1. °³¿ä
nProtect WebFirewallÀº ¾ÇÀÇÀûÀÎ ÇØÅ· ½Ãµµ ¹× À¥À» ÅëÇÑ ¼Õ½¬¿î Á¢±ÙÀ» ÅëÇØ ÀǵµÇÏÁö ¾Ê¾Ò´ø Áß¿ä Á¤º¸°¡ ³ëÃâµÇ´Â À§Çè µîÀ» ¿øõ Â÷´Ü ÇÒ ¼ö ÀÖ´Â Á¦Ç°À¸·Î ¹æȺ®(N/F), ħÀÔŽÁö½Ã½ºÅÛ(IDS), ħÀÔ¹æÁö½Ã½ºÅÛ(IPS)µî ±âÁ¸ÀÇ ³×Æ®¿öÅ© ±â¹ÝÀÇ º¸¾È ¼Ö·ç¼ÇÀ¸·Î´Â ¹æ¾î¿¡ ÇÑ°è°¡ ÀÖ´Â HTTP/HTTPS ±âŸ Web service ÇÁ·ÎÅäÄݵ ´ëÇÑ À¥ ÇØÅ· °ø°ÝÀ» Â÷´Ü ÇÒ ¼ö ÀÖ´Â ±¹³»CCÀÎÁõ(EAL4)À» ȹµæÇÑ Appliance ±â¹ÝÀÇ À¥ ¾ÖÇø®ÄÉÀÌ¼Ç ¹æȺ®ÀÔ´Ï´Ù.
2. Á¦Ç° Àû¿ë°¡´ÉºÐ¾ß
- À¥»çÀÌÆ® º¸¾È : ºñÁî´Ï½º »çÀÌÆ®, E-Commerce, °ø°ø/±ÝÀ¶/Åë½Å ¹× ¿£ÅÍÇÁ¶óÀÌÁî
- À¥°èÁ¤ ¹× ÄÁÅÙÃ÷ º¸¾È : Identity Access, ÄÁÅÙÃ÷ ¸ð´ÏÅ͸µ, ÀÎÅÍ³Ý °Ô½ÃÆÇ, ÀÎÅÍ³Ý ºí·Î±×, HTML ȣȯ ÄÁÅÙÃ÷
- ÀüÀÚ°áÁ¦ ½Ã½ºÅÛ º¸¾È : ÀÎÅÍ³Ý Áõ¸í¼ ¹ß±Þ, ÀÎÅÍ³Ý ¹ðÅ·, Ȩ¼îÇÎ ¹× ¼îÇθô, °¢Á¾ ÀüÀÚ»ó°Å·¡ ¹× ºô¸µ ½Ã½ºÅÛ µî
- ÀÎÆ®¶ó³Ý º¸¾È : ±×·ì¿þ¾î ¹× ERP µîÀ¥ ¾ÖÇø®ÄÉÀ̼Ç
3. Á¦Ç° Ư¡
3-1. Web Application Ãë¾àÁ¡ Â÷´Ü
- Positive Rule Àû¿ë ¸ðµ¨À» ÅëÇÑ OWASP 10´ë À¥ ÇØÅ· ´ëÀÀ
- ¼¹ö Á¤º¸ º¯Á¶ ¹æÁö ±â´É
- SSLÀ» ÅëÇÑ ¼¹ö / URLº° ÄÁÅÙÃ÷ ¾ÏÈ£È Áö¿ø
- Áß¿ä URL Á¢±Ù Çã¿ë IP List °ü¸®
- DDoS °ø°Ý ¹æ¾î ±â´É
- ¼¹ö Á¤º¸ °¨Ã߱⠱â´É (Server: X-Powered-by: Çì´õ, ¿¡·¯ÄÚµå)
- ´Ù¾çÇÑ Alarm ±â´É ( µå·Ó / Log / Mail / Redirect / Warning)
3-2. Positive Rule(º¸¾È Rule ±¸¼º)
- OWASP¿¡¼´Â À¥ ¾îÇø®ÄÉÀÌ¼Ç º¸¾ÈÀ» À§Çؼ Positive ¸ðµ¨À» ±ÇÀå
- À¥ ¼¹ö/URL/Äõ¸® º°·Î Çã¿ëÇÒ ¼ö ÀÖ´Â ·êÀ» °¡Áö°í À¥ Æ®¸® ±¸¼º
- ÇØÄ¿ÀÇ À¥ ¼¹ö ºÐ¼® ½Ãµµ ¹× °ø°ÝÀ» ¿øõÀûÀ¸·Î Â÷´Ü
3-3. °³ÀÎÁ¤º¸º¸È£
- Áֹεî·Ï¹øÈ£/½Å¿ëÄ«µå ¹øÈ£ À¯Ãâ Â÷´Ü
- ÄíÅ° ¾ÏÈ£È ¹× ¼¼¼Ç º¯Á¶¹æ¾î·Î ¼¼¼Ç ÇÏÀÌÀçÅ· Â÷´Ü
- ±ÝÄ¢¾î °ü¸®¸¦ ÅëÇÑ ºÒ¹ý °Ô½Ã±Û ÀÚµ¿ Â÷´Ü
- Hidden Form º¯Á¶¹æ¾î¸¦ ÅëÇØ °³ÀÎ ¼¼¼Ç Á¤º¸ º¸¾È
4. ƯÀåÁ¡
CCÀÎÁõ(EAL4) ȹµæ, ±¹Á¤¿ø º¸¾ÈÀûÇÕ¼º °ËÁõÇÊ, Good Software(GS)ÀÎÁõ ȹµæ
[Á¤º¸º¸È£21c (info@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(http://www.boannews.com/) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>