KR100459846B1 - Method of and system for managing network resources and security control for network - Google Patents

Abstract

The present invention relates to a network resource management system and a security control management method for efficiently managing network resources (eg, PCs, routers, printers, various servers, etc.) and enabling security control for users in an IP-based network.

The system of the present invention is an intranet system in which a plurality of subnets are connected to a mainnet through a network connection device, and network resources such as hosts and printers are connected to each subnet, wherein at least one of the host computers of each subnet is connected. A plurality of pinenet agents mounted on one host computer to catch packets of a corresponding subnet and transmit information of network resources to the mainnet, and control the network resources according to control commands transmitted from the mainnet; and the mainnet The network information collected from the PineNet agent is stored in a database, and when the IP request is made, the database is inquired to allow an IP corresponding to a Mac address or, if a new host, is automatically approved or blocked according to a set mode. Monitors hosts for Internet access It sends a restriction command to the relevant Pinenet Agent when accessing a harmful site, and consists of a Pinenet server that provides statistical processing of the network operation status.

Description

Method of and system for managing network resources and security control for network}

The present invention relates to a method for managing resources and monitoring a network in an IP-based network, and more particularly, to efficiently manage network resources (eg, PCs, routers, printers, various servers, etc.) in an intranet environment. The present invention relates to a network resource management system and a security control management method for enabling security control.

Recently, the computing environment has shifted from the mainframe environment to the client-server, and now the trend is from the client-server system environment to the web environment. Such changes in computing environment have been made possible through the widespread and active Internet. Intranet is called intranet by applying such Internet-related technology to all work within a specific organization such as a company or research institute.

On the other hand, as all the work in the enterprise is handled by intranet, network management has emerged as a very important problem. Generally, network management can be classified into configuration management, failure management, performance management, security management, account management, automatic analysis, and the like. Various network management protocols for this purpose are established and recommended by international standardization organizations.

However, while the importance and complexity of the network is increasing day by day, the operating system technology for operating the network has an underdeveloped problem. That is, conventionally, there is a problem in that integrated management of network resources is not made, and illegal use by unauthorized resources such as IP duplication and control of neglect of work due to excessive Internet use by employees in the enterprise are not provided.

In order to solve the above problems, the present invention efficiently and integratedly manages and controls network resources, and enhances the security control function for a user on an intranet to ensure network stability and security control management. The purpose is to provide a method.

1 is a schematic diagram showing the configuration of an entire intranet to which the present invention is applied;

2 is a flowchart illustrating a procedure for managing network resources according to the present invention;

3 is a flowchart illustrating a procedure for detecting a host name for each network device for each IP unit according to the present invention;

4 is a flowchart illustrating a procedure for authenticating and controlling network equipment for each IP unit according to the present invention;

5 is a flowchart illustrating a procedure for calculating and controlling the amount of usage of network equipment for each IP unit according to the present invention;

6 is a flowchart showing a website access analysis and control procedure for each IP according to the present invention;

7 is a flowchart illustrating a procedure of a server processing a DHCP server function according to the present invention;

8 is an example of a screen for managing network resources according to the present invention;

9 is an example of a screen for managing network resources by geothermal column and segment according to the present invention;

10 is an example of a screen for detecting IP duplication according to the present invention;

11 is an example of a screen showing a network usage status according to the present invention;

12 is an example of a screen for detecting unauthorized network resources according to the present invention;

13 is an example of a screen for monitoring the status of the BP according to the present invention,

14 is an example of a screen which statistically processes network resource information according to the present invention;

15 is an example of a screen showing a usage situation of a terminal for each individual and region according to the present invention;

16 is an example of a screen for managing access control in accordance with the present invention.

☞ Explanation of symbols for main parts of drawing

110: mainnet 112: pinenet server

114: Pinenet Manager 116: Switching Hub

120-1 to 120-n: Subnet 122-1 to 122-n: Router

124: Switch 126: Local Host Computer

126a: Pinenet Agent 128: PC

In order to achieve the above object, the system of the present invention is an intranet system in which a plurality of subnets are connected to a mainnet through a network connection device, and network resources such as hosts and printers are connected to each subnet. A plurality of pines mounted on at least one host computer of each subnet to catch packets of the corresponding subnet to transmit network resource information to the main net, and control the network resources according to control commands transmitted from the main net. And a network agent located in the mainnet and storing network information collected from the pinenet agent in a database, and inquiring the database when allowing an IP request to allow an IP corresponding to a Mac address or automatically in accordance with a set mode if a new host. Approved or blocked, each issue Monitoring access to the Internet of the agent and delivery to a limited command when access to the harmful site fine net agent, characterized by consisting of an operating state of the network to a fine net server provided by statistical processing.

