현재 위치: WiKi Security Spirit » VPN Security Architecture (작성중)

차이

문서의 선택한 두 판 사이의 차이를 보여줍니다.

차이 보기로 링크

양쪽 이전 판이전 판
다음 판		이전 판
vpn_security_architecture [2015/05/07 01:40] hsshimvpn_security_architecture [2024/04/04 05:12] (현재) – 바깥 편집 127.0.0.1
줄 12: 줄 12:
                                  
  
- {{wiki:vpn_security:normal_vpn.png}} \\+ {{wiki:vpn_security:normal_vpn.png?nolink}} \\
 *위와 같은 일반적인 VPN구성은 다음과 같은 취약점에 노출될 수 있다. \\ *위와 같은 일반적인 VPN구성은 다음과 같은 취약점에 노출될 수 있다. \\
  
줄 28: 줄 28:
 === VPN 보안 아키텍처 === === VPN 보안 아키텍처 ===
  
- {{wiki:vpn_security:safe_vpn.png}} + {{wiki:vpn_security:safe_vpn.png?nolink}} 
  
  
줄 49: 줄 49:
  
 ^  Actor  ^  보안통제 사항  ^ ^  Actor  ^  보안통제 사항  ^
-|  {{wiki:vpn_security:man_mon.png?50|}} \\ 보안관제  | AC- Access Control Group(접근통제), AT- Awareness And Training Group(교육 및 훈련), AU- Audit And Accountability Group(감사와 추적성), \\ CA- Certification, Accreditation And Security Assessments Group(인증, 승인과 보안평가, CM- Configuration Management Group(설정관리), \\CP- Contingency Planning Group(위급상황 계획), IA- Identification and Authentication Group(계정과 권한), \\IR- Incident Response Group(사고대응), MA- Maintenance Group(업무연속성), MP- Media Protection Group(미디어 보호), \\PE- Physical and Environmental Protection Group(물리적 보안), PL- Planning Group(계획), PS- Personnel Security Group(개별보안), \\RA- Risk Assessment Group(위험평가), SA- System and Services Acquisition Group(시스템과 서비스 도입), \\SC- System and Communication Protection Group(시스템과 통신보안), SI- System and Information Integrity Group(시스템과 정보의 무결성)| +|  {{wiki:vpn_security:man_mon.png?50&nolink|}} \\ 보안관제  | AC- Access Control Group(접근통제), AT- Awareness And Training Group(교육 및 훈련), AU- Audit And Accountability Group(감사와 추적성), \\ CA- Certification, Accreditation And Security Assessments Group(인증, 승인과 보안평가, CM- Configuration Management Group(설정관리), \\CP- Contingency Planning Group(위급상황 계획), IA- Identification and Authentication Group(계정과 권한), \\IR- Incident Response Group(사고대응), MA- Maintenance Group(업무연속성), MP- Media Protection Group(미디어 보호), \\PE- Physical and Environmental Protection Group(물리적 보안), PL- Planning Group(계획), PS- Personnel Security Group(개별보안), \\RA- Risk Assessment Group(위험평가), SA- System and Services Acquisition Group(시스템과 서비스 도입), \\SC- System and Communication Protection Group(시스템과 통신보안), SI- System and Information Integrity Group(시스템과 정보의 무결성)| 
-|  {{wiki:vpn_security:vpn&man.png|}}  \\  장비관리자  |AC- Access Control Group(접근통제), AT- Awareness And Training Group(교육 및 훈련), AU- Audit And Accountability Group(감사와 추적성), \\CA- Certification, Accreditation And Security Assessments Group(인증, 승인과 보안평가, CM- Configuration Management Group(설정관리), \\CP- Contingency Planning Group(위급상황 계획), IA- Identification and Authentication Group(계정과 권한), \\IR- Incident Response Group(사고대응), MA- Maintenance Group(업무연속성), MP- Media Protection Group(미디어 보호), \\PE- Physical and Environmental Protection Group(물리적 보안), PL- Planning Group(계획), PS- Personnel Security Group(개별보안), \\RA- Risk Assessment Group(위험평가), SA- System and Services Acquisition Group(시스템과 서비스 도입), \\SC- System and Communication Protection Group(시스템과 통신보안), SI- System and Information Integrity Group(시스템과 정보의 무결성)| +|  {{wiki:vpn_security:vpn&man.png?nolink|}}  \\  장비관리자  |AC- Access Control Group(접근통제), AT- Awareness And Training Group(교육 및 훈련), AU- Audit And Accountability Group(감사와 추적성), \\CA- Certification, Accreditation And Security Assessments Group(인증, 승인과 보안평가, CM- Configuration Management Group(설정관리), \\CP- Contingency Planning Group(위급상황 계획), IA- Identification and Authentication Group(계정과 권한), \\IR- Incident Response Group(사고대응), MA- Maintenance Group(업무연속성), MP- Media Protection Group(미디어 보호), \\PE- Physical and Environmental Protection Group(물리적 보안), PL- Planning Group(계획), PS- Personnel Security Group(개별보안), \\RA- Risk Assessment Group(위험평가), SA- System and Services Acquisition Group(시스템과 서비스 도입), \\SC- System and Communication Protection Group(시스템과 통신보안), SI- System and Information Integrity Group(시스템과 정보의 무결성)| 
