|
°·ÂÇÑ Á¢±Ù±ÇÇÑ ÅëÁ¦ (Pobust Authorization)
|
ÀüÀÚ¼¸í ÀÎÁõ±â¹Ý »ç¿ëÀÚ ½Å¿øÈ®ÀÎ (PKI based User Authentication)
 X.509 v3 ±¹Á¦Ç¥ÁØ Áؼö
- ÀüÀÚ¼¸í ¾Ë°í¸®Áò : RSA, DSA, ECC, KCDSA
- Çؽ¬ ¾Ë°í¸®Áò : MD5, SHA-1, HAS-160
- ¾ÏÈ£ ¾Ë°í¸®Áò : 3DES, AES, ARIA, IDEA, SEED
±¹³»/¿Ü °øÀÎÀÎÁõ¼ ¿¬µ¿ Áö¿ø
- ±ÝÀ¶°áÁ¦¿ø µî ±¹³» 6°³ °øÀÎÀÎÁõ±â°ü ÀÎÁõ¼ ¿¬µ¿ °¡´É
Á¤ÅëºÎ°í½Ã Á¦2006-37È£(Á¤º¸½Ã½ºÅÛÀÇ ±¸Ãࡤ¿î¿µ ±â¼úÁöħ)ÀÇ ¡®º¸¾È¼¼ºÎÁöħ¡¯ Áؼö
Á¤º¸»çȸÁøÈï¿ø Á¤º¸½Ã½ºÅÛ ±â¼ú °¡À̵å¶óÀÎ2.0 ¼¹öº¸¾È Áöħ»çÇ× Áؼö
- ¹ß±Þ¹ÞÀº ÀÎÁõ¼¸¦ ÅëÇØ 23°³ ÀÌ»óÀÇ ½Ã½ºÅÛ ÄÝ Á¢±ÙÁ¦¾î(Access Control) ±â´É Á¦°ø
|
¿ªÇÒ±â¹ÝÀÇ Á¢±ÙÅëÁ¦ (Role Based Access Control)
»ç¿ëÀÚÀÇ ¿ªÇÒ¿¡ ±Ù°ÅÇÑ °Á¦Àû Á¢±ÙÅëÁ¦
- »ç¿ëÀÚ ¿ªÇÒÀÇ ÇÒ´ç : X.509 v3 ÀÎÁõ¼¿¡ »ç¿ëÀÚÀÇ ÀÛ¾÷±ÇÇÑÀ» µî·Ï
- ½Ã½ºÅÛ ÀÚ¿ø Á¢±ÙÅëÁ¦ : »ç¿ëÀÚ ¿ªÇÒ¿¡ µû¶ó ½Ã½ºÅÛ ÄÝ¿¡ ´ëÇÑ °Á¦Àû Á¢±ÙÅëÁ¦
|
´ÙÁßµî±Þ Á¢±ÙÅëÁ¦ (Multi Level Security)
¸ðµç ½Ã½ºÅÛ ±¸¼º¿ä¼Ò¿¡ ´ëÇØ º¸¾È¼öÁØ°ú ¾÷¹« ¿µ¿ª¿¡ µû¶ó º¸¾Èµî±Þ ¹× º¸È£¹üÁÖ ºÎ¿©
- ÁÖ¿ä ÆÄÀÏ, »ç¿ëÀÚ, µð·ºÅ丮 ¹× ÇÁ·Î¼¼½º¿¡ ´ëÇÑ °·ÂÇÑ Á¢±ÙÁ¦¾î ±â´É
|
ÃÖ¼Ò±ÇÇÑ & ±ÇÇѺи® (Least Privilege & Separation of Duty)
½Ã½ºÅÛ°ü¸®ÀÚ ¹× º¸¾È°ü¸®ÀÚÀÇ ¾ö°ÝÇÑ ºÐ¸® (Separation of duty)
- º¸¾È°ü¸®ÀÚ ¹× rootÀÇ ±â´ÉÁ¦ÇÑ ¹× ±ÇÇÑ ºÐ¸®, »óÈ£ °ßÁ¦ ±â´É
½Ã½ºÅÛ°ü¸®ÀÚ´Â ½Ã½ºÅÛ ¿î¿µ ±ÇÇѸ¸ ¼ÒÀ¯ (Least Privilege)
- ½Ã½ºÅÛ °ü¸® ¹× ¼³Á¤À» À§Çؼ´Â ÀüÀÚ¼¸í ÀÎÁõ ÇÊ¿ä
|
±ÇÇÑ À̾ç
ƯÁ¤ »ç¿ëÀÚ°¡ ƯÁ¤ ¸í·É¾î¸¦ ½ÇÇàÇÒ °æ¿ì, ±ÇÇÑÀ§ÀÓ°ü¸® ±â´É Á¦°ø
|
|
Áö´ÉÇü ħÀÔŽÁö ¹× ¹æ¾î (IIDP : Intelligent Intrusion Detection & Prevention)
|
Áö´ÉÇü ħÀÔŽÁö (Intelligent Intrusion Detection)
ħÀÔŽÁö ¹æ½Ä : Hybrid Scheme (Signature & Anomaly Detection)
½Ã½ºÅÛ °ø°Ý ħÀÔŽÁö : BOF(Buffer Over-Flow), Race Condition µî
³×Æ®¿öÅ© °ø°Ý ħÀÔŽÁö : Internet Worm & Virus, DOS µî
|
´Éµ¿Çü ħÀÔ¹æ¾î (Dynamic Intrusion Prevention)
´Éµ¿Àû ħÀÔÂ÷´Ü (Dynamic intrusion blocking)
- ħÀÔ½ÅÈ£ ¹ß»ý°ú µ¿½Ã¿¡, ħÀÔ°ü·Ã ÇÁ·Î¼¼½º ¹× ·Î±ä-¼¼¼ÇÀÇ °Á¦ Á¾·á
Áö´ÉÀû ħÀÔ¹æ¾î (Intelligent intrusion defense)
- ħÀÔÀÚ °ü·Ã Á¤º¸¸¦ Server F/W¿¡ Àü¼Û
- Server F/WÀº ħÀÔ Á¤º¸¸¦ ºí·¢¸®½ºÆ®¿¡ ÀÚµ¿ µî·ÏÇÏ¿© ÇâÈÄ Ä§ÀÔÀ» ¿øõ Â÷´Ü
|
|
