• The KIPS Transactions:PartD
• /
• v.9D no.6
• /
• pp.1063-1070
• /
• 2002

With a remarkable growth and expansion of Internet, the security issues emerged from intrusions and attacks such as computer viruses, denial of services and hackings to destroy information have been considered as serious threats for Internet and the private networks. To protect networks from intrusions and attacks, many vendors have developed various security systems such as firewalls and intrusion detection systems. However, managing these systems individually demands too much work and high cost. Thus, integrated and autonomous security management for various security products has become more important. In this paper, we present the architecture of the WISMSF (Web-based Integrated Security Management System for Firewalls) and the merits of centralized approach for managing heterogeneous firewalls and implement the prototype of the central policy database that is a component of the WISMSF engine. The WISMSF engine supports an integrated view for policies, the integrity of polities and the easy recovery and addition of policies. And also, we define the policy conflicts of WISMSF and present the policy recovery process to support to the policies consistence.

• Convergence Security Journal
• /
• v.3 no.3
• /
• pp.25-33
• /
• 2003

With the radical improvement of wire and wireless communication technologies, home network which interconnects various home appliances is approaching ripening stage. Digitalization of the home environment will break down the boundaries of information, communications and broadcasting, and enable us to realize many breakthroughs on the home front and connect to our home. In order to enable users to access securely to their home network, we first construct secure home network model which can authorize users using their permission policy. In this paper, we examine various security technique used in home network and propose home network security scheme which can service constantly.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.4
• /
• pp.824-831
• /
• 2005

Past corporaion's network security system is single security solution, or mixed several ways, but there was inefficient system because doing not get into organic link But, constructed more strong security system by ESM enterance on. ESM uses way to integrate of each agent to manage easily various kinds security solution. That is, it is system that connect system of existent VPN, FireWall, IDS and so on configurationally depending on security policy and manage. ESM is security system that is developed more than existent security system. But, practical use of network and the development speed of technology being increasing with the mon faster speed, is heightening the level more as well as dysfunction of information crime and so on. Many improvements are required at ESM system, this research wished to make up for the weak-point in the ESM system about interior security. Studied on structure of security solution that is basis of security policy. VPN, Firewall, IDS's link that is main composition of existing security system analysis, reconstructed. And supplemented security of ESM system itself. Establish imaginary intrusion and comparative analysis access data that apply each Telnet Log analysys IDS existent ESM system and proposed ESM system comparative analysis. Confirm the importance of interior security and inspected security of proposed system.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.12 no.5
• /
• pp.737-746
• /
• 2017

In 2017, amid changes in the security market such as integrated security (IS) and convergence security (CS), a variety of security paradigms in terms of operation and management have been suggested. Rather than changing existing network infrastructure and bringing about fluid, multi-dimensional changes, these solutions and technologies focus entire security capacity on a primary protection, leading to network infrastructure suffering from unexpected inherent violations and problems in a continued manner. Therefore, it is time to propose and develop a flexible network section that can protect from attacks of similar pattern and concentrated traffic attacks by applying a new concept of WB (Water-Bubble) to network infrastructure and analyzing on the basis of experiment and installation. Methodology of the WB-based highly secure flexible network section proposed in this study is expected to provide materials for studies on how to achieve network section security taking into account three major limitations and security standards: fluidity, unpredictability, and non-area scalability by contact point ratio, by changing a network area predicted to be the final target of attack into resonant network section (area) with flexible area changes.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10a
• /
• pp.652-654
• /
• 2001

본 논문에서는 네트워크 기반의 침입 탐지 및 대응을 위한 정책 기반 망 관리 (NS-PBNM : Network Security Policy Based Network Management)에 핵심 정책 정보 모델 (PCIM :Policy Core Information Model) 을 적용하는 시스템 구현 방안을 제시한다. 이 시스템은 여러 장치를 유연성 있게 통합적으로 관리판다는 정책 기반 망 관리의 목적뿐만 아니라, 정책을 표현, 관리, 공유 및 재사용 하는데 있어 호환성 및 확장성을 확보한다는 PCIM의 목적을 동시에 달성한다. 먼저 NS-PBNM의 구조를 제시하고 이 구조를 기반으로 PCIM을 적용하는 방안을 제시한다. PCIM은 네트워크 침입 탐지 및 대응이라는 기능을 수행하는데 있어 네트워크 보안 정책 정보 모델로 확장된 후, 정책 서버의 정책 관리 도구와 정책 저장소의 구조를 결정한다.

