KR100998284B1 - Protection switch system integrated network and security and the method thereof - Google Patents

Abstract

PURPOSE: A security switch device which network and security is integrated is provided to comprise a device which mounted an internet telephone service for enterprise, thereby reducing the cost. CONSTITUTION: A classification module(21) processes an web service, internet TN, and multi classification about packet of internet telephone. An analyzing module analyzes on among packet as embedded processor. If the other copied one among the packet is a WEB or an IPTV(Internet Protocol Television), a router module(30) routs the packet. An exchange module(40) is located inside the security kernel. If the other copied one among the packet is a SIP(Session Initiation Protocol) or VoIP(Voice over Internet Protocol), the exchange module received forwarding of the packet.

Description

Protection switch system integrated network and security and the method

The present invention relates to a security switch device and a method of integrating security with a network. More particularly, the present invention prevents transmission of harmful traffic from internal networks that are vulnerable to security and harmful traffic from inside, and prevents web services, Internet TV, and Internet phone traffic. The present invention relates to a security switch device and a method integrating a network and a security that can secure a secure internal network through multi-class processing.

In general, small businesses that use expensive firewalls or small and medium-sized companies that have a shortage of specialists have seen simple office work simply by building a simple network.However, security accidents and issues arise as they are gradually changed to Internet-based work and their utilization increases. It often happened.

However, additional equipment was not enough for simple networks, and despite the need for security features, the products and services needed to meet the market's demands were lacking in complexity and difficult to deploy.

For example, DoS / DDoS attacks using ICMP vulnerabilities, which were disturbed by 7.7 recently, are simple enough to take national countermeasures, even though they are simply attacks using security vulnerabilities. Was unprecedented and there were unprecedented social losses and psychological ramifications, and in the past Nimda Slammer CodeRed, Netsky, Domaru, etc., users' updates were too late to point out user patches and countermeasures. The cost was too big.

In particular, small SMB enterprises need routers, switches, exchanges, security products, and management servers to provide communication and Internet infrastructure. There was a lot of quality guarantee and setting error.

In addition, conventionally, the MAC-based layer 2 stage switching is based on the IP-based layer 3, there were many false positives for malware and overload congestion.

1 is a block diagram showing a conventional SMB enterprise infrastructure configuration. It is connected to internet exchanger device, security device and uplink FTTH terminal by separate router device, switch device, and separate server for small network for small business. It consists of a maintenance contract.

Therefore, it solves the complexity, trouble recovery and shortage of professionals in the network configuration such as routers for interworking with the existing backbone network, switches for binding the internal users, IP-PBX and gateway for Internet telephony, which are essential basic security products and Internet infrastructure services. At the same time, a new communications solution that offers cost savings and manageability is an urgent need for next-generation enterprise communications enterprise Internet IP MFPs integrated into a single rack-mounted 1U size.

The present invention is a routing-based security switch to protect the internal network that is vulnerable to security and maintain a secure network service, integrating the network and security into one, and integrating the IP-PBX Internet Switch, simplifying the configuration, minimizing the node of the equipment, packet It is an object of the present invention to provide a security switch device integrated with network and security using a multi-classification processing technique.

The present invention is a system for defending against eavesdropping and malicious code attacks for web services, Internet TV and Internet telephony, which duplicates packets that are imported as embedded processors and multi-classifies the web services, Internet TV and internet telephony packets. And a classification module for blocking by static matching, an analysis module for forwarding one of the packets as an embedded processor, and instructing the classification module to block by analyzing malicious code and hacking attempts and infected traffic in a dynamic matching method, and software If the other one of the packet is duplicated, WEB, IPTV, router module for forwarding and routing, and software processing, located inside the security kernel, the other one of the packet is SIP, VoIP Consists of a forwarding exchange module, exchanged with the router module Each module is the analysis module while processing multiple classified as web services and Internet TV and Internet phone is analyzed and the each protocol-specific payload, register the log record, and a pattern to analyze whether the normal traffic.

If the router module is an abnormal packet in the communication process to the SYN-ACK-ACKSYN-FIN, the analysis module classifies the real-time black list, re-examines it after a predetermined time, and controls the reopening after determining that it is normal traffic.

The classification module, analysis module, router module, and exchange module are set at the same time without overlapping setting values, respectively.

In the multi-classification process, 256 security codes are automatically stored in the internal memory in a round robin ring structure while simultaneously processing web services, Internet TV, and internet phone traffic with a web service engine, an Internet TV engine, and an internet phone engine. Process all packets.

According to the present invention, when a packet is input, a buffer is statically matched through a DoS / DDos Header code in an internal physical layer and transferred to a classification module, and the classification module receiving the packet is used for payload analysis and pay for multi-classification processing. Dynamic matching through an analysis module that matches user patterns with load patterns and status statistics, processing HTTP, IPTV, and Internet phone traffic according to the packets with separate engines, and receiving the packets received through the classification module. The router module is controlled by the analysis module for processing, and the exchange module is controlled by the analysis module for processing.

