shows a part of the configuration of 2B in detail and is a block diagram showing the flow of data between the client terminal D100, the directory server D200, and the service server D300. The directory server D200 includes a client connection part, a service connection part, and a service database part. 2A is a block diagram showing the flow of work that occurs when the client terminal D100 makes a service request Y100.

The client terminal D100 makes a service request Y100 to the directory server D200, and the directory server D200 makes a service call Y200 to the service server D300. And the service server (D300) makes a service connection (Y300) to the client terminal (D100).

When the client terminal D100 requests the service (Y100), the client terminal D100 transmits connection information including the communication port information to be used and the service identification number to the directory server D200.

When the directory server D200 calls a service to the service server, the directory server D200 first searches the service database using the service identification number as a key value. The search server transmits the access information including the communication port of the client terminal and the client terminal IP to the service server D300.

Additionally, the client terminal D100 may use two methods of direct communication and relay communication as a method of connecting to the service server D300. In the case of direct communication, the service program starts the communication port. Relay communication means that a client terminal initiates a communication port. Information on the communication method is included in the service database. Based on this, it is preferable to generate the service list information including the communication method information, and to transmit and use it from the directory system to the client terminal.

The effects of the two system methods can be used differently in terms of service security and system security. When the relay communication method is used, the client terminal can be equipped with a filtering module and provide a relay communication service to the service program. Service program developer offers the advantage of selecting communication method in consideration of security and convenience.

Referring to FIG. 3, a person skilled in the art can provide a connection service to a large number of client terminals and service servers in configuring a network service system using a directory system. In addition, it can be seen that the system is composed of a client terminal network 310, a directory system network 330, a service server network 340.

The directory system 330 includes a client connection unit 300, a bridge server 350, and a service connection unit 320. The bridge server includes a service database section. The bridge server means a bridge that connects the client connection unit 300 and the service connection unit 320. The client connection unit 300 is composed of X directory servers 301. The service connection unit 320 is composed of at least n service manager servers. The bridge server 350 is coupled to the network of the directory server and the service manager server of the client connection, and serves to store, update and broadcast the service database information of the directory system. The bridge server 350 collects the connection and status information of the service server connected to the service connection unit 320 to provide the latest service information to the client terminal 310 connected to the client connection unit 300. .

Preferably, all directory servers of the client connection unit 300 in the directory system 330 store a threshold for the maximum number of users, and when the connection number of the client terminals reaches the threshold, the connection of the client terminal is further rejected. In this case, if another directory server exists, the connection information of the other directory server may be transmitted to induce a reconnection command to connect the client terminal to the second directory server.

It can be seen that the service manager server accesses a plurality of service servers and manages the service servers by grouping them. The state change information of the service server is transmitted to the bridge server via the service manager server. The bridge server has a built-in service database. The state change information is updated in the service database and broadcasted to the directory servers in charge of client connections. Each directory server contains a service database that matches the service database of the bridge server. The directory server modifies and updates the received state change information in the service database.

In addition, the bridge server transmits the service request to the service server through the service manager server, which obtains the service requests received from the directory servers by searching the service database in the bridge server.

Directory servers and service manager servers can also be added or removed dynamically. Therefore, in case of securing or reducing the connection capacity of the entire system, it can be expanded or reduced without having to stop the entire system.

FIG. 4 is an example of providing services to a large amount of client terminals as shown in FIG. However, the service connection and data service are configured in a single server. This is appropriate when the number of service servers is relatively small.

When implementing a huge network using FIG. 2, the numerical value was briefly calculated based on the server processing capacity which is currently used a lot.

Each directory server supports 10,000 client terminals. There are 20 million terminals registered for the service. There are also 50,000 registered services.

Based on the numbers mentioned, you need 2000 directory servers, 5 service manager servers, and 1 bridge server.

If the number of users changes to 200 million, the number of directory servers will need 20,000. And two bridge servers are required. In this case, two service networks can be operated independently around the bridge server. In other words, if you configure 10,000 directory servers and one bridge server, you can support up to 100 million client terminals. It can also be seen that the directory servers are connected to and managed by the bridge center server.

5 and 6 are flowcharts illustrating a process of data processing from the occurrence of a service request step between the client terminal D100, the directory server D200, and the service server D300 in the system of FIG.

The first client terminal (D100) is connected to the directory server (D200) through the network after starting operation, receiving the latest service list information from the connected directory server (D200), and outputs the service information to perform the initialization process And wait for the command input. In the waiting state for command input, a user may request a service from a client terminal.

After receiving the user's service request (S50), the client terminal (D100) of the command input standby state determines whether the corresponding service program is installed (S100), and installs (S110) if it is not installed.

