KR102449282B1 - Site replication devicefor enhancing website security - Google Patents

Abstract

The present invention relates to a site copying device for enhancing website security. The site copying device comprises: a transmitting module (100) for transmitting data of an internal system database of an intranet zone in response to a web content information request through an HTTP from an external client of an external Internet zone; and a receiving daemon (200) for allowing a TCP protocol to deliver web content by a switch connection manner. Therefore, the site copying device can defend against remote code execution vulnerabilities occurring in various forms against attack cases using conventional remote code execution vulnerabilities.

Description

Site replication device for enhancing website security

The present invention relates to site duplication for enhancing website security, and more particularly, security of all or part of a service for an internal site of an intranet zone to the outside of the Internet zone for a web content service. It relates to a site cloning device for reinforcing the security of a linked website in consideration of

In general, the internal business system (site) should be used by exposing the service to the outside as needed, but in the case of a security issue or in the case of a client company that needs to link web content such as a bulletin board between internal/external sites, or mandatory security regulations or costs There are many customers who have difficulties in introducing network-connected solutions due to problems such as , period, and manpower.

Conventionally, various methods have been proposed to defend against hackers who maliciously access a web server (or WAS server) that provides a service of web content.

Server firewalls, network firewalls, web firewalls, IPS equipment, IDS equipment, etc. have been suggested as alternatives to block hacking attacks on systems while servicing websites. The contents and limitations of each security technology (security product) are as follows same as

The network firewall plays a role in securing the transport layer, which is layer 4 out of 7 layers of OSI (Open Systems Interconnection).

The administrator uses the network firewall to set access control rules using IP addresses and port numbers to block network packets from unauthorized IP-based attackers.

However, since access is permitted to all users accessing the website from the outside, the network firewall allows all packets destined for the web service. However, in a web server that is open to the outside like a website, anyone can attack the vulnerability if the website source has a vulnerability, so a network firewall cannot prevent external hackers from attacking the vulnerability. That is, the network firewall can control the services to be permitted and the services not to be permitted, but cannot prevent vulnerabilities in the contents of packets communicated by the permitted services.

To solve this problem, a web firewall was introduced. A web firewall can recognize the HTTP protocol and can defend against attacks on vulnerabilities existing in the website.

The web firewall has a packet filtering system, compares incoming packets with a predefined pattern, blocks malicious packets, and transmits normal packets to the web server.

However, because web firewalls create patterns using known attack techniques, attackers can easily bypass the pattern filter system by slightly modifying the existing attack techniques, and cannot defend against unknown attack techniques, and block all incoming packets. There was a problem that the speed of the web service was greatly slowed down because it had to perform comparisons with tens to thousands of predefined patterns. In addition, it is difficult to interpret the meaning of the correct packet of the web server in the case where the subject is not the web server, but the middleman. If the normal packet coincides with a predefined pattern, it is mistaken for a malicious packet and normal users are blocked from using the web service. there is also

In particular, web-based 'tunneling attack' and 'remote code execution attack' type hacking such as Log4J vulnerability attack uses HTTP web attack to obtain a TCP-based shell despite the highest security risk, It is impossible to register all patterns for input parameters because they are too diverse with various string bypass attacks (intermediate space, uppercase and lowercase letters, URL encoding, Base64 encoding, etc.).

Looking at the change in the configuration of the server that provides the web content service from the security point of view, from the first web server alone configuration, it evolved to separate the web server and the WAS server. area), the WAS server is placed in the internal network (internal intranet network area) to serve as a separate network.

In this configuration, the user connects to the web server through an external browser and makes a request, and the service is used in the process of delivering web content data by responding to the internal WAS server connected through TCP communication.

Here, in the case of HTTP, which is connected to the web server when providing web content service, structurally, it is the 7th layer of the 7th layer of OSI (Open Systems Interconnection), and in the case of TCP, it is the lower 4th layer, and the HTTP protocol is based on this TCP protocol. It consists of a web-based 'tunneling attack' and 'remote code execution' in which a malicious hacker, not a general user, uses this structural characteristic to attack the HTTP web to obtain a TCP-based shell. 'attack' type of hacking.

The serious security issue here is that an external hacker will infiltrate the internal system of the internal network without permission or authentication.

Furthermore, with the successful penetration of the internal network, it is possible to delete important data from the internal system, steal personal information, etc.

