• International Journal of Computer Science & Network Security
• /
• v.21 no.4
• /
• pp.199-208
• /
• 2021

This is an era of technology and with the rapid growth of the Internet, networks are continuously growing. Companies are shifting from simple to more complex networks. Since networks are responsible to transmit huge data which is often sensitive and a point of concern for hackers. Despite the sizes of the networks, all networks are subject to several threats. Companies deploy several security measures to protect their networks from unauthorized access. These security measures are implemented from the device level to the network level. Every security layer adds more to the security of the company's network. Firewalls are the piece of software that provides internal and external security of the network. Firewalls aim to enhance the device level as well as network-level security. This paper aims to investigate the different types of firewalls, their architecture, and vulnerabilities of the firewall. This paper improves the understanding of firewall and its various types of architecture.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.137-142
• /
• 2009

By known attacks against cryptographic technology and decline of security, internal and external major institutions have defined their recommendations in kinds, expiration, safe parameters of cryptographic technology and so on. Internal financial fields will change some cryptographic technology to follow these recommendations. To keep strong security of financial systems against sudden security changes of cryptographic technology, this article finds pre-steps : status of applied cryptographic technology, selection of vulnerable cryptographic technology. And plans for management of cryptographic technology in financial fields will be proposed.

• International Journal of Computer Science & Network Security
• /
• v.21 no.1
• /
• pp.184-191
• /
• 2021

The amount of information and data in the digital era is increasing tremendously. Continuous online connectivity is generating a massive amount of data that needs to store in computers and be made available as and when required. Cloud computing technology plays a pivotal role in this league. Cloud computing is a term that refers to computer systems, resources and online services that aim to protect and manage data in an effective, more efficient and easy way. Cloud computing is an important standard for maintaining the integrity and security of sensitive data and information for organizations and individuals. Cloud security is one of the most important challenges that the security of the entire cloud system depends on. Thus, the present study reviews the security challenges that exist in cloud computing, including attacks that negatively affect cloud resources. The study also addresses the most serious threats that affect cloud security. We also reviewed several studies, specifically those from 2017-20, that cited effective mechanisms to protect authentication, availability and connection security in the cloud. The present analysis aims to provide solutions to the problems and causes of cloud computing security system violations, which can be used now and developed in the future.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.1047-1050
• /
• 2002

컴퓨터 네트워크 기술의 급속한 발전은 네트워크를 이용한 전자상거래와 전자금융 같은 서비스를 다양하게 발전시켰고, 이로 인하여 발생되는 데이터의 양은 기하급수적으로 증가하고 있다. 이에 따라 폭발적으로 증가하는 데이터를 효율적으로 저장하고 관리할 수 있는 저장장치시스템의 중요성이 극대화되고 있으며, 다양한 취약성을 극복할 수 있는 보다 안전한 저장장치시스템이 요구되고 있다. 따라서 본 논문에서는 데이터가 오용, 남용, 변형, 유출, 그리고 손상될 수 있는 저장장치시스템의 다양한 취약성에 대하여 분석하고, 발생 가능한 취약성들을 해결할 수 있는 침입감내 및 복구 시스템에 대하여 연구한다.

• Journal of Korea Multimedia Society
• /
• v.18 no.2
• /
• pp.218-232
• /
• 2015

According to the development of information processing technology and mobile communication technology, the utilization of mobile banking systems is drastically increasing in banking system. In the foreseeable future, it is expected to increase rapidly the demands of mobile banking in bank systems with the prevalence of smart devices and technologies. However, the keeping 'security' is very important in banking systems that handles personal information and financial assets. But it is very difficult to improve the security of banking systems only with the vulnerabilities and faults analysis methods of information security. Hence, in this paper, we accomplish the analysis of security risk factor and security vulnerability that occur in mobile banking system. With analyzed results, we propose the information security control and management processes for assessing and improving security based on the mechanisms which composes mobile banking system.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.1154-1157
• /
• 2007

최근 몇 년 동안 피싱, 파밍, 크라임웨어에 의한 피해 사례 발생이 증가되고 있다. 현재까지의 피싱 관련 솔루션이 대부분 블랙리스트 방식이고 아직까지 피싱 사이트 판단 기준이 없으며 사람들이 이에 대한 인식의 부족으로 인해 이러한 위협을 대처하는데 많은 한계를 가지고 있다. 이에 본 연구에서는 화이트 리스트 기반 웹사이트 보안수준 확인 시스템을 설계하고 이의 파일럿 시스템을 개발하였다. 각 사이트에 대해 피싱 관련 보안수준을 확인하여 신뢰할 수 있는 사이트들을 선별하고 보안수준 정보를 제공함으로써 안전한 인터넷 이용 기반을 제공할 수 있는 방안이 마련될 것으로 기대한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.5B
• /
• pp.486-493
• /
• 2006

As information threats to information systems diffuse, the information security becomes a major concern. Information security manpower who produce and implement information security products, and who are in charge of information security in organizations, has been important. Korean government has implemented various policies to promote the information security manpower. Those policies have been successful to supply enough number of information security manpower, but not successful to supply information security manpower to meet the various requirements of the manpower demand. In this study we adopt analytic hierarchy process(AHP) to analyze the priorities of information security technology categories to meet the demand. Results of the study suggest that the government should concentrate on promotion of manpower for the field of the 'System and Network Security Technology'.

• The Journal of Information Systems
• /
• v.21 no.4
• /
• pp.1-29
• /
• 2012

The purpose of this study was to find about personal information security of internet and social networks by focusing on end users. User competence and subjective criterion, which are the antecedents, are affecting security behaviors For these security behaviors, the study examined the relationship between security behavior intention on internet use and security behavior intention about social network that is actively achieved in many fields. Behaviors of internet and social network were classified into an action of executing security and an action of using a security technology. In addition, this study investigated a theory about motivational factors of personal intention on a certain behavior based on theory of reasoned action in order to achieve the purpose of this study. A survey was conducted on 224 general individual users through online and offline, and the collected data was analyzed with SPSS 12.0 and SmartPLS 2.0 to verify demographic characteristics of respondents, exploratory factor analysis, and suitability of a study model. Interesting results were shown that security behavior intention of social network is not significant in all security behavior execution, which is security performance behavior, and security technology use. Internet security behavior is significant to security technology use but it does not have an effect on behavior execution.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1994.11a
• /
• pp.99-107
• /
• 1994

For the secure control of the communication satellite, security mechanisms should be employed on the ground station as well as on the spacecraft. In this paper, we present a security architecture fur the spacecraft command security of the communication satellite. An authentication mechanism is also proposed using message authentication code (MAC) based on the Data Encryption Standard (DES) cryptosystem.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.9 no.1 s.24
• /
• pp.80-88
• /
• 2006

The purpose of this thesis is to research and propose a practical Information Security Technical Architecture on Primary Defense Information Infrastructure with regard to requirement of information security. The scope of this research is limited to national defense information master plan & security rule, and U.S. DoD's IATF is used to plan a detailed structure. The result of this research can be used as a guide book for providing security for Army IT infrastructure now and in the future as well as to devise a plan for research and development in information protection technology.