Currently, issues of cybersecurity or anti-hackers are ongoing issues
the attention of many agencies, organizations and the whole community, especially with the units
absolute security requirements. According to a recent assessment, Vietnamese websites and intranets
Men have a high level of insecurity. Vietnam is one of 3 vulnerable countries
The most important thing about network security. According to the 2011 report of the Ministry of Public Security, the security situation
Vietnam's cybersecurity has become very serious, especially in relations
politicians, banks and major corporations.
Since 2004, the Minister of Public Security, there has been Decision No. 71A / 2004 / QD-BCA,
Regulations on ensuring network safety and security related to Internet use and management are available
solutions that prohibit the act of "Keeping information, documents and data on computers connected to the Internet
belongs to state secrets ". This measure is explained in many wrong ways such as" prohibited
Absolutely use the Internet "," each civil servant must be equipped with 2 computers "or
"Computers with confidential documents are not connected to the Internet", ...
There are two growing needs in state agencies and in businesses
is working remotely and accessing the Internet. Strictly banning the use of the Internet is the opposite
with the policy of IT application to modernize the country. Currently, the public officials
The organization has a habit of downloading legal documents and forms from the Websites
Government offers to help with document drafting and professional work
other. Reading news, improving knowledge by using resources on the Internet
becomes a habit and an indispensable means of working for the rolling
the set. All preventive measures lead to spontaneous "overcoming" measures, making the situation
more and more complicated to control. Besides, the leaders go on business or far away
Work from home also needs access to intranets for dispatch, single and mail processing
read documentary file.
Using two computers, or not being connected, does not increase security
into security. Due to the needs of work, civil servants often use storage devices
follow the USB port, 3G access device, ... or completely switch to a personal laptop
and distributing confidential resources, documents, data in a mess to break all regulations and
Internal security policy is in place. Security is a human matter. Without receiving
formula, along with technical measures to make the job convenient and one
The policy is clear, easy to implement, and pure administrative measures will be useless and obstructive
progress and cause a waste of the state's wealth that the situation will keep it confidential
increasingly difficult to control.
The V-AZUR solution is owned by VIEGRID., JSC in technology and broadcasting
development, is the only current set of solutions based on patented technology
Patent invention 2015 in Vietnam. Relevant safety requirements are met
network security in Decision 71A / 2004 / QD-BCA. The V-AZUR solution suite has been
Research and testing techniques of the Police Department of Crime Prevention and Control public use
High technology (C50) - The Ministry of Public Security certified as a simple, inexpensive solution and:
"Cannot be broken using known methods".
Safe Internet access: Allows users who are working on internal networks,
no physical Internet connection, access to the Internet in a safe and environment
Protect data security, prevent data loss, information and prevent code exposure
poison.
Safe remote work: Allows users with Internet access to access
local network and remote work, prevent data loss and prevent malicious code exposure.
The above functions are performed on the basis of compliance with the provisions of the Decision
71A / 2004QĐ-BCA by Minister of Public Security. Specifically:
a. Users use the V-EAGLE Client software on workstations on the network
in no Internet connection, enabled a security protocol according to technology
Viegrid's VCM12, which connects the keyboard and monitor of this workstation to the server
The V-EAGLE is in the external network.
b. The V-EAGLE server, after controlling the access of the workstation, starts up
a browser in an environment isolated from the operating system. All pictures of
the virtualized browser is transmitted to the desktop of the client on the internal network, and
the action on the machine's keyboard is transmitted to the browser application
thanks to the above protocol.
c. Between applications, information on the workstation on the internal network and the virtualized browser
on V-EAGLE there is absolutely no data exchange, even accidentally
or on purpose. Therefore, the user cannot transfer data or documents to the external network and
from there on the Internet and it is not possible to send malicious code onto the internal network, either
accidental or intentional.
d. Documents downloaded from the Internet, if the user needs to transfer to the internal network,
The system will perform the scan and only allow files that are specified as safe
is transferred to the internal network thanks to the above security protocol. The user will open
these files at workstation, in an isolated environment for complete removal
malicious code infection into the internal network.
a. Users using V-PHOENIX Client software to access the external network
internal network. The VIE-VPN2.0 component of the V-PHOENIX Client checks
The permissions are based on the parameters installed on the software and the parameters
the hardware of the remote workstation has been pre-registered.
b. After the remote access machine has become a member of the external network, part
V-PHOENIX Client software continues to enable the above security protocol to connect
connect the remote workstation's display and keyboard to a virtualization application on the server
V-PHOENIX on the internal network and started to access information documents in the network
in.
c. Thanks to a similar mechanism, during the session the application virtualizes completely
isolated from applications, clipboard, and remote access device memory. Hence the work
transmit malicious code from the outside in and lose data from the inside network to the Internet
absolutely excluded.
As shown in Figure 1, the V-AZUR Solution Suite consists of the following components:
1. V-EAGLE browser virtualization servers installed on the external network, helping to run the programs
browsing has been virtualized.
2. The V-EAGLE Client software installed on the workstations on the internal network, helps display
virtualized browsers on the desktop of workstations on the internal network.
3. Virtualization servers for V-PHOENIX applications are installed in the internal network, helping to work remotely.
4. V-PHOENIX Client software installed on remote workstations to help connect VPN
Secure and display virtualized applications on the screen of the remote workstation.
5. VCM12-VS software, help check firewall configuration, detect and fill vulnerabilities
Security on internal firewall separates the internal and external networks.
In order to maximize the efficiency of the V-AZUR solution, the intranet needs to be configured
Figure match, including the following key points:
1. Internal network is divided into internal and external networks, which are virtual internal networks
(VLAN). In which, the internal network is not allowed to have Internet connection.
2. The internal network is separated from the external network by a functional internal firewall
The equivalent of Microsoft's ISA.