Recently, web attacks by malicious hackers are diversifying and technologically evolving, and they are increasing more than before.

In addition, there is no way to defend against hacking in the form of advanced web-based 'tunneling attacks' and 'remote code execution attacks' with existing security technologies.

An example of an attack using the remote code execution vulnerability is as follows.

* ORACLE WebLogic Server remote code execution vulnerability discovered

- May 03, 2018

- Reference: https://blog.naver.com/ntower/221267434257

* ThinkPHP framework remote code execution vulnerability found (CVE-2018-20062)

- Jan 28, 2019

- Reference: https://lopicit.tistory.com/358

* Template injection vulnerability (CVE-2019-11581) in ContactAdministrators and SendBulkMail functions in Jira servers and data centers.

- August 19, 2019 - Reference: https://www.boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35126

* Microsoft has identified a remote code execution vulnerability in the way that the Server Message Block 3.1.1 (SMBv3) protocol handles requests using compressed headers.

- March 10, 2020

- Reference: https://blog.naver.com/skinfosec2000/221869960914

* LFI to RCE - Remote code execution that exploits LFI vulnerabilities

- June 16, 2020

- Reference: https://blog.naver.com/sjhmc9695/222002074140

* Cisco product security vulnerabilities… Damage caused by remote code execution

- October 05, 2020

- Reference: https://www.dailysecu.com/news/articleView.html?idxno=114546

* If the Struts server is configured to accept an OGNL expression as a user input value, a vulnerability has been found that could allow an attacker to execute an arbitrary command by passing a malicious expression

- December 10, 2020

- Reference: https://blog.naver.com/skinfosec2000/222218983899

* Discovered a vulnerability in which an abnormal HTTP header string is inserted into the session data, and the remote execution code is stored in utf8_general_ci in the wrong session handler process and arbitrary code is executed

- March 25, 2021

- Reference: https://blog.naver.com/hahasungan/222286967626

* "Webmin Remote Code Execution Vulnerability" Occurs from the password change function, and administrator privilege commands can be executed without additional authentication

- January 20, 2021

- Reference: https://blog.naver.com/evolve0702/222213341986

* 'CVE-2022-21907', a vulnerability included in Microsoft's first regular patch, found a vulnerability that could allow an attacker to use the HTTP protocol stack (http.sys) to execute remote code

- February 21, 2022

- Reference: https://blog.naver.com/sk_shieldus/222653279031

* Critical vulnerability found in Spring Framework named Spring 4 Shell.

- March 31, 2022

- Reference: https://zdnet.co.kr/view/?no=20220331181050

Therefore, due to the nature of HTTP, which can provide a more secure web site service than before, once web content is delivered, even if the TCP connection is cut in the middle, it does not affect the nature of the content of HTTP. It will be necessary to develop a new security technology with a structure that always delivers, disconnects the TCP connection and establishes a new TCP session, for fatal web-based 'tunneling attacks' and 'remote code execution attacks' types of hacking.

Patent Document 1: Republic of Korea Patent Application No. 10-2018-0143337 (November 20, 2018) Patent Document 2: Republic of Korea Patent Publication No. 10-2011-0067169 (June 21, 2011) Patent Document 3: Republic of Korea Patent Publication No. 10-2005-0107487 (November 11, 2005)

Therefore, the present invention is to solve all the shortcomings and problems of the prior art as described above, and as the dependence on open source libraries increases, security vulnerabilities are increasing every year. In particular, the log4j vulnerability, which is called the worst vulnerability in history, is As an execution vulnerability (RCE, Remote Code Execution), it received a 'CVSS (Common Vulnerability Scoring System) score of 10' and is the most serious level in security. As a vulnerability to be executed, it is possible to penetrate internal systems through an external path. In particular, due to the simple attack technique, many organizations and companies became easily accessible targets for black hackers, becoming a great threat to organizations and companies. As attacks using vulnerabilities increase in all directions, as a security countermeasure against these illegal and malicious web attacks (tunneling attacks, remote code execution attacks, etc.) It aims to provide a site replication device for

In addition, the present invention provides a site replication device for strengthening website security that links all or part of the service to the web site outside the Internet zone in the intranet zone in consideration of security for the web content service. Its purpose is to provide

The present invention for solving this object is a transmission module 100 for transmitting data of an internal system database of an intranet zone in response to a web content information request through HTTP from an external client of an external Internet zone (Internet Zone) ); And when the web content information request from the external client is transmitted to the internal system database of the intranet zone, received web content is received and delivered to the sending module 100, the internal system (WEB Site) By closing the transmission, the TCP protocol made when web content is transmitted through HTTP is configured to include a reception daemon 200 that delivers web content in a switch connection method. to provide.