In the dynamic matching step through the analysis module, if the router module is an abnormal packet in the communication process to SYN-ACK-ACKSYN-FIN, it is classified into a real-time black list and re-examined after a predetermined time to determine normal traffic. This step controls to open again.

The classification module, the analysis module, the router module, and the exchange module are each configured to further include setting steps at the same time without overlapping setting values.

Multi-classifying processing by the classification module is to simultaneously process web service, internet TV and internet phone traffic by web service engine, internet TV engine, and internet phone engine, and 256 security codes are automatically stored in internal memory. This is a step to process all packets sequentially in a round robin ring structure.

According to the present invention, a device equipped with an enterprise Internet telephony service is configured to reduce the cost and performance and complexity required in the field. There is an effect that can be provided.

The present invention performs a routing and switching function simultaneously, configures a network integrated board for Internet services, and processes to determine normal traffic through an embedded processor of a classification module and an analysis module for multiple classification of harmful traffic. Separating and classifying module prevents malicious attack and overload bandwidth congestion on two-way traffic.

The present invention is an easy-to-use, simplified, intelligent and convenient product, there is an effect that can provide an advanced and systematic solution for the Korean Internet situation.

The present invention prevents the intrusion of the internal network into the backbone network and manages traffic and security status more easily, thereby reducing ROI and TCO costs by eliminating obstacles and simplifying equipment nodes without adding additional devices. have.

The present invention uses the same IP all-in-one without any additional cost by simultaneously sharing the corresponding settings, eliminating redundant settings, minimizing equipment nodes, and simultaneously processing internal switches, switches, routers, and exchanges hidden within the secure kernel. It has the effect of unifying the network and security so that the network and security are integrated and the Internet telephony service is converged.

DETAILED DESCRIPTION Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

FIG. 2 is a diagram illustrating a process of processing a packet by unifying each module of a security switch device in which a network and security are integrated according to an embodiment of the present invention into an integrated IP multifunction device.

As shown in FIG. 2, the present invention relates to a system for defending against eavesdropping and malware attacks for web services, Internet TVs, and Internet phones. The present invention comprises a classification module, an analysis module, a router module, and a switch module. The module is an embedded processor that duplicates the incoming packet and multi-classes the web service and the Internet TV and Internet phone packets, and blocks the static matching. The multi-class processing of the classification module is a web service, the Internet TV, and the Internet. It simultaneously handles all packets in a round robin ring structure automatically with 256 security codes in its internal memory while simultaneously handling phone traffic with a web service engine, an internet TV engine, and an internet phone engine.

The analysis module is an embedded processor that forwards one of the packets and instructs the classification module to analyze and block malicious codes and hacking attempts and infected traffic in a dynamic matching scheme, wherein the router module SYN-ACK-ACKSYN- In case of abnormal packet in the communication process to FIN, it is classified into real-time black list, and it is re-examined after a certain time and controlled to be opened again after judging it as normal traffic.

Specifically, the analysis module and the like monitor the activity of the traffic coming from the bottom and at the same time payload attempts 1000 times a second, for example, an abnormality of the MAC and Source IP, Destination IP, TCP port, UDP port (PayLoad) It blocks the case of abnormal size of 0 byte and separates the session from normal traffic and blocks malicious code, infected code and hacking pattern at the same time in PHY Buffer.

The router module is a software process, and if the other one of the packets is a WEB, IPTV (or web service, Internet TV), the forwarding and routing device, the exchange module is a software processing, security Located inside the kernel, and if the other one of the packet is a SIP, VoIP (or Internet phone), the forwarding device, the classification module, analysis module, router module, and exchange module, respectively, the setting value is not duplicated It is preferable to set at the same time without.

In other words, the L3 security switch enables the construction and maintenance of a clean zone of the internal network, that is, a stable internal network, by including routing functions necessary for network construction that the technology level of the security switch remained a simple switch according to the present invention. It can provide the technology.

Therefore, the analysis module analyzes the payload for each protocol, registers log records and user patterns while the switch module concealed in the router module and the security kernel is multi-classed by web service, Internet TV and internet phone, respectively. By analyzing whether it is normal traffic, we can reduce the cost, eliminate the performance and complexity required in the field, and provide the market and customer's solution that matched the trend of network and security and convergence trend of Internet phone.

Hereinafter, a security method in which a network and security are integrated according to the present invention will be described in detail with reference to the accompanying drawings.

3 is a diagram illustrating a security method in which a network and security are integrated according to an embodiment of the present invention.