• Convergence Security Journal
• /
• v.16 no.2
• /
• pp.19-23
• /
• 2016

The design, management, and operation of network infrastructure have evolved during the last few years, leveraging on innovative technologies and architectures. With such a huge trend, due to the flexibility and significant economic potential of these technologies, software defined networking (SDN) and network functions virtualization (NFV) are emerging as the most critical key enablers. SDN/NFV enhancing the infrastructure agility, thus network operators and service providers are able to program their own network functions (e.g., gateways, routers, load balancers) on vendor independent hardware substrate. They facilitating the design, delivery and operation of network services in a dynamic and scalable manner. In NFV, the management and orchestration (MANO) orchestrates other specific managers such as the virtual infrastructure manager (VIM) and the VNF Manager (VNFM). In this paper, we examine the contents of these NFV MANO systematically and proposes a security system in a virtualized environment.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10a
• /
• pp.787-789
• /
• 2001

본 논문은 기존의 수동적인 네트워크 보안에서 벗어나 보안 위협에 대해서 능동적으로 대처하고 침입자를 말단에서 블록킹하는 능동 보안 관리 기술에서 센서를 관리하는 기술에 대한 것이다. 여기서 이동 에이전트의 특성인 이동성을 지니고 커널 뿐만 아니라 상위 어플리케이션으로 작동하는 센서를 효율적으로 생성, 이동, 위치 관리 및 소멸하는 방식에 대한 요구사항을 제시한다.

• The KIPS Transactions:PartC
• /
• v.11C no.4
• /
• pp.485-496
• /
• 2004

The wide spread of Internet makes susceptible to the attacks via communication Web from hackers using the vulnerability of both computer and network systems. In this paper, we design and implement an integrated security system, named as LISS(Linux-based Integrated Security System) in which an integrated security management is possible. This system is based on the open operating system, Linux and consists of open security tools, which is effective in security management of Linux based-servers. We also construct a test-bed in order to testify the performance of the LISS. It is revealed that the implemented system captures all the attack Patterns generated from Network Mapper.

• Journal of Internet Computing and Services
• /
• v.12 no.2
• /
• pp.123-133
• /
• 2011

This paper introduces security problems on the video surveillance systems where the network cameras are equipped at remote places and isolated from the updated and secure environment and proposes a framework for a proxy server that is delegated to connect to network cameras by providing a secure connections from the clients. The server in the framework is deployed within a secure network, secretes the information for connection to cameras and authenticates the clients. Additionally, it provides a secure video service incorporating multi-level privileges for both images and clients through a encryption key distribution and management facility. Through an implementation of the server and a its deployment, it was proved that In this server implement to multi network camera and we confirm compare direct access to network camera equal video quality of service and it can be protection network camera. We expect that can be secure and integral management about traditional network camera through experimental result.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.241-250
• /
• 2017

Contrary to past critical infrastructure network, current critical infrastructure network is adopting IoT devices and efficient management system using the external networks. Using this system, productivity and management efficiency could be enhanced compared to past critical infrastructure network. But cybersecurity issue could be occurred at external network connection, so cybersecurity guideline is necessary. However, critical infrastructure organizations tend to use the cybersecurity guideline issued by government because it is hard to develop cybersecurity guideline on their own. But the government's cybersecurity guideline isn't suitable for the critical infrastructure network because it doesn't include critical infrastructure's specific characteristics. Therefor, we suggested the development method of cybersecurity guideline for the critical infrastructure network based on analysing cybersecurity guideline standards and critical infrastructure networks.