KR101230500B1 - Network resource management system and method - Google Patents

Abstract

PURPOSE: A network resource integration management system and a method thereof are provided to offer the managed resources in various types by automatically collecting and managing IP addresses and related information in a network operated by customers. CONSTITUTION: At least one L3 switch or a router(L3) supports communication among terminals belonging to the other network in a system network. At least one L3 switch or a router has a port mirroring function. A central server(CS) registers the L3 switch or the router. The central server performs data communication with the L3 switch or the router. The central server collects network resources from the L3 switch or the router through an SNMP(Simple Network Management Protocol).

Description

Network resource integrated management system and its method {NETWORK RESOURCE MANAGEMENT SYSTEM AND METHOD}

The present invention relates to a network resource management system and a method thereof, and more particularly, to collect and manage IP addresses, to induce control and realization of terminals using unauthorized IP addresses, to detect various harmful elements that occur in a network, and DHCP (Dynamic). The present invention relates to an integrated network resource management system and method for easily detecting and managing a network device having an IP address, and to automatically assign an IP address using a Host Configuration Protocol (HCP) server, to build a customized system using a hybrid resource collection (HRC). .

In recent years, IP (Internet Protocol) -based services are gradually diversified due to various needs of customers and development of related equipment and technologies. Accordingly, the need for IP address management is continuously increasing in line with the increase of terminals. In particular, various efforts are being made to efficiently manage IP addresses in corporations, schools, hospitals, or government offices that use large networks.

Despite these efforts, there are still many difficulties in understanding the usage of assigned addresses, misuse of IP addresses, and unused IP addresses in environments where static IP addresses still operate. As the number of users increased, there was a difficulty in identifying users using IP addresses. The reality was that there was no way to deal with the unauthorized use of unauthorized IP addresses.

For example, in enterprises with a network communication system that includes a large number of terminals, network disconnection due to IP address collisions is a waste of network maintenance costs, so that unauthorized users who cause IP address theft or IP address conflicts There is a need to develop a technology that automatically detects and blocks network access attempts or informs the facts. For example, if the user arbitrarily sets and uses an IP address, it is very difficult to find it. If the IP address is an IP address of an important server, service failure may occur due to the overlapping use of the IP address. Accordingly, it was urgent to develop a technology for collecting and managing IP addresses and protecting IP use of important servers.

In order to meet these demands, the system administrator manually manages a large number of IP addresses and MACs (Media Access Cotrol), and assigns IP addresses to each of a plurality of terminals. Since manual management of MAC addresses is a waste of time and human resources, it is urgent to build a system that can automatically manage large numbers of IP addresses and MAC addresses. Furthermore, if the IP address is not prevented from being used by users who use IP addresses illegally, malicious ARP (Address Resolution Protocol) spoofing may cause a problem that terminals on the network are attacked.

As an example to solve this problem, Vol.32, No.2 (I), The Korean Society for Information Science and Technology, Vol.32, No.2 (I), 2005, “Design and Implementation of IP Address Management System” (Hee Chan Chan et al., 2005). Was suggested for. In the preceding paper, the system was designed with a focus on solving the problem of randomly using the used IP in other terminals, and designed to protect important IP of the network based on the IP management server and the agent. In addition, it is designed to have the structure of 'Primary-Secondary' in case the agent causes temporary failure so that other terminals cannot use the IP address of the main server, router, and gateway that should not be duplicated. It was.

As another example, Korean Patent Laid-Open Publication No. 10-2011-0059027 (published: 2011. 06. 02) (hereinafter, referred to as Prior Patent 1) describes an 'IP address management method and apparatus for dynamic application of a local IP pool'. In the preceding patent 1, the IP address of a DHCP server is appropriate to the local time zone based on the characteristics of the IP address utilization rate for each local area in order to manage the IP address for assigning the floating IP method to the terminal connected through the IP network. It is designed to set resources dynamically, and it is designed to make dynamic application of IP configuration information by automatically analyzing local IP address utilization rate, and use it efficiently without wasting limited IP resources managed by DHCP server. To make it possible.

As another example, Korean Patent Application Publication No. 10-2004-0028398 (published date: 2004. 04. 03) (hereinafter referred to as Prior Patent 2) has been proposed for the 'IP address automatic management device and method thereof'. . In the preceding patent 2, the subscriber's subscription contents are identified and the necessary IP address block is selected and allocated in consideration of the network IP address required according to the service product type, or the IP address is changed, added, deleted, and returned according to the type of subscription. By automatically handling the work such as to minimize the waste of IP address resources and efficient management of IP address resources to save the time required to provide services.

As another example, Korean Patent Registration No. 10-0591554 (Registration Date: 2006. 06. 13) (hereinafter referred to as Prior Patent 3) proposes a 'communication control method according to the network resource management policy', In Patent 3, according to a policy established to manage network resources such as IP address, computer name, MAC address, etc., a computer on a local network that has already been assigned an IP address or a computer having a designated computer name is either another computer on the local network or an external device. Restricts communication with the network, protects the IP address by allowing only computers with specific MAC addresses to protect IP addresses, or protects the IP address available to computers with specific MAC addresses. A communication control method is provided that allows the use of an IP address.

As another example, Korean Patent Registration No. 10-1099083 (Registration Date: December 20, 2011) (hereinafter referred to as Prior Patent 4) proposed a 'network resource management system and its management method'. In the preceding patent 4, a management server for storing an allow list in a network resource is provided for each agent group, and the blocking target terminal is provided with the allow list from the management server and compared with the network information collected from the agent group to which it belongs. And at least one Primary Master (PM) agent that controls the communication of the detected blocking target terminal to prevent unauthorized use of network resources without unauthorized access without changing the current network configuration. It was.

As described above, the above-mentioned prior arts provide a system that can automatically manage a large number of IP addresses and MAC addresses, thereby solving problems arising from the conventional method of manually collecting and managing IP addresses manually by a system administrator. Although some problems have been eliminated, there are still some things that need to be improved in order to operate the network efficiently.

In order to efficiently manage the network by using the collected network resources, the collected IP addresses and related information must be provided in various forms such as real-time monitoring, cumulative statistics, and reports so that the customer or system administrator can understand and easily understand in real time. do. In addition, access control and realization of the terminal using an unauthorized IP address, real-time detection and blocking of various harmful elements generated on the network, automatic IP address assignment using a DHCP server, detection of all network equipment having an IP address, and There is an urgent need to develop an integrated management system that can integrate and operate management. In addition, it is necessary to provide a customized system in consideration of various environments of customers.

KR 10-2011-0059027 A, 2011. 06. 02. KR 10-2004-0028398 A, 2004. 04. 03. KR 10-0591554 B1, June 13, 2006 KR 10-1099083 B1, 2011. 12. 20.

Vol.32, No.2 (I), 'Design and Implementation of IP Address Management System', Hee-chan Lee and 3 others, 2005.

SUMMARY OF THE INVENTION Accordingly, the present invention has been made in view of the above problems, and has the following objectives.

First, the present invention collects and manages IP address and related information (for example, MAC address, terminal name, connected equipment, etc.) on a network operated by a customer, and then integrates and manages network resources that can be provided in various forms. It is an object of the present invention to provide a system and a method thereof.

Secondly, the present invention provides a network resource management system and method for managing IP addresses more conveniently by providing functions such as real-time monitoring, cumulative statistics, and reports on all IP addresses on a network operated by a customer. There is another purpose.

Third, the present invention provides a network resource integrated management system and method for easily identifying IP address users through control and real name derivation of terminals using unauthorized IP addresses on a network operated by a customer. There is a purpose.

Fourth, the present invention is a network that can detect various harmful factors (for example, ARP spoofing, Rogue DHCP, MAC flooding, MAC spoofing, ARP attack, TCP sync flooding, UDP flooding, etc.) generated on the network operated by the customer Another object is to provide a resource integrated management system and method thereof.

Fifth, another object of the present invention is to provide an integrated network resource management system and method for automatically allocating an IP address using a DHCP server service (RFC 2131) on a network operated by a customer.

Sixth, another object of the present invention is to provide an integrated network resource management system and method for providing a system tailored to a customer's environment by providing flexibility in a method of collecting network resources on a network operated by a customer. .

Seventh, another object of the present invention is to provide an integrated network resource management system and method for easily detecting and managing all network equipment having an IP address on a network operated by a customer.

According to an aspect of the present invention, there is provided an apparatus including at least one L3 switch or router supporting communication between terminals belonging to another network on a system network and having a port mirroring function, and the L3 switch or the And a central server that registers a router and performs data communication with the registered L3 switch or the router to collect network resources through the Simple Network Management Protocol (SNMP) from the L3 switch or the router. Network address information and network information are extracted from the L3 switch or the network resource collected from the router, and statistically grouped and registered by network, and then a list of registered network address information and registered network information, and a registered network IP address Number of terminals It provides the use of, the use of dynamic IP address, the use of IP address duplication, and communicates through the web standard interface that can be operated by the administrator and the browser, the terminal information of the IP address from the administrator, for the terminal user of the IP address Information, and additional information related to an IP address including network equipment is received and registered and provided, and when the terminal having an unauthorized IP address attempts to access the Internet by using the port mirroring function of the L3 switch or the router, the L3 switch Or after detecting through the router, transmit a blocking packet to the L3 switch or the router to prevent the L3 switch or the router from accessing the Internet by a terminal having an unauthorized IP address. Provide a management system.

