Currently, issues of cybersecurity or anti-hackers are ongoing issues
the attention of many agencies, organizations and the whole community, especially with the units
absolute security requirements. According to a recent assessment, Vietnamese websites and intranets
Men have a high level of insecurity. Vietnam is one of 3 vulnerable countries
The most important thing about network security. According to the 2011 report of the Ministry of Public Security, the security situation
Vietnam's cybersecurity has become very serious, especially in relations
politicians, banks and major corporations.
Since 2004, the Minister of Public Security, there has been Decision No. 71A / 2004 / QD-BCA, Regulations on ensuring network safety and security related to Internet use and management are available solutions that prohibit the act of "Keeping information, documents and data on computers connected to the Internet belongs to state secrets ". This measure is explained in many wrong ways such as" prohibited Absolutely use the Internet "," each civil servant must be equipped with 2 computers "or "Computers with confidential documents are not connected to the Internet", ... There are two growing needs in state agencies and in businesses is working remotely and accessing the Internet. Strictly banning the use of the Internet is the opposite with the policy of IT application to modernize the country. Currently, the public officials The organization has a habit of downloading legal documents and forms from the Websites Government offers to help with document drafting and professional work other. Reading news, improving knowledge by using resources on the Internet becomes a habit and an indispensable means of working for the rolling the set. All preventive measures lead to spontaneous "overcoming" measures, making the situation more and more complicated to control. Besides, the leaders go on business or far away Work from home also needs access to intranets for dispatch, single and mail processing read documentary file.
Using two computers, or not being connected, does not increase security into security. Due to the needs of work, civil servants often use storage devices follow the USB port, 3G access device, ... or completely switch to a personal laptop and distributing confidential resources, documents, data in a mess to break all regulations and Internal security policy is in place. Security is a human matter. Without receiving formula, along with technical measures to make the job convenient and one The policy is clear, easy to implement, and pure administrative measures will be useless and obstructive progress and cause a waste of the state's wealth that the situation will keep it confidential increasingly difficult to control. The V-AZUR solution is owned by VIEGRID., JSC in technology and broadcasting development, is the only current set of solutions based on patented technology Patent invention 2015 in Vietnam. Relevant safety requirements are met network security in Decision 71A / 2004 / QD-BCA. The V-AZUR solution suite has been Research and testing techniques of the Police Department of Crime Prevention and Control public use High technology (C50) - The Ministry of Public Security certified as a simple, inexpensive solution and: "Cannot be broken using known methods".
Safe Internet access: Allows users who are working on internal networks,
no physical Internet connection, access to the Internet in a safe and environment
Protect data security, prevent data loss, information and prevent code exposure
Safe remote work: Allows users with Internet access to access local network and remote work, prevent data loss and prevent malicious code exposure. The above functions are performed on the basis of compliance with the provisions of the Decision 71A / 2004QĐ-BCA by Minister of Public Security. Specifically:
a. Users use the V-EAGLE Client software on workstations on the network
in no Internet connection, enabled a security protocol according to technology
Viegrid's VCM12, which connects the keyboard and monitor of this workstation to the server
The V-EAGLE is in the external network.
b. The V-EAGLE server, after controlling the access of the workstation, starts up a browser in an environment isolated from the operating system. All pictures of the virtualized browser is transmitted to the desktop of the client on the internal network, and the action on the machine's keyboard is transmitted to the browser application thanks to the above protocol. c. Between applications, information on the workstation on the internal network and the virtualized browser on V-EAGLE there is absolutely no data exchange, even accidentally or on purpose. Therefore, the user cannot transfer data or documents to the external network and from there on the Internet and it is not possible to send malicious code onto the internal network, either accidental or intentional.
d. Documents downloaded from the Internet, if the user needs to transfer to the internal network, The system will perform the scan and only allow files that are specified as safe is transferred to the internal network thanks to the above security protocol. The user will open these files at workstation, in an isolated environment for complete removal malicious code infection into the internal network.
a. Users using V-PHOENIX Client software to access the external network
internal network. The VIE-VPN2.0 component of the V-PHOENIX Client checks
The permissions are based on the parameters installed on the software and the parameters
the hardware of the remote workstation has been pre-registered.
b. After the remote access machine has become a member of the external network, part V-PHOENIX Client software continues to enable the above security protocol to connect connect the remote workstation's display and keyboard to a virtualization application on the server V-PHOENIX on the internal network and started to access information documents in the network in. c. Thanks to a similar mechanism, during the session the application virtualizes completely isolated from applications, clipboard, and remote access device memory. Hence the work transmit malicious code from the outside in and lose data from the inside network to the Internet absolutely excluded.
As shown in Figure 1, the V-AZUR Solution Suite consists of the following components:
1. V-EAGLE browser virtualization servers installed on the external network, helping to run the programs browsing has been virtualized. 2. The V-EAGLE Client software installed on the workstations on the internal network, helps display virtualized browsers on the desktop of workstations on the internal network.
3. Virtualization servers for V-PHOENIX applications are installed in the internal network, helping to work remotely. 4. V-PHOENIX Client software installed on remote workstations to help connect VPN Secure and display virtualized applications on the screen of the remote workstation.
5. VCM12-VS software, help check firewall configuration, detect and fill vulnerabilities Security on internal firewall separates the internal and external networks. In order to maximize the efficiency of the V-AZUR solution, the intranet needs to be configured Figure match, including the following key points:
1. Internal network is divided into internal and external networks, which are virtual internal networks (VLAN). In which, the internal network is not allowed to have Internet connection. 2. The internal network is separated from the external network by a functional internal firewall The equivalent of Microsoft's ISA.