In addition, in order to achieve the above object, the method of the present invention, a network management of an intranet system in which a plurality of subnets are connected to the mainnet through a network connection device, and network resources such as hosts and printers are connected to each subnet. A method comprising: requesting an IP by sending a Mac address as the host boots up; A pinenet agent catching and analyzing a packet on a subnet and transmitting a host requirement to a pinenet server together with information such as a Mac address, a host name, and a connection time; The network host data transmitted from the pinenet agent is stored and inquired in the database, and if the host is authenticated, IP is assigned to the Mac address, and the connection is allowed. If the host is new, the network is automatically approved or instructed according to the set mode. step; And controlling, by the pinenet agent, the network resource according to the instruction of the pinenet server.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a schematic diagram showing the configuration of an entire intranet to which the present invention is applied, and a mainnet 110 in which a server (hereinafter referred to as a 'pinenet server') for operating a network according to the present invention is located and distributed locally. There are a number of subnets 120-1 through 120-n present. Here, the subnets 120-1 to 120-n are distributed branch networks connected through leased lines or different LANs on different floors of the same building according to a network configuration. The mainnet 110 and the router 122-1 And 122-n), the internal network resources (BP, PC, printer, etc.) are connected to each other through a switch 124 or a hub. At this time, in each subnet (120-1 ~ 120-n), at least one host computer 126 catches and reports various data for managing the network while communicating with the fine server 112 of the main net according to the present invention Software that controls local resources according to the instructions of the server 112 (hereinafter referred to as 'pinenet agent': 126a) is loaded.

And the main net 110 functions as a center for each local, the pine net server 112 according to the present invention is installed, the pine net server 112 is connected to the pine net manager 114, each Subnets 120-1 to 120-n are connected to the mainnet 110 through the switching hub 116.

Referring to FIG. 1, the network management system according to the present invention is configured to add a pinenet server 112, a pinenet manager 114, and a pinenet agent 126a to an existing computer network (intranet). . The pinenet server 112 receives network management data from each pinenet agent 126a, stores and analyzes the network management data, and the pinenet manager 114 accesses the pinenet server 112 to monitor network conditions. Process the event if detected. The pinenet agent 126a collects network information such as IP, Mac address, and network amount of each segment, transmits the network information to the pinenet server 112, and executes a command transmitted from the pinenet manager 114.

In the embodiment of the present invention, the network resources are PCs, routers, printers, various servers, and the like. The main functions according to the present invention include network resource management, IP collision prevention, illegal resource control, and communication network network failure. And blocking functions, monitoring and controlling the use of communication networks other than the main task, and statistical processing functions.

Automated management of network resources extracts network addresses detected automatically, LAN card manufacturer, administrator's certification, initial detected time and last detected time, and monitors, controls, and manages network resources by region and segment. It is not much to manage.

IP collision prevention and illegal resource access tracking blocking function makes it easy to find the location when new IP collision or intrusion occurs, and unregistered terminal is not allowed by the pre-registered Mac address. The location is informed via the agent 126a to deal with the fault and prevent further faults.

Network failure detection The access point detection and source blocking function is monitored when an abnormal load of the network occurs or a sudden change occurs to determine the operation status and cause of the terminal to control the use of the terminal's communication network such as virus, spam mail or excessive download. .

The monitoring and control function of communication network usage other than the main business always monitors the usage rate of each network protocol, and when the disruption occurs due to the high usage rate outside the main business, the server restricts the use of internet surfing or video to the terminal that affects the network. Switch to the mode.

In addition, as an additional function, the data can be analyzed scientifically to analyze the data based on the collected information and to relocate resources or introduce additional scales, and can efficiently manage other tasks such as disability management and asset management. .

2 is a flowchart illustrating a procedure for managing network resources according to the present invention.

Referring to FIG. 2, the pinenet agent 126a detects packets on a network in real time for all devices (PCs, servers, printers, etc.) owning IP, analyzes packets for each protocol, and assigns MAC addresses to the pinenet server 112. Notify the user, IP, detection time, last connection time (①, ②). At this time, the pinenet server 112 inquires the Mac address, IP, etc. in the DB 112a, and determines whether to control by judging whether it is a new ID or an authenticated ID (③).

