• The Journal of the Korea Contents Association
• /
• v.6 no.12
• /
• pp.29-39
• /
• 2006

With the increasing popularity of the wireless network, the vulnerability issue on IEEE 802.1x Wireless Local Area Network (WLAN) are more serious than we expected. Security issues range from mis-configured wireless Access Point(AP) such as session hijacking to Denial of Service(DoS) attack. We propose a new system based on intrusion detection or prevention mechanism to protect the wireless network against these attacks. The proposed system has a security solution on AP that includes an intrusion detection and protection system(IDS/IPS) as an embedded module. In this paper, we suggest integrated wireless IDS/IPS module on AP with wireless traffic monitoring, analysis and packet filtering module against malicious wireless attacks. We also present that the system provides both enhanced security and performance such as on the university wireless campus network.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.24 no.2
• /
• pp.1-6
• /
• 2024

In this paper, we designed and implemented the security network NVR system that can flexibly use the internal network and VPN network. In general, the NVR systems that only use internal networks cannot be access from the outside, which has the disadvantage of unnecessary inspections and inability to access from the outside. External access has made possible using the VPN security network, and a NVR system software was designed and implemented so that the existing internal network could be used. We compared with the NVR system usage environment in the internal network through the client and the NVR system. It also has implemented usage environment with the VPN network through the mobile APP, and confirmed that the same NVR was operating normally with the same functions. We also studied on IP based NVR for flexible access with closed loop network based on VPN system.

• Proceedings of the IEEK Conference
• /
• 2000.11a
• /
• pp.291-294
• /
• 2000

This paper describes on the threats in the MPLS Network. Also we discuss on attack scenario that are Unauthenticated Access, Data disclosure and Data modification. Finally we discuss and suggest the best various Security of solutions in MPLS network

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.464-466
• /
• 2021

Currently, most companies have security solutions such as firewalls or WAF (Web Application Firewall) for web services, cloud systems, and data centers. Recently, as the need for remote access increases, the task of overcoming the security vulnerabilities of remote access control is becoming more important. In this paper, the concept of the network security model from the perspective of zero trust and the strategy and security system using it will be reviewed.

• Proceedings of the KAIS Fall Conference
• /
• 2003.11a
• /
• pp.211-215
• /
• 2003

Network security should be first considered in a distributed computing environment with frequent information interchange through internet. Clear classification is needed for information users should protect and for information open outside. Basically proper encrypted database system should be constructed for information security, and security policy should be planned for each site. This paper describes access control, user authentication, and User Security and Encryption technology for the construction of database security system from network users. We propose model of network encrypted database security system for combining these elements through the analysis of operational and technological elements. Systematic combination of operational and technological elements with proposed model can construct encrypted database security system secured from unauthorized users in distributed computing environment.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.8
• /
• pp.55-61
• /
• 2017

Cloud computing is cost-effective in terms of system configuration and maintenance and does not require special IT skills for management. Also, cloud computing provides an access control setting where SSO is adopted to secure user convenience and availability. As the SSO user authentication structure of cloud computing is exposed to quite a few external security threats in wire/wireless network integrated service environment, researchers explore technologies drawing on distributed SSO agents. Yet, although the cloud computing access control using the distributed SSO agents enhances security, it impacts on the availability of services. That is, if any single agent responsible for providing the authentication information fails to offer normal services, the cloud computing services become unavailable. To rectify the environment compromising the availability of cloud computing services, and to protect resources, the current paper proposes a security policy that controls the authority to access the resources for cloud computing services by applying the authentication policy of user authentication agents. The proposed system with its policy of the authority to access the resources ensures seamless and secure cloud computing services for users.

• Convergence Security Journal
• /
• v.21 no.2
• /
• pp.3-10
• /
• 2021

Nowadays, data-based scientific research is a trend, and the transmission of large amounts of data has a great influence on research productivity. To solve this problem, a separate network structure for transmitting large-scale scientific big data is required. ScienceDMZ is a network structure designed to transmit such scientific big data. In such a network configuration, it is essential to establish an access control list(ACL) for users and resources. In this paper, we describe the R&E Together project and the network structure implemented in the actual ScienceDMZ network structure, and define users and services to which access control policies are applied for safe data transmission and service provision. In addition, it presents a method for the network administrator to apply the access control policy to all network resources and users collectively, and through this, it was possible to achieve automation of the application of the access control policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.1
• /
• pp.57-70
• /
• 1999

Since a hybrid firewall filters packets at a network layer along with providing gateway functionalities at an application layer, it has a better performance than an If filtering firewall. In addition, it provides both the various kinds of access control mechanisms and transparent services to users. However, the security policies of a network layer are different from those of an application layer. Thus, the user interfaces for managing a hybrid firewalls in a consistent manner are needed. In this paper, we implement a graphical user interface to provide access control mechanisms and management facilities for a hybrid firewall such as log analysis, a real-time monitor for network traffics, and the statisics on traffics. And we also propose a new rule script language for specifying access control rules. By using the script language, users can generate the various forma of access control rules which are adapted by the existing firewalls.

• Journal of Korea Multimedia Society
• /
• v.4 no.6
• /
• pp.562-569
• /
• 2001

IMT-2000 mobile system will provide many application services such as mobile internet, wireless electronics commerce applications using air interface with high data rate. These applications require high data integrity, data confidentiality, user authentication, user identity confidentiality and non-repudiation. In this study, we analyze air interface performance for network access security services in IMT-2000 mobile systems. Signal traffic for network access security services requires 0.2kbps ∼ 4.5kbps with the conditions of 246∼768bits/message, 0.2 ∼ 1.0 basic service/sec and the security services of the rate of 0.2∼ 1.0 times compared with basic services.

• 제어로봇시스템학회:학술대회논문집
• /
• 2001.10a
• /
• pp.59.1-59
• /
• 2001

The attackers on Internet-connected systems we are seeing today are more serious and more technically complex than those in the past. Computer security incidents are different from many other types of crimes because detection is unusually difficult. So, network security managers need a IDS and Firewall. IDS (Intrusion Detection System) monitors system activities to identify unauthorized use, misuse or abuse of computer and network system. It accomplishes these by collecting information from a variety of systems and network resources and then analyzing the information for symptoms of security problems. A Firewall is a way to restrict access between the Internet and internal network. Usually, the input ...