KR101502962B1 - Black-box device for management of computers and method thereof - Google Patents

Black-box device for management of computers and method thereof Download PDF

Info

Publication number
KR101502962B1
KR101502962B1 KR20140161721A KR20140161721A KR101502962B1 KR 101502962 B1 KR101502962 B1 KR 101502962B1 KR 20140161721 A KR20140161721 A KR 20140161721A KR 20140161721 A KR20140161721 A KR 20140161721A KR 101502962 B1 KR101502962 B1 KR 101502962B1
Authority
KR
South Korea
Prior art keywords
computer
information
data
management
black box
Prior art date
Application number
KR20140161721A
Other languages
Korean (ko)
Inventor
박상호
Original Assignee
(주)지란지교소프트
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)지란지교소프트 filed Critical (주)지란지교소프트
Priority to KR20140161721A priority Critical patent/KR101502962B1/en
Application granted granted Critical
Publication of KR101502962B1 publication Critical patent/KR101502962B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes

Abstract

A black box apparatus and method for computer management are disclosed. According to an aspect of the present invention, there is provided a black box device for managing a computer, the black box device comprising: a communication unit for collecting leakage information on data flowing out from one or more managed computers connected to an internal network through an external network; A storage unit for storing the outflow information; And a control unit for analyzing the leakage information to calculate a risk, acquiring additional information from the computer to be managed according to the risk, and storing the acquired information in the storage unit.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a black-

The present invention relates to computer management, and more particularly, to a black box device and method for computer management.

In recent years, due to the development of Internet technology and computing devices, various contents can be used at any time where communication is possible, and users are feeling convenience. In addition, computing devices are used not only for the Internet or games, but also for business use by most companies.

In recent years, there has been a problem of not only malicious codes that prevent some of the software or hardware of these computing devices from functioning properly, but also malicious codes that leak important internal data to the outside. As a result, not only leakage of personal information but also security-important files are leaked to the outside, thereby increasing the damage.

In case of malicious code that leaks data to the outside, the process is driven by itself regardless of the user's command, and the internal data is leaked to a specific destination. As a result, not only personal information but also business-critical data can be leaked out, resulting in a security dangerous situation.

In addition to the leakage of such malicious code, a malicious user often leaks data directly through a communication network. Compared to malicious code, this can be a more security risk. In particular, in the case of a corporate computer, data may be leaked by other employees or outside guests while the actual user is away, and this leakage can be quite malicious and may result in a loss of security to the company do.

Korean Patent Publication No. 10- 2009-0090678 (Published date August 26, 2009) Screen capture based computer usage history Black box and monitoring system

SUMMARY OF THE INVENTION Accordingly, the present invention has been made keeping in mind the above problems occurring in the prior art, and an object of the present invention is to provide a black box apparatus and method for managing a computer to track an outflow destination or an outflower even if data is leaked to the outside.

The present invention also provides a black box device and method for enabling further detailed computer management by additionally confirming and processing whether or not a computer user currently exists.

Other objects of the present invention will become more apparent through the following preferred embodiments.

According to an aspect of the present invention, there is provided a black box apparatus for managing a computer, the black box apparatus comprising: a communication unit for collecting leakage information on data flowing out from one or more managed computers connected to an internal network through an external network; A storage unit for storing the outflow information; And a control unit for analyzing the leakage information to calculate a risk, acquiring additional information to the management computer according to the risk, and storing the acquired information in the storage unit.

Here, the additional information may include at least one of image information captured by the managed computer and information of a processor attempting data leakage.

The risk may be calculated using at least one of a source, an outflow data, and a user existence of the computer to be managed.

The control unit may further include a beacon unit for transmitting a specific signal, wherein the control unit confirms whether or not a computer user exists as to whether or not the user terminal corresponding to the management target computer previously received the specific signal, The above risk can be calculated.

According to another aspect of the present invention, there is provided a computer management method performed in a black box device, comprising: collecting leakage information on data flowing out from a computer to be managed through a communication network; Analyzing the outflow information to calculate a risk; And acquiring and storing additional information in the management subject computer when the risk level is equal to or greater than a predetermined value, and a recording medium on which a program for executing the method is recorded.

Transmitting a specific signal periodically including unique identification information to a local area communication; And checking whether there is a computer user as to whether or not the user terminal corresponding to the management target computer has received the specific signal in advance, and calculate the risk level to correspond to the confirmed result.

The method may further include transmitting a deletion or treatment command to the processor that has attempted to leak the data to the management target computer when it is determined that the computer user does not exist and the leaked data is determined to be important data .

In addition, the additional information may include at least one of image information captured by the managed computer and information of a processor attempting data leakage.

According to the present invention, when data is leaked to the outside, an outflow history or an outflower can be tracked by storing an outflow history or additional information.

In addition, according to the present invention, it is further possible to check whether a user of the computer to be managed is present at a location where the computer is located, and to process the computer in detail, thereby enabling more detailed computer management.

1 is a block diagram schematically illustrating a black box system for computer management according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a computer management process performed in a black box device according to an embodiment of the present invention; FIG.
3 is a block diagram showing a configuration of a black box device according to an embodiment of the present invention;
FIG. 4 is a block diagram illustrating a black box system for computer management according to another embodiment of the present invention; FIG.
FIG. 5 is a flowchart illustrating a risk calculating process using a beacon signal performed in a black box device according to an embodiment of the present invention. FIG.

While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that the invention is not intended to be limited to the particular embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the like elements throughout the specification and claims. The description will be omitted.

1 is a block diagram schematically illustrating a black box system for computer management according to an exemplary embodiment of the present invention.

Referring to FIG. 1, the overall system according to the present embodiment includes management computers 10-1, 10-2, ..., 10-n And a black box device 30 connected by an internal network.

The black box device 30 stores outflow information on the outflow data when the management subject computer 10 leaks data to the outside via an external network. In other words, related information (leaked data source, log, etc.) is used to monitor or track not only the data flowing out to the outside from the management subject computer 10 but also the type, form, outflower, .

The managed computer 10 uses an external network through a specific device (e.g., a router or a gateway) in the internal network. Accordingly, the black box device 30 connected to the above-described specific device via the internal network can collect all the data flowing from the internal network to the external network. Which will be obvious to those skilled in the art, so that a more detailed description will be omitted.

Hereinafter, a management method for the management subject computer 10 performed by the black box device 30 will be described.

2 is a flowchart illustrating a computer management process performed in the black box device 30 according to an embodiment of the present invention.

Referring to FIG. 2, the black box device 30 collects leakage information on data flowing to the external network (S210). As described above, the outflow information may be log information (source, outflower, outflow file name, outflow time, etc.) of the attempted data leakage data, or may be a copy of the outflow data source or the like.

In addition, the black box device 30 may store additional information in addition to the outflow information. The additional information may be image information captured by the managed computer 10, information of a processor (or process) attempting data leakage, location information of a user of the managed computer 10 (to be described later), and the like.

The black box can always acquire and store additional information, but according to one example, whether or not to acquire additional information may be determined depending on the risk of data leakage. The risk may vary depending on the type of data that is leaked, the amount of data, the source, the leaker, and the time when the leak was attempted. For example, if a high-volume document file is leaked to a competitor, the risk may be high.

As described above, the black box device 30 calculates the risk level (S220). If the risk level is equal to or higher than a certain level, the additional information is acquired and stored (S250). For example, as the additional information from the managed computer 10 attempting data leakage, one or more images captured by the screen are acquired. For example, when the process of attempting data leakage is executed, the management subject computer 10 captures and stores a screen, and provides the captured screen to the black box device 30 upon request. Or when the management subject computer 10 receives the request for additional information from the black box device 30, the management subject computer 10 transmits information about the currently executed processor to the black box device 30 as additional information together with the image of the current screen capture.

If the risk is less than a predetermined value, the black box device 30 stores only the outflow information without obtaining additional information (S240).

Hereinafter, the configuration of the black box device 30 will be described.

3 is a block diagram showing the configuration of a black box device 30 according to an embodiment of the present invention.

Referring to FIG. 3, the black box device 30 includes a communication unit 310, a storage unit 330, and a control unit 370.

The communication unit 310 is for communicating with the internal network. The communication unit 310 collects leakage information about data flowing out to the outside through the external network from the managed computer 10 connected by the communication unit 310.

The storage unit 330 stores the outflow information 334 and further stores identification information (for example, an ID, a MAC address, or an IP address) as the information 332 for each of the managed computers 10, , User information, user terminal information (phone number, IP address, etc.) of the user, and the like.