Preferably, the system network includes at least one edge proxy installed in at least one of the networks to collect the network resources and provide them to the central server, wherein the edge proxy is a network with a terminal having an unauthorized IP address When attempting to connect to the server, it detects it and transmits it to the central server, sets up a VL (Virtual Link) for the terminal with an unauthorized IP address, and blocks communication with other terminals in the network. It may be characterized by controlling the network use of the terminal having an unapproved IP address in response to the transmission policy for each class.

Preferably, the central server is unapproved when attempting to reconnect to the Internet or network of the terminal having the unauthorized IP address after the connection of the Internet or the network of the terminal having the unauthorized IP address is blocked through the L3 switch, the router, or the edge proxy. After providing the user information by providing the Internet or network use application page to the terminal user having the IP address, the user is approved by using the Internet or network through the administrator, and then the terminal information is confirmed. And finally permitting the use of the Internet or a network.

Preferably, the edge proxy detects in real time when a harmful element is generated on the network, and reports the terminal information generating the harmful element, the connection equipment and port information connected to the terminal generating the harmful element to the central server. Blocking the harmful terminal is connected to the network, and the central server provides the administrator with terminal information generated from the harmful element, connection equipment and port information connected to the terminal generating the harmful element to the administrator It may be characterized by.

Preferably, the central server monitors the source address of the IP header transmitted through the network through the port mirroring function of the L3 switch or the router, and when the web announcement target terminal is detected, the detected web announcement target terminal attempts to connect. After extracting a Uniform Resource Locator (URL), a redirection packet may be generated to transmit the generated packet to the web notification target terminal to induce a web notification page.

Preferably, when the web notification target terminal completes the move to the web notification page, the central server simultaneously displays the web notification contents and the URL (Uniform Resource Locator) page to which the web notification target terminal is to be connected, and confirms the web notification. When the web notification target terminal is completed, the web notification target terminal may be moved to a URL (Uniform Resource Locator) page to which the terminal is to be connected.

Preferably, the central server detects network equipment and servers by analyzing collected network resources, or detects network equipment and servers by using an asynchronous SNMP detector and asynchronous SNMP analyzer, and then classifies and registers by manufacturer, type, and location. The network and server may be monitored through an IcmTL Round-Trip Time Log (IRTTL) and a MultiRouter Traffic Grapher (MRTG).

Preferably, a DHCP (Dynamic Host Configuration Protocol) server having a dualization function for automatically allocating a dynamic IP address for a terminal connected to the network in association with the central server, and a network constructed separately from the central server It may be characterized in that it further comprises a database for storing the resource.

Preferably, the central server provides a color-coded IP address usage form so that an administrator can easily grasp the IP address usage status, provides user and terminal information using the IP address, and uses the IP address status as "default." View "," View by access level "and" DHCP leased IP view "mode can be characterized in that the provided.

Preferably, the central server restricts network use of a terminal in which a harmful element is found in connection with a firewall or an intrusion prevention system, and the central server detects a DDoS terminal in the firewall or the IPS. When the IP address of the DDoS terminal to be blocked is transmitted after receiving the transmission, it notifies the edge proxy of the blocking proxy according to a predetermined blocking policy for each level, and restricts the network usage of the terminal where harmful elements are found in response to the blocking level. It can be characterized.

Preferably, the central server induces network usage restriction and vaccine installation and update for the terminal that does not have a vaccine or a terminal that is not updated in connection with a vaccine server or a PMS (Patch Management System), and the central server is the vaccine. When the server or the PMS detects the terminal without the vaccine installed, and transmits the IP address of the terminal without the vaccine, after receiving the transmission, notify the edge proxy of the blocking level to the edge proxy according to a predetermined blocking policy for each level. Correspondingly, it may be characterized by limiting the use of the network of the terminal where the vaccine is not installed or inducing the installation of the vaccine.

Preferably, the central server collects the connection information through the L2 switch or the L3 switch associated with the terminal on the network, and then collects and analyzes the L2 switch or L3 switch directly connected to the terminal and calculates and provides a result. can do.

In addition, the present invention according to another aspect to achieve the above object is at least one L3 switch or router that supports communication between the terminals belonging to another network on the system network and has a port mirroring function, and the L3 switch Or a central server that registers the router and performs data communication with the registered L3 switch or the router to collect network resources from the L3 switch or the router through Simple Network Management Protocol (SNMP). A method for integrated network resource management using a management system, the method comprising: (a) collecting network resources from the L3 switch or the router, and (b) network address information and a network from network resources collected from the L3 switch or the router. Extract information and statistics Grouping and registering by network, and (c) communicating through a web standard interface interface that can be operated by an administrator and a browser, including terminal information of an IP address, terminal user information of an IP address, and network equipment from the administrator. Receiving and registering additional information related to an IP address; (d) a list of registered network address information and registered network information, a registered IP address for each network, a status of a terminal and a dynamic IP address usage state, and an IP address. Providing a redundancy state, and (e) using the port mirroring function of the L3 switch or the router to monitor the Internet access of the terminal with the unauthorized IP address, and the Internet access of the terminal with the unauthorized IP address When detected, the central server transmits a blocking packet to the L3 switch or the router, thereby disapproving the IP principal. Having the terminal provides the network resource integrated management method comprising the steps of: block the access to the Internet.

Preferably, the network resource management system includes at least one edge proxy installed in the network to collect the network resources locally and provide them to the central server, the step (e) is the IP unauthorized through the edge proxy When the network connection of the terminal having the address is monitored and the network connection of the terminal having the unauthorized IP address is detected, VL (Virtual Link) is set for the terminal having the unauthorized IP address to block communication with other terminals. Afterward, the network may be partially allowed to use a terminal having an unapproved IP address in response to a blocking policy for each grade transmitted from the central server.

Preferably, after step (e), if (f) the Internet or network access of the terminal having an unauthorized IP address is blocked through the L3 switch, the router, or the edge proxy, the Internet of the terminal having an unauthorized IP address or When attempting to reconnect to the network, the terminal user with an unauthorized IP address is provided to the Internet or network use application page to receive user information, and then the user is authorized to use the Internet or network through the administrator, and after confirming the authorized user information, the unauthorized IP address The method may further include receiving terminal information having a terminal and finally permitting use of the Internet or a network.

Preferably, the step (e) is to detect in real time the harmful element is generated on the network through the edge proxy, the terminal information generated harmful elements, connected equipment and port information connected to the terminal generated harmful elements Report to the central server and at the same time block the terminal is found harmful elements connected to the network, the central server is the terminal information generated by the harmful element provided from the edge proxy, connected equipment connected to the terminal is generated harmful elements and It may be characterized by providing the port information to the administrator.

Preferably, in the step (e), if the L3 switch or the router monitors a source address of an IP header transmitted through a network through a port mirroring function and detects a web announcement target terminal, the detected web announcement target terminal is connected. After extracting a URL (Uniform Resource Locator) to try to generate a redirection (redirection) packet may be characterized in that the generated packet is transmitted to the web announcement target terminal to induce a web announcement page.

Preferably, in the step (e), when the web notification target terminal completes the move to the web notification page, the web notification contents and the URL (Uniform Resource Locator) page to which the web notification target terminal is connected are simultaneously displayed. When the notification is confirmed, the web notification target terminal may be moved to a Uniform Resource Locator (URL) page to which the web notification target terminal is connected.

Preferably, the network resource management system is a DHCP (Dynamic Host Configuration Protocol) server having a dual function to automatically allocate a dynamic IP address for the terminal connected to the network in conjunction with the central server, and the central server and The method may further include a database configured to separately store and collect network resources.

Preferably, step (d) provides color-coded IP address usage forms, provides user and terminal information using IP addresses, and provides IP address usage status so that an administrator can easily grasp the IP address usage status. It may be characterized by providing the "class view", "view by access level" and "DHCP leased IP view" mode.

Preferably, the central server restricts network use of a terminal in which a harmful element is found in connection with a firewall or an intrusion prevention system, and the central server detects a DDoS terminal in the firewall or the IPS. When the IP address of the DDoS terminal to be blocked is transmitted after receiving the transmission, it notifies the edge proxy of the blocking proxy according to a predetermined blocking policy for each level, and restricts the network usage of the terminal where harmful elements are found in response to the blocking level. It can be characterized.

Preferably, the central server induces network usage restriction and vaccine installation and update for the terminal that does not have a vaccine or a terminal that is not updated in connection with a vaccine server or a PMS (Patch Management System), and the central server is the vaccine. When the server or the PMS detects the terminal without the vaccine installed, and transmits the IP address of the terminal without the vaccine, after receiving the transmission, notify the edge proxy of the blocking level to the edge proxy according to a predetermined blocking policy for each level. Correspondingly, it may be characterized by limiting the use of the network of the terminal where the vaccine is not installed or inducing the installation of the vaccine.

