|
||||||||||
|
||||||||||
|
||||||||||
|
||||||||||
KSE(Korea Stock Exchange) is the security market which transacts the spot goods and |
||||||||||
derivatives, such as stock, bonds, stock index futures and options, etc. KSE is one of the |
||||||||||
biggest stock exchange markets in the world. |
||||||||||
|
||||||||||
|
||||||||||
|
||||||||||
The data used at KSE is highly classified with national security implications. Thus, it has to be |
||||||||||
strongly protected and secured against any possible espionage and network hacking from the |
||||||||||
internet. Until recently, KSE had maintained two separate networks, one network cable for |
||||||||||
internal network and the other network cable for external network, to assure the network |
||||||||||
security. And KSE used two LAN cards to use the two separate networks. |
||||||||||
In this case, the external users - just few restricted number of employees -had two IP |
||||||||||
addresses for each LAN card. They used two different IP addresses for each LAN card and two |
||||||||||
physically separate networks, so that they thought it would be fare enough to protect and |
||||||||||
secure their internal network. |
||||||||||
But there is one thing they failed to notice. Even though the internal and external networks were |
||||||||||
separated physically and IP address of each LAN card is different, you would say that their |
||||||||||
internal and external network are physically connected through LAN cards all the time. |
||||||||||
The meaning of physical network connection between the internal and external network is that |
||||||||||
there is possibility of hackers penetrating into their internal network. To prove the vulnerability |
||||||||||
of this network configuration, FNET conducted a hacking simulation before the security |
||||||||||
administrator of KSE. With kinds of Trojan-horse, the internal network of KSE was penetrated |
||||||||||
without any difficulty. |
||||||||||
|
||||||||||
|
||||||||||
|
||||||||||
KSE must provide its employees the complete and effcient access to information on the internet |
||||||||||
without any compromising data and information security. The decision of KSE was to install |
||||||||||
NetSwitch II-M and to install IPChanger, a bundle program of NetSwitch II-M, on each desktop |
||||||||||
where access to both internal and external network separation with one LAN card, on a single |
||||||||||
network cable. |
||||||||||
First of all, they installed NetSwitch II-M between the internal and external HUB. |
||||||||||
NetSwitch II-M switches the physically separated networks whenever each user demands the |
||||||||||
network conversion. In order to switch the network into another, each user clicks the icon of |
||||||||||
IPChanger, a bundle program of NetSwitch II-M installed on each user's desktop. |
||||||||||
Then IPChanger generates a special packet and transmits the packet into NetSwitch II-M. |
||||||||||
NetSwitch II-M analyzes the packet and switches the network into another. And IPChanger |
||||||||||
reconfigures IP address - if the network is physically separated, it is quite natural that you |
||||||||||
should use two IP addresses for each network - of your computer, in order to access the other |
||||||||||
network. In order to reconfigure IP address on one LAN card, basically it requires a system |
||||||||||
reboot. But IPChanger ensure the reconfiguration of IP address without any system reboot, |
||||||||||
within 1.5 seconds. |
||||||||||
On top of it, IPChanger offers a specific function that you can hide the folder of desktop |
||||||||||
when you are connected with the external network. Specially, KSE employees manage very |
||||||||||
important data and information. So they should protect and secure each user's computer, |
||||||||||
apart from the internal network security. If there is any folder needed to be protected, you |
||||||||||
can define the folder invisible to the external network, through IPChanger. |
||||||||||
|
||||||||||
|
||||||||||
|
||||||||||
Through the physical network separation of NetSwitch II-M and the additional functions of |
||||||||||
IPChanger, KSE can provide its all employees the complete and efficient access to the |
||||||||||
information on the internet without any compromising their internal network security. |
||||||||||
There is not any physical connection between the internal and external networks. It means |
||||||||||
that there is not any hole of hackers penetrating into the internal network. |
||||||||||
|
||||||||||
Copyright by FNET(C) since 1998, All rights reserved |