The control unit 370 performs overall control functions of each constituent unit. In particular, the control unit 370 analyzes the outflow information to calculate a risk, determines whether to acquire additional information to the managed computer 10 according to the risk, And stores the acquired additional information in the storage unit 330 together with the leakage information.

According to the present embodiment, the black box apparatus 30 further includes a beacon unit 350. [

The beacon unit 350 performs a function of transmitting a specific signal such as BLE (Bluetooth Low Energy). The control unit 370 can check whether the user terminal corresponding to the management target computer 10 has received the specific signal in advance or not, and calculate the risk level corresponding to the confirmed result.

A detailed description thereof will be made with reference to FIG.

FIG. 4 is a block diagram of a black box system for computer management according to another embodiment of the present invention. FIG. 5 is a block diagram illustrating a black box system according to an exemplary embodiment of the present invention. And Fig.

Referring to Fig. 4, the overall system according to the present embodiment further includes a user terminal 50 and a management device 70. Fig.

The user terminal 50 may be, for example, a smart phone, a tablet PC, or the like as a mobile device of the user of the managed computer 10.

The user terminal 50 reports a specific signal (hereinafter referred to as a beacon signal) transmitted from the black box device 30 to the management device 70. For example, the management device 70 inquires of the user terminal 50 from time to time or when necessary to determine whether a beacon signal from the black box device 30 is received.

The reason for this is that the user of the management subject computer 10 can always be judged to be carrying the user terminal 50 and therefore the user of the black box device 30 installed around the zone in which the management subject computer 10 exists If the beacon signal of the user terminal 50 is being received by the user terminal 50, it can be determined that the user is located around the managed computer 10.

In other words, the management apparatus 70 can tell that the user (i.e., the user terminal 50 and the user of the managed computer 10) manages information about whether or not the managed computer 10 is located around the managed computer 10.

The black box device 30 confirms whether or not the user of the management subject computer 10 is present at a specific position (i.e., the position where the management subject computer 10 is located) at present, Select, acquire and store.

5, the black box device 30 transmits a beacon signal periodically or at a required time (S510), and sends a beacon signal to the management computer 70 And confirms and recognizes the position of the user of the portable terminal 10 (S520).

The black box device 30 uses the user's specific location, i.e., whether the user is located in the vicinity of the managed computer 10, for risk calculation (S530). For example, if the user is not located at a specific location, the risk will be high because the user is likely to be judged to have been attempted by another person or by a malicious code.

Although it is not shown in the drawing, the black box device 30 determines that the user of the managed computer 10 attempting to flow out does not exist at the specific location, and if the leaked data is determined to be important data, It may send an erase or repair command to the target computer 10 that attempted to flow out. In other words, when important data such as personal information is leaked to a user in the absence of a user, the processor is highly likely to be malicious code, so that the processor is deleted or treated by a vaccine program.

According to the present embodiment, the presence or absence of a user of the management target computer 10 can be checked, and relevant information corresponding to the data leakage can be selected and stored, thereby making it possible to prepare for leakage of important data.

The computer management method using the black box device according to the present invention can be implemented as a computer-readable code on a computer-readable recording medium. The computer-readable recording medium includes all kinds of recording media storing data that can be decoded by a computer system. For example, it may be a ROM (Read Only Memory), a RAM (Random Access Memory), a magnetic tape, a magnetic disk, a flash memory, an optical data storage device, or the like. In addition, the computer-readable recording medium may be distributed and executed in a computer system connected to a computer network, and may be stored and executed as a code readable in a distributed manner.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the invention as defined in the appended claims. It will be understood that various modifications and changes may be made.