-|  {{wiki:vpn_security:vpn_router&man.png|}}  \\  장비관리자  |AC- Access Control Group(접근통제), AT- Awareness And Training Group(교육 및 훈련), AU- Audit And Accountability Group(감사와 추적성), \\CA- Certification, Accreditation And Security Assessments Group(인증, 승인과 보안평가, CM- Configuration Management Group(설정관리), \\CP- Contingency Planning Group(위급상황 계획), IA- Identification and Authentication Group(계정과 권한), \\IR- Incident Response Group(사고대응), MA- Maintenance Group(업무연속성), MP- Media Protection Group(미디어 보호), \\PE- Physical and Environmental Protection Group(물리적 보안), PL- Planning Group(계획), PS- Personnel Security Group(개별보안), \\RA- Risk Assessment Group(위험평가), SA- System and Services Acquisition Group(시스템과 서비스 도입), \\SC- System and Communication Protection Group(시스템과 통신보안), SI- System and Information Integrity Group(시스템과 정보의 무결성)| +|  {{wiki:vpn_security:vpn_router&man.png?nolink|}}  \\  장비관리자  |AC- Access Control Group(접근통제), AT- Awareness And Training Group(교육 및 훈련), AU- Audit And Accountability Group(감사와 추적성), \\CA- Certification, Accreditation And Security Assessments Group(인증, 승인과 보안평가, CM- Configuration Management Group(설정관리), \\CP- Contingency Planning Group(위급상황 계획), IA- Identification and Authentication Group(계정과 권한), \\IR- Incident Response Group(사고대응), MA- Maintenance Group(업무연속성), MP- Media Protection Group(미디어 보호), \\PE- Physical and Environmental Protection Group(물리적 보안), PL- Planning Group(계획), PS- Personnel Security Group(개별보안), \\RA- Risk Assessment Group(위험평가), SA- System and Services Acquisition Group(시스템과 서비스 도입), \\SC- System and Communication Protection Group(시스템과 통신보안), SI- System and Information Integrity Group(시스템과 정보의 무결성)| 
-|  {{wiki:vpn_security:fw&man.png|}}  \\  장비관리자  |AC- Access Control Group(접근통제), AT- Awareness And Training Group(교육 및 훈련), AU- Audit And Accountability Group(감사와 추적성), \\CA- Certification, Accreditation And Security Assessments Group(인증, 승인과 보안평가, CM- Configuration Management Group(설정관리), \\CP- Contingency Planning Group(위급상황 계획), IA- Identification and Authentication Group(계정과 권한), \\IR- Incident Response Group(사고대응), MA- Maintenance Group(업무연속성), MP- Media Protection Group(미디어 보호), \\PE- Physical and Environmental Protection Group(물리적 보안), PL- Planning Group(계획), PS- Personnel Security Group(개별보안), \\RA- Risk Assessment Group(위험평가), SA- System and Services Acquisition Group(시스템과 서비스 도입), \\SC- System and Communication Protection Group(시스템과 통신보안), SI- System and Information Integrity Group(시스템과 정보의 무결성)| +|  {{wiki:vpn_security:fw&man.png?nolink|}}  \\  장비관리자  |AC- Access Control Group(접근통제), AT- Awareness And Training Group(교육 및 훈련), AU- Audit And Accountability Group(감사와 추적성), \\CA- Certification, Accreditation And Security Assessments Group(인증, 승인과 보안평가, CM- Configuration Management Group(설정관리), \\CP- Contingency Planning Group(위급상황 계획), IA- Identification and Authentication Group(계정과 권한), \\IR- Incident Response Group(사고대응), MA- Maintenance Group(업무연속성), MP- Media Protection Group(미디어 보호), \\PE- Physical and Environmental Protection Group(물리적 보안), PL- Planning Group(계획), PS- Personnel Security Group(개별보안), \\RA- Risk Assessment Group(위험평가), SA- System and Services Acquisition Group(시스템과 서비스 도입), \\SC- System and Communication Protection Group(시스템과 통신보안), SI- System and Information Integrity Group(시스템과 정보의 무결성)| 
