• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.1
• /
• pp.57-70
• /
• 1999

Since a hybrid firewall filters packets at a network layer along with providing gateway functionalities at an application layer, it has a better performance than an If filtering firewall. In addition, it provides both the various kinds of access control mechanisms and transparent services to users. However, the security policies of a network layer are different from those of an application layer. Thus, the user interfaces for managing a hybrid firewalls in a consistent manner are needed. In this paper, we implement a graphical user interface to provide access control mechanisms and management facilities for a hybrid firewall such as log analysis, a real-time monitor for network traffics, and the statisics on traffics. And we also propose a new rule script language for specifying access control rules. By using the script language, users can generate the various forma of access control rules which are adapted by the existing firewalls.

• The Journal of Korean Association of Computer Education
• /
• v.3 no.2
• /
• pp.67-75
• /
• 2000

Due to the advantages of Internet, many teachers use Internet as an educational tool and due to the computerized works in schools, the usages of the Internet increase. However, because of the openness of the Internet, the sensitive data of an organization are exposed to outsiders and the Internet-based working has some problems such as the corruptions of instructional data or on-line assessment results. The need for protecting a school network from outsiders increases but the school networks with firewalls rarely exist. In this paper, in order to solve the security problem of a school network, we construct a hybrid firewall for school networks. In addition, we implement a graphical user interface for teachers to set up the access control rules of a hybrid firewall easily. The interface also provides the facilities such as log analysis, a real-time monitor for network traffics, and the statistic on traffics.

• Proceedings of the Korean Information Science Society Conference
• /
• 1998.10a
• /
• pp.536-538
• /
• 1998

터미널 호스트(Terminal Host)란 사용자가 네트워크를 통하지 않고 직접 사용하고 있는 호스트를 말한다. 사용자가 네트워크를 통해 특정 호스트에 로그인할 경우, 특정 호스트를 지키던 방화벽을 해당 사용자의 터미널 호스트를 인증하는 것이 아니라 해당 사용자가 네트워크을 통해 직접 특정 호스트에 연결시킨 호스트만을 인증하게 된다. 만약 사용자의 터미널 호스트가 보안상 위험에 노출되어 있다면 특정 호스트는 방화벽으로 보호를 하고 있음에도 불구하고 역시 똑같은 위험에 노출되게 되어 보안상의 커다란 위험이 된다. 본 논문에서는 이러한 위협을 없애기 위해 통합 방화벽에 적용가능한 효율적인 터미널 호스트 추적 기능을 제안하고, 터미널 호스트 추적 기능을 갖춘 FreeBSD기반의 통합 방화벽의 설계 및 구현 내용을 기술한다.

• Proceedings of the Korea Database Society Conference
• /
• 2000.11a
• /
• pp.364-367
• /
• 2000

본 논문은 스크리닝 라우터에서 패킷 필터 규칙을 통과한 모든 트래픽이 베스쳔 호스트로 전달되도록 스크린드 호스트 게이트웨이를 사용하였으며, 스크린드 호스트 게이트웨이의 단점인 스크리닝 라우터의 경로정보가 내부 네트워크로 직접 전달되지 않도록 듀얼-홈드 게이트웨이를 사용하였다. 듀얼-홈드 게이트웨이에서는 두 개의 네트워크 인터페이스간에 트래픽이 직접 전달되지 않기 때문에 응용 게이트 웨이 서버를 통해서 트래픽이 전달되고 모든 접속기록이 베스쳔 호스트에 기록되도록 하였다. 또한 외부 네트워크와 내부 네트워크 사이에 완충지역인 DMZ를 두어 공개 서버를 사용하기 쉽게 구현하여, 스크리닝 라우터와 스크린드 호스트 게이트웨이의 문제점을 해결하는 효과적인 혼합형 방화벽 모델을 제안하고자 한다.

• The Transactions of the Korea Information Processing Society
• /
• v.5 no.6
• /
• pp.1593-1602
• /
• 1998

In this paper, a hybrid firewall system using the screening router, dual-homed gateway, screened host galeway and the application level gateway is proposed, The screened host gateway is comjXlsed of screening router, DMZ and bastion host. All external input traffics are filtered by screening router with network protrcol filtering, and transmitted to the bastion host performing application level filtering, The dual homed gateway is an internlediate equipment prohibiting direct access from external users, The application level gateway is an equipment enabling transmission using only the proxy server. External users can access only through the public servers in the DMZ, but internal users can aeee through any servers, The rule base which allows Telnet only lo the adrnilllslratol is applied to manage hosts in the DMZ According to the equipmental results, denial of access was in orderof Web. Mail FTP, and Telnet. Access to another servers except for server in DMZ were denied, Prolocol c1mials of UDP was more than that of TCP, because the many hosts broadcasted to networds using BOOTP and NETBIOS, Also, the illegal Telnet and FTP that transfer to inside network were very few.

• Journal of the Korean Institute of Gas
• /
• v.7 no.4 s.21
• /
• pp.44-52
• /
• 2003

In this work dynamic heat transfer in a CPFS (cable penetration fire stop) system built in the firewall of nuclear power plants is three-dimensionally investigated to develop a test-simulator that can be used to verify effectiveness of the sealant. Dynamic heat transfer in the fire stop system is formulated in a parabolic PDE (partial differential equation) subjected to a set of initial and boundary conditions. First, the PDE model is divided into two parts; one corresponding to heat transfer in the axial direction and the other corresponding to heat transfer on the vertical planes. The first PDE is converted to a series of ODEs (ordinary differential equations) at finite discrete axial points for applying the numerical method of SOR (successive over-relaxation) to the problem. The ODEs are solved by using an ODE solver In such manner, the axial heat flux can be calculated at least at the finite discrete points. After that, all the planes are separated into finite elements, where the time and spatial functions are assumed to be of orthogonal collocation state at each element. The initial condition of each finite element can be obtained from the above solution. The heat fluxes on the vertical planes are calculated by the Galerkin FEM (finite element method). The CPFS system was modeled, simulated, and analyzed here. The simulation results were illustrated in three-dimensional graphics. Through simulation, it was shown clearly that the temperature distribution was influenced very much by the number, position, and temperature of the cable stream, and that dynamic heat transfer through the cable stream was one of the most dominant factors, and that the feature of heat conduction could be understood as an unsteady-state process.