Recently, with the wide spread of computers, data which had been manually handled can be processed in digitalized format by computers.
The increase of data processing and computer communications provides benefits to people, however, it may cause information outflow for a malicious purpose.
In most cases, information outflow to a competing organization is done by a person working for the victim organization, rather than by an external source.
Referring to FIG. 1, conventional methods for flowing out information from an organization can be explained as follows.
The data outflow can be classified into a case executed by an output device such as printers or monitors connected to a computer system of an organization or a portable storage device such as diskettes, hard disks, CD-R, Zip drivers or CD-RW, and a case executed by Internet or PSTN through a modem attached to a computer (for instance, data outflow through file uploading to a bulletin or data collections, e-mail, web-mail, FTP, Internet web-hard, and chatting programs, etc.)
Conventional methods for preventing information outflow have problems as follows.
Defensive Measures against Data Outflow through Floppy Disks
Conventional method I: Floppy disks are removed from personal computers of all public users in order to achieve an in-advance prevention against data outflow through floppy disks.
Conventional method II: Floppy disks are prevented from reading when floppy disks are carried out of an organization.
Problem: Method I suffers a problem in that public users may not use floppy disks, and method II suffers a problem in that specific floppy disks should be discriminated from common disks, and the computer used in the other organization may not discriminate if the disk is for an internal use, formatted one, or damaged one. Furthermore, log data for the data outflow through a floppy disk is not created, thus making it impossible to recognize the data related to trial of data outflow through floppy disks.
Defensive Measures against Data Outflow through Hard Disks
Conventional method: Master boot record is encrypted so as to prevent the system from booting by other user.
Problem: There is no countermeasure to prevent data outflow executed by the owner of the hard.
Defensive Measures against Data Outflow through Zip-disk, CD-R or the like
Conventional method: A storage medium such as Zip-disk or CD-R is an auxiliary storage device which is gaining in popularity over recent few years, and has a high efficiency. To achieve an in-advance prevention against internal data outflow, Zip-disk drives and CD-R drives should be removed or eliminated from personal computers of all public users, and all communication interfaces (like USB, serial port, parallel port and wireless port) which are employed for a connection between MP3 player and a personal computer, should be removed so as to prevent data outflow through a digital audio player like MP3 player.
Problem: Public users may not use a portable storage medium.
Defensive Measures against Data Outflow through Print Outputs or Monitor Outputs
Conventional method: The content being printed out is monitored through an administration server. This method is described in detail in Korean Patent Application No. 2000-30133entitled “System and method for monitoring and preventing data outflow through output device” which the applicant of the present invention has filed to the Korean Industrial Property Office.
Defensive Measures Against Data Outflow through Internet or PSTN
I. Data outflow through e-mail                Attach important file        copy the important portion of file and paste the same to a mail text        open important file and input the content of the file to a mail text        
Conventional method: Content of the mail text and the attached file is checked so as to determine whether to transmit the mail.
Problem: When the attached file is encrypted or compressed, content search is impossible. There exists therefore a restriction of searching the content of the e-mail or the attached file.
II. Data outflow through data upload through HTTP(including web mail)
Conventional method: Data outflow through web sites is performed through “post” which is an internal command for HTTP, the command “post” itself can be made unavailable by controlling, through a firewall, commands available in HTTP.
Problem: Since this method prevents file transmission for all cases, work efficiency may be deteriorated due to the trouble of sending a file even if the file is an ordinary one.
III. Data outflow through FTP
Conventional method: This method is performed by using the file transmission command “put”, and the command “put” itself can be made unavailable by controlling, through a firewall, commands available in HTTP.
Problem: Since this method prevents file transmission for all cases, work efficiency may be deteriorated due to the trouble of sending a file even if the file is an ordinary one.
IV. Data outflow through data upload through TELNET or RLOGIN(Z-modem, KERMIT or the like)
Conventional method: Data upload is the most common method of data outflow through TELNET, and protocols like Z-modem or KERMIT are used in this method. A firewall serves to restrict data download and upload through the use of protocols such as Z-modem or KERMIT over TELNET.
Problem: There exist other methods than data uploading or downloading over TELNET. Therefore, if the data is transmitted as encoded format rather than as a plain text format, it is impossible to search data even through a key-word search. This means that there exists explicit limitations for preventing data outflow over the use of TELNET.
V. Data outflow through PSTN
Conventional method: It is extremely difficult to check data outflow through a modem, and the only method for preventing data outflow through a modem is to remove modems from personal computers.
VI. Data outflow through web hard
VII. Data outflow through network file system
Besides the above-mentioned communication protocols, there exist other protocols available through Internet, which increases the possibility of internal data outflow. The above-mentioned methods are most common and suffer a variety of drawbacks, and such conventional methods can be summarized to a sentence “The best approach of preventing internal data outflow through network is to make the network itself unavailable”. However, this sentence is meaningless since modern society cannot go even a day without using Internet and computer communications.