If the service program is installed, it is determined whether the communication method of the selected service program is a relay communication method or a direct communication method (S120). In the relay communication method, the client terminal D100 starts to allocate a communication port, starts a service program (S130), and requests a service (S150) from the directory server D200. If the direct communication method starts the service program, the service program starts the communication port allocation (S140) and then makes a service request (S150) to the directory server (D200). In implementing the relay communication, it is desirable to use a technique such as memory sharing and system messaging between the service program and the client terminal to transmit the communication event in both directions. In the case of the direct communication method, when the service program is started, the client terminal transmits a communication port value to the service program. The service program preferably receives a communication port value, allocates and initiates a communication port to prepare for direct communication.

The directory server D200 searches the service database using the requested service as a service identification number as a key value (S180). The service database not only contains account information of registered service servers, but also preferably holds information on communication objects of currently connected service servers. When the service server D300 is in an inaccessible state, the client terminal D100 notifies the processing failure. The client terminal D100 terminates the communication port and ends the service program, thereby completing the service request (S170).

If the service server is in the accessible state, the service server receives the access information from the directory server D200 and connects to the communication port of the client terminal D100 (S190). The service program of the client terminal (D100), which has successfully connected, starts the service (S160) and ends the service request processing (S200).

6 is a flowchart illustrating a processing process when an installation processing request occurs.

If it is determined in Figure 5 that the service program is not installed when the service request, the client terminal initiates the communication port for installation purposes (G120)) and makes an installation request (S110) to the directory server.

The directory server D200 searches for the corresponding service server D300 and determines whether the installation information is direct installation or indirect installation (G150). In case of direct installation, the directory server transmits the installation file to the client terminal D100 (G160). The client terminal D100 executes the installation file to install the service program (G130). In an indirect installation, the directory server requests an installation service from the service server. The service server connects to the communication port of the client terminal (G170) and transmits the installation file (G180). The client terminal installs the received installation file (G130).

After installing the service program (G130), the installation communication port is terminated (G140). The installation process is terminated (G200).

On the other hand, the method of the present invention as described above can be written in a computer program. And the code and segments constituting this program can be easily inferred by computer programmers in the art. The written program is also stored in a computer-readable recording medium (information storage medium), and read and executed by a computer to implement the method of the present invention. Thus, the recording medium includes all types of recording media that can be read by a computer.

The present invention described above is capable of various substitutions, changes, and modifications within the scope without departing from the spirit of the present invention for those skilled in the art to which the present invention pertains. Since it is not limited by the drawings, it should fall within the claims appended to the present invention.

1 is a block diagram schematically illustrating a method and system for enhanced security network service using a directory system.

FIG. 2 is a block diagram illustrating an example of a security enhanced network service method and system using the directory system of FIG.

FIG. 3 is a block diagram illustrating another example of a method and a system for enhanced security network service using the directory system of FIG.

4 is a block diagram illustrating another example of a method and a system for enhanced security network service using the directory system of FIG.

5 and 6 are flowcharts showing the flow of the service request and installation request command of FIG.

7 is a block diagram showing a network connection model using a client server model implemented using a directory system and a general client server connection method.

Fig. 8 is a block diagram showing network resources by a client server model implemented using a directory system and a general client server connection method.

Claims (17)