Here, the reception daemon 200 is characterized in that it provides to another web server by replicating dynamic web content for a website that provides web content based on HTTP and HTTPS protocols.

In addition, the transmission module 100 connects to a web server in the Internet area through the user's browser, and sets the communication form of the HTTP protocol to a separate TCP protocol (TCP protocol-based) for the web request service called in this way. It is characterized in that it converts to the self-regulation definition) and applies the meaning of the web request service as it is.

On the other hand, the reception daemon 200 parses the meaning of the web request service of a separate TCP protocol (TCP protocol-based self-regulation definition) received from the transmission module 100, and a WAS server (or web server) It is characterized in that it is reconfigured in the form of HTTP protocol in an interpretable form and transmitted to the internal site (WEB Site) of the internal network (intranet area).

In addition, the reception daemon 200 and the transmission module 100 provide a TCP connection for the web content provision service of the site on the internal network (intranet area) when the provided service is reproduced as it is on the web server on the external network (internet area). It is a switch method in which one side is disconnected when the other is connected, rather than connected at the same time for two connections by dividing it into three. In the case of an attack (hacking) in the form of a web-based tunneling attack and remote code execution attack, the TCP-based connection is cut, and it is characterized in that it performs a security defense that neutralizes attacks in the state of TCP connection (Haking Defense). .

And when there is a request to transmit the same web content in the same user session by applying the Least Recently Used (LRU) algorithm to the memory of the sending module 100, the LRU Cache performs a function of storing frequently used web content into a cache. Web content data memory using the LRU algorithm that checks the Manager and, if registered in the cache manager, retrieves and delivers the web response content currently registered in the LRU Cache Manager without forwarding it to the receiving daemon 100 A single thread for performing caching management, processing multi-channel and NIO Socket processing types of TCP communication for mass web content data transmission between the sending module 100 and the receiving daemon 200, or large web content data transmission It is characterized by reducing unnecessary TCP connections by processing non-ThreadGroup or applying ASync-type queuing method.

Here, in the reception daemon 200, when calling web request information during HTTP protocol communication, it is possible to defend against an attack (hacking) in the form of an HTTP request header or string insertion attack of an input parameter. , characterized in that the ecure filter 227 is further configured to detect and block malicious strings in a regular expression pattern for input parameters by parsing various external inputs.

And when web content is delivered to the sending module 200 in the receiving daemon 200, a "Session Manager" 225 for confirming the same person of user authentication between an external website and an internal website is configured to provide an SSO authentication processing function and “Request Manager” (221) and “Response Manager” (223) for dynamic mapping of web URLs to provide dynamic web content are configured and connected to a web server in the external Internet zone. It is characterized in that the service is provided without the need for a database.

The present invention is a place where an external service is required in consideration of security for some or all of the internal system, or a specific bulletin board linkage between web systems (sites) in the internal/external area or the entire site replication is required, B2B through the Internet, When it is necessary to provide a fake web service for remote work from home, etc. to an organization, company, or internal system of an organization that needs B2C service but it is difficult to introduce expensive solutions necessary for legal regulation, it has the following effects.

First, it is possible to defend (block the fundamental source) of remote code execution vulnerabilities that occur in various forms for attack cases using conventional remote code execution vulnerabilities.

Second, for arbitrary attack patterns that change every time, it provides a solution that enables preemptive defense (a method of blocking the source) rather than registering the patterns found after the occurrence of hacking damage.

Third, it is possible to perfectly respond to web attacks in the form of tunneling attacks and remote code execution attacks with simple settings by maintaining the existing infrastructure configuration and installing the device of the present invention irrespective of vulnerabilities in the open source library.

Fourth, in order to take security measures against the most threatening Log4j vulnerability attack in recent years, the website operation can be safely maintained without the security officer spending a lot of time and effort to update the security patch to the latest version every time.

1 is a view for explaining an embodiment of a site duplication apparatus for enhancing website security according to the present invention;
2 is a view for explaining a site replication process flow for enhancing website security according to the present invention;
3 is a view showing a typical site replication;
4 is a diagram illustrating site duplication for enhancing website security according to the present invention.

A preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings as follows.

In addition, the terms used in the present invention have been selected as widely used general terms as possible, but in certain cases, there are also terms arbitrarily selected by the applicant. It is intended to clarify that the present invention should be understood as the meaning of the term, not the name. In addition, in describing the embodiments, descriptions of technical contents that are well known in the technical field to which the present invention pertains and are not directly related to the present invention will be omitted. This is to more clearly convey the gist of the present invention by omitting unnecessary description.

The present invention provides the following functions.

First, the function of real-time replication linkage of all or some services between internal/external

When it is necessary to provide customer service by dividing the internal business network and the external service network for security reasons, the real-time copying function of the entire site or part of the content is provided by setting only without developing a separate internal/external linkage program. Even if there is no external site, there is no need to build an additional external site.

Second, easy installation and application of various server environments

It can be applied to various operating systems (OS) such as Unix, Windows, Linux, and Mac as well as systems (sites) for various server environments such as Apahe Tomcat and Jeus. Installation of the product can also be done quickly and easily.

Third, technology applied to shorten the content provision time between internal/external

It provides caching technology through image and content replication algorithm to reduce network load and provide fast service for content and services used frequently or by many users. Faster performance can be expected by applying multi-channel type TCP communication processing technology for smooth processing of large amounts of data and large amounts of data.

Fourth, switch-type internal/external transmission/reception data linkage function

When requesting a service between internal/external web content, it is not continuously connected through the web protocol (HTTP), but is connected to an internal connection during internal delivery, data is transmitted, and then the connection is terminated and data is delivered to an external service. concept, not proxy method) to fundamentally block tunneling attacks (penetration into the inside through the outside) by external hackers. (Example - Remote code execution attack (RCE) using Log4j vulnerability defense, etc.)

Fifth, defense against known web attacks

It provides a security filter function that can defend in real time against well-known and frequently used web attacks such as SQL injection attacks and XSS by external hackers for web service requests. It also provides a function to catch and defend against uploading of files that are not allowed in the middle.

Sixth, use of its own protocol that makes data eavesdropping impossible

When linking content data between internal business system and external service system, Securus' own protocol is applied and the transmission section is encrypted to block data eavesdropping attacks.

Seventh, strong information protection technology using virtualization service method

In the external system directly used by external users, only product modules for replication service exist, but no attachments or databases exist.

As shown in FIG. 1, an embodiment of a site replication apparatus for enhancing website security according to the present invention is HTTP (Hyper Text Transfer Protocol) for an internal system (internal site (WEB Site)) of an intranet zone For protocol-based Web Contents provision service, the transmission module 100 and the receiving daemon (100) and the receiving daemon ( 200), the transmission module 100, which is a web content transmission device, responds to a web content information request through HTTP from an external client of the external Internet Zone. Send data.

And the receiving daemon 200 transmits the web content information request from the external client to the internal system database of the intranet zone as a web content receiving and transmitting device, receives the received web content, and transmits it to the sending module ( 100), by closing the transmission of the internal system (WEB Site), the TCP protocol, which is made when transmitting web contents through HTTP, delivers web contents in a switch connection method.

The reception daemon 200 is a web content reception and transmission device, and a File Repository consisting of xml (210), keystore (211) and x.509 (212), Request Manager (221), Response Manager (223), Business Architecture consisting of Cache Manager (LRU) (224), Session Manager (225), Encrytion/Decrytion (AES 256) (226) and Secure Filter (227), Daemon Server Connector (WebListener) (231), Communication Data Protocol (DataHandler, FileUploadHandler, FileDownloadHandle) (232), EngineExecutor (HttpClient) (233), SSL (TSL v1.2) (240), Network Protocol (Socket Channel) (250) and is configured to include a client filter (300) .

Here, xml 210 is a configuration definition file required for the operation of the invention, keystore 211 is a key store for encryption/decryption required for network communication section encryption (TLS 1.2), and x.509 (212) is encryption/decryption of key authentication method.

The Request Manager 221 manages the data of the web content request function as a “Request Manager”.

The Response Manager 223 is a “Response Manager” and manages the data of the response function of web content.

The Cache Manager (LRU) 224 performs a function of storing web content frequently used as “LRU Cache Manager” as a cache.

The Session Manager 225 is a “Session Manager” and performs a function of synchronizing and managing internal/external web-based user sessions.

The encryption/decrytion (AES 256) 226 performs an encryption function (using the AES 256 algorithm) for data when transmitting/receiving web content.

The “Secure Filter” of the Secure Filter 227 is a security filter for defense against web parameter attacks.

Daemon Server Connector(WebListener)(231)231 - Receive function of web content data transmitted from sending module to "WebListener"

Communication Data Protocol (DataHandler, FileUploadHandler, FileDownloadHandle) 232 defines a function of HTTP transmission/reception as "Communication Data Protocol".

EngineExecutor (HttpClient) 233 is "EngineExecutor" and performs the main function for HTTP transmission/reception processing.

SSL (TSL v1.2) 240 represents an "SSL"-based operation that encrypts the network communication section.

The Network Protocol (Socket Channel) 250 represents a multi-channel operation with respect to the "Network Protocol".

The Client Filter 300 performs the function of "Client Filter", which is selectively used when it is necessary to provide information such as remote IP to the WAS server.

The receiving daemon 200,

A site cloning device for strengthening website security, characterized in that it provides another web server by cloning dynamic web content for a website that provides HTTP and HTTPS protocol-based web content.

Here, the sending module 100 connects to a web server in the Internet area through the user's browser, and sets the communication form of the HTTP protocol to a separate TCP protocol (TCP protocol-based) for the web request service called in this way. self-regulation definition), and the meaning of the web request service is applied as it is.

And the reception daemon 200 parses the meaning of the web request service of the separate TCP protocol (TCP protocol-based self-regulation definition) received from the transmission module 100, and the WAS server (or web server) interprets it. It is reconfigured in the form of possible HTTP protocol and transmitted to the internal site (WEB Site) of the internal network (intranet area).

On the other hand, the receiving daemon 200 and the sending module 100 provide services that are reproduced as they are in the web server in the external network (Internet area) for the web content provision service of the site of the internal network (intranet area), as shown in FIG. Similarly, by dividing the TCP connection into three, the connection between the inside and the outside is not connected at the same time for two connections, but is connected to the inside and outside in a switch method in which the other is disconnected when one is connected. In the case of attacks (hacking) in the form of web-based tunneling attacks and remote code execution attacks, the TCP-based connection is cut off, and security defenses that neutralize attacks in the state of TCP connection (Haking Defense) are performed.

In addition, in order to compensate for the performance problem in which the transmission time is tripled or more by retransmission of one general TCP connection required for one web content transmission to two switch-type devices, in the present invention, the transmission module 100 ), if there is a request to transmit the same web content in the same user session by applying the LRU (Least Recently Used) algorithm to the memory If it is registered in the cache manager after checking , the "web response content" currently registered in the "LRU Cache Manager" is not delivered to the device (WebsiteOne reception daemon) that transmits to the internal site (WEB Site). The LRU algorithm is used to improve the performance of taking out and delivering immediately.

In addition, a multi-channel and NIO Socket processing type TCP communication processing method (network transmission parallelization) for mass web content data transmission between the sending module 100 and the receiving daemon 200 and a single thread for large web content data transmission Instead of ThreadGroup, the method of processing (process processing parallelization) is performed.

In addition, when TCP data is transmitted/received, communication data processing in the Sync method is usually performed. However, when receiving the web content from the sending module 100 and transmitting (transmitting) the web content to the receiving daemon 200, the ASync method of queuing is used. Apply to reduce unnecessary TCP connections (TCP connection open / close).

Accordingly, in a situation where the physical speed should be increased by 3 to 4 times the overall average performance, it is possible to improve the performance by the above methods and implement it at an average speed of 1.2 times.

For reference, as for the increase in physical speed, there is one (one time) TCP connection from the web server in the external network (Internet area) to the WAS server in the internal network (intranet area) before application of the device of the present invention. After application, between the web server in the external network (internet zone) and the WAS server in the internal network (intranet zone), the two devices of the invention, the web content transmission device (transmission module 100), and the web content reception and transmission device ( It means that the physical time increases as the number of TCP connections becomes 3 (3 times) by adding the website one reception daemon (200)).

In addition, for security reasons, two devices are used to separate TCP connections into three and transmit/receive packets in a switch method. Intermediate quarantine processing of web content data delivered from an external network (Internet area) and an internal network (intranet) In the case of HTTP, which is 7 layer of OSI 7 layer, and 4 layer in case of lower layer TCP, HTTP established when connecting to a general website operates as a principle that enables disconnection of the connection of the domain). It is a concept of loading HTTP objects in the TCP, and reloading HTTP objects into different containers called TCP of two devices (switch method).

At this time, normal web content delivery service is possible as there is no effect on HTTP (or HTTPS) web content (including user web session) separately from the previously established TCP session (TCP unique session ID), and TCP-based new TCP session ( TCP unique session ID), making tunneling attacks and remote code execution attacks impossible by hackers.

In addition, in order to prevent HTTP header attacks when HTTP (or HTTPS) web content (including user web session) is delivered, HTTP of HTTP (or HTTPS) web content delivered to the reception daemon 200, which is a device for receiving and sending web content, is Change the header safely.

And in order to replicate the dynamic web content of the website of the internal network (intranet zone) and deliver and implement it to the web server of the external network (internet zone) as it is, verification of the same person of user authentication between the external website and the internal website is performed. for

1) external websites;

2) Web content receiving and transmitting device (Website One receiving daemon 200) and

3) Internal website

SSO authentication processing function is provided by applying the "Session Manager" (225) to manage mapping of three different web sessions of .

Other dynamic web content (*.jsp, *.do format server analysis server program, changed and changed web content provided according to parameter request information) for the purpose of dynamic mapping of web URLs. "Request Manager" (221) and "Response Manager" (223) are managed. Accordingly, by replicating the dynamic web content of the website, the service can be provided without the need for a database that is normally connected to the web server of the external network (internet area), and It can be applied as a security system that protects important information and makes it safe in terms of personal information protection.

On the other hand, as another method of the method of the security defense structure, when calling web request information during HTTP protocol communication, an attack in the form of an HTTP request header or string insertion attack of an input parameter ( Among the two devices of the invention that parsing various external inputs and detecting and blocking malicious strings with regular expression patterns for input parameters to protect against hacking), the device for receiving and transmitting web content (Website One A Secure Filter 227 of the receiving daemon 200) is provided.

For reference, in the case of the string insertion attack type,

1) SQL Injection

2) Cross Site Scripting (XSS)

3) LDAP Injection

4) JNDI Injection

5) XPath Injection

6) SSI Injection (Server-side Include Injection)

7) OS Command Injection on Web

same as

As a feature of the security of the present invention, devices such as web firewalls, IPS devices, and IDS devices among conventional security products do not have SSL key values for HTTP protocol communication encrypted (HTTPS) web content data. It is difficult to do, and even if encrypted data is censored, it cannot be structurally properly censored because the correct parsing of the input values of packets transmitted based on the network is not performed. One of the devices of the present invention, the web content receiving and transmitting device (WebsiteOne receiving daemon), interprets the contents of the HTTP protocol and HTTPS protocol received based on TCP, so that the start of input parameters and It is possible to find and block the pattern of malicious string attack (web hacking) with the content of the correct input parameter by accurately dividing the end.

2 is a view for explaining the process flow of site duplication for website security enhancement according to the present invention, FIG. 3 is a view showing general site duplication, and FIG. 4 is site duplication for web site security enhancement according to the present invention. is a diagram showing

The process flow of site duplication for web site security enhancement according to the present invention is as shown in FIG.

① External access User's Internet network web browser access to an external website (HTTP/HTTPS), ② After interpreting HTTP Request information in the 'Sending module', AES-128bit data is converted into a custom protocol for encrypted data (HTTP - > TCP), ③ 'transmission module' delivers web content data to 'receive daemon' (use a separate TCP customizing protocol, encrypt TLS 1.2 communication section, use a separate port), ④ connection of information received from 'transmission module' Connection is terminated after requesting information and receiving the result through the WEB (or WAS) of the internal business network. ⑤ Database contents inquiry. ⑥ Acquire HTTP-based information from the WEB (or WAS) of the internal business network by connecting the waiting connection in the ‘transmission module’. ⑦ After protocol conversion for the received information received (TCP->HTTP), AES-128bit data is decoded and converted into HTTP Response information and delivered. ⑧ Deliver the contents to the web server and ⑨ send the result information in the form of a web page to a user who is connected to the web of an external website through the internet network and check it through a web browser.

Although the present invention has been described with the above examples, the present invention is not necessarily limited to these examples, and various modifications may be made within the scope without departing from the technical spirit of the present invention. Therefore, the examples disclosed in the present invention are not intended to limit the technical spirit of the present invention, but to explain, and the scope of the technical spirit of the present invention is not limited by these examples. The protection scope of the present invention should be construed by the following claims, and all technical ideas within the scope equivalent thereto should be construed as being included in the scope of the present invention.

100: sending module 100 200: receiving daemon
210:xml 211:keystore
211 : x.509 221 : Request Manager
223 : Response Manager 224 : Cache Manager (LRU)
225 : Session Manager 226 : Encrytion/Decrytion (AES 256)
227 : Secure Filter 231 : Daemon Server Connector
232: Communication Data Protocol 233: EngineExecutor
240 : SSL (TSL v1.2)
250: Network Protocol (Socket Channel)
300 : client filter

Claims (8)

a transmission module 100 for transmitting data of an internal system database of an intranet zone in response to a web content information request through HTTP from an external client of an external Internet zone; and
When the web content information request from the external client is transmitted to the internal system database of the intranet zone, the received web content is received and transmitted to the sending module 100, the internal system (WEB Site) is transmitted By closing (Close), the TCP protocol that is made when transmitting web content through HTTP is a receiving daemon 200 that delivers web content in a switch connection method;
The receiving daemon 200 is configured with a "Session Manager" 225 for confirming the same person of user authentication between an external website and an internal website when web content is delivered to the sending module 100 to provide an SSO authentication processing function. do,
A database connected to a web server in an external Internet zone by configuring "Request Manager" (221) and "Response Manager" (223) for dynamic mapping of web URLs to provide dynamic web content. Site replication device for enhancing website security, characterized in that the service is provided in a state that does not require
According to claim 1,
The receiving daemon 200,
A site cloning device for strengthening website security, characterized in that it provides another web server by cloning dynamic web content for a website that provides HTTP and HTTPS protocol-based web content.
According to claim 1,
The transmission module 100,
The user's browser connects to the web server in the Internet area, and for the web request service called in this way, the communication form of the HTTP protocol is converted into a separate TCP protocol (self-regulation based on the TCP protocol). ), and the meaning of the web request service is applied as it is.
According to claim 1,
The receiving daemon 200,
By parsing the semantic content of the web request service of the separate TCP protocol (TCP protocol-based self-regulation definition) received from the transmission module 100, the WAS server (or web server) can interpret the HTTP protocol A site replication device for reinforcing website security, characterized in that it is reconfigured in the form and transmitted to the internal site (WEB Site) of the internal network (intranet area).
According to claim 1,
The receiving daemon 200 and the transmitting module 100,
When providing web content provision service of the site on the internal network (intranet area), reproduced as it is on the web server in the external network (internet area),
The TCP connection is divided into 3 and the connection between the inside and the outside is connected and blocked by a switch method in which one side is connected and the other side is disconnected instead of being connected at the same time for two connections. It is set to deliver, and performs a security defense that breaks the TCP-based connection in case of attacks (hacking) in the form of web-based tunneling attacks and remote code execution attacks, thereby neutralizing attacks in the TCP-connected state (Haking Defense). Site replication device for strengthening website security.
6. The method of claim 5,
When there is a request to transmit the same web content in the same user session by applying the Least Recently Used (LRU) algorithm to the memory of the sending module 100,
If the LRU Cache Manager, which performs the function of storing frequently used web contents in the cache, is checked and registered in the cache manager, the web result currently registered in the LRU Cache Manager ( Response) Web content data memory caching management using LRU algorithm that retrieves and delivers content immediately,
Multi-channel and NIO Socket processing type TCP communication processing for transmitting a large amount of web content data between the transmission module 100 and the reception daemon 200, or
Process a thread group (ThreadGroup) instead of a single thread for large web content data transmission, or
A site replication device for enhancing website security, characterized in that it reduces unnecessary TCP connections by applying ASync-type queuing method.
6. The method of claim 5,
In the receiving daemon 200,
To protect against attacks (hacking) in the form of HTTP request headers or string insertion attacks of input parameters when calling web request information during HTTP protocol communication,
A site cloning device for strengthening website security, characterized in that the ecure Filter (227) is further configured to detect and block malicious strings in a regular expression pattern for input parameters by parsing various external inputs.
delete

Images