DOI QR코드

DOI QR Code

Network separation construction method using network virtualization

네트워크 가상화를 이용한 망 분리 구축 방법

  • Hwang, Seong-Kyu (Department of Information & Commnincation Engg., Chosun College University of Science & Technology)
  • Received : 2020.06.18
  • Accepted : 2020.07.13
  • Published : 2020.08.31

Abstract

The importance of network separation is due to the use of the Internet with existing business PCs, resulting in an internal information leakage event, and an environment configured to allow servers to access the Internet, which causes service failures with malicious code. In order to overcome this problem, it is necessary to use network virtualization to separate networks and network interconnection systems. Therefore, in this study, the construction area was constructed into the network area for the Internet and the server farm area for the virtualization system, and then classified and constructed into the security system area and the data link system area between networks. In order to prove the excellence of the proposed method, a network separation construction study using network virtualization was conducted based on the basis of VM Density's conservative estimates of program loads and LOBs.

망 분리(Network separation)의 중요성은 기존 업무용 PC에 인터넷을 같이 사용함으로 내부 정보가 유출된 사건 등이 발생되고 서버들도 인터넷에 접근 가능 하도록 환경이 구성되어 악성코드로 서비스 장애가 발생되기 때문이다. 이러한 문제점을 극복하기 위해 네트워크 가상화를 이용한 망 분리와 망 연계 시스템과 병행이 필요하다. 따라서 본 연구에서는 인터넷용 네트워크 영역과 가상화 시스템 서버팜 영역으로 구성영역 구축하고 이후 보안 시스템 영역과 망간 자료 연계 시스템 영역으로 분류하여 구축 연구 하였다. 제안한 방법의 우수성을 입증하기 위해 국내 1만 user 이상의 사이트 조사를 통한 프로그램 부하와 LOB(Line Of Business)등이 VM(virtual machine) Density가 보수적 산정된 근거를 바탕으로 네트워크 가상화를 이용한 망 분리 구축이 연구 되었다.

Keywords

References

  1. L. Abeni, C. Kiraly, N. Li, and A. Bianco, "On the performance of KVM-based virtual routers," Computer Communication Engineering, vol. 70, no. 1, pp. 40-55, Oct. 2015. https://doi.org/10.1016/j.comcom.2015.05.005
  2. Y. K. Park, H. S. Yang, and Y. H. Kim, "Application and Comparison of Data Plane Acceleration Technologies for NFV," The Journal of Korean Institute of Communications and Information Sciences, vol. 42, no. 8, pp. 1636-1646, Aug. 2017. https://doi.org/10.7840/kics.2017.42.8.1636
  3. S.Lim, G. Kim, and T. Kang, "Application Program Virtualization based on Desktop Virtualization," J. of the Korea Institute of Electronic Communication Sciences, vol. 5, no 6, pp. 595-601, Dec. 2010
  4. J. Y. Park, Y. S. Jeong, and J. W. Lee. "To improve the status of network separation in the financial sector and improve network separation policy," Journal of the Korea Information Security Society, vol. 26, no. 3, pp. 1024-1050, Jun. 2016
  5. N. Kim, J. Cho, and E. Seo. "Energy-credit scheduler : An Energy-aware Virtual Machine Scheduler for Cloud Systems," Futute Generations Computer Systems, vol. 32, pp.127-128, Mar. 2014.
  6. H. J. Kang, and H. S. Park. "Network virtualization technology Tredn," Electronics Communication Trend Analysis, vol. 25, no. 6, pp. 83-91, 2010.
  7. S. J. Seok, and H. W. Jeong, "KREONET Virtual Network Platform based on Open Flow Research," Journal of Digital Convergence, vol. 12, no, 8, pp. 309-319, 2014. https://doi.org/10.14400/JDC.2014.12.8.309
  8. B. Chen, J. Zhang, W. Xie, J. Jue, Y. Zhao, and G. Shen, "Cost-effective survivable virtual optical network mapping in flexible bandwidth optical networks," J. Lightwave Technol, vol, 34, no. 10, pp. 2398-2412, 2016. https://doi.org/10.1109/JLT.2016.2530846
  9. R. D. Vani, "Routing System with diversion in wireless ad hoc Security," Asia-pacific Journal of Convergent Research Interchange, HSST, ISSN : 2508-9080, vol. 1, no. 4, Dec. (2015), pp. 41-47, http://dx.doi.org/10.21742/APJCRI.2015.12.06.
  10. S.K. Hwang, "Methodology for the efficiency of routing summary algorithms in discontiguous networks," Journal of the Korea Institute of Information and Communication Engineering, vol. 23, no.12, pp.1720-1725, Dec. 2019.