Journal of KIISE:Information Networking (한국정보과학회논문지:정보통신)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

Security Management by Zone Combination in Active Networks

액티브 네트워크에서의 연합을 통한 보안 관리

  • 장범환 (성균관대학교 전기전자컴퓨터공학과) ;
  • 김동수 (성균관대학교 전기전자컴퓨터공학과) ;
  • 권윤주 (한국과학기술정보연구원 슈퍼컴퓨팅센터) ;
  • 남택용 (한국전자통신연구원 정보보호연구본부) ;
  • 정태명 (성균관대학교 정보통신공학부)
  • Published : 2003.02.01
Download PDF
⟨ Previous Next ⟩

Abstract

The Internet has evolved into the global computer network due to the openness of its protocol, but such evolution brings about new risks and threats. To protect computer networks safely, it is the best way that preventing an attacher from intruding beforehand. However, to provision against all attacks causes the degradation of network performance as well as to prevent unknown attacks is very hard. Secure Combination, the framework which establishes a mutual collaboration and cooperation between the trusted zones, could protect systems from the potential attacks. This frameworks can predict attacks by exchanging security information and cooperating with each zone. It is a dynamic and powerful security architecture that rapidly enables updating security policy and deploying response modules.

인터넷은 개방 프로토콜의 영향으로 빠르게 성장하여 글로벌 네트워크 환경으로 진화하였지만, 많은 위협들로부터 자산을 보호해야하는 문제를 초래하게 되었다. 정보보호에 있어서, 조직 내 전체 보안시스템들을 완전 가동하여 사고 발생 이전에 침입을 차단하는 것은 최선책이지만, 사고 발생 이전 또는 새롭게 개발된 공격들을 차단하기는 대단히 어렵다. 보안연합은 신뢰할 수 있는 보안영역들간의 신속하고 정확한 보안 정보 교환과 긴밀한 강호 협력을 통해 잠재적인 공격들을 사전에 준비하여 대응할 수 있으며 새로운 보호 기능들을 능동적으로 갱신하여 보다 강력한 보안 기능과 신속하게 대응한 수 있는 구조이다.

Keywords

References

  1. C. Kaufman, R. Perlman, and M. Speciner, Network Security: PRIVATE Communication in a PUBLIC World, Prentice Hall PTR, 1995
  2. Open Platform for Security(OPSEC) Technical Note, Check Point Softwate Technology, Inc., 2000. http://cgi.us checkpoint.com/rl/resourcelib.asp?state=1&item=opsectech
  3. J. Zao, L. Sanchez, M. Condell, C. Lynn, M. Fredette, P. Helinek, R. Krishnan, A. Jackson, D. Mankins, M. Shepard, and S. Kent, 'Domain Based Internet Security Policy Management,' Proceedings of DARPA Information Survivability COnference and EXposotion 2000 (DISCEX '00), Jan 25~27, 2000 https://doi.org/10.1109/DISCEX.2000.824955
  4. S. McClure, J. Scambray, and G. Kurtz, Hacking Exposed-Network Security Secrets & Solutions, McGraw Hill Companies, 1999
  5. Check Point OPSEC SDK Version 4.1 Release Notes, Check Point Softwate Technology, Inc., Nov 2, 1999. http://cgi.us.checkpoint.com/rl/resourcelib.asp?state=1&item=opsectech
  6. Secure Virtual Network Architecture: A Customer focused White Paper, Check Point Software Technologies Ltd., Nov. 2000. http://cgi.us.check point.com/rl/resourcelib.asp?state=1&item=SVNWP20
  7. Active Security Getting Started Guide Version 5.0, Network Associates, Inc., 1999
  8. Automating Security Management while Reducing Total Cost of Ownership : Active Security and WMI-White Paper, Network Associates, Inc., 1999
  9. D.Y. Lee, D.S. Kim, K.H. Pang, H.S. Kim, and T.M. Chung, 'A Design of Scalable SNMP Agent for Managing Heterogeneous Security Systems,' NOMS2000, 10 15 April 2000 https://doi.org/10.1109/NOMS.2000.830468
  10. D.S. Alexander, W.A Arbaugh, A.D. Keromytis, and J.M. Smith, 'Safety and Security of Programmable Network Infrastructures,' IEEE Communications Magazine, issue on Programmable Networks, Vol. 36, No. 10, pp. 84-92, Sep. 1998 https://doi.org/10.1109/35.722141
  11. D.L. Tennenhouse and D.J. Wetherall, 'Towards an Active Network Architecture,' Computer Communication Review, Vol. 26, No. 2, April 1996 https://doi.org/10.1145/231699.231701
  12. D. Wetherall, U. Legedza, and J. Guttag, 'Introducing New Internet Services: Why and How,' IEEE Network Magazine, July/August 1998 https://doi.org/10.1109/65.690955
  13. Konstantinos Psounis, 'Active Networks: Applications, Security, Safety, and Architectures,' IEEE Communications Surveys, First Quarter, 1999, http://www.comsoc.org/pubs/surveys
  14. A. Jeffrey and I. Wakeman, 'A Survey of Semantic Techniques for Active Networks,' 1997. http://www.cogs.susx.ac.uk/users/ianw/papers/an-survey.ps.gz
  15. D. Raz and Y. Shavitt, 'Active Networks for Efficient Distributed Network Management,' IEEE Communications Magazine, Vol. 38, No. 3, pp. 138-143, March 2000 https://doi.org/10.1109/35.825651
  16. 이현우, 정현철, 분산 환경에서의 서비스 거부 공격 분석보고서, CERTCC KR, 1999. http://www.certcc.or.kr/paper/tr1999/1999010/tr1999010.html
  17. 전익수, 이완희, Nimda Worm(W32/Nimda worm), CERTCC KR, 2001, http://www.certcc.or.kr/paper/incident.note/2001/in2001_0 15.html
  18. M. Sloman, 'Policy Driven Management For Distributed Systems,' Journal of Network and Systems Management, Vol. 2, No. 4, Plenum Press, pp. 333-360, 1994 https://doi.org/10.1007/BF02283186
  19. A.D. Rubin, D. Geer, and M.J Ranum, Web Security: Sourcebook, John Wiley & Sons, Inc., 1997
  20. V. Ahuja, Network & Internet Security, Academic Press, 1996
  21. H.F. Tipton, and M. Krause, Information Security Management Handbook, 4th ed., CRC Press LLC, 2000