ClouDoc Effects: 6월 2018

- We will connect you with service product inquiries and consultation related to mcloudoc.

http://www.mcloudoc.com/

#1. Company network structure - Stand Alone

Shall we look at the first structure? This is a structure that is usually used by customer companies with less than 100 users. There is only one server. Employees access and use the server directly from their PCs.

#2. Company network structure - Active-Passive

Next is a structure that is mainly used by customer companies with 100~500 users. ClouDoc servers are configured in pairs like 2, 4, and 6 servers. Each server has a high availability (HA) solution installed.

Among the servers with high availability solutions installed, the Active servers are used for service. If there is a problem with this Active Server, the Passive Server becomes an Active Server to support the service.

# 3. Company network structure - Active-Active

Next is Active-Active. It is mainly used by customers with over 300 users. At least two servers and even up to tens of servers can be used. In this case, load balancing can be done between servers through L4 switching or Load Balancing Service (LBS). A High Availability (HA) solution is only required for database redundancy. ClouDoc is designed to enable Active-Active services without a separate solution. Because all participating servers are always running, server utilization is much higher than Active-Passive.

#4. External document exchange server structure

The ClouDoc server is usually only accessible from the Intranet to prevent attacks by external malignant code. You can build an external document exchange server in the DMZ to securely exchange files with the outside. Employees can exchange files with the outside easily with Windows Explorer.

# 5. External DRM server structure

The external DRM server structure is the same as the external document exchange server structure. The only difference is that the file is encrypted when exported. Employees will encrypt the files in Windows Explorer after acquiring an approval from a team leader to send the files to the outside. Those who receive this document will provide non-repudiation and information leakage protection through security functions including One Time Password.

# 6. Access via VPN during business trip or working at home

If you have traveled outside or need to work at home urgently, you can connect to the ClouDoc server via VPN to work. In some cases, you may connect from outside by using router settings or a virtual desktop program, although we don’t recommend this.

# 7. Access via Proxy server during business trip or working at home

ClouDoc provides connection via Proxy server for both PC and mobile devices. This feature is especially useful for accessing ClouDoc servers on smartphones. Unlike the VPN server, it is very useful because it can access the ClouDoc server from the outside only by setting it up without the need to install a separate program.

#8. Access to external ClouDoc server via Proxy server

ClouDoc's proxy server support was developed for when ClouDoc is outside, not on the Intranet. This feature can be very useful if all corporate Internet connections are only allowed through a proxy server.

# 9. Application to network separation environment

In a network separation environment, ClouDoc performs well through the external document exchange server and data exchange system between networks that exist in a DMZ. A data exchange system between networks is a data movement method used to block the inflow of malicious code between Internet and Intranet.

If you install an external DRM server instead of an external document exchange server in the DMZ, ClouDoc can perform well through the data exchange system between networks.

# 10. Collaborative use information leakage prevention collaboration environment

Let’s look at a work environment where you need to work with the partners, but you do not want the partner's products to leak. Partner employees connect to the VPN server. Next, they go through the proxy server and access the ClouDoc server in the Intranet through the data exchange system between networks.

In this environment, all of the deliverables will be stored on the ClouDoc server when the partner employees work.

ClouDoc's security policy is flexible. Depending on the IP band you connect to, you can apply different security policies, even if they are the same user. If a partner employee turns off the PC and reboots, he/she can deactivate the security policy if not connected to ClouDoc. In this way, security policies can be strengthened while ensuring the convenience of partner companies.

※ Resources

- Download a ClouDoc document centralization solution brochure

(Eng) http://www.net-id.co.kr/renewal/download/ClouDoc_intro_eng.pdf

- Download a mcloudoc document centralization cloud service brochure

(Eng) http://www.net-id.co.kr/renewal/download/mcloudoc_eng.pdf

- How ClouDoc responds to ransomware

(Eng)http://www.net-id.co.kr/renewal/download/Cloudoc_against_ransomware_eng_20171013.pdf

More Information : www.mcloudoc.com

Hello, I am here in Shenzhen, China next to Hong Kong. The China Information and Telecommunications Expo is being held today, and we are here to promote our products. Today's topic is the network separation function. The network separation function is necessary to prevent malicious code from destroying systems and leaking information from the military, government agencies, communication companies, power plants, etc. Today, I will introduce a function that can prevent the leakage of information by installing the software on your PC though mcloudoc functions. I will see you at the expo in a bit!

The leakage of private information from various institutions has been continuing. As a result, the government does not allow business PCs, which are used for important tasks, to be connected to the Internet. But a work environment without Internet is hard to imagine. Thus, they provide two or more PCs to each person so one is connected to the Internet, and the other is disconnected from the Internet. There are three main types of existing network separation environments. The first is to provide two PCs to one employee. One is connected to the Internet, and the other is blocked. This is called physical network separation. The second one is server-based computing providing a VDI environment. Usually you use the Internet on a physical PC, and you do not use the Internet on a virtual machine PC in VDI. The third one is client-based computing providing a virtual machine environment within the physical PC. The first and second methods are not easy to introduce because of the high introductory cost and the ongoing maintenance costs. And the third method seems to not be well suited to the market due to stability problems.