As described above, according to the present invention, the following effects can be obtained.

First, according to the present invention, a network resource (for example, IP address, MAC address, terminal name, connection equipment and port information, etc.) is collected through an L3 switch (or router) or an edge proxy on a network operated by a customer. After processing, the data can be provided in various data formats to make it easier for administrators or customers to understand, thus improving network resource collection and management efficiency.

Second, according to the present invention, it is possible to manage IP addresses more conveniently by providing functions such as real-time monitoring, cumulative statistics, and reports on all IP addresses on a network operated by a customer.

Third, according to the present invention, while controlling the use of the Internet or the network for the terminal using an unauthorized IP address on the network operated by the customer, while compulsorily providing a web notification to identify the user of the IP address through the real name induction It may be easy.

Fourth, according to the present invention, it is possible to detect various harmful factors (for example, ARP spoofing, Rogue DHCP, MAC flooding, MAC spoofing, ARP attack, TCP sync flooding, UDP flooding, etc.) generated on the network operated by the customer. have.

Fifth, according to the present invention, by establishing a DHCP server having a redundant function on the network operated by the customer, and automatically assigns an IP address through this, when a large amount of IP address requests due to the increase in wireless environment or smart phone, etc. You can quickly cope.

Sixth, according to the present invention, in addition to the information obtained from the network resources collected on the network operated by the customer to provide a system tailored to the customer's environment by simply providing additional information to the administrator through the interface with the administrator Can be.

1 is a schematic diagram showing a network resource management system according to the present invention.
2 is a diagram schematically illustrating a configuration of a network resource integrated management system to explain a central network resource collection method using an L3 switch according to the present invention.
3 is a diagram schematically illustrating a configuration of a network resource integrated management system in order to explain a local network resource collection method using an edge proxy according to the present invention.
4 is a diagram schematically illustrating a configuration of a network resource integration management system in order to explain a L3 switch and an edge proxy mixed network resource collection method according to the present invention;
FIG. 5 is a diagram schematically illustrating a configuration of a network resource integrated management system in order to explain a network (internet) use control method using an L3 switch according to the present invention; FIG.
6 is a diagram schematically illustrating a configuration of a network resource integrated management system in order to explain a network (internet) usage control method using an edge proxy according to the present invention.
7 is a view illustrating an example of a network blocking policy for each grade according to the present invention.
8 is a conceptual diagram illustrating an approval procedure after controlling network use according to the present invention.
9 is a view for explaining a network list management method according to the present invention.
10 is a view for explaining the IP address list management method according to the present invention.
11 is a diagram illustrating a method for managing IP address detail information and user information according to the present invention;
12 is a diagram illustrating a method for controlling IP address duplication use according to the present invention;
13 is a view for explaining a physical connection equipment and a port information detection method according to the present invention.
14 is a diagram illustrating a method of providing an IP address usage status according to the present invention.
15 is a view for explaining a method for providing IP address statistics information according to the present invention.
16 is a view for explaining a network equipment detection and management method according to the present invention.
17 is a view for explaining a network equipment detection method according to the present invention.
18 is a diagram illustrating a method of providing information of collected network equipment according to the present invention.
19 is a view showing for explaining the harmful element analysis method according to the present invention.
20 is a view for explaining a harmful element terminal management method by interworking with another system according to the present invention.
21 is a diagram illustrating an IP realization and notification delivery method according to the present invention.
22 is a view illustrating a DHCP server operating method according to the present invention.
23 is a diagram illustrating a user interface according to the present invention.
FIG. 24 is a diagram for explaining a description order for each administrator defined by an administrator through a user interface according to the present invention; FIG.
25 is a diagram showing a network resource integrated management system according to Embodiment 1 of the present invention.
FIG. 26 is a system configuration diagram illustrating a web notification method according to the present invention. FIG.
FIG. 27 is a flowchart showing a web notification method using the system shown in FIG. 26;
28 is a flowchart for explaining a web notification page processing method according to the present invention.
29 is a diagram showing a network resource integrated management system according to Embodiment 2 of the present invention.
30 is a diagram showing a network resource integrated management system according to Embodiment 3 of the present invention;
FIG. 31 is a diagram showing a network resource integrated management system according to Embodiment 4 of the present invention; FIG.
32 is a diagram showing a network resource integrated management system according to Embodiment 5 of the present invention;
33 is a flowchart illustrating a network resource integration management method according to an embodiment of the present invention.

Advantages and features of the present invention, and methods for achieving them will be apparent with reference to the embodiments described below in detail in conjunction with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below, but may be implemented in various different forms.

In this specification, the embodiments are provided so that the disclosure of the present invention may be completed and the scope of the present invention may be completely provided to those skilled in the art. And, the invention is only defined by the scope of the claims. Thus, in some embodiments, well known components, well known operations, and well-known techniques are not specifically described to avoid an undesirable interpretation of the present invention.

In addition, like reference numerals refer to like elements throughout the specification. In addition, the terms used (discussed) herein are for the purpose of describing the embodiments are not intended to limit the invention. In this specification, the singular forms also include the plural unless specifically stated otherwise in the phrases. Also, components and acts referred to as " comprising (or comprising) " do not exclude the presence or addition of one or more other components and operations.

Throughout the specification, network resources include IP address, MAC address, terminal (computer) name, operating system information, LAN card manufacturer information (OUI), switch-port information to which the terminal is physically connected, network equipment information (manufacturer, device name, Description, serial number, etc.), network information (default gateway, subnet mask), harmful information (ARP Spoofing, Broadcasting Flooding, DHCP Flooding, etc.), and terminal information using multiple IP addresses.

Unless otherwise defined, all terms (including technical and scientific terms) used in the present specification may be used in a sense that can be commonly understood by those skilled in the art. Also, commonly used predefined terms are not ideally or excessively interpreted unless defined.

Network integrated resource management system according to the present invention, ① automatically collects IP address management and related information, ② induces the realization through the web notification and control for the terminal using an unauthorized IP address, ③ generated in the network Detect and block various harmful factors, ④ Automatically assign IP address through DHCP server service, ⑤ Provide flexibility in collection method, build customized system optimized for customer's environment, ⑥ All network with IP address Integrated management and operation of detection and management of equipment.

Specifically, the main features of the network resource management system according to the present invention is ① information collection, ② interface, ③ information management, ④ policy, ⑤ DHCP server, ⑥ blocking.

1. Information Collection

Network resources such as IP address, MAC address, terminal name, operating system information collection, providing LAN card manufacturer information (OUI), analysis of switch-port information to which the terminal is physically connected, network device detection (manufacturer, device name, description) , Serial number, etc.), network information collection (default gateway, subnet mask), hazard analysis, and terminals using multiple IP addresses.

2. Interface

It offers a web-standard pricing interface that works with any browser, and provides secure login (SSL) and administrator mode for added security. Through this, not only the list order, main screen composition, notation order, name and information input form can be freely changed, but also provide various real time information processing status to the administrator.

3. Information Management

Coded information management ensures consistency of data and user information, manages IP addresses on a network basis, provides 16 * 16 IP address boards, manages data through organizational unique identifiers (OUIs), and accumulates statistics and reports To provide.

4. Policy

IP address dormancy policy (manage and manage static IP addresses that have not been used for a long time), IP address blocking policy (automatic blocking of devices that use IP addresses or change IP addresses without administrator approval), administrator dormancy policy (not active) Prohibit access to unauthorized administrator accounts), access information dormancy policy (classify and manage unused assigned addresses), and DHCP vs. scope policy (blocking unauthorized terminals within the scope).

5. DHCP server

Automatically assigns IP address through DHCP server, configures multiplexing to allocate IP address stably, and provides lease exclusion, lease reservation, lease period reservation, lease history information, inquiry service.

6. Blocking

Partial blocking through blocking objects, URL redirection blocking for web access users, blocking and duplication of IP address duplication devices, provision of network application pages for smartphone users, time control (network use at specific times) Control), web notification (deliver notice to web-connected users without program installation, can be used as real name), block DHCP superscope, and block specific IP address range.

On the other hand, the network resource integrated management system according to the present invention provides a main function so that the administrator can easily manage the network resources. For example, IP address management (IP address management, DHCP management, IP address management statistics) by network and organization (group, department), device management (IRTTL / syslog, device status (analyzed device status), detection equipment and Central Server Management), Access Information Management (Access Application, Authorization Status, Range Access Notification, Access Information Statistics), Administrator Management (Administrator / Administrator Management), Search (General, History, DHCP History Search), Environment Settings (Information Display, Information maintenance, access level management, code management, remote detection management, harmful property management), additional functions (IP usage status, web notification, time control, real-time collection status (SNMP collection information, fixed IP address detection information, dynamic IP) Address lease information, unauthorized address detection status), real-time analysis status (node type analysis status, connection port analysis status), harmful node history, etc. are provided.

