A Study on Security Hole Attack According to the Establishment of Policies to Limit Particular IP Area

특정 IP 영역 제한정책 설정에 따른 보안 취약점 공격에 관한 연구

  • Received : 2010.10.10
  • Accepted : 2010.12.10
  • Published : 2010.12.31

Abstract

With regard to the examples of establishing various sorts of information security, it can be seen that there are gradual, developmental procedures including Firewall and VPN (Virtual Private Network), IDS (Intrusion Detection System), or ESM(Enterprise Security Management). Each of the security solutions and equipments analyzes both defense and attack for information security with the criteria of classifying the problems of security policies by TCP/IP layers or resulted from attack patterns, attack types, or invasion through specialized security technology. The direction of this study is to examine latency time vulnerable to invasion which occurs when L2-stratum or lower grade equipments or policies are applied to the existing network through TCP/IP layer's L3-stratum or higher grade security policies or equipments and analyze security holes which may generate due to the IP preoccupation in the process of establishing policies to limit particular IP area regarding the policies for security equipments to figure out technological problems lying in it.

References

  1. Wool .A, "Trends in Firewall Configuration Errors: Measuring the Holes in Swiss Cheese", IEEE internet computing, V.14 No.4, pp.58-65, 2010.
  2. Li .F, Yu .N, "Design and Implementation of TCP/IP Protocol Learning Tool", Springer, pp.46-52, 2010.
  3. Harrison .R, "Firewall Management Today and Tomorrow", Database and network journal, V.40 No.4, pp.18-19, 2010.
  4. Li Xinlei, Zheng Kangfeng, Yang Yixian, "A DDoS attack defending scheme based on network processor", 2009 WASE International Conference on Information Engineering, pp.238-241, 2008.
  5. Rahul Kumar, Rahul Karanam, Rahul Chowdary Bobba, Raghunath .S, "DDOS DEFENCE MECHANISM", 2009 International Conference on Future Networks, pp.254-257, 2009.
  6. Zhen YE, Weiwei SHI, Dayong YE, "DDoS Defense Using TCP_IP Header Analysis and Proactive Tests", 2009 International Conference on Information Technology and Computer Science, pp.548-552, 2009.