Browse > Article

Design of the Security Evaluation System for Decision Support in the Enterprise Network Security Management  

이재승 (한국전자통신연구원 정보보호연구본부)
김상춘 (삼척대학교 정보통신공학과)
Publication Information
Journal of KIISE:Information Networking / v.30, no.6, 2003 , pp. 776-786 More about this Journal
Abstract
Security Evaluation System is a system that evaluates the security of the entire enterprise network domain which consists of various components and that supports a security manager or a Security Management System in making decisions about security management of the enterprise network based on the evaluation. It helps the security manager or the security management system to make a decision about how to change the configuration of the network to prevent the attack due to the security vulnerabilities of the network. Security Evaluation System checks the “current status” of the network, predicts the possible intrusion and supports decision-making about security management to prevent the intrusion in advance. In this paper we analyze the requirements of the Security Evaluation System that automates the security evaluation of the enterprise network which consists of various components and that supports decision-making about security management to prevent the intrusion, and we propose a design for it which satisfies the requirements.
Keywords
Security Evaluation System; Network Security Management;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Farmer, D. and W. Venema, 'Security Administrator Tool for Analyzing Networks,' http://www.fish.com/satan
2 Baldwin, R. W., 'Rule-Based Analysis of Computer Security,' Massachusetts Institute of Technology, Cambridge, MA, june 1987
3 이재승, 김상춘, 이종태, 김경범, 손승원, '대규모 네트워크 환경하에서의 침해사고 예방을 위한 보안평가 시스템 설계,' 제12회 정보보호와 암호에 관한 학술대회(WISC2000), 160-176, 2000. 9
4 한국전산원, 정보시스템 보안을 위한 위험분석 소프트웨어 개발 보고서, 1997
5 S. W. Kim, H. J. Jang and B. Park, 'Dynamic Monitoring based on Security Agent,' Proceedings of the 10th Workshop on Information Security and Cryptography, pp.518-530, 1998
6 Larry J. Hughes, Jr., Actually Useful Internet Security Techniques, New Riders Publishing, 1995
7 Simson Garfinkel & Gene Spafford, Practical UNIX & Internet Security, O'REILLY, Second Edition
8 Sundaram Aurobindo, 'An Introduction to Intrusion Detection,' ACM CROSSROADS Issue2.4, 1996.4
9 Daniel Farmer, Eugene H. Spafford, 'The COPS Security Checker System,' Purdue University Technical Report CSD-TR-993, Jan 1994
10 Symantec Enterprise Solutions Home Page, http://enterprisesecurity.symantec.com
11 Nessus Project Home Page, http://www.nessus.org/
12 ISS, 'Securing Operating Platforms: A Solution for tightening system security,' January 1997
13 ISS Vulnerability Assessment Products Home Page, http://www.iss.net/products_services/enterprise_protection/vulnerability_assessment/index.php
14 Shostack, A., S. Blake., 'Toward a Taxonomy of Network Security Assessment Techniques,' Proceedings of the 1999 Black Hat Briefings, July 1999
15 S. J. Shin, J. W. Yoo and B. M. Lee, 'A Prototype Design of Expert System for Automated Risk Analysis tool,' Proceedings of the 10th Workshop on Information Security and Cryptography, pp. 383-395, 1998
16 ISS, 'Network and Host-based Vulnerability Assessment,' http://documents.iss.net/whitepapers/nva.pdf