Hereinafter, the technical features of the present invention will be described in detail with reference to the accompanying drawings.

1 is a schematic diagram illustrating a network resource management system according to the present invention.

Referring to FIG. 1, the network resource integrated management system according to the present invention stores network resources collected in a database built on a central server, for example, an IP address, a MAC address, a terminal name, network equipment related information, and the like. Centralized management on the server, or some modules can operate in a distributed architecture. In addition, resources can be collected and allocated through a hybrid resource collection (HRC) method, an edge proxy, and a Dynamic Host Configuration Protocol (DHCP) server. You can manage the collected resources.

The network resource integrated management system according to the present invention provides a method for collecting and managing network resources in two ways. Network resource collection and management using a Layer-3 switch or router (hereinafter referred to as L3 switch for convenience) and network resource collection and management using an edge proxy have. First, network resource collection and management using a layer-3 switch (hereinafter referred to as L3 switch) collects and manages network resources through an L3 switch in one central server without adding a separate device such as an edge proxy. That's the way. The network resource collection and management method using the edge proxy is a method of collecting and managing network resources through an edge proxy installed in each network unit after installing the edge proxy in a network unit, for example, a virtual local area network (VLAN). to be.

Network resource collection

2 is a diagram schematically illustrating a configuration of a network resource integrated management system in order to explain a central network resource collection method using an L3 switch according to the present invention.

Referring to FIG. 2, the network resource management system according to the present invention collects network resources through a central collection method through one central server CS without installing additional equipment such as an edge proxy. The central server CS registers information of the L3 switch L3 existing in each network, and collects network resources through the registered L3 switch L3.

The L3 switch is a device that includes both the L2 (Layer-2) switch and the router. The L3 switch forwards packets by referring to both an IP address and a MAC address. Accordingly, the central server CS may collect network resources from the L3 switch by using a User Datagram Protocol (UDP) communication method through the Simple Network Management Protocol (SNMP). Therefore, not only domestic but also foreign networks can collect network resources through a central collection method through the L3 switch.

FIG. 3 is a diagram schematically illustrating a configuration of a network resource integrated management system in order to explain a local network resource collection method using an edge proxy according to the present invention.

Referring to FIG. 3, the network resource integrated management system according to the present invention may collect network resources through a local collection method through an edge proxy (EP) rather than a central collection method. The edge proxy (EP) is installed on a network basis and collects network resources including an IP address, MAC address, and terminal name of each terminal. The central server CS receives and collects locally collected network resources through each edge proxy EP. At this time, the edge proxy (EP) can be configured in a VLAN unit, since 4 to 8 Ethernet ports are supported, one edge proxy (EP) device can manage approximately 4 to 8 VLANs. The number of edge proxies is determined by the number of VLANs of the customer. However, 802.1q Tagged VLAN can be used to manage multiple VLANs on one edge proxy device.

4 is a diagram schematically illustrating a configuration of a network resource integration management system in order to explain a L3 switch and an edge proxy mixed network resource collection method according to the present invention.

Referring to FIG. 4, the network resource management system according to the present invention collects network resources using a network resource collection method in which an L3 switch L3 and an edge proxy EP are mixed. That is, network resources are collected in a HRC (Hybrid Resource Collection) method. The edge proxy (EP) is installed in a part of the networks to collect network resources by local collection method, and in the network where the edge proxy (EP) is not installed, the central server (CS) is centrally collected through the L3 switch (L3). Collect networks from

In addition, the network resource management system according to the present invention may further include a DHCP server (DHCP). You can assign IP addresses automatically using a DHCP server. It can operate efficiently in a wireless network environment, and can provide a private range allocation function to prevent IP address exhaustion due to smartphone terminals. This allows for dynamic IP address assignment and provides redundant functions for stable IP address assignment.

Network usage control

FIG. 5 is a diagram schematically illustrating a configuration of a network resource integrated management system in order to explain a network (internet) use control method using an L3 switch according to the present invention.

Referring to FIG. 5, in the integrated network resource management system according to the present invention, the central server CS performs monitoring through port mirroring of the L3 switch L3 for packets destined for a network, for example, the Internet. When the IP address of the unauthorized terminal is directed to the Internet, the blocking packet is transmitted to the L3 switch L3. Here, port mirroring refers to a network traffic monitoring method for copying packets transmitted from one access port of a network to another packet inspection access port, and may be used to block network diagnosis tools or error correction, in particular, attack. Port mirroring can be configured by the network administrator designating a packet copy connection port and a packet transmission port.

In the environment where the edge proxy is not installed, the central server CS detects the IP address of the unauthorized terminal through port mirroring of the L3 switch L3, and then transmits a blocking packet to the target terminal to block access to the Internet. For example, if an unauthorized terminal uses the web, it generates a Uniform Resource Locator (URL) redirection packet, and if it performs transmission control protocol (TCP) communication instead of the web, it generates TSB (TCP Session Blocking). Block it.

In addition, the network resource management system according to the present invention may further operate a module for blocking Internet access, if necessary, for example, to control access to a specific VLAN (for example, server farm, etc.) If you want, you can also operate an additional blocking module.

FIG. 6 is a diagram schematically illustrating a configuration of a network resource integrated management system in order to explain a network (internet) usage control method using an edge proxy according to the present invention.

Referring to FIG. 6, in the network resource integrated management system according to the present invention, after the central server CS monitors a network connection to an unauthorized terminal through an edge proxy EP, an IP address of an unauthorized terminal attempts to access a network. In this case, the use of the entire network of unauthorized terminals may be blocked through the edge proxy (EP), or the limited network usage may be approved according to the access policy by the VL (Virtual Link) setting. In this case, communication with other terminals other than the edge proxy (EP) is restricted until the unapproved terminal is approved.

The central server CS establishes a rating blocking (access) policy to be granted to the IP address of the unauthorized terminal and notifies the policy and the blocking level to the edge proxy (EP). One example of a blocking grade is shown in FIG. 7. The edge proxy (EP) partially allows the network to be used according to the graded blocking policy of the central server (CS). For example, you can only use the web.

In addition, the central server CS may control the use of IP address duplication through the edge proxy EP. For example, you can control the use of addresses that are already in use or reserved.

7 is a diagram illustrating an example of a network blocking policy for each grade according to the present invention.

Referring to FIG. 7, the central server CS establishes and manages a network blocking policy for each grade according to the present invention. For example, the blocking class is divided into 1 ~ 9 classes, the blocking objects are classified into 1 ~ 4 groups, and then applied to each class. For example, level 3 or higher can select the blocked object, and the blocked object can be created / applied / deleted by managing the blocked object. Blocked object management is provided to the system administrator after being stored in the database as shown in the right screen of Figure 7, the administrator can easily check by clicking the block object by class.

8 is a conceptual diagram illustrating an approval procedure after controlling network use according to the present invention.

Referring to FIG. 8, first, network usage of an unapproved terminal is controlled through an edge proxy (EP), and then, when a user of the terminal uses the Internet, the user is automatically moved to a page for applying for network usage. The central server CS provides a certain form to the user, and the user inputs user information and the like according to the given form and notifies the administrator of the application. For example, the user information may include name, affiliation, contact information, and the like. Thereafter, when the administrator's approval is completed, the central server CS approves the network connection of the corresponding user terminal, and after confirming the approval details, all the approval is completed.

IP  Address management

9 is a diagram illustrating a network list management method according to the present invention.

Referring to FIG. 9, the central server CS groups network address information among network resources collected through a central collection method through an L3 switch L3 or a local collection method through an edge proxy (EP). Manage. For example, network addresses, subnet masks, and default gateway information can be grouped and managed by location. The central server (CS) is the number of registered IP addresses for each network, for example, the total number of IP addresses in use on the network, the number of online IP addresses, the number of IP addresses in the offline state, and newly discovered today. It can be provided to customers by classifying them into the number of IP addresses that have been used, the number of used IP addresses, and the number of IP addresses that have been inactive for a long time.

10 is a diagram illustrating a method of managing an IP address list according to the present invention.

Referring to FIG. 10, the central server CS provides a list of network information among the collected network resources to the customer. For example, it provides IP address (IPv4), MAC address, network equipment manufacturer, operating system, computer workgroup and name, and connected device / port information. In addition, the terminal may provide a state of the terminal, for example, a time when the terminal in the active, inactive, and dormant state is turned on and increased. It can also provide the usage status of the floating IP address, eg, lease, renew, expire, release. It can also provide redundant use of IP addresses. At this time, the IP address detection range includes new IP address (detected when a new IP address is found), changed IP address (detected when using IP address change), duplicate IP address (detected duplicate IP address), and multiple IP addresses (on one MAC address). Multiple IP address detection).

11 is a diagram illustrating a method of managing IP address detail information and user information according to the present invention.

