• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.221-235
• /
• 2010

Internet service providers provide various security services, such as firewall, intrusion detection, intrusion prevention, anti-virus, along with their main Internet services. Those security service users have no idea what kind of quality services they are guaranteed. And therefore, Internet users interest in Security Service Level Agreement(SLA) increases as their interest in secure Internet service increases. However, there wasn't any researches in the S-SLA area domestically and there are only limited SLA indexes related to system or service maintenances at the moment. Therefore, this paper analyses security functions in IPS services and categorize them into common and independent security functions. Finally to improve quality of security services, this paper proposes S-SLA indexes depending on the different security levels. This will be subdivide into agreement on security service.

• Convergence Security Journal
• /
• v.20 no.5
• /
• pp.3-10
• /
• 2020

Recently, the Internet and networks are regarded as essential infrastructures that constitute society, and security threats have been constantly increased. However, the network switch that actually transmits packets in the network can cope with security threats only through firewall or network access control based on fixed rules, so the effective defense for the security threats is extremely limited in the network itself and not actively responding as well. In this paper, we propose an in-network security framework using the high-level data plane programming language, P4 (Programming Protocol-independent Packet Processor), to deal with DDoS attacks and IP spoofing attacks at the network level by monitoring all flows in the network in real time and processing specific security attack packets at the P4 switch. In addition, by allowing the P4 switch to apply the network user's or administrator's policy through the SDN (Software-Defined Network) controller, various security requirements in the network application environment can be reflected.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1069-1080
• /
• 2022

Zero trust, which means never trust anything before verifying it, is emerging as a hot issue in security field. After authenticating users, zero trust establishes network boundaries so that only networks in the trusted range can be accessed. This concept is also consistent with the concept of SDP, which performs pre-verification and creates a network boundary with a dynamic firewall so that clients can access only as many as they have permission to connect. Therefore, we recommend the SDP model as an example of how zero trust can be achieved in a zero trust architecture. In this paper, we point out the areas where SDP needs to be modified for zero trust and suggest ways to overcome them. In addition, we propose an onboarding method, which is one of the processes for becoming an SDP entity, and present performance measurement results.

• KNOM Review
• /
• v.22 no.2
• /
• pp.12-21
• /
• 2019

There is a rapid development of experimental equipment and ICT technology in data-intensive scientific areas, thus, big data of more than exabyte size is being generated. However, the big data transmission technology does not satisfy the needs of the application researchers who utilize it. Various high-performance transmission technologies have been developed based on QoS(Quality of Service), but they also require changes in the clean slate method. On the other hand, ScienceDMZ technologies improve the performance of scientific big data transmission by bypassing the firewall that causes a big problem in transmission performance. In addition, it is possible to implement without changing the existing network. In this paper, we built ScienceDMZ in an international long-distance environment based on KREONET(Korea Research Environment Open NETwork), and we verified the performance. We also introduced how GPU platform could be linked in a distributed ScienceDMZ environment.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.7
• /
• pp.105-112
• /
• 2009

Small and medium enterprises have more dependency on their information technology than large enterprises have. but they can't pay much for information technology and information security due to financial restrictions, limited resources, and lack of know-how. So there are many vulnerabilities in small and medium enterprises and these would make many security incidents. Security managers of small and medium enterprises think that information security in their company is simply equivalent to updating the antivirus solutions. managing firewall, and patching systems regularly. However, security policies, prevention of information theft. business continuity, access controls, and many other information security issues should be considered for mitigating security incidents. In this context, we redefined security countermeasures and strategies which are only appropriate to large enterprises. for making them appropriate on a secure operating for information system of small and medium enterprises, and we investigate information security issues in the four views of information system and company, and finally we present information security strategies for each view, in this paper.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.19-27
• /
• 2022

With the innovative development of ICT technology, hacking techniques of hackers are also evolving into sophisticated and intelligent hacking techniques. Threat detection research to counter these cyber threats was mainly conducted in a passive way through hacking damage investigation and analysis, but recently, the importance of cyber threat information collection and analysis is increasing. A bot-type automation program is a rather active method of extracting malicious code by visiting a website to collect threat information or detect threats. However, this method also has a limitation in that it cannot prevent hacking damage because it is a method to identify hacking damage because malicious code has already been distributed or after being hacked. Therefore, to overcome these limitations, we propose a model that detects actual threats by acquiring and analyzing threat information while identifying and managing cyber bases. This model is an active and proactive method of collecting threat information or detecting threats outside the boundary such as a firewall. We designed a model for detecting threats using cyber strongholds and validated them in the defense environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.939-946
• /
• 2023