3 is a flowchart illustrating a procedure of detecting a host name for each network device of each IP unit according to the present invention.

Referring to FIG. 3, the pinenet agent 126a analyzes a packet captured from a network, obtains an IP and a Mac address, and finds out a name for each HOST using the NBNS Query Protocol (①, ②). And the host name (Host Name) together with the MAC address, IP, detection time, the last access time obtained by analyzing the packet is notified to the fine net server 112 (③). The pinenet server 112 inquires the Mac address, IP, etc. in the DB 112a, and determines whether to control by judging whether it is a new ID or an authenticated ID (④).

4 is a flowchart illustrating a procedure for authenticating and controlling network equipment for each IP unit according to the present invention.

Referring to FIG. 4, the finenet agent 126a detects the MAC address, IP, hostname, connection time, etc. of each device, and sends the collected data to the pinenet server 112 (①, ②), and fine. The net server 112 determines whether the received data is a new device or an authenticated device through the DB query (③). At this time, the new equipment can be set to two modes, whether the approval process is automatically approved (automatic approval mode) or not allowed. When the server is in the automatic approval mode, the new data is stored in the DB (112a) and automatically authenticated and can be used immediately. If the server is not in the automatic approval mode, new data is entered into the DB 112a, but the corresponding equipment cannot be used. At this time, the access block command for the new equipment through the network in real time (④). The pinenet agent 126a blocks the connection of the new device according to the instruction of the pinenet server 112 (⑤).

5 is a flowchart illustrating a procedure for calculating and controlling the amount of usage of network equipment for each IP unit according to the present invention.

Referring to FIG. 5, the finenet agent 126a detects network usage for each host and, when exceeding the limited usage, controls the function of transmission and reception using ICMP (Internet Control Message Protocol) for the corresponding HOST. If it is not exceeded, the current usage is recognized and it operates normally (① ~ ③).

6 is a flowchart illustrating a website access analysis and control procedure for each IP according to the present invention.

Referring to Fig. 6, the fine net agent 126a catches connection URL data when the host connects to the Internet (1, 2). And the pinenet agent 126a transmits the information on the URL to which it is connected together with the Mac address, IP, hostname, access time, etc. to the pinenet server 112 (3). The pinenet server 112 searches the database 112a and analyzes the corresponding URL for the website to which each IP is connected, and then judges whether it is harmful or out-of-business. Connection is not allowed (④ ~ ⑥). Such information may be stored in the DB 112a to provide various statistical data. The pinenet agent 126a authorizes or restricts Internet access of the IP according to the instructions of the pinenet server 112.

7 is a flowchart illustrating a procedure of processing a DHCP server function by a pinenet server according to the present invention.

In general, Dynamic Host Control Protocol (DHCP) is where the server dynamically assigns IP to clients or terminals. If each client IP is managed statically, it can be localized and grouped by IP. However, DHCP is used when there are many hosts on the network, making it difficult to manage IP or having few IPs to allocate.

In the case of using dynamic IP, DHCP provides a conventional method in which each HOST requests an IP from a DHCP server at the same time of booting the system, and a DHCP server assigns an IP. However, in the present invention, the pinenet server acts as a DHCP server. do. In addition, if each host has embedded IP in DB and reconnects, it checks DB with Mac address and assigns the same IP as possible and simultaneously identifies whether it is an authorized host.

Referring to FIG. 7, each host requests an IP with a Mac address from the FineNet agent 126a at the time of system booting (①, ②). The pinenet agent 126a transmits information such as a Mac address, host name, access time, etc. to the pinenet server 112 and requests an IP (③). The pinenet server 112 inquires the database 112a by the Mac address and allocates an IP corresponding to the Mac address in the case of an existing device, and automatically authenticates or restricts access in the case of a new device (④ ~ ⑥). . The finenet agent 126a receives an IP grant or an access blocking from the pinenet server 112 and restricts use or restricts access to the host requesting IP (⑦).

8 is an example of a screen for managing network resources according to the present invention.

Referring to FIG. 8, the MAC address (MAC), manufacturer (Manufacture), administrator certification, the first detected time (Detect Time) and the last detected time (Last Poll) of the network resources detected automatically As a list, it can be seen that complete network resource management is possible.

9 is an example of a screen for managing network resources by geothermal column and segment according to the present invention.

Referring to Figure 9, by managing the enterprise-wide network resources by region, segment by segment, it is easy to determine the location of the terminal during IP collision or intrusion, and prevents the failure due to IP collision.