Referring to Figure 11, the central server (CS) provides an interface (Figure # 1) to receive information about the user and the terminal using the IP address for the IP address, to provide the information received through the interface Therefore, it is possible to provide optimized information to customers. In addition, additional information related to the IP address, for example, OUI (Organizationally Unique Identifier) information that is a code value assigned to the LAN card manufacturer, detection equipment information, connection equipment / port details, detection history information and lease history Information, and in the case of network equipment, provides the manufacturer, terminal name, serial number, and model name (Figure # 2).

12 is a diagram illustrating a method of controlling IP address duplication use according to the present invention.

Referring to FIG. 12, the central server CS prevents duplicate use of an IP address that is already assigned through the edge proxy EP (case # 1). For example, if the terminal "A" is assigned the IP address "192.168.0.10" and the terminal "B" wants to use the same "192.168.0.10" as the IP address assigned to the terminal "A", the edge proxy ( EP) to block this. At this time, the redundant use is prevented regardless of the active state or the inactive state of the terminal "A".

In addition, the central server CS prevents the use even if the IP address is reserved in advance even though the specific IP address is not currently used through the edge proxy EP (case # 2). Even if the administrator changes the IP address for a while while assigning an IP address to a specific terminal in advance, the other terminal is blocked from using the previously used IP address. For example, the central server CS uses the same '192.168.0.20' as the IP address reserved by the terminal "D" in the terminal "C" while the IP address "192.168.0.20" is reserved for the terminal "D". If you want to block the terminal "C" to use the IP address of the terminal "D" through the proxy (EP).

FIG. 13 is a diagram illustrating a method for detecting physical connection equipment and port information according to the present invention.

Referring to FIG. 13, the central server CS collects connection information through all switch equipment (L2 / L3 switch) associated with the terminal and analyzes and provides switch and switch port information directly connected to the terminal. For example, the central server (CS) collects the port names and port aliases of all switch devices (L2 / L3 switch) in advance, and analyzes the port information (FDB-Forwarding Database) to which the terminal is connected to switch IP address, port name, Port alias, etc. Time difference may occur depending on the network equipment. However, when the IP address of the terminal is detected for the first time through the L3 switch (L3), the connected equipment and the port information are provided within the minimum tens of seconds and the maximum minutes.

14 is a diagram illustrating a method of providing an IP address usage status according to the present invention.

Referring to FIG. 14, the central server CS provides the collected IP address usage status so that an administrator or a customer can grasp at a glance. At this time, the IP address usage status is provided by color classification, and user and terminal information using the IP address is also provided. There are three ways to provide IP address usage: 'View in Default', 'View in Access Level', and 'DHCP Rented IP View'. Provides IP address usage status by dormancy, access information (IP reservation), non-use, etc. In 'View by access level' mode, IP address usage status is provided by classifying 1 ~ 9 grades as shown in FIG. Viewing leased IPs' mode provides IP address usage such as lease, lease expiration, lease rejection, and availability status indication.

15 is a diagram illustrating a method of providing IP address statistics information according to the present invention.

Referring to FIG. 15, the central server CS provides IP address collection and related statistical information in the form of a graph. For example, IP address accumulation, new IP address registration, IP address registration order, DHCP lease statistics are provided on the screen. In addition, a report on IP address collection and related statistical information may be provided to be output in HTML, CSV, or Excel format.

Network equipment detection and management

16 is a diagram illustrating a network device detection and management method according to the present invention.

Referring to FIG. 16, the central server CS detects network equipment and servers through additional analysis on the collected IP addresses, and provides a graph by classifying by manufacturer, type, and location. In the case of a network switch, switch port (interface) information, for example, interface status (UP / DOWN), link speed information, and the like are collected. And it provides a monitoring function for the network equipment thus collected. For example, it may be provided through an Icmp Round-Trip Time Log (IRTTL) or a MultiRouter Traffic Grapher (MRTG).

17 is a view illustrating a network device detection method according to the present invention.

Referring to FIG. 17, the central server CS may detect equipment in a short time by using an asynchronous SNMP detector and an asynchronous SNMP analyzer. For example, 10 nodes can be detected per second. Network equipment (L2 switch, L3 switch, L4 switch, router, firewall, AP (Access Point), etc.), server equipment (Linux server, SUN server, Microsoft server, etc.), deposit equipment through asynchronous SNMP detector and asynchronous SNMP analyzer (IP phone, network printer, etc.) can be detected. In this case, the detected information may be a system name, manufacturer, equipment serial number, equipment model name, equipment type, and the like.

18 is a diagram illustrating a method of providing information of collected network equipment according to the present invention.

Referring to FIG. 18, as illustrated in FIG. 16, a monitoring function for the collected network equipment may be provided through an Icmp Round-Trip Time Log (IRTTL) and a MultiRouter Traffic Grapher (MRTG). IRTTL periodically transmits Internet Control Message Protocol (ICMP) for a specific device, analyzes round-trip time (RTT) to analyze the condition of the device, for example, good, normal, bad, failure, etc. Statistics are provided on a weekly, monthly basis. MRTG provides bits per second (pps) and packet per second (pps), provides traffic usage for the switch ports specified by 5-10 minute statistics, and manages the history of traffic exceeding the threshold by setting a threshold.

Harmful element analysis and terminal management

19 is a view illustrating a method for analyzing harmful elements according to the present invention.

Referring to FIG. 19, the harmful element analysis may be performed through an edge proxy (EP). Harmful factors may include ARP spoofing, Rogue DHCP, MAC flooding, MAC spoofing, ARP attack, TCP sync flooding, UDP flooding, and the like.

The edge proxy (EP) detects harmful elements and reports them to the central server (CS). At this time, the edge proxy (EP) may isolate the terminal is found harmful elements in the manner as shown in FIG. The central server CS may provide the manager with history information on the harmful elements through history management by harmful elements and harmful periods reported from the edge proxy EP.

In addition, the edge proxy (EP) provides the central server (CS) with the connection equipment and port information associated with the terminal is found harmful elements. If the edge proxy (EP) is difficult to control the terminal is found harmful elements, it can control the terminal is found through the L3 switch (L3). The administrator can be controlled quickly because the edge proxy (EP) is provided with connection equipment and port information physically connected to the terminal where the harmful element is found.

20 is a view illustrating a method for managing a harmful element terminal according to the present invention.

Referring to FIG. 20, the central server CS according to the present invention is harmful in connection with another security system, for example, a firewall (FW), an intrusion prevention system (IPS), a patch management system (PMS), and the like. May block the found terminal at source.

In describing FW / IPS interworking, FW / IPS can be controlled only at the equipment location due to its configuration. When the firewall or IPS detects a DDoS terminal having an IP address of '192.168.0.20', the firewall or IPS notifies the central server (CS) of the IP address '192.168.0.20'. The central server CS notifies the blocking class to the edge proxy EP according to the network usage policy for each class shown in FIGS. 6 and 7, and the edge proxy EP is notified according to the blocking class notified from the central server CS. Limit the network usage of terminals with IP address '192.168.0.20'.

When the vaccine / PMS linkage is described, network usage restriction, vaccine installation, and update are induced for terminals without vaccine and terminals not updated in connection with the vaccine server and the PMS. For example, the vaccine server notifies the central server CS of a terminal having an IP address of '192.168.0.20' in which the vaccine is not installed. The central server CS notifies the blocking class to the edge proxy EP according to the network usage policy for each class shown in FIGS. 6 and 7, and the edge proxy EP is notified according to the blocking class notified from the central server CS. It restricts the network usage of terminals with IP address '192.168.0.20' or induces vaccine installation and update.

21 is a diagram illustrating an IP realization and notification delivery method according to the present invention. Referring to FIG. 21, the central server CS may forcibly transmit a notification content to a terminal using the Internet, and thus may be used for IP address realization and internal notification delivery.

The integrated network resource management system according to the present invention solves the problems caused by user IP address setting, IP address input error, and the need for a change of IP address due to frequent movement and the increase of wireless and smart phone usage. Can be operated.

22 is a diagram illustrating a method for operating a DHCP server according to the present invention.

Referring to FIG. 22, the network resource integration system according to the present invention may establish two DHCP servers and allocate a stable network address in a redundant concept. In addition, lease synchronization between DHCP servers is used to assign IP addresses redundantly. Through this, it is possible to cope with a large amount of IP address allocation request more quickly, and when an error occurs in one of the redundant servers, the other server can allocate the IP address normally. These DHCP servers can also operate up to three or four in the system as needed.

23 is a diagram illustrating a user interface according to the present invention.

Referring to FIG. 23, the central server CS according to the present invention can be accessed and managed through all browsers in compliance with a web standard. A user, that is, an administrator, may directly define a title, a form, a writing order (by administrator or network), a web notice, a rating block, a code management, and a login environment through a user interface. This makes it possible to build custom systems. In addition, the central server (CS) has encryption, SSL (Secure Socket Layer), abnormal login management through session management, and functional restrictions for the administrator to enhance the security of the user interface.

FIG. 24 is a diagram illustrating an administrator's order of writing defined by an administrator through a user interface according to the present invention. Referring to FIG. 24, a screen display order may be defined for each administrator, or a screen display order may be defined for each network.

