Logical network separation method and apparatus
First Claim
1. A logical network separation method for a service request packet, performed by a network separation apparatus, the logical network separation method comprising:
- wherein the network separation apparatus includes a user interface, an external network interface, and an internal network interface, the user interface is used for communication with a user terminal, the external network interface is used for communication with an external network, the internal network interface is used for communication with an internal network,receiving the service request packet from the user terminal via the user interface;
determining whether a destination of the service request packet is an external network or an internal network;
generating a first hash key on the basis of address information included in the service request packet when it is determined that the destination of the service request packet is the external network;
determining whether the first hash key is in a hash table;
generating hash information on the basis of a transmission property of the service request packet corresponding to the first hash key when the first hash key is not in the hash table;
generating a policy about reception of a service response packet corresponding to the service request packet on the basis of the destination of the service request packet, wherein the policy is used for determining whether to permit reception of the service response packet; and
transmitting the service request packet to the external network via the external network interface,wherein the policy about the reception of the service response packet comprises a policy to permit the reception of the service response packet corresponding to the service request packet or a policy to block the reception of the service response packet corresponding to the service request packet.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are a logical network separation method and apparatus. The logical network separation method includes generating a first hash key on the basis of address information included in a service request packet, generating hash information on the basis of a transmission property of the service request packet corresponding to the first hash key when the same hash key as the first hash key is not in the hash table, and generating the policy about the reception of the service response packet corresponding to the service request packet on the basis of a destination of the service request packet. Accordingly, it is possible to block a cyber attack such as hacking, a malicious program, etc.
-
Citations
15 Claims
-
1. A logical network separation method for a service request packet, performed by a network separation apparatus, the logical network separation method comprising:
-
wherein the network separation apparatus includes a user interface, an external network interface, and an internal network interface, the user interface is used for communication with a user terminal, the external network interface is used for communication with an external network, the internal network interface is used for communication with an internal network, receiving the service request packet from the user terminal via the user interface; determining whether a destination of the service request packet is an external network or an internal network; generating a first hash key on the basis of address information included in the service request packet when it is determined that the destination of the service request packet is the external network; determining whether the first hash key is in a hash table; generating hash information on the basis of a transmission property of the service request packet corresponding to the first hash key when the first hash key is not in the hash table; generating a policy about reception of a service response packet corresponding to the service request packet on the basis of the destination of the service request packet, wherein the policy is used for determining whether to permit reception of the service response packet; and transmitting the service request packet to the external network via the external network interface, wherein the policy about the reception of the service response packet comprises a policy to permit the reception of the service response packet corresponding to the service request packet or a policy to block the reception of the service response packet corresponding to the service request packet. - View Dependent Claims (2, 3, 5, 6)
-
-
4. The logical network separation method of claim further comprising generating a second hash key by adding a predefined value to the first hash key when the first hash key is in the hash table.
-
7. A logical network separation method for a service response packet, performed by a network separation apparatus, the logical network separation method comprising:
-
wherein the network separation apparatus includes a user interface, an external network interface, and an internal network interface, the user interface is used for communication with a user terminal, the external network interface is used for communication with an external network, the internal network interface is used for communication with an internal network, receiving the service response packet from the external network via the external network interface; generating a first hash key on the basis of address information included in the service response packet; determining whether the first hash key is in a hash table for logical network separation; updating hash information corresponding to the first hash key when the first hash key is in the hash table; determining whether to receive the service response packet on the basis of a policy corresponding to the first hash key, wherein the policy is generated on the basis of a destination of a service request packet to request the service response packet; and transmitting, when reception of the service response packet is permitted, the service response packet to the user terminal which has transmitted the service request packet via the user interface, wherein the determining of whether to receive the service response packet comprises receiving the service response packet when the policy is a policy to permit the reception of the service response packet and blocking the reception of the service response packet when the policy is a policy to block the reception of the service response packet. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A logical network separation apparatus comprising:
-
a user interface configured to communicate with a user terminal; an external network interface configured to communicate with an external network; an internal network interface configured to communicate with an internal network; a processing unit configured to receive a service request packet from the user terminal via the user interface, determine whether a destination of the service request packet is the external network or the internal network, generate a first hash key on the basis of address information included in a service request packet when it is determined that the destination of the service request packet is the external network, determine whether the first hash key is in the hash table, generate hash information on the basis of a transmission property of the service request packet corresponding to the first hash key when the first hash key is not in the hash table, generate a policy about reception of a service response packet corresponding to the service request packet on the basis of a destination of the service request packet, wherein the policy is used for determining whether to permit reception of the service response packet, and transmit the service request packet to the external network via the external network interface; and a storage unit configured to store information being processed and having been processed by the processing unit, wherein the processing unit receives the service response packet when the policy is a policy to permit the reception of the service response packet and blocks the reception of the service response packet when the policy is a policy to block the reception of the service response packet. - View Dependent Claims (13, 14, 15)
-
Specification