-|  {{wiki:vpn_security:man_id.png?50|}}  \\  계정관리자  |AC- Access Control Group(접근통제), AT- Awareness And Training Group(교육 및 훈련), AU- Audit And Accountability Group(감사와 추적성), \\CA- Certification, Accreditation And Security Assessments Group(인증, 승인과 보안평가, CM- Configuration Management Group(설정관리), \\CP- Contingency Planning Group(위급상황 계획), IA- Identification and Authentication Group(계정과 권한), \\IR- Incident Response Group(사고대응), MA- Maintenance Group(업무연속성), MP- Media Protection Group(미디어 보호), \\PE- Physical and Environmental Protection Group(물리적 보안), PL- Planning Group(계획), PS- Personnel Security Group(개별보안), \\RA- Risk Assessment Group(위험평가), SA- System and Services Acquisition Group(시스템과 서비스 도입), \\SC- System and Communication Protection Group(시스템과 통신보안), SI- System and Information Integrity Group(시스템과 정보의 무결성)|  +|  {{wiki:vpn_security:man_id.png?50&nolink|}}  \\  계정관리자  |AC- Access Control Group(접근통제), AT- Awareness And Training Group(교육 및 훈련), AU- Audit And Accountability Group(감사와 추적성), \\CA- Certification, Accreditation And Security Assessments Group(인증, 승인과 보안평가, CM- Configuration Management Group(설정관리), \\CP- Contingency Planning Group(위급상황 계획), IA- Identification and Authentication Group(계정과 권한), \\IR- Incident Response Group(사고대응), MA- Maintenance Group(업무연속성), MP- Media Protection Group(미디어 보호), \\PE- Physical and Environmental Protection Group(물리적 보안), PL- Planning Group(계획), PS- Personnel Security Group(개별보안), \\RA- Risk Assessment Group(위험평가), SA- System and Services Acquisition Group(시스템과 서비스 도입), \\SC- System and Communication Protection Group(시스템과 통신보안), SI- System and Information Integrity Group(시스템과 정보의 무결성)|  
-|  {{wiki:vpn_security:users.png?50|}}  \\  사용자  |AC- Access Control Group(접근통제), AT- Awareness And Training Group(교육 및 훈련), AU- Audit And Accountability Group(감사와 추적성), \\CA- Certification, Accreditation And Security Assessments Group(인증, 승인과 보안평가, CM- Configuration Management Group(설정관리), \\CP- Contingency Planning Group(위급상황 계획), IA- Identification and Authentication Group(계정과 권한), \\IR- Incident Response Group(사고대응), MA- Maintenance Group(업무연속성), MP- Media Protection Group(미디어 보호), \\PE- Physical and Environmental Protection Group(물리적 보안), PL- Planning Group(계획), PS- Personnel Security Group(개별보안), \\RA- Risk Assessment Group(위험평가), SA- System and Services Acquisition Group(시스템과 서비스 도입), \\SC- System and Communication Protection Group(시스템과 통신보안), SI- System and Information Integrity Group(시스템과 정보의 무결성)|+|  {{wiki:vpn_security:users.png?50&nolink|}}  \\  사용자  |AC- Access Control Group(접근통제), AT- Awareness And Training Group(교육 및 훈련), AU- Audit And Accountability Group(감사와 추적성), \\CA- Certification, Accreditation And Security Assessments Group(인증, 승인과 보안평가, CM- Configuration Management Group(설정관리), \\CP- Contingency Planning Group(위급상황 계획), IA- Identification and Authentication Group(계정과 권한), \\IR- Incident Response Group(사고대응), MA- Maintenance Group(업무연속성), MP- Media Protection Group(미디어 보호), \\PE- Physical and Environmental Protection Group(물리적 보안), PL- Planning Group(계획), PS- Personnel Security Group(개별보안), \\RA- Risk Assessment Group(위험평가), SA- System and Services Acquisition Group(시스템과 서비스 도입), \\SC- System and Communication Protection Group(시스템과 통신보안), SI- System and Information Integrity Group(시스템과 정보의 무결성)|

추적: