• Journal of the Korea Society of Computer and Information
• /
• v.12 no.2 s.46
• /
• pp.93-102
• /
• 2007

Firewall system is a security system for protect the network and is needed for constructing the trusted network. However, these firewall systems deteriorate the performance of whole network in about 60% because of Inefficiency policy establishment and unnecessary traffic occurrence. Therefore, there is a strong needs to establish the network performance elevation, efficient operation and reassignment of the firewall system. In this dissertation, we will analyze how each functionalities of the firewall system affect to the network performance via using a simulation result according to functionality of the firewall system and propose a exclusive firewall system for the efficient network operation.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.5 s.37
• /
• pp.237-244
• /
• 2005

IP-Internet Telephony Service has not vet been achieved that of operating an IP-PBX service and a consumer Internet telephone services using VoIP technologies. In this paper, i suggest that the technologies of the VoIP Secure Gateway have connecting and securing for IP-Internet Telephony Service which makes If telephony protocols, firewall VPN tunneling, using Application Level Gateway, connection of the VoIP Secure Gateway. I suggest of telecommunication technologies that are enables an enterprise If-PBX service to interoperate with a consumer IP telephony service through a firewall. Also, I have proposed the solutions of security problems which was the security for VoIP Secure Gateway.

• 한국IT서비스학회:학술대회논문집
• /
• 2009.11a
• /
• pp.539-543
• /
• 2009

실시간으로 데이터를 처리하여 빠른 서비스를 제공하기 위해 PC 클러스터가 널리 사용되고 있다. 본 논문에서는 PC 클러스터의 한 종류인 HPC 클러스터에 전용 노드를 추가하는 대신, 방화벽 외부의 네트워크 상에 존재하는 비전용 노드의 유휴시간을 활용하도록 클러스터를 확장하여 성능을 향상시키는 경우 발생하는 NFS 등의 보안 문제를 SSH 터널링을 사용하여 해결하는 방안을 제시하고 암호화된 NFS의 성능을 실험하였다.

• Review of KIISC
• /
• v.19 no.5
• /
• pp.60-67
• /
• 2009

본 논문에서는 산업제어시스템 보안을 위한 네트워크 설계 및 구조에 대하여 살펴보고자 한다. 산업제어시스템을 위한 네트워크 구조 설계에서, 통상적으로 제어 네트워크를 사내 망과 분리하는 것이 권고된다. 그러나 산업제어시스템과 사내망의 연결이 필요한 실제 상황이 발생할 수 있다. 만약 이런 연결이 이루어진다면, 심각한 보안 위험을 유발하기 때문에 설계 및 구현에서 주의가 요구된다. 따라서 본 논문에서는 산업제어시스템 보안을 위한 네트워크 설계 원칙 및 네트워크 구조와 방화벽의 사용, DMZ의 생성, 효과적인 보안 정책을 갖춘 침입탐지 능력, 훈련 프로그램과 사고 대응 메커니즘을 포함하는 심층-방어 보안 구조에 대하여 소개하고자 한다.

• Journal of Korea Society of Industrial Information Systems
• /
• v.12 no.3
• /
• pp.47-59
• /
• 2007

IPv4 NAT, which often used in households or under SOHO environments, is one of the factors that delays IPv6 propagation. As IPv4 NAT does not operate properly under the transition mechanism like ISATAP or 6to4 that acts as IPv6-in-IPv4 tunneling type, Microsoft proposed Teredo in order to resolve this issue. However, tunneling transition mechanism like Teredo has a security problem. That is, being tunneled packets have dual IP headers; general firewall systems apply the filtering rules only to the outer header but not inner header when these packets pass the firewall. Furthermore, attacks using unregistered server and relay can take place in Teredo. To resolve these problems, we propose a new packet filtering mechanism exclusively for Teredo. The proposed packet filtering mechanism was designed and implemented by using Linux Netfilter and ip6tables. Through functional and experimental performance tests, this packet filtering system was found operating properly and solving the Teredo packet filtering problems without serious performance degradation.

• Journal of the Korean Institute of Gas
• /
• v.18 no.3
• /
• pp.44-52
• /
• 2014

Small petrol stations have great potential for a wide distribution in metropolitan area in which the land value possesses primary installation cost of the facility. The objective of the present study is to propose appropriate facility regulations of small petrol stations in Korea that can be popularly installed in the future in terms of securing safety in addition to serviceability. The hazard analysis and damage prediction from the possible fire and explosion accidents were performed using a software, PHAST v.6.5. As essential components of the facility regulations proposed in this study, the regulations about the refueling lot, maximum capacity of underground tank, location of fixed refueling facilities, height of firewall for small petrol stations were subsequently compared with those for regular-sized petrol stations.