• Title/Summary/Keyword: router security

Search Result 111, Processing Time 0.011 seconds

The Design of Router Security Management System for Secure Networking

  • Jo, Su-Hyung;Kim, Ki-Young;Lee, Sang-Ho
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2005.06a
    • /
    • pp.1594-1597
    • /
    • 2005
  • A rapid development and a wide use of the Internet have expanded a network environment. Further, the network environment has become more complex due to a simple and convenient network connection and various services of the Internet. However, the Internet has been constantly exposed to the danger of various network attacks such as a virus, a hacking, a system intrusion, a system manager authority acquisition, an intrusion cover-up and the like. As a result, a network security technology such as a virus vaccine, a firewall, an integrated security management, an intrusion detection system, and the like are required in order to handle the security problems of Internet. Accordingly, a router, which is a key component of the Internet, controls a data packet flow in a network and determines an optimal path thereof so as to reach an appropriate destination. An error of the router or an attack against the router can damage an entire network. This paper relates to a method for RSMS (router security management system) for secure networking based on a security policy. Security router provides functions of a packet filtering, an authentication, an access control, an intrusion analysis and an audit trail in a kernel region. Security policy has the definition of security function against a network intrusion.

  • PDF

Integrated Security Management Framework for Secure Networking

  • Jo, Su-Hyung;Kim, Jeong-Nyeo;Sohn, Sung-Won
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2003.10a
    • /
    • pp.2174-2177
    • /
    • 2003
  • Internet is exposed to network attacks as Internet has a security weakness. Network attacks which are virus, system intrusion, and deny of service, put Internet in the risk of hacking, so the damage of public organization and banking facilities are more increased. So, it is necessary that the security technologies about intrusion detection and controlling attacks minimize the damage of hacking. Router is the network device of managing traffic between Internets or Intranets. The damage of router attack causes the problem of the entire network. The security technology about router is necessary to defend Internet against network attacks. Router has the need of access control and security skills that prevent from illegal attacks. We developed integrated security management framework for secure networking and kernel-level security engine that filters the network packets, detects the network intrusion, and reports the network intrusion. The security engine on the router protects router or gateway from the network attacks and provides secure networking environments. It manages the network with security policy and handles the network attacks dynamically.

  • PDF

Security Audit System for Secure Router

  • Doo, So-Young;Kim, Ki-Young
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2005.06a
    • /
    • pp.1602-1605
    • /
    • 2005
  • An audit tracer is one of the last ways to defend an attack for network equipments. Firewall and IDS which block off an attack in advance are active way and audit tracing is passive way which analogizes a type and a situation of an attack from log after an attack. This paper explains importance of audit trace function in network equipment for security and defines events which we must leave by security audit log. We design and implement security audit system for secure router. This paper explains the reason why we separate general audit log and security audit log.

  • PDF

Research on security technology to respond to edge router-based network attacks (Edge 라우터 기반 네트워크 공격에 대응하는 보안기술 연구)

  • Hwang, Seong-Kyu
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.26 no.9
    • /
    • pp.1374-1381
    • /
    • 2022
  • Existing research on security technology related to network attack response has focused on research using hardware network security technology, network attacks that wiretap and wiretap network packets, denial of service attack that consumes server resources to bring down the system, and network by identifying vulnerabilities before attack. It is classified as a scanning attack. In addition, methods for increasing network security, antivirus vaccines and antivirus systems have been mainly proposed and designed. In particular, many users do not fully utilize the security function of the router. In order to overcome this problem, it is classified according to the network security level to block external attacks through layered security management through layer-by-layer experiments. The scope of the study was presented by examining the security technology trends of edge routers, and suggested methods and implementation examples to protect from threats related to edge router-based network attacks.

Design of Traceback System using Selected Router (선택적 라우터를 이용한 역추적 시스템의 설계)

  • Lee, Jeong-Min;Lee, Kyoon-Ha
    • Convergence Security Journal
    • /
    • v.3 no.3
    • /
    • pp.91-97
    • /
    • 2003
  • As increasing of Internet user and fast development of communication, many security problems occur. Because of Internet is design and development for speed not security, it is weak to attack from malicious user. furthermore attack is more developed to have high efficiency and intelligent. We proposed effective traceback system in network and consider that ability of constitution. Traceback by Selected Router system is consists of managed router and manager system. Selected router marks router ID to packet which passing selected router, and use this router ID for traceback and filtering. Consequently this system reduce damage of attack.

  • PDF

Small size IoT Device Monitoring System Modeling applying DEVS methodology

  • Lee, Se-Han;Seo, Hee-Suk;Choi, Yo-Han
    • Journal of the Korea Society of Computer and Information
    • /
    • v.23 no.2
    • /
    • pp.45-51
    • /
    • 2018
  • In this paper, we propose a Designed and Developed home router management system. Through the fourth industrial revolution and development of IoT technology, now people can experience a wide range of IoT related services at their workplace or daily lives. At the industrial site, IoT devices are used to improve productivity such as factory automation, and at home, IoT technology is used to control home appliances from a remote distance. Usually IoT device is integrated and controlled by the router. Home router connects different IoT devices together at home, however when security issues arise, it can invade personal privacy. Even though these threats exist, the perception for home router security is still insufficient. In this paper, we have designed and developed home router management system using DEVS methodology to promote the safe use of home router. Through the DEVS methodology, we have designed the system and developed the mobile application. This management system enables users to set up security options for home router easily.

RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing

  • Wang, Zhiqiang;Zhang, Yuqing;Liu, Qixu
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.7 no.8
    • /
    • pp.1989-2009
    • /
    • 2013
  • How to discover router vulnerabilities effectively and automatically is a critical problem to ensure network and information security. Previous research on router security is mostly about the technology of exploiting known flaws of routers. Fuzzing is a famous automated vulnerability finding technology; however, traditional Fuzzing tools are designed for testing network applications or other software. These tools are not or partly not suitable for testing routers. This paper designs a framework of discovering router protocol vulnerabilities, and proposes a mathematical model Two-stage Fuzzing Test Cases Generator(TFTCG) that improves previous methods to generate test cases. We have developed a tool called RPFuzzer based on TFTCG. RPFuzzer monitors routers by sending normal packets, keeping watch on CPU utilization and checking system logs, which can detect DoS, router reboot and so on. RPFuzzer' debugger based on modified Dynamips, which can record register values when an exception occurs. Finally, we experiment on the SNMP protocol, find 8 vulnerabilities, of which there are five unreleased vulnerabilities. The experiment has proved the effectiveness of RPFuzzer.

Analysis of Network Security Policy Enforcement in Container Environments (컨테이너 환경에서의 네트워크 보안 정책 집행 분석)

  • Bom Kim;Seungsoo Lee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.6
    • /
    • pp.961-973
    • /
    • 2023
  • With the changes in the modern computing landscape, securing containerized workloads and addressing the complexities of container networking have become critical issues. In particular, the complexity of network policy settings and the lack of cloud security architecture cause various security issues. This paper focuses on the importance of network security and efficiency in containerized environments, and analyzes the security features and performance of various container network interface plugins. In particular, the features and functions of Cilium, Calico, Weave Net, and Kube-router were compared and evaluated, and the Layer 3/4 and Layer 7 network policies and performance features provided by each plugin were analyzed. We found that Cilium and Calico provide a wide range of security features, including Layer 7 protocols, while Weave Net and Kube-router focus on Layer 3/4. We also found a decrease in throughput when applying Layer 3/4 policies and an increase in latency due to complex processing when applying Layer 7 policies. Through this analysis, we expect to improve our understanding of network policy and security configuration and contribute to building a safer and more efficient container networking environment in the future.

A Mobile Router Scheme Considering Node Property in Nested Mobile Networks (중첩 이동 네트워크에서 노드의 특성을 고려한 이동 라우터 방안)

  • Song, Ji-Young;Park, Sang-Joon;Lee, Jong-Chan;Shin, Young-Nyo
    • Convergence Security Journal
    • /
    • v.8 no.2
    • /
    • pp.51-56
    • /
    • 2008
  • In this paper presents the method of the Optimal Mobile Router Designation (OMRD) using QM(Quality of service Manager) in the nested mobile network. QM is positioned on TLMR (Top Level Mobile Router) in the nested mobile network and manages the information of all MRs in the mobile network. When MN (Mobile Node) moves to a new MR, OMRD (Optimal Mobile Router Designation) selects the candidate MRs group and decides an optimal MR considering the mobile characteristics. OMRD reduces maximally the production of handover and removes the transmission delay of a new call and a handover call resulted from the wireless insufficient resource. Also, it prevents the concentration in a specific MR and maintains equally the load of the whole network.

  • PDF

Mutual Authentication Scheme of Mobile Routers Using Temporary Certificate in MANEMO (MANEMO 환경에서 임시 인증서를 이용한 이동 라우터 간 상호인증 기법)

  • Roh, Hyo-Sun;Jung, Sou-Hwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.3
    • /
    • pp.97-107
    • /
    • 2008
  • This paper proposes a mutual authentication scheme for mobile router in MANEMO. The NEMO used AAA server in order to authenticate mobile router in nested mobile network. So, this scheme has some problem that increases authentication message overhead and authentication time. The proposed scheme uses temporary certificate that signed by an access router's private key. The temporary certificate authenticates a mobile router when the mobile router entered a MANET domain. The proposed scheme reduces authentication message overhead and authentication time than the scheme to use AAA server when authenticating the mobile router.