FIG. 10 is an example of a screen for detecting IP duplication according to the present invention, and automatically detects IP duplication to block dual IP. FIG.

Referring to FIG. 10, IP duplication can be automatically detected, and various types of expressions, such as an immediate blocking or warning message display on the administrator screen, can be blocked according to a specified option when setting an environment, and through this, IP duplication can be blocked at source. have.

11 is an example of a screen showing a network usage status according to the present invention.

Referring to FIG. 11, it is possible to monitor the network utilization status of each segment in real time through the PineNet agent without any equipment, and the intelligent function is possible because the expression is functioned for each protocol.

12 is an example of a screen for detecting unauthorized network resources according to the present invention.

Referring to FIG. 12, an illegal network user may be blocked by automatically detecting a MAC address or an IP address not authorized by the network administrator and immediately blocking or displaying a warning message according to an option set in an environment setting.

13 is an example of a screen for monitoring the status of the BP according to the present invention.

Referring to FIG. 13, a visual monitoring of a network state between a center and a BP or a down state of a BP is possible in real time through a GUI screen, and maximizes a failure detection efficiency such as a warning sound.

14 is an example of a screen which statistically processes network resource information according to the present invention.

Referring to FIG. 14, the state information of the network may be provided in the form of an analysis chart or a graph required by the user to be used as basic information for determining the policy direction of the network.

15 is an example of a screen showing the use status of the terminal for each individual and region according to the present invention.

Referring to FIG. 15, when the usage of the communication network exceeds the level of each step (attention, warning, danger, etc.) by individual and by region (by branch, by floor), it may be automatically and manually blocked when the center requires control.

16 is an example of a screen for managing access control according to the present invention.

Referring to FIG. 16, an access level for each user may be limited by setting an access level for each user, and a separate menu may be configured for each access level. It manages the agent installed in each segment and automatically updates the agent version and manages the functions such as monitoring / monitoring the network of the segment and terminating the agent.

In addition, package processing information can be provided by using basic data other than failure management service and asset management service, and various reports, preview and output functions are provided.

And the present invention is easy to install because only the agent program is added to the existing operating BP or PC without the need for additional equipment investment or program installation except Pinenet server, the existing method is fundamentally impossible to block the use of the switch It is impossible to expect accurate blocking effect, but Pinenet can expect fundamental blocking with its own developed Ethernet protocol parser. In addition, the PineNet agent of the present invention supports a variety of platforms, such as Linux (Solaris), Windows (Solaris), Windows (Windows), NT (NT), it is possible to implement the system at a low investment cost using the existing operating equipment . Moreover, the company has minimized the CPU usage of the running server compared to other products, and does not affect the network usage due to the low tier operation.

As described above, according to the present invention, it is possible to centrally manage the resources of the entire network in the central center, thereby improving work efficiency, maintaining network continuity by early detection of network failures, and prompt action. Minimization has the advantage of reducing maintenance costs. Furthermore, by controlling the use of the Internet by each host, you can block out-of-business access and limit the usage to increase the overall concentration of work.

In addition, by preventing unauthorized access to the terminal, security can be strengthened, duplicate IP can be detected and countermeasured, and the use of the terminal outside the business hours can be restricted or the specific network can be restricted from accessing the communication network. In addition, it is possible to block a large amount of downloads through the communication network, virus propagation, spam mail, etc., and statistically analyze the collected network information to scientifically operate and manage the network resources.

Claims (6)

delete delete In the network management method of an intranet system, a plurality of subnets equipped with a pinenet agent are connected to a mainnet equipped with a pinenet server through a network connection device, and network resources such as hosts and printers are connected to each subnet. , Requesting an IP by sending a Mac address as a host of each subnet boots; The pinenet agent catching and analyzing a packet on the subnet and transmitting a request of each host to the pinenet server together with information such as a Mac address, a host name, and a connection time; The network management data transmitted from the pinenet agent is stored and inquired in a database, and if the host is authenticated, IP is assigned to the Mac address, and access is allowed. Doing; Controlling, by the pinenet agent, network resources according to the instructions of the pinenet server; The pinenet agent transmitting a URL to the pinenet server when the host accesses the Internet, and the pinenet server analyzes the URL to determine whether it is harmful and then restricts or permits access; And And monitoring the network usage of each host by controlling the network usage of each host if the network usage of each host deviates from a predetermined standard value. delete delete 4. The method of claim 3, wherein the pinenet agent requests a host name according to an NBNS query protocol and transmits the hostname to the pinenet server when the hostname is received through an NBNS response.