A service request step of the client terminal transmitting at least one communication port and access information including service identification information to the directory system; A service call step of the directory system searching for the service server in the service database using the service identification information as a key value and transmitting the access information including the IP and communication port of the client terminal to the service server; And a service connection step of the service server connecting to the IP of the terminal through a communication port. The directory system may include a client connection unit, a service connection unit, and a database unit. The client terminal may store and output service list information. The method of claim 1, And the client terminal accesses a client connection unit to receive, store and output a service list. The method of claim 2, wherein the client terminal selects a service from a service list and requests a service, allocates a communication port to be used for the service, transfers port information as a parameter value when calling the corresponding service program, and requests a service to the service access unit. Method and system for providing a network access service, characterized in that. 3. The network access service of claim 2, wherein the client terminal selects a service from a service list, allocates a communication port to be used for the service, initiates the communication port, and transmits a service request to the client connection when the service requests the service. Method and system. 5. The method of claim 4, wherein, if the service program uses a relay communication method, the client terminal relays communication event information if the service request is transmitted to the service server and the service server successfully connects to the communication port of the client terminal. Method and system for providing a network access service, characterized in that. The method of claim 2, wherein the client terminal receives a service list from a directory system, determines whether a corresponding service program is installed, and additionally outputs an installation state when outputting the service list. system. 7. The method and system of claim 6, wherein the client terminal requests an installation service from a directory server when the client terminal requests a service for which a service program is not installed. 8. The method and system of claim 7, wherein the directory server transmits the installation program when the installation service is requested, and the client terminal executes the installation program. [8] The method of claim 7, wherein the directory server requests an installation service, requests an installation service from a service server, and the service server connects to a client terminal to transmit an installation program and install the program. system. The method and system of claim 1, wherein the directory server processes the request at a specific time interval per service request and processes the request as a single request if there is a duplicate service request within the time interval. The method and system of claim 1, wherein the client terminal retrieves the contents of the server list information received from the directory server through a search word input and outputs the result. The network of claim 1, wherein the directory server checks the number of router devices between the directory server and the client terminal when the client terminal accesses the network, and blocks the service when the directory terminal passes the number of routers specified by the directory server. Access service providing method and system. 12. The method of claim 11, wherein when the client terminal inputs the input search word, the client terminal regards the service registered as the main search service in advance in the directory server, and further transmits the search word in requesting the service, and the directory server transmits the search server. Network access service providing method and system, characterized in that for transmitting the client access information and search word. The method and system of claim 8, wherein the client terminal outputs an advertisement by searching an advertisement database when executing the search function. The installation apparatus of claim 1, wherein the directory server includes a server account database, and the database determines whether the directory server transmits an installation program or requests an installation service to a service server when the client terminal needs to install a server program. Network access service providing method and system comprising a method field. The network access service of claim 1, wherein when the maximum number of users is reached, the directory server provides information on another directory server adjacent to a client terminal newly connected and the client terminal attempts to connect to another directory server. Method and system. 17. The method of claim 16, wherein the at least one directory server forms a group and connects to a server that announces connection balance information to receive the connection values of the directory servers in the group, and maintain the adjacent directory server list in the order of the lowest connection values. Network access service providing method and system characterized in that.
KR1020090134499A 2009-12-30 2009-12-30 Method and system for network service with security reinforcement using directory system KR20110077834A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020090134499A KR20110077834A (en) 2009-12-30 2009-12-30 Method and system for network service with security reinforcement using directory system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020090134499A KR20110077834A (en) 2009-12-30 2009-12-30 Method and system for network service with security reinforcement using directory system

Publications (1)

Publication Number Publication Date
KR20110077834A true KR20110077834A (en) 2011-07-07

Family

ID=44917374

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020090134499A KR20110077834A (en) 2009-12-30 2009-12-30 Method and system for network service with security reinforcement using directory system

Country Status (1)

Country Link
KR (1) KR20110077834A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013176431A1 (en) * 2012-05-22 2013-11-28 삼성에스디에스 주식회사 System and method for allocating server to server and for efficient messaging

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013176431A1 (en) * 2012-05-22 2013-11-28 삼성에스디에스 주식회사 System and method for allocating server to server and for efficient messaging

Similar Documents

Publication Publication Date Title
RU2697935C2 (en) User interface for providing security and remote control of network endpoints
US7607021B2 (en) Isolation approach for network users associated with elevated risk
US10404747B1 (en) Detecting malicious activity by using endemic network hosts as decoys
CN107257332B (en) Timing management in large firewall clusters
WO2012160809A1 (en) Communication system, control device, communication method, and program
JP2005318584A (en) Method and apparatus for network security based on device security status
JP2006040274A (en) Firewall for protecting group of appliance, appliance participating in system and method of updating firewall rule within system
US10171504B2 (en) Network access with dynamic authorization
US20080127322A1 (en) Solicited remote control in an interactive management system
JP2008271242A (en) Network monitor, program for monitoring network, and network monitor system
JP4636345B2 (en) Security policy control system, security policy control method, and program
WO2023193513A1 (en) Honeypot network operation method and apparatus, device, and storage medium
US20130166677A1 (en) Role-based access control method and apparatus in distribution system
KR101881061B1 (en) 2-way communication apparatus capable of changing communication mode and method thereof
KR101592323B1 (en) System and method for remote server recovery
WO2015147793A1 (en) Transmitting network traffic in accordance with network traffic rules
KR20150114921A (en) System and method for providing secure network in enterprise
KR20110077834A (en) Method and system for network service with security reinforcement using directory system
JP2023051742A (en) Corporate firewall management and network isolation
KR101818508B1 (en) System, method and computer readable recording medium for providing secure network in enterprise
JP5393286B2 (en) Access control system, access control apparatus and access control method
CN106453336B (en) Method for internal network to actively provide external network host calling service
JP2021051481A (en) Control device, control program, control method, support device, support program, support method, and support system
KR20100133859A (en) Distributed firewall system and method thereof
KR20180041976A (en) SDN for preventing malicious application and Determination apparatus comprising the same

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination