• Convergence Security Journal
• /
• v.24 no.1
• /
• pp.27-34
• /
• 2024

Network separation is an important policy that Cyber Incident prevent cyber and protect data. Recently, the IT environment is changing in software development, such as remote work, using the cloud, and using open sources. Due to these changes, fintech companies' development productivity and efficiency are lowering due to network separation regulations, and the demand for easing network separation continued. The government revised the regulations electronic financial supervision(hereafter EFS) in response to needs for mitigation of network separation in the IT environment and fintech companies. Some amendments to the EFS, which took effect on 01/01/2023, mitigate network separation only for research and development purposes in cloud environments. If software developed in a cloud development environment is applied to an operating system through a distribution system the existing perimeter-based security model will not satisfaction the network separation conditions. In this Study, we would like to propose a way to maintain the DevOps system in a network separation environment by Using the zero trust security system.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.8
• /
• pp.1071-1076
• /
• 2020

The importance of network separation is due to the use of the Internet with existing business PCs, resulting in an internal information leakage event, and an environment configured to allow servers to access the Internet, which causes service failures with malicious code. In order to overcome this problem, it is necessary to use network virtualization to separate networks and network interconnection systems. Therefore, in this study, the construction area was constructed into the network area for the Internet and the server farm area for the virtualization system, and then classified and constructed into the security system area and the data link system area between networks. In order to prove the excellence of the proposed method, a network separation construction study using network virtualization was conducted based on the basis of VM Density's conservative estimates of program loads and LOBs.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.8
• /
• pp.77-85
• /
• 2019

In this paper, we propose a "Safe Web Using Scrapable Headless Browse" Because in a network separation environment for security, It does not allow the Internet. The reason is to physically block malicious code. Many accidents occurred, including the 3.20 hacking incident, personal information leakage at credit card companies, and the leakage of personal information at "Interpark"(Internet shopping mall). As a result, the separation of the network separate the Internet network from the internal network, that was made mandatory for public institutions, and the policy-introduction institution for network separation was expanded to the government, local governments and the financial sector. In terms of information security, network separation is an effective defense system. Because building a network that is not attacked from the outside, internal information can be kept safe. therefore, "the separation of the network" is inefficient. because it is important to use the Internet's information to search for it and to use it as data directly inside. Using a capture method using a Headless Web browser can solve these conflicting problems. We would like to suggest a way to protect both safety and efficiency.

• Journal of Institute of Control, Robotics and Systems
• /
• v.1 no.2
• /
• pp.119-126
• /
• 1995

The purpose of this study is to develop the technique of energy recovery and energy saving by using the optimization of heat exchanger network synthesis. This article proposes a new method of determining the optimal target of a heat exchanger network synthesis problem of which data feature multiple pinch points. The system separation method we suggest here is to subdivide the original system into independent subsystems with one pinch point. The optimal cost target was evaluated and the original pinch rules at each subsystem were employed. The software developed in this study was applied to the Alko prosess, which is an alcohol production process, for the synthesis of heat exchanger network. It was possible to save about 15% of the total annual cost.

• The Transactions of the Korean Institute of Electrical Engineers A
• /
• v.55 no.6
• /
• pp.227-235
• /
• 2006

In this paper, autonomous separation methodology of faulted section based on network is proposed newly, which can minimize the outage effect as compared with the existing center-based faulted section separation method by determining and separating autonomously the faulted section by the free operation information exchange among IEDs on the feeder of distribution system. The all IEDs is designed in network in which client/server function is possible in order to separate autonomously the faulted section using PtP(Peer to Peer) communication. Also, Inference based solution of IED for the autonomous faulted section separation is designed by rules obtained from the analyzing results of distribution system topology. Here, the switch IEDs transmit on network the fault information utilizing on multi-casting communication method, at the fame time, determine selfly whether they operates or not by inferencing autonomously the faulted section using the inference-based solution after receiving the transmitted information. Finally, in order to verify the effectiveness and application possibility of the proposed methodology, the diversity fault cases are simulated for the typical distribution system.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.45-53
• /
• 2021

When the security monitoring system is performed in a separation network, there is little normal anomaly detection in internal networks or high-risk sections. Therefore, after the establishment of the security network, a model is needed to evaluate state-of-the-art cyber threat anomalies for internal network in separation network to complete the optimized security structure. In this study, We evaluate it by generating datasets of cyber vulnerabilities and malicious code arising from general and separation networks, It prepare for the latest cyber vulnerabilities in internal network cyber attacks to analyze threats, and established a cyber security test evaluation system that fits the characteristics. The study designed an evaluation model that can be applied to actual separation network institutions, and constructed a test data set for each situation and applied a real-time security assessment model.

• The Journal of Information Technology
• /
• v.9 no.1
• /
• pp.55-63
• /
• 2006

In this paper, a Hangul recognition system using of Kohonen Network in the phoneme separation and learning is proposed. A Hangul consists of phoneme that are consists of strokes. The phoneme recognition and separation are very important in the recognition of character. So, the phonemes which mismatching has been happened are correctly separated through the learning of neural networks. also, learning rate($\alpha$) adjusted according to error, in order to solved that its decreased the number of iteration and the problem of local minimum, adaptively.

• Journal of Aerospace System Engineering
• /
• v.14 no.6
• /
• pp.26-35
• /
• 2020

The national satellite operation network, which supports multiple satellites, was designated as a Critical Information Infrastructure (CII) in 2017. The network was designed independently from the control network and the information network to enhance physical security. Planning is underway to establish a bidirectional data interface between networks. The data transmission system allows data flow only to the physical layer and the data link layer; hence, only one file can be transferred at any one time. This means that when large amounts of data are being transmitted, no other data can be sent simultaneously in urgent situations. Thus, this paper discusses the design of flexible packets for the transmission of data between networks in an environment where physical security has been enhanced through network separation and based on this, presents a method for transmitting data effectively.

• Convergence Security Journal
• /
• v.13 no.3
• /
• pp.85-90
• /
• 2013

To provide high-quality services, national public institutions and companies have provided information and materials over the internet network. However, a risk of malware infection between transmission and reception of data leads to exposure to various security threats. For this reason, national institutions have proceeded with projects for network separation since 2008, and data linkage has been made using network connection storage through network separation technologies, along with physical network separation. However, the network connection storage has caused waste of resources and problems with data management due to the presence of the same data in internal network storage and external network storage. In this regard, this study proposes a method to connect internal and external network data using NAS storage as a way to overcome the limitations of physical network separation, and attempts to verify the priority of items for the optimization of network separation by means of AHP techniques.

• ETRI Journal
• /
• v.39 no.4
• /
• pp.525-534
• /
• 2017

A hardware-acceleration architecture that separates virtual network functions (VNFs) and network control (called HSN) is proposed to solve the mismatch between the simple flow steering requirements and strong packet processing abilities of software-defined networking (SDN) forwarding elements (FEs) in SDN/network function virtualization (NFV) architecture, while improving the efficiency of NFV infrastructure and the performance of network-intensive functions. HSN makes full use of FEs and accelerates VNFs through two mechanisms: (1) separation of traffic steering and packet processing in the FEs; (2) separation of SDN and NFV control in the FEs. Our HSN prototype, built on NetFPGA-10G, demonstrates that the processing performance can be greatly improved with only a small modification of the traditional SDN/NFV architecture.