First, when a packet is input, the buffer is statically matched through the DoS / DDos Header code in the internal physical layer and transferred to the classification module (S110, 120).

In addition, the classification module receiving the packet performs dynamic matching through a payload analysis for multi-classification processing and an analysis module for matching user patterns with payload patterns and status statistics (S121).

In this step, the classification module multi-classifies the web service, the Internet TV, and the Internet telephone traffic simultaneously with the web service engine, the Internet TV engine, and the Internet telephone engine simultaneously, and 256 security codes are automatically stored in the internal memory. This is a step to process all packets sequentially in a round robin ring structure.

In the dynamic matching step through the analysis module, if the router module is an abnormal packet in the communication process up to SYN-ACK-ACKSYN-FIN, it is classified into a real-time black list and re-examined after a predetermined time to determine normal traffic. Is controlling to open again.

Continue to process payloads for each protocol, register and process log records and user patterns (S122, S123, S127), and process HTTP and IPTV and Internet phone traffic according to the packets with separate engines (S124, S125 and S126), the router module processes the packet received through the classification module under the control of the analysis module, and the exchange module processes the control under the control of the analysis module (S127).

In addition, the classification module, the analysis module, the router module, and the exchange module may be configured to further comprise the step of setting at the same time without overlapping the setting values, respectively.

After checking whether the packet is integrity guaranteed traffic, the packet is delivered to the packet output buffer (S140 and S150).

Although the present invention has been described above with reference to the accompanying drawings and the above embodiments, the present invention is not limited to the embodiments related to the security switch device in which security is integrated with the attached drawings and the disclosed network, but may be applied to an IP all-in-one system and the like. have.

It will also be understood by those skilled in the art that modifications can be made in accordance with the spirit of the invention, and such modifications also fall within the scope of the invention.

1 is a view showing a state in which each module is separated to process a packet according to the conventional invention.

FIG. 2 is a diagram illustrating a process of processing a packet by unifying each module of a security switch device in which a network and security are integrated according to an embodiment of the present invention with an integrated IP multifunction device.

3 is a diagram illustrating a security method in which a network and security are integrated according to an embodiment of the present invention.

** Description of the main parts of the drawing **

21: classification module 22: analysis module

30: router module

40: exchanger module

Claims (8)

In the system for defending against eavesdropping and malware attack for web service, internet TV and internet phone, A classification module for replicating the incoming packet as an embedded processor and blocking the static matching while multi-classing the web service and the Internet TV and Internet phone packets; An analysis module, which is an embedded processor, forwards one of the packets and instructs the classification module to analyze and block malicious code and hacking attempt and infected traffic in a dynamic matching method; A router module for software processing, and forwarding and routing when the other one of the packets is WEB or IPTV; If the software process, and located inside the security kernel, the other one of the packet is a duplicated SIP or VoIP, the forwarding exchange module; consisting of, While the router module and the exchange module multi-classify the web service, the Internet TV, and the Internet phone, the analysis module analyzes payloads for each protocol, registers log records and user patterns, and analyzes whether traffic is normal. When the router module is an abnormal packet in the communication process to the SYN-ACK-ACKSYN-FIN, the analysis module is classified into a real-time black list, and re-examined after a predetermined time to control the reopening after determining that it is normal traffic. Understand, The sorting module, the analysis module, the router module, and the exchange module are configured to be simultaneously set without overlapping setting values, respectively. The method of claim 1, The multi-classification process, Web service, internet TV and internet phone traffic are handled simultaneously by web service engine, internet TV engine and internet phone engine, Security switch device with integrated network and security, characterized in that all the packets sequentially processed in a round robin ring structure automatically 256 security codes in the internal memory. When the packet is input, statically matching the buffer through the DoS / DDos Header code in the internal physical layer and delivering the packet to the classification module; Dynamic matching by the classification module receiving the packet through an analysis module for payload analysis for multi-classification processing and user pattern matching with payload patterns and status statistics; Processing HTTP, IPTV, and Internet phone traffic according to the packet with separate engines; Processing, by the router module, the packet received through the classification module under the control of the analysis module; An exchange module processing under the control of the analysis module; Dynamic matching through the analysis module, When the router module is an abnormal packet in the communication process up to SYN-ACK-ACKSYN-FIN, it is classified into a real-time black list, and re-examined after a certain time to control the reopening after determining that it is normal traffic. And the classification module, the analysis module, the router module, and the exchange module are set at the same time without setting values overlapping with each other. The method of claim 3, In the classification module, the multi-classifying process may include: Simultaneously processing the web service, the Internet TV, and the Internet telephone traffic by the web service engine, the Internet TV engine, and the Internet telephone engine; Processing all packets sequentially in a round robin ring structure automatically with 256 security codes in internal memory; The security method integrated with the network, characterized in that the security. delete delete delete delete

Images