Hereinafter, the network resource integrated management system according to the present invention may implement the system in various models to collect network resources, which will be described.

Example

25 is a diagram illustrating a network resource integrated management system according to a first embodiment of the present invention.

Referring to FIG. 25, the network resource integrated management system according to the first embodiment of the present invention uses a network resource, for example, by a local collection method using an edge proxy (EP), which is dedicated hardware for network resource collection and control as a dedicated equipment model. Collects IP address, MAC address, terminal name, operating system information. In addition, the edge proxy (EP) manages network device detection (manufacturer, device name, description, serial number, etc.), network information (default gateway, subnet mask, etc.), harmful element analysis, and terminals using multiple IP addresses. . The edge proxy EP performs data communication with the central server CS.

Product specifications of the edge proxy (EP) are shown in Table 1 and Table 2 below.

model name CPU Memory Storage Ethernet port
(10/100/1000) recommend
Node EP308 Intel Core2 Duo 2.4GHz 2 GB 4 GB CF 8 1,500 EP204 VIA C7-1.5 GHz 1 GB 4 GB CF 4 700 EP104 Intel® Celer M 600 MHz 1 GB 4 GB CF 4 150

Model EP308 EP204 EP104 Serial One at front
(RJ-45 connector) One at front
(RJ-45 connector) One at front
(RJ-45 connector) USB 2 at Font 2 at Font 2 at Rear IDE / SATA 0/4 1/2 1/2 Power 200 WATX 180 WATX 60W Power Adapter Form Factor 1U 1U Desktop Dimensions 426 × 365 × 44 426 × 362 × 44 270 × 40 × 150

Basically, one edge proxy (EP) can manage a range of VLAN units, and one edge proxy (EP) can manage 4 to 8 VLANs. Accordingly, the number of edge proxies may be determined according to the number of VLANs of the customer. However, '802.1q VLAN Tagging' can be used to manage multiple VLANs on one edge proxy (EP).

The edge proxy (EP) automatically collects all network resources used in the VLAN, for example, an IP address, a MAC address, and a terminal name, in real time and provides them to the central server (CS). At this time, the edge proxy (EP) is detected in real time in the case of the active terminal, and collects network resources by detecting within a set period (10 ~ 60 seconds) for the inactive terminal.

The edge proxy (EP) detects harmful elements and reports them to the central server (CS). At this time, the edge proxy (EP) blocks the network use of the terminal is found harmful elements, and reports the connection equipment and port information associated with the terminal is found to the central server (CS). For example, an edge proxy (EP) restricts communication with other terminals until an unauthorized terminal establishes a virtual link (VL) when it attempts to access the network, and is approved, and an IP address and connection equipment for the unauthorized terminal. And port information and the like to the central server CS.

The edge proxy (EP) is provided with a policy and a blocking level from the central server (CS) as shown in FIG. 7, and restricts or partially uses the entire network for the terminal or unauthorized terminal whose harmful element is detected according to the blocking policy for each level. Can be allowed. In this case, when it is difficult for the edge proxy (EP) to control the terminal in which the harmful element is found or the unauthorized terminal, the terminal may detect the harmful element through the L3 switch.

Specifications of the central server CS are shown in Table 3 below.

operating system Window 2008 Server HDD 300 GB or more RAM 4 GB DB Oracle 11g (32bit) NIC 10/100 or (10/100/1000) 1EA Or 2EA

The central server CS receives and collects network resources collected by a local collection method through an edge proxy EP, for example, an IP address, a MAC address, a terminal name, and operating system information. The collected network resources are stored and managed in a database, and the collected data is processed and provided to the administrator in various forms for easy access by the administrator.

For example, the central server CS may process the collected network resources and display network lists, IP address lists, IP address details, user information, physical connection equipment and port information, and IP as shown in FIGS. 9 to 18. It generates address usage status, daily, weekly and monthly statistics of IP address and provides it to the administrator. Through this, the administrator can not only monitor the network resources in real time through various data provided in the form of a web page from the central server (CS), but also provide the administrator with the data to output (print) the report. Efficient management of addresses is possible.

The central server CS provides an interface with an administrator (or administrator), and the administrator's location (IP address), time, and ID are stored for enhanced security, and the stored results can be inquired. In addition, all passwords for the administrator are stored in encrypted form and the password cannot be verified through the database. Administrator ID can be created with 5 or more alphanumeric characters. Password can only be 6 or more alphanumeric characters and special characters related to numeric keys. If the central server CS fails to log in to the administration page, the central server CS does not provide a hint about the cause of failure. However, accounts that are suspended or dormant by the administrator are output as suspended or dormant accounts.

Logging in the admin page and user page has a preventive measure to prevent 'SQL Injection'. Also, do not allow any 'cross site script' while running the admin page and user page separately. The session is set to end automatically if the admin page is not operated for a certain time. If the admin page is not operated for about 120 minutes, the session is automatically terminated. If authentication (login) is not completed in the admin page, no page can be accessed directly. During authentication of the admin page, the ID and password are transmitted to the central server (CS) in encrypted form.

The central server CS notifies the edge proxy EP of a policy and a blocking level as shown in FIG. 7 when a network connection of a terminal or an unauthorized terminal including a harmful element detected through the edge proxy EP is detected. do. The edge proxy (EP) controls the network access of the terminal according to the policy and the blocking level notified from the central server (CS). For example, the edge proxy (EP) controls the network connection by establishing a virtual link (VL) when an unauthorized terminal attempts to access the network according to the policy and the blocking level of the central server CS.

When a terminal user whose network use is blocked by the edge proxy EP attempts to access the Internet, as shown in FIG. 8, the central server CS automatically provides a terminal user with a page for applying for network use. That is, a terminal user automatically moves to a page where a user can apply for network use when accessing the Internet, and inputs user information such as name, affiliation, and contact information according to a form provided on the page to apply for network use. After that, the administrator reviews the network use application registered by the terminal user, and permits the use of the network, and notifies the edge proxy (EP) of this. The edge proxy (EP) authorizes the terminal user's network use according to the network use permission of the central server (CS).

Meanwhile, in the network resource integration management system according to the first embodiment of the present invention, the router R performs a port mirroring function for web notification. The web notification according to the present invention forcibly transmits an IP address realization and internal notification to a terminal using the Internet as shown in FIG. 21, because it does not require installation of a client program and is not provided in the form of an existing Internet pop-up window. It is not affected by 'IEE Popup blocker'.

FIG. 26 is a system configuration diagram illustrating a web notification method according to the present invention. FIG. 27 is a flowchart illustrating a web notification method using the system shown in FIG.

Referring to FIGS. 26 and 27, first, a terminal for transmitting a web announcement is monitored through port mirroring of the L3 switch L3 (S271). At this time, the terminal monitoring to transmit the web notification is made by monitoring the source address of the IP header of the terminal.

Thereafter, when the IP address of the target terminal to which the web notification is to be transmitted is detected, the target terminal extracts a URL to which the terminal attempts to access (S272 and S273). In this case, URL extraction to which the target terminal attempts to access may be extracted using a HTTP (HyperText Transfer Protocol) header.

When the URL extraction is completed, the L3 switch L3 redirects the web notification target terminal to the notification page provided by the web notification server, for example, the central server CS through the port mirroring function. A packet is generated (S274). In this case, the redirection packet includes an IP header, a TCP header, and an HTTP header. For example, the HTTP header may include 'HTTP / 1.1 302 Moved Temporarily nLocation: 192.168.3.14/wnbih? Url = www.naver.com' when the target terminal attempts to access the web page (naver.com). Can be.

Thereafter, when packet generation is completed, the generated packet is transmitted to the target terminal (S275).

The web notification page processing method for the target terminal may proceed in the same manner as in FIG. 28.

28 is a flowchart illustrating a web notification page processing method according to the present invention.

Referring to FIG. 28, first, step S275 is performed in FIG. 27, and then, the target terminal receives URL information and other information to be accessed (S281). For example, it may be 'http; // 192.168.3.14/wn.bih?url=www.naver.com', where 192.168.3.14 is a web notification server.

Thereafter, the web notification and the target terminal display the page to be accessed at the same time (S282). At this time, an example of the source code of the notification processing page (wn.bih) is as follows.

<div><iframe width = 100% heigh = 100% url = 'www.naver.com'../></div>
<div> Notice </ div>

The notification processing page screen according to the above source code is as shown in FIG.

Thereafter, when the web notification check is completed, the target terminal moves to a web page to be accessed, for example, Naver (S283). In this case, the web notification time may be set as a timer or a method of moving to a web page to be accessed when the user clicks the notification screen.

The network resource integrated management system according to the first embodiment of the present invention shown in FIG. 25 is efficient in managing network resource collection, harmful element detection and control through an edge proxy, but needs to separately install edge proxy equipment. This can add cost.

29 is a diagram illustrating a network resource integrated management system according to a second embodiment of the present invention.

