SYSTEM AND METHOD FOR SEPARATING NETWORK BASED VIRTUAL ENVIRONMENT

摘要

PURPOSE: A virtualization based network separation system and a method are provided to reduce risk such as an intended information leakage by an insider or hacking by enabling network separation with only a minimum of change. CONSTITUTION: A virtualization based network separation system comprises a client terminal (210), an internal network (228), and an external network (232). The client terminal distinguishes a process attempting network connection by generating virtual environment logically separated from an actual operation system and by confirming the attempt at the network connection of the process when a predetermined process is performed. The client terminal routes the distinguished process with a selection control signal according to the process performed in the actual operation system or the generated virtual environment. The terminal is controlled in order to be connected to predetermined network interface through TCP/IP and determines the network connection according to a network type of an IP address allocated to the process. [Reference numerals] (212) Operation management unit; (214) Virtual environment; (216) Actual environment; (218) Control unit; (220) NIC selector; (222) TCP/IP; (224) Virtual NIC; (226) Physical NIC; (228) Internal network; (230) VPN server; (232) External network; (AA) Client terminal; (BB) Virtual process; (CC) Actual process; (DD) Client terminals