KR20140136272A - Communication Connection Apparatus Which Is Prohibiting Hacking For Client - Google Patents

Communication Connection Apparatus Which Is Prohibiting Hacking For Client Download PDF

Info

Publication number
KR20140136272A
KR20140136272A KR1020130056602A KR20130056602A KR20140136272A KR 20140136272 A KR20140136272 A KR 20140136272A KR 1020130056602 A KR1020130056602 A KR 1020130056602A KR 20130056602 A KR20130056602 A KR 20130056602A KR 20140136272 A KR20140136272 A KR 20140136272A
Authority
KR
South Korea
Prior art keywords
connection
client
environment
server
gateway
Prior art date
Application number
KR1020130056602A
Other languages
Korean (ko)
Inventor
이성기
Original Assignee
이성기
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 이성기 filed Critical 이성기
Priority to KR1020130056602A priority Critical patent/KR20140136272A/en
Publication of KR20140136272A publication Critical patent/KR20140136272A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

The present invention relates to a gateway for a socket communication, and is designed so that connection connection packet transmission is possible only in one direction, and only a one-way connection connection is possible, so that a gateway designed to open and operate a communication line without worrying about hacking outside .

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention [0001] The present invention relates to a communication connection apparatus for a client environment,

BACKGROUND OF THE INVENTION 1. Field of the Invention [0001] The present invention relates to a communication access device for a client environment that prevents a risk of hacking, and more particularly, to a communication access device that allows computers in a client environment to communicate without the risk of external hacking.

As the Internet develops, many hacking occurs and hacking often causes damage, so most of the communication points have firewalls.

In order to provide services externally to a communication environment, a server environment that keeps a communication line open and waits for a connection, and a client environment that can acquire necessary information by connecting through a communication line when necessary, .

In the server environment, the communication line should be always open and the client should be prepared for connection. However, in the client environment, the communication line can be opened only when necessary, and the necessary communication can be performed by connecting to the server.

In most communication environments, a security device such as a firewall is provided to prepare for malicious external hacking.

In a server environment, security through a firewall is essential in order to prepare for a hacking from a malicious client. However, in a client environment, a firewall provided in a server environment is not needed if only a response to a request is received.

In spite of this environment difference, in most client environments, it is common to prepare for hacking by providing the same security environment as the server environment, and there is a problem such as a decrease in communication efficiency due to excessive expenditure and complexity of procedures

In the client environment described above, there is no need to constantly monitor with a firewall or the like as in a server environment.

In the client environment, if necessary, the connection is made only through the connection, and if the connection attempt from the outside is originally blocked, an additional device for preparing an unexpected intentional intrusion is not necessary.

It is an object of the present invention to provide a method and system that can completely prevent intrusion of an external intruder completely without providing an additional security device such as a firewall when a communication line is installed and operated in order to utilize it as a client environment .

The present invention is divided into an internal client environment 100 and an external network environment 300 based on the gateway 200 of FIG.

The gateway 200 delivers the connection request packet from the client environment 100 as the internal environment to the server environment 200 but does not deliver the connection request packet from the external environment to the client environment 100 as the internal environment, It prevents the attempted connection connection from origin.

According to the present invention, it is possible to install and maintain a communication line capable of maintaining a client environment capable of completely preventing deliberate intrusion from the outside even when there is no additional security device such as a firewall, by blocking any connection attempt from the outside have.

Also, by eliminating unnecessary firewalls in the communication process, the procedure is simplified and the communication speed is improved.

1 is a diagram illustrating a gateway configuration according to an embodiment of the present invention.
2 is a diagram illustrating a client-server communication process according to an embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

The terms in the present invention are defined as follows.

Client environment: A computer environment that has no use to respond to connection requests from outside the network.

Server environment: A computer environment that connects and provides necessary services when there is an external connection request to a computer environment that waits for an external connection to respond to a request from outside the network and responds appropriately to the request.

1 is a diagram illustrating a gateway configuration according to an embodiment of the present invention.

In FIG. 1, the gateway 200 is designed to pass a connection request packet passing through the gateway 200 in the client environment 100, but not to pass any connection request packet in the external network 300 including the server environment .

2 is a diagram illustrating a communication method over a network.

In FIG. 2, the server creates (301), binds (302) and waits for a connection of the client (303). The client creates a socket when necessary 101 and makes a connection request 102 to a necessary server and when the server is normal the connection is made 103 and 304 to send and receive communication 104 and 305 between the client server and terminate the connection (105, 306) to perform communication between client servers.

In the present invention, an access connection request packet for a computer in the server environment 300 through the gateway 200 in the client environment 100 shown in FIG. 1 is transmitted by the gateway 200, It is designed so that the connection request packet from the computer to the server in the client environment 100 is not passed.

If the gateway 200 is the only connection path to the outside, intrusion into the client environment 100, which is an internal environment from the outside, is intrinsically blocked.

2, it is possible to design the gateway 200 so as not to allow one or more server 300 side packets to pass through the packet requested by the client 100 in order to prevent the intrusion by the data transmission / reception 104 and 305 have.

2, in order to utilize a request packet from one client 100 and a response packet from one server 300 for a request packet in a communication environment for installation and operation, One of the packets requested by the client 100 is terminated by the gateway 200 as soon as the packet of the server 300 passes through the client so as to prevent the intrusion by the gateway 100 or 104, It is possible to design the gateway 200 so as to block intrusions in the processes 104 and 305.

100: Client environment 200: Gateway
300: Server environment

Claims (3)

In a separate network environment connected through a gateway, connection requests from one of the gateways to another network separated by a gateway are allowed only to one side, so that connection can be made only from one network capable of connection connection request , And does not transmit the connection connection request packet in the opposite direction, so that only the external one-way connection connection is possible. 2. The method of claim 1,
A gateway designed to allow only one server-side response packet per client-to-server request packet. 3. The method of claim 2,
A gateway designed to pass a response packet for one request packet from the client to the server, and to disconnect the communication connection between the client and the server.
KR1020130056602A 2013-05-20 2013-05-20 Communication Connection Apparatus Which Is Prohibiting Hacking For Client KR20140136272A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020130056602A KR20140136272A (en) 2013-05-20 2013-05-20 Communication Connection Apparatus Which Is Prohibiting Hacking For Client

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020130056602A KR20140136272A (en) 2013-05-20 2013-05-20 Communication Connection Apparatus Which Is Prohibiting Hacking For Client

Publications (1)

Publication Number Publication Date
KR20140136272A true KR20140136272A (en) 2014-11-28

Family

ID=52456580

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020130056602A KR20140136272A (en) 2013-05-20 2013-05-20 Communication Connection Apparatus Which Is Prohibiting Hacking For Client

Country Status (1)

Country Link
KR (1) KR20140136272A (en)

Similar Documents

Publication Publication Date Title
US10581803B1 (en) Application-aware connection rules for network access client
US11652792B2 (en) Endpoint security domain name server agent
CA2383247C (en) External access to protected device on private network
CN107852359B (en) Security system, communication control method, and computer program
Morante et al. Cryptobotics: Why robots need cyber safety
US8683193B1 (en) Strict communications transport security
US20180205573A1 (en) Network packet redirection device and method thereof
CN104734903B (en) The safety protecting method of OPC agreements based on Dynamic Tracing Technology
US20110239291A1 (en) Detecting and Thwarting Browser-Based Network Intrusion Attacks For Intellectual Property Misappropriation System and Method
WO2002044871A3 (en) Scalable system for monitoring network system and components and methodology therefore
NZ586270A (en) Method for securing a bi-directional communication channel and device for implementing said method
CN104412558B (en) For ensuring the reverse access method of front end applications and other application safety
JP2011221993A (en) System for preventing normal user being blocked in nat network web service and method for controlling the same
JP2008271339A (en) Security gateway system, method and program thereof
US20170250998A1 (en) Systems and methods of preventing infection or data leakage from contact with a malicious host system
CN110351233A (en) A kind of two-way transparent transmission technology based on safety isolation network gate
US11044233B2 (en) Browser switching system and methods
CN117378174A (en) Protecting containerized applications
CN107317816A (en) A kind of method for network access control differentiated based on client application
US7401353B2 (en) Detecting and blocking malicious connections
US20050086533A1 (en) Method and apparatus for providing secure communication
WO2007078037A1 (en) Web page protection method employing security appliance and set-top box having the security appliance built therein
CN110022319A (en) Attack security isolation method, device, computer equipment and the storage equipment of data
US20160205135A1 (en) Method and system to actively defend network infrastructure
US11736516B2 (en) SSL/TLS spoofing using tags

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination