• Journal of the Korea Society of Computer and Information
• /
• v.24 no.8
• /
• pp.77-85
• /
• 2019

In this paper, we propose a "Safe Web Using Scrapable Headless Browse" Because in a network separation environment for security, It does not allow the Internet. The reason is to physically block malicious code. Many accidents occurred, including the 3.20 hacking incident, personal information leakage at credit card companies, and the leakage of personal information at "Interpark"(Internet shopping mall). As a result, the separation of the network separate the Internet network from the internal network, that was made mandatory for public institutions, and the policy-introduction institution for network separation was expanded to the government, local governments and the financial sector. In terms of information security, network separation is an effective defense system. Because building a network that is not attacked from the outside, internal information can be kept safe. therefore, "the separation of the network" is inefficient. because it is important to use the Internet's information to search for it and to use it as data directly inside. Using a capture method using a Headless Web browser can solve these conflicting problems. We would like to suggest a way to protect both safety and efficiency.

• Convergence Security Journal
• /
• v.24 no.1
• /
• pp.27-34
• /
• 2024

Network separation is an important policy that Cyber Incident prevent cyber and protect data. Recently, the IT environment is changing in software development, such as remote work, using the cloud, and using open sources. Due to these changes, fintech companies' development productivity and efficiency are lowering due to network separation regulations, and the demand for easing network separation continued. The government revised the regulations electronic financial supervision(hereafter EFS) in response to needs for mitigation of network separation in the IT environment and fintech companies. Some amendments to the EFS, which took effect on 01/01/2023, mitigate network separation only for research and development purposes in cloud environments. If software developed in a cloud development environment is applied to an operating system through a distribution system the existing perimeter-based security model will not satisfaction the network separation conditions. In this Study, we would like to propose a way to maintain the DevOps system in a network separation environment by Using the zero trust security system.

• Convergence Security Journal
• /
• v.13 no.3
• /
• pp.85-90
• /
• 2013

To provide high-quality services, national public institutions and companies have provided information and materials over the internet network. However, a risk of malware infection between transmission and reception of data leads to exposure to various security threats. For this reason, national institutions have proceeded with projects for network separation since 2008, and data linkage has been made using network connection storage through network separation technologies, along with physical network separation. However, the network connection storage has caused waste of resources and problems with data management due to the presence of the same data in internal network storage and external network storage. In this regard, this study proposes a method to connect internal and external network data using NAS storage as a way to overcome the limitations of physical network separation, and attempts to verify the priority of items for the optimization of network separation by means of AHP techniques.

• Convergence Security Journal
• /
• v.14 no.2
• /
• pp.25-33
• /
• 2014

With the development of information and communication, public institutions and enterprises utilize the business continuity using the Internet and Intranet. In this environment, public institutions and enterprises is to be introduced the number of solutions and appliances equipment to protect the risk of leakage of inside information. However, this is also the perfect external network connection is not enough to prevent leakage of information. To overcome these separate internal and external networks are needed. In this paper, we constructed the physical and logical network separation is applied to the network using the virtualization and thus the network configuration and network technical review of the various schemes were proposed for the separation.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.8
• /
• pp.1071-1076
• /
• 2020

The importance of network separation is due to the use of the Internet with existing business PCs, resulting in an internal information leakage event, and an environment configured to allow servers to access the Internet, which causes service failures with malicious code. In order to overcome this problem, it is necessary to use network virtualization to separate networks and network interconnection systems. Therefore, in this study, the construction area was constructed into the network area for the Internet and the server farm area for the virtualization system, and then classified and constructed into the security system area and the data link system area between networks. In order to prove the excellence of the proposed method, a network separation construction study using network virtualization was conducted based on the basis of VM Density's conservative estimates of program loads and LOBs.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.45-53
• /
• 2021

When the security monitoring system is performed in a separation network, there is little normal anomaly detection in internal networks or high-risk sections. Therefore, after the establishment of the security network, a model is needed to evaluate state-of-the-art cyber threat anomalies for internal network in separation network to complete the optimized security structure. In this study, We evaluate it by generating datasets of cyber vulnerabilities and malicious code arising from general and separation networks, It prepare for the latest cyber vulnerabilities in internal network cyber attacks to analyze threats, and established a cyber security test evaluation system that fits the characteristics. The study designed an evaluation model that can be applied to actual separation network institutions, and constructed a test data set for each situation and applied a real-time security assessment model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.181-195
• /
• 2015

Financial industries have operated internal and external network with an unified system for continual business process of customers and other organizations in the past. The financial supervising authority requires more technical and managerial protecting policy to financial industries related to the exposure as danger of external attacks or information leakage. Financial industries performed network separation into internal business and external internet networks for protecting IT assets from malware infection accessing internet or hacking attacks and prohibiting leakage of customers' personal and financial information following financial supervising authority and redefine security policy to fit on network separated-condition. In this study, effectiveness for network separation policy was examined on malware inflow and verified that malware inflow in all routes can be blocked by the policy with analyzing operration data of a financial company, estimating network separation. Result of this study proves that malware infection route by portable storages was not completely blocked even on adapting network-separated condition. As a solution for this, efficient security policy would be suggested in this paper as controlling portable storages for maximizing effectiveness of network separation.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.1
• /
• pp.78-88
• /
• 2013

In Korea, no institutional tool or regulation exists by which a retail business in charge of gathering and maintaining subscribers can be guaranteed independence from the wholesale business division of a fixed incumbent provider of essential facilities such as ducts, poles and copper or fiber cables, which may also be offering the same products to its rivals. For that reason, a wholesale division may have an incentive to intentionally disrupt the sharing of facilities requested by competitive operators in cooperation with the retail division. Ultimately, the facility sharing process will remain inactive when there is a lack of equivalent access to the fixed access network. Therefore, this paper analyzes recent cases of access network separation and suggests long-term measures for the successful implementation of the sharing of facilities.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.471-474
• /
• 2012

The administration of government agencies and Law enforcement agencies is utilize. that network separation and Establish CERT for network security. However, the legislature has a basic security system. so a lot of relative vulnerability. In this paper, study for security National Assembly and the National Assembly Secretariat, at Library of National Assembly on legislative National Assembly for information security and network configuration, network and external Internet networks is to divide the internal affairs. Network separation in accordance with the movement of materials to use secure USB memory, the user has the uncomfortable issues. Problem analysis and security vulnerabilities on the use of USB memory is study the problem. User efficiency and enhance security.

• Journal of Institute of Control, Robotics and Systems
• /
• v.1 no.2
• /
• pp.119-126
• /
• 1995

The purpose of this study is to develop the technique of energy recovery and energy saving by using the optimization of heat exchanger network synthesis. This article proposes a new method of determining the optimal target of a heat exchanger network synthesis problem of which data feature multiple pinch points. The system separation method we suggest here is to subdivide the original system into independent subsystems with one pinch point. The optimal cost target was evaluated and the original pinch rules at each subsystem were employed. The software developed in this study was applied to the Alko prosess, which is an alcohol production process, for the synthesis of heat exchanger network. It was possible to save about 15% of the total annual cost.