The reason for the high cost structure of the existing network separation solutions is that at least two PC environments should be provided to all employees, so the network must be designed in a dual structure, and a network data exchange system must be provided. The Incheon Metropolitan City Office of Education did not follow the generalized network separation practices and seriously considered the original purpose of preventing information leakage by malicious codes. The Incheon Metropolitan City Office of Education proposed to us how to block information leakage by malicious code simply by installing software on a PC while using the existing business environment. We quickly implemented that concept and applied it to the Incheon Metropolitan City Office of Education.

First, the administrator divides the IP address into the Intranet and the Internet. Some sites such as banks, National Tax Service, and government agencies may be included as Intranet if necessary. The mcloudoc central drive is only connected to the Intranet mode and not visible in Internet mode. Internet connection is blocked in Intranet mode and Intranet connection is blocked in Internet mode. The exchange of data between the Intranet and the Internet uses a function called Document Export Secure Disk. In Intranet mode, the export of a central document requires approval. Documents saved on the exported disk in the Internet mode can be viewed in the Internet mode. In this way, it provides an excellent network separation environment without changing the network environment and without a network data exchange system. In this environment, even if your PC is infected with malicious code on the Internet in the Internet mode, this malicious code cannot leak information outside.

And to show you, I included Google as an Intranet site, on the Internal mode. Let me connect. It is well connected. Now I will go to the Internet mode.

The Central Drive is gone. Let's connect to the Internet site, Facebook. It is well connected. Let's connect to the in-house calendar site. It doesn’t work. And the Document Export Secure Disk shown here can be used to exchange data between Internet and Intranet by using it in both modes.

There are some precautions when an administrator sets up the list of IP bands for Intranet mode and Internet mode. First, this is for Intranet mode. In the Intranet mode, it is necessary to confirm that all the required servers including the DNS server, groupware server, and remote support site are included in the allowed IP band. The list of allowed servers can be set up in comparison with the mcloudoc basic policy to reduce trial and error. And in Intranet mode, there are exceptions that allow multiple Internet sites for specific purposes. If you need to add more sites continuously because there are too many, it is better to affiliate. And if you have a single site but need to use more domains and IP addresses internally, we recommend that you also join it with the Intranet mode.

Then let’s look at the precautions in the Internet mode. In Internet mode, you need a DNS or Windows update server. You need to check if the connection is blocked.

And since you may need some Intranet services on Internet mode, you should also make a careful comparison with the mcloudoc basic policy to set it up and help reduce trial and error.

There are precautions when setting the IP band for Intranet and Internet mode. If you need a DNS server, groupware server, and remote support site in the allowed IP band in Intranet mode in your work, you need to make sure these servers are included. You can reduce the trial and error by setting the list of servers to allow in line with the mcloudoc basic policy that we provide. And, in some cases, employees may request additional servers that are needed in Intranet mode. First, it is recommended not to include them if there will be more of these sites. Second, we recommend that you do not add to the Internet mode if you have one site but need to add a lot of IPs with it, or if you need to add another domain name other than the site name.

These are the precautions for Internet mode, and it’s same for Internet mode. DNS servers and Windows update servers are also required. If it is blocked because it is an Intranet IP address, you will need to allow it. If you use the policy settings provided by mcloudoc even in Internet mode, you can easily set the policy without error.

The Privacy Act stipulates that the Internet must be controlled when using a personal information processing system. NetworkLock can be operated under this condition. NetworkLock can control the use of the Internet in the Intranet mode for personal information processors even when the network is not completely separated between the Intranet and the Internet. And NetworkLock can set different network control policies according to each person's job. For each user, you can assign a server access permission or an internet site access permission differently. However, NetworkLock is not a condition for privacy authentication, it also requires additional security solutions such as firewalls, antivirus, network access control, and DB access control.

The first effect is to prevent malicious code infection, and the second is to prevent information from being leaked by malicious code. Infection with malicious code causes problems such as inconvenience or data loss. However, the leakage of information by malicious code causes a bigger problem. Our precious information is leaked to the enemy, and it brings a terrible result that can be economically or militarily irreversible.

Therefore, information leakage by malicious code is a much bigger problem than malicious code infection. However, a number of local governments requiring network separation are not able to separate networks due to cost problems. NetworkLock provides the most effective way to prevent the leakage of information by this malicious code, and does so at a low cost.

#10

I have just explained NetworkLock, our network separation function. Now, I hope that our information communications network act reflects these latest technologies. If security is applied through differentiating by task, an effective information leak prevention environment can be established.

So here is my question today.

"What are the advantages and disadvantages of NetworkLock as a network separation function?". Please leave a comment below the video.

Please subscribe to mcloudoc today and I’d appreciate it if you click like.

Let me finish up here. See you in the next video.

※ Resources (블로그)

- Download a ClouDoc document centralization solution brochure

(Kor) http://www.net-id.co.kr/renewal/download/ClouDoc_intro_kor.pdf

(Eng) http://www.net-id.co.kr/renewal/download/ClouDoc_intro_eng.pdf

(Jpn) http://www.net-id.co.kr/renewal/download/ClouDoc_intro_jpn.pdf

(Chn) http://www.net-id.co.kr/renewal/download/ClouDoc_intro_chn.pdf

- Download a mcloudoc document centralization cloud service brochure

(Kor) http://www.net-id.co.kr/renewal/download/mcloudoc_kor.pdf