Referring to FIG. 29, in the network resource integrated management system according to the second embodiment of the present invention, unlike the first embodiment, the central server CS separately installs an edge proxy for each network unit to collect network resources by a local collection method. Instead, as shown in FIG. 2, the L3 switch L3 (or router) network resources are collected by a central collection method.

When the central server CS registers all L3 switch information present in the system network, the central server CS may collect information from the L3 switch L3 through SNMP. At this time, SNMP related setting is necessary before data collection. The L3 switch (L3) has a port mirroring function, through which the central server (CS) monitors packets destined for the Internet through the L3 switch (L3) to block packets to the corresponding terminal when an unauthorized IP address is destined for the Internet. send.

As such, the network resource integrated management system according to the second embodiment of the present invention operates only one central server (CS), which is advantageous compared to the first embodiment requiring a separate edge proxy in terms of cost, and mainly aims at managing IP addresses. Suitable for customer environment.

30 is a diagram showing a network resource integrated management system according to Embodiment 3 of the present invention.

Referring to FIG. 30, the network resource integrated management system according to the third embodiment of the present invention collects network resources in the same central collection manner as the network resource integrated management system according to the second embodiment. However, if there are many IP addresses to manage, separate database server (DBS) and build separately, thereby improving IP address collection and management efficiency.

31 is a diagram showing a network resource integrated management system according to Embodiment 4 of the present invention.

Referring to FIG. 31, the network resource integrated management system according to the fourth embodiment of the present invention collects network resources in the same central collection manner as the network resource integrated management system according to the second embodiment. However, it is possible to efficiently manage wireless and mobile terminals by establishing a DHCP server (DHCPS) with dualization and stably assigning a floating IP address.

32 is a diagram illustrating a network resource integrated management system according to a fifth embodiment of the present invention.

Referring to FIG. 32, the network resource integrated management system according to the fifth embodiment of the present invention is a mixed structure of a central collection method and a local collection method, and partially installs an edge proxy (EP), and optionally, an edge proxy (EP). ) Collects network resources using a local collection method. In addition, a database server (DBS) and a DHCP server (DHCPS) can be built together to efficiently manage a large amount of IP addresses and wireless and mobile terminals.

33 is a flowchart illustrating a network resource integration management method according to an embodiment of the present invention.

Referring to FIG. 33, first, as shown in FIG. 30, an L3 switch L3 (or a router) and an L3 switch L3 that support communication between terminals belonging to different networks on the system network and have a port mirroring function are used. A network resource management system including a central server (CS) that registers and performs data communication with the registered L3 switch (L3) to collect network resources from the L3 switch (L3) through the Simple Network Management Protocol (SNMP). The integrated network resource management method used is as follows.

First, the central server CS collects network resources through the L3 switch L3 using SNMP (S331). At this time, the central server CS registers the L3 switch L3 installed on the network in advance, and collects network resources in real time through the registered L3 switch L3.

Thereafter, the central server CS extracts and statistics network address information and network information from the network resources collected from the L3 switch L3 and groups and registers them by network (S332).

As shown in FIG. 9, the network address information includes a network address, a subnet mask, a default gateway, and includes the number of IP addresses per network. Here, the number of IP addresses is the total number of IP addresses in use in the entire network, the number of IPs in the active and inactive states of the terminal, the number of new (newly discovered terminals) IP addresses, the number of IP addresses used with duplicate IP addresses, and the long period of inactivity. Contains the number of maintained IP addresses.

The network information includes IP address, MAC address, network equipment manufacturer, operating system, computer workgroup and name, connected equipment and port information as shown in FIG. 10, and terminal state (active, inactive or sleep state) information. (Turn-on / off time of terminal, etc.), dynamic IP address usage status information (rental, renewal, expiration, release, etc.), IP address duplication usage information, etc. are displayed.

Subsequently, an interface between the central server CS and the manager, for example, the manager communicates with the central server CS through a web standard interface that can be operated in a browser, thereby providing terminal information of an IP address, as shown in FIG. Information on the terminal user of the IP address, additional information related to the IP address including the network equipment is received and registered (S33).

The additional information includes LAN card manufacturer, detection equipment, connection equipment and port information, detection history information, rental history information, network equipment manufacturer / host name / serial number / model name.

Thereafter, the central server CS provides a network resource registered and processed to the administrator or the customer so that the administrator or the customer can easily understand the operation (S334). For example, network address information, a list of registered network information, registered network IP address information, terminal status information, dynamic IP address usage status information, and IP address duplication status information are provided to the administrator in real time. . Such information may be provided in printed form in connection with a printer.

In this case, the administrator can easily identify the IP address usage status by providing color-coded IP address usage forms, provide user and terminal information using the IP address, and view the IP address usage status in a "basic view", "access". Can be categorized into "view by grade" and "view DHCP leased IP" modes. Here, as shown in FIG. 14, the "basic view" is a mode for providing active state information, inactive state information, access information (IP reservation reservation), unused information of the terminal, and "view as access class" is 1 to 9 grades. Mode to provide up to, "DHCP lease IP view" refers to the mode of providing lease, expiration, lease rejection, availability status information.

Thereafter, by using the port mirroring function of the L3 switch (L3) to monitor the Internet connection of the terminal having an unapproved IP address, if the Internet connection of the terminal having an unapproved IP address is detected, the unauthorized terminal in the central server (CS) The blocking packet is transmitted to block the terminal having the unauthorized IP address from accessing the Internet (S335 and S336). In this case, when the edge proxy (EP) is installed in the network as shown in FIG. 25, the harmful element is detected and analyzed as shown in FIGS. 19 and 20 through the edge proxy (EP) in real time. Can be blocked or controlled according to the policy of the central server (CS).

Meanwhile, in steps S335 and S336, the network connection of the terminal having the unauthorized IP address is monitored through the edge proxy EP, and when the network connection of the terminal having the unauthorized IP address is detected, the terminal having the unauthorized IP address is detected. By setting the VL (Virtual Link) for the to block the communication with other terminals and partially allow the use of the network of the terminal having an unapproved IP address in response to the class-specific blocking policy transmitted from the central server.

In step S336, if the Internet or network access of the terminal having an unauthorized IP address is blocked through the L3 switch L3 or the edge proxy (EP), the unauthorized access is attempted to reconnect to the internet or network of the terminal having the unauthorized IP address. After providing user information by providing internet or network use application page to terminal user with IP address, he / she approves the use of internet or network through administrator, and confirms the approved user information and inputs terminal information with unauthorized IP address. And finally permitting the use of the Internet or a network (S337).

On the other hand, in step S336 when the harmful element is generated on the network through the edge proxy (EP), by detecting the real-time generated by the harmful element, the harmful equipment is connected to the terminal and the connected equipment and the port information is generated It reports to the central server and blocks the terminal where the harmful element is found from connecting to the network, and the central server provides the terminal information on which the harmful element is provided from the edge proxy, the connected equipment and port connected to the terminal where the harmful element is generated. Information can also be provided to administrators.

In addition, in step S336, when the web notification target terminal is detected by monitoring the source address of the IP header transmitted through the network through port mirroring of the L3 switch L3 as shown in FIGS. 26 and 27, the detected web is detected. After extracting the URL to which the notification target terminal attempts to access, it generates a redirection packet through the port mirroring function of the L3 switch L3 to transmit the generated packet to the web notification target terminal to induce the web notification page. Subsequently, when the web notification target terminal is moved to the web notification page, the web notification contents and the URL page to which the web notification target terminal is to be simultaneously displayed are displayed, and when the web notification confirmation is completed, the web notification target terminal is recalled. The web notification target terminal is moved to the URL page to which the terminal to be connected.

As described above, the technical spirit of the present invention has been described in detail in the preferred embodiments, but the above-described preferred embodiments are for the purpose of description and not of limitation. As such, those skilled in the art may understand that various embodiments are possible through the combination of the embodiments of the present invention within the scope of the technical idea of the present invention.

CS: Central Server
L3: L3 switch (or router)
EP: Edge Proxy
VS: antivirus server
DHCPS: DHCP Server
DBS: Database Server

Claims (22)

At least one L3 switch or router supporting communication between terminals belonging to other networks on the system network and having a port mirroring function; And
And a central server that registers the L3 switch or the router and performs data communication with the registered L3 switch or the router to collect network resources from the L3 switch or the router through SNMP (Simple Network Management Protocol). ,
The central server comprises:
Network address information and network information are extracted from the L3 switch or the network resource collected from the router, and statistically grouped and registered by network, and then a list of registered network address information and registered network information, and a registered network IP address Number of terminals, usage of the terminal, dynamic IP address usage status, IP address duplication usage status,
Communicates through a web standard interface that can be operated by the administrator and the browser, and receives and registers the terminal information of the IP address, the terminal user information of the IP address, and additional information related to the IP address including the network equipment from the administrator. ,
When a terminal having an unapproved IP address attempts to access the Internet by using a port mirroring function of the L3 switch or the router, the terminal detects through the L3 switch or the router and transmits a blocking packet to the L3 switch or the router. The L3 switch or the router blocks a terminal having an unauthorized IP address from accessing the Internet,
At least one edge proxy installed in at least one of the networks on the system network to collect network resources and provide them to the central server,
The edge proxy detects when a terminal having an unauthorized IP address attempts to access the network, transmits the detected edge to the central server, and sets up a VL (Virtual Link) for the terminal having an unauthorized IP address in the network. And controlling network usage of a terminal having an unapproved IP address in response to a class-specific blocking policy transmitted from the central server after blocking communication with another terminal.
delete The method of claim 1,
The central server is an unauthorized IP address when attempting to reconnect to the Internet or network of the terminal having the unauthorized IP address after the connection of the Internet or the network of the terminal having the unauthorized IP address is blocked through the L3 switch, the router, or the edge proxy. After providing the user information by providing the Internet or network use application page to the terminal user having a user, and after confirming the approved user information approved for use of the Internet or network through the administrator, and finally received the terminal information confirmed the approval A network resource integrated management system, characterized in that the use of the Internet or network.
The method of claim 1,
The edge proxy detects in real time when a harmful element is generated on the network, and reports the terminal information on which the harmful element is generated, the connection equipment and port information connected to the terminal where the harmful element is generated, to the central server, Blocking the discovered terminal from accessing the network, the central server provides the administrator with terminal information generated harmful elements provided from the edge proxy, connected equipment and port information connected to the terminal generated harmful elements to the administrator Network resource integrated management system.
The method of claim 1,
The central server monitors the source address of the IP header transmitted through the network through the port mirroring function of the L3 switch or the router. And extracting a uniform resource locator and generating a redirection packet to transmit the generated packet to the web notification target terminal to guide the web announcement page.
The method of claim 5, wherein
When the web notification target terminal completes the move to the web notification page, the central server simultaneously displays the web notification content and the URL (Uniform Resource Locator) page to which the web notification target terminal is connected, and then confirms the web notification. And the web announcement target terminal is moved to a Uniform Resource Locator (URL) page to which the web announcement target terminal is to be accessed.
The method of claim 1,
The central server analyzes the collected network resources to detect network equipment and servers, or detects network equipment and servers using asynchronous SNMP detectors and asynchronous SNMP analyzers, and then classifies and registers by manufacturer, type, and location. Integrated network resource management system for monitoring the network and the server through the IRTTL (Icmp Round-Trip Time Log), MRTG (MultiRouter Traffic Grapher).
The method of claim 1,
A Dynamic Host Configuration Protocol (DHCP) server having a duplexing function for automatically allocating a floating IP address to a terminal connected to a network in association with the central server; And
And a database storing the network resources collected and built separately from the central server.
The method of claim 8,
The central server provides color-coded IP address usage forms so that the administrator can easily identify the IP address usage status, provides user and terminal information using the IP address, and displays the IP address usage status in a "basic view", Network resource integrated management system, characterized in that provided in the "view access class" and "DHCP leased IP view" mode.
The method of claim 1,
The central server restricts network use of a terminal in which a harmful element is found in connection with a firewall or an intrusion prevention system (IPS), but the central server detects a DDoS terminal in the firewall or the IPS and blocks the DDoS. When the IP address of the terminal is transmitted, after receiving the transmission, the edge proxy is notified to the edge proxy according to a predetermined blocking policy for each class, and the network usage of the terminal on which harmful elements are found in response to the blocking level is restricted. Network resource integrated management system.
The method of claim 1,
The central server induces network usage restriction and vaccine installation and update for the terminal without vaccine or terminal that is not updated in connection with a vaccine server or a PMS (Patch Management System), but the central server is the vaccine server or the When PMS detects the terminal without vaccine and sends the IP address of the terminal without vaccine, it receives the message and notifies the edge proxy to the edge proxy according to the blocking policy for each class. Network resource integrated management system, characterized in that to limit the network use of the uninstalled terminal or to induce the installation of the vaccine.
The method of claim 1,
The central server collects the connection information through the L2 switch or the L3 switch associated with the terminal on the network, collects and analyzes the L2 switch or L3 switch directly connected to the terminal, and calculates and provides a result. Integrated management system.
At least one L3 switch or router supporting communication between terminals belonging to other networks on the system network and having a port mirroring function, registering the L3 switch or the router, and registering the L3 switch or router with the registered L3 switch or router In the network resource integrated management method using a network resource integrated management system comprising a central server for performing a data communication to collect network resources through the Simple Network Management Protocol (SNMP) from the L3 switch or the router,
(a) collecting network resources from the L3 switch or the router;
(b) extracting network statistics and network information from the network resources collected from the L3 switch or the router, and statistically grouping and registering the network addresses;
(c) Communicates through a web standard interface that can be operated by an administrator and a browser, and receives and registers terminal information of the IP address, information on the terminal user of the IP address, and additional information related to the IP address including network equipment from the administrator. Making; And
(d) providing a list of registered network address information and registered network information, a registered IP address for each network, a state of a terminal and a dynamic IP address use state, and an IP address duplication state;
(e) using the port mirroring function of the L3 switch or the router to monitor the Internet access of the terminal having the unauthorized IP address, and if the Internet connection of the terminal having the unauthorized IP address is detected, the L3 at the central server Transmitting a blocking packet to a switch or the router to block a terminal having an unauthorized IP address from accessing the Internet;
The network resource integrated management system includes at least one edge proxy installed in a network to collect network resources locally and provide them to the central server.
The step (e) monitors the network connection of the terminal having the unauthorized IP address through the edge proxy, and if the network connection of the terminal having the unauthorized IP address is detected, VL (s) for the terminal having the unauthorized IP address ( Virtual link) to block communication with other terminals, and then partially allow network use of terminals with unauthorized IP addresses in response to a class-specific blocking policy sent from the central server. Way.
delete The method of claim 13,
After the step (e),
(f) If the Internet or network access of the terminal having an unauthorized IP address is blocked through the L3 switch, the router, or the edge proxy, the unauthorized IP address is attempted when attempting to reconnect to the internet or network of the terminal having the unauthorized IP address. After providing the user information by providing internet or network use application page to the terminal user who has the user information, he or she approves the use of the Internet or network through the administrator, checks the approved user information, and receives terminal information with an unapproved IP address. Authorizing the use of the Internet or a network further comprising the network resource management method.
The method of claim 13,
In the step (e), if a harmful element is generated on the network through the edge proxy, the central server detects the harmful element in real time and generates terminal information, connection equipment and port information connected to the terminal where the harmful element is generated. At the same time, the terminal that is found to be harmful elements is blocked from accessing the network, and the central server provides terminal information on which harmful elements are provided from the edge proxy, connection equipment and port information connected to the terminal on which harmful elements are generated. Network resource integration management method, characterized in that provided to the administrator.
The method of claim 13,
In the step (e), when the L3 switch or the router monitors a source address of an IP header transmitted through a network through a port mirroring function and detects a web announcement target terminal, the detected web announcement target terminal attempts to connect. And extracting a Uniform Resource Locator (URL), generating a redirection packet, and transmitting the generated packet to the web notification target terminal to derive the web notification page.
The method of claim 17,
In the step (e), when the terminal to which the web notification target terminal is completed moves to the web notification page, the web notification contents and the URL (Uniform Resource Locator) page to which the web notification target terminal is to be simultaneously displayed are simultaneously displayed. When the web notification target terminal is completed, the network resource integration management method comprising moving to a Uniform Resource Locator (URL) page to which the web notification target terminal is connected.
The method of claim 13,
The integrated network resource management system is constructed separately from the central server and a dynamic host configuration protocol (DHCP) server having a redundant function to automatically allocate a dynamic IP address to a terminal connected to the network in association with the central server. And further comprising a database storing the collected network resources.
The method of claim 19,
Step (d) provides color-coded IP address usage forms for administrators to easily grasp the IP address usage status, provides user and terminal information using the IP address, and displays the IP address usage status in "Basic View." Network resource integration management method characterized in that provided in the "," view by access level "and" DHCP leased IP view "mode.
The method of claim 13,
The central server restricts network use of a terminal in which a harmful element is found in connection with a firewall or an intrusion prevention system (IPS), but the central server detects a DDoS terminal in the firewall or the IPS and blocks the DDoS. When the IP address of the terminal is transmitted, after receiving the transmission, the edge proxy is notified to the edge proxy according to a predetermined blocking policy for each class, and the network usage of the terminal on which harmful elements are found in response to the blocking level is restricted. How to manage network resource integration.
The method of claim 13,
The central server induces network usage restriction and vaccine installation and update for the terminal without vaccine or terminal that is not updated in connection with a vaccine server or a PMS (Patch Management System), but the central server is the vaccine server or the When PMS detects the terminal without vaccine and sends the IP address of the terminal without vaccine, it receives the message and notifies the edge proxy to the edge proxy according to the blocking policy for each class. Network resource integration management method, characterized in that to limit the network use of the non-installed terminal or to induce the installation of the vaccine.

Images