10-1, 10-2, ..., 10-n:
30: Black box device
50: User terminal
70: management device

Claims (9)

delete delete delete delete A computer management method performed in a black box device,
Collecting leakage information on data flowing out from a management object computer through a communication network;
Analyzing the outflow information to calculate a risk;
Acquiring and storing additional information in the management target computer when the risk level is greater than a predetermined value;
Transmitting a specific signal periodically including the unique identification information to the near-field communication;
Confirming whether or not a computer user exists as to whether the user terminal corresponding to the management target computer previously received the specific signal; And
And sending a delete or repair command to the processor attempting to leak the data to the managed computer when the computer user is determined not to exist and the leaked data is determined to be critical data.
delete delete The method of claim 5,
Wherein the additional information includes at least one of image information obtained by capturing a screen of the management target computer and processor information of attempting data leakage.
A recording medium on which a program for carrying out the method according to claim 5 or 8 is recorded so as to be read by a computer.
KR20140161721A 2014-11-19 2014-11-19 Black-box device for management of computers and method thereof KR101502962B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR20140161721A KR101502962B1 (en) 2014-11-19 2014-11-19 Black-box device for management of computers and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR20140161721A KR101502962B1 (en) 2014-11-19 2014-11-19 Black-box device for management of computers and method thereof

Publications (1)

Publication Number Publication Date
KR101502962B1 true KR101502962B1 (en) 2015-03-16

Family

ID=53027686

Family Applications (1)

Application Number Title Priority Date Filing Date
KR20140161721A KR101502962B1 (en) 2014-11-19 2014-11-19 Black-box device for management of computers and method thereof

Country Status (1)

Country Link
KR (1) KR101502962B1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060104270A (en) * 2005-03-30 2006-10-09 (주)펄스미디어 File security system for tracing history of file draining out
KR20090090678A (en) * 2008-02-21 2009-08-26 김종근 Monitoring and recorder system for history of using computer based on screen captures
KR20120053879A (en) * 2010-11-18 2012-05-29 주식회사 디지털벤투스 Computer lock terminal module, computer lock module and computer lock method using the same
KR20120076661A (en) * 2010-12-09 2012-07-09 한국전자통신연구원 Information property management apparatus, server, agent and method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060104270A (en) * 2005-03-30 2006-10-09 (주)펄스미디어 File security system for tracing history of file draining out
KR20090090678A (en) * 2008-02-21 2009-08-26 김종근 Monitoring and recorder system for history of using computer based on screen captures
KR20120053879A (en) * 2010-11-18 2012-05-29 주식회사 디지털벤투스 Computer lock terminal module, computer lock module and computer lock method using the same
KR20120076661A (en) * 2010-12-09 2012-07-09 한국전자통신연구원 Information property management apparatus, server, agent and method thereof

Similar Documents

Publication Publication Date Title
RU2622876C2 (en) Method, device and electronic device for connection control
CN107622203B (en) Sensitive information protection method and device, storage medium and electronic equipment
KR102072095B1 (en) Identity authentication methods, devices, and systems
CN110363020B (en) Screen capturing monitoring method, device, computer equipment and storage medium
CN104966053A (en) Face recognition method and recognition system
CN103514397A (en) Server, terminal and authority management and permission method
CN105590047A (en) Face identification based login system and login method
CN105100108A (en) Login authentication method, device and system based on face identification
KR101908944B1 (en) Apparatus and method for analyzing malware in data analysis system
KR101812667B1 (en) Method and apparatus for backing up data, electronic device, program and recording medium
KR101779696B1 (en) Method and apparatus for detecting voice phishing
KR101264102B1 (en) The smart phone comprising anti-virus ability and anti-virus method thereof
KR20130088942A (en) Smart-phone control system and control method based on the location information
KR102071530B1 (en) Apparatas and method for proposing a response manual of occurring denial in an electronic device
US20160110531A1 (en) Information processing apparatus, terminal apparatus and information processing method
KR101115250B1 (en) Apparatus and method for checking safety of qr code
CN104426836A (en) Invasion detection method and device
KR101467228B1 (en) Method for preventing outflow file and device thereof
US20140351933A1 (en) System and method for inspecting harmful information of mobile device
KR101448085B1 (en) SE Applet Management Method According to Application Uninstalling, Mobile Device and Service Management Server using the same
KR101754014B1 (en) Information Leakage Prevention Apparatus Based Face Recognition And Method of Threof
KR101502962B1 (en) Black-box device for management of computers and method thereof
US10242191B2 (en) Dynamically-loaded code analysis device, dynamically-loaded code analysis method, and dynamically-loaded code analysis program
US10331937B2 (en) Method and system for context-driven fingerprint scanning to track unauthorized usage of mobile devices
CN108229180B (en) Screenshot data processing method and device and electronic equipment

Legal Events

Date Code Title Description
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant