DOI QR코드

DOI QR Code

An Enhancement of The Enterprise Security for Access Control based on Zero Trust

제로 트러스트 기반 접근제어를 위한 기업 보안 강화 연구

  • Lee, Seon-A (Department of Information Security Protection Engineering, Sangmyung University) ;
  • Kim, Beomseok (Department of Information Security Protection Engineering, Sangmyung University) ;
  • Lee, Hyein (Department of Information Security Protection Engineering, Sangmyung University) ;
  • Park, Wonhyung (Department of Information Security Protection Engineering, Sangmyung University)
  • Received : 2021.11.24
  • Accepted : 2021.12.27
  • Published : 2022.02.28

Abstract

With the advent of the Fourth Industrial Revolution, the paradigm of finance is also changing. As remote work becomes more active due to cloud computing and coronavirus, the work environment changes and attack techniques are becoming intelligent and advanced, companies should accept new security models to further strengthen their current security systems. Zero trust security increases security by monitoring all networks and allowing strict authentication and minimal access rights for access requesters with the core concept of doubting and not trusting everything. In addition, the use of NAC and EDR for identification subjects and data to strengthen access control of the zero trust-based security system, and strict identity authentication through MFA will be explained. Therefore, this paper introduces a zero-trust security solution that strengthens existing security systems and presents the direction and validity to be introduced in the financial sector.

4차 산업혁명 시대가 도래하면서 보안의 패러다임도 바뀌고 있다. 클라우드 컴퓨팅과 코로나바이러스로 인해 원격근무가 활발해지면서 업무 환경이 변화하고 동시에 공격기법들도 지능화·고도화되는 현 상황에서기업에서는 새로운 보안 모델을 도입해 현재 보안시스템을 더 강화해야 한다. 제로 트러스트 보안은 모든 것을 의심하고 신뢰하지 않는다는 핵심 개념을 기반으로 모든 네트워크를 감시하고 접근 요청자에 대한 엄격한 인증과 최소한의 접근 권한을 허용함으로써 보안성을 높인다. 또한, 접근제어 강화를 위한 제로 트러스트 기반 보안시스템을 위해 식별 주체 및 데이터에 대한 NAC와 EDR 활용과 MFA를 통한 엄격한 신원 인증에 대해 설명 한다. 본 논문은 기존 보안시스템의 한계점을 극복하는 제로 트러스트 보안시스템을 소개하고, 접근제어를 강화하는 방안을 제안한다.

Keywords

References

  1. Korea Financial Information Service, Cyber-threat information and statistics [Internet]. Available: https://kpfis.or.kr/ko/major_biz/cyber_safety_oper/attack_info/notice_issue?articleSeq=1898.
  2. J. H. Lee and H. Y. Kwon, "A Study on Human Vulnerability Factors of Companies : Through Spam Mail Simulation Training Experiments," The Journal of Korea Institute Of Information Security And Cryptology, vol. 29, no. 4, pp. 847-857, Aug. 2019. https://doi.org/10.13089/JKIISC.2019.29.4.847
  3. S. Rose, O. Bor, S. Mit, and S. Con, "Zero Trust Architecture," National Institute of Standards and Technology Special Publication 800-207, Aug. 2020.
  4. M. H. Kim, The advent of the era of Zero Trust, Doubt and Investigate everything [Internet]. Available:http://www.itdaily.kr/news/articleView.html?idxno=95035.
  5. S. Bal, C. Cun, and P. Cer, "Five Steps To A Zero Trust Network : Zero Trust Is The Blueprint For Your Security Architecture," Forrester Research Report, Oct. 2018.
  6. H. G. Moon and S. C. Park, "Establishment of an integrated management system for diagnosing vulnerabilities to strengthen corporate security," The Journal of The Korean Institute of Communication Sciences, vol. 31, no. 5, pp. 39-45, Apr. 2014.
  7. T. H. Kim and D. H. Won, "A Study on the Modeling of Internal Critical Information Leakage Detections and Security Monitoring," The Korean Institute of Information Scientists and Engineers, pp. 791-793, Dec. 2019.
  8. S. W. Ha and H. J. Kim, "The Effects of User's Security Awareness on Password Security Behavior," The Journal of Digital Contents Society, vol. 14, no. 2, pp. 179-189, Jun. 2013. https://doi.org/10.9728/DCS.2013.14.2.179
  9. D. W. Kim. "Security threats from Remote work" Is your company safe? [Internet]. Available:http://www.aitimes.com/news/articleView.html?idxno=137844.