In the hyper-connected network, which network equipment is diverse and network structure is complex, the attack surface has also increased. In this environment, MTD(Moving Target Defense) technology is being researched as a method to fundamentally defend against cyber attacks by actively changing the attack surface. network-based MTD technologies are being widely studied. However, in order for network address mutation technology to be applied within the existing fixed IP-based system, research is needed to determine what impact it will have. In this paper, we studied the impact of applying network address mutation technology to the existing network protection system. As a result of the study, factors to be considered when firewall, NAC, IPS, and network address mutation technologies are operated together were derived, and elements that must be managed in network address mutation technology for interoperability with the network analysis system were suggested.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.21-27
• /
• 2023

In the cloud computing environment, servers and applications can be set up within minutes, and recovery in case of fail ures has also become easier. Particularly, using virtual servers in the cloud is not only convenient but also cost-effective compared to the traditional approach of setting up physical servers just for temporary services. However, most of the und erlying networks and security systems that serve as the foundation for such servers and applications are primarily hardwa re-based, posing challenges when it comes to implementing cloud virtualization. Even within the cloud, there is a growing need for virtualization-based security and protection measures for elements like networks and security infrastructure. This paper discusses research on enhancing the security of cloud networks using network virtualization technology. I configured a secure network by leveraging virtualization technology, creating virtual servers and networks to provide various security benefits. Link virtualization and router virtualization were implemented to enhance security, utilizing the capabilities of virt ualization technology. The application of virtual firewall functionality to the configured network allowed for the isolation of the network. It is expected that based on these results, there will be a contribution towards overcoming security vulnerabil ities in the virtualized environment and proposing a management strategy for establishing a secure network.

• Journal of the Computational Structural Engineering Institute of Korea
• /
• v.37 no.3
• /
• pp.197-204
• /
• 2024

In this paper, the structural performance of Suwon Hwaryeongjeon Unhangak, a representative traditional timber structure in the late Joseon Dynasty, was evaluated. Based on the structure composition of Unhangak, an analysis model was elaborately constructed with Midas Gen, a 3-dimensional structural analysis software. The safety and serviceability of major structural members were evaluated by static analysis, and the dynamic behavior characteristics were evaluated by eigenvalue analysis. Most of the members satisfied the safety and serviceability standards with a margin; however, the bending stress ratio in the oemogdori exceeds the standard by 20.7%, so it is considered that long-term monitoring is needed for this member. The natural period of Unhangak is 1.079 seconds, which is slightly longer than traditional timber buildings of similar scale. In particular, it is analyzed that torsional movement occurred in the secondary mode due to the influence of the rear masonry firewall.

• Journal of Digital Convergence
• /
• v.10 no.9
• /
• pp.1-13
• /
• 2012

This study aims to analyze actual conditions of the present national defense information network operation, the structure and management of the system, communication lines, security equipments for the lines, the management of network and software, stored data and transferred data and even general vulnerable factors of our army tactical C4I system. Out of them, by carrying out an extensive analysis of the army tactical C4I system, likely to be the core of future information warfare, this study suggested plans adaptive to better information security, based on the vulnerable factors provided. Firstly, by suggesting various information security factor technologies, such as VPN (virtual private network), IPDS (intrusion prevention & detection system) and firewall system against virus and malicious software as well as security operation systems and validation programs, this study provided plans to improve the network, hardware (computer security), communication lines (communication security). Secondly, to prepare against hacking warfare which has been a social issue recently, this study suggested plans to establish countermeasures to increase the efficiency of the army tactical C4I system by investigating possible threats through an analysis of hacking techniques. Thirdly, to establish a more rational and efficient national defense information security system, this study provided a foundation by suggesting several priority factors, such as information security-related institutions and regulations and organization alignment and supplementation. On the basis of the results above, this study came to the following conclusion. To establish a successful information security system, it is essential to compose and operate an efficient 'Integrated Security System' that can detect and promptly cope with intrusion behaviors in real time through various different-type security systems and sustain the component information properly by analyzing intrusion-related information.