• Convergence Security Journal
• /
• v.14 no.2
• /
• pp.25-33
• /
• 2014

With the development of information and communication, public institutions and enterprises utilize the business continuity using the Internet and Intranet. In this environment, public institutions and enterprises is to be introduced the number of solutions and appliances equipment to protect the risk of leakage of inside information. However, this is also the perfect external network connection is not enough to prevent leakage of information. To overcome these separate internal and external networks are needed. In this paper, we constructed the physical and logical network separation is applied to the network using the virtualization and thus the network configuration and network technical review of the various schemes were proposed for the separation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.449-456
• /
• 2018

Many organizations divide the network to manage the network in order to prevent the leakage of internal data between separate organizations / departments by sending and receiving unnecessary traffic. The most fundamental network separation method is based on physically separate equipment. However, there is a case where a network is divided and operated logically by utilizing a virtual LAN (VLAN) network access control function that can be constructed at a lower cost. In this study, we first examined the possibility of bypassing the logical network separation through VLAN ID scanning and double encapsulation VLAN hopping attack. Then, we showed and implemented a data leak scenario by utilizing the acquired VLAN ID. Furthermore, we proposed a simple and effective technique to detect and prevent the double encapsulation VLAN hopping attack, which is also implemented for validation. We hope that this study improves security of organizations that use the VLAN-based logical network separation by preventing internal data leakage or external cyber attack exploiting double encapsulation VLAN vulnerability.

• Journal of Convergence for Information Technology
• /
• v.9 no.9
• /
• pp.27-32
• /
• 2019

Along with the growth of u-Healthcare, we propose a security enhancement based on network separation for CloudHIS with for handling healthcare information to cope with cyber attack. To protect against all security threats and to establish clear data security policies, we apply desktop computing servers to cloud computing services for CloudHIS. Use two PCs with a hypervisor architecture to apply physical network isolation and select the network using KVM switched controller. The other is a logical network separation using one PC with two OSs, but the network is divided through virtualization. Physical network separation is the physical connection of a PC to each network to block the access path from both the Internet and the business network. The proposed system is an independent desktop used to access an intranet or the Internet through server virtualization technology on a user's physical desktop computer. We can implement an adaptive solution to prevent hacking by configuring the CloudHIS, a cloud system that handles medical hospital information, through network separation for handling security enhancement.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.05a
• /
• pp.747-749
• /
• 2017

To protect financial services against danger of financial accidents and customer information leakage caused by malware, injection attack and so on, Financial Services Commission announced "Financial Networks Security Enhancement Comprehensive Plan", which suggests the guideline of protecting customer information and providing secure financial services by separating network topology and then makes the financial company use network partitioning system. In consequence of this policy, financial companies respectively chose between the physical partitioning mechanism or the logical partitioning mechanism according to their IT environment. This paper suggests an efficient infrastructure configuration plan for making the logical network partition, by comparison of a construction of traditional general equipment and an integrated HCI(Hyper Converged Infrastructure) through 'Hyper Converged' which is one of virualization techniques for developing currently, and the case study of the integrated HCI method.

• KIISE Transactions on Computing Practices
• /
• v.21 no.7
• /
• pp.506-511
• /
• 2015

IOV is a technology that supports one or more virtual desktops, and can share a single physical device. In general, the virtual desktop uses the virtual IO devices which are provided by virtualization SW, using SW emulation technology. Virtual desktops that use the IO devices based on SW emulation have a problem in which service quality and performance are declining. Also, they cannot support the high-end application operations such as 3D-based CAD and game applications. In this paper, we propose a physical network separation system using Virtual Desktop Service based on HW direct assignments to overcome these problems. The proposed system provides independent desktops that are used to access the intranet or internet using server virtualization technology in a physical desktop computer for the user. In addition, this system can also support a network separation without network performance degradation caused by inspection of the network packet for logical network separations and additional installations of the desktop for physical network separations.

• Journal of Digital Convergence
• /
• v.11 no.2
• /
• pp.43-50
• /
• 2013

Recently, Cyber threats that is doing intelligence and sophistication from the organization's information assets to secure order technical disciplines, as well as managerial and environmental sectors, such as mind-response system is must established. In this paper, possible to analyze the case for the theory in network security, such as the logical network and physical network separation suitable for the corporate environment and constantly respond and manage the Information Security Management Model A secure network design is proposed. In particular, the proposed model improvements derived from the existing network, network improvements have been made in order to design improved ability to respond to real-time security and central manageability, security threats, pre-emptive detection and proactive coping, critical equipment in the event of a dual hwalreu through applied features such as high-availability, high-performance, high-reliability, ensuring separation of individual network security policy integrated management of individual network, network security directional.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.25-30
• /
• 2021

Due to the current COVID-19 pandemic, companies and institutions are introducing virtual desktop technology, one of the logical network separation technologies, to establish a safe working environment in a situation where remote work is provided. With the introduction of virtual desktop technology, companies and institutions can operate the network separation environment more safely and effectively, and can access the business network quickly and safely to increase work efficiency and productivity. However, when introducing virtual desktop technology, there is a cost problem of high-spec server, storage, and license, and it is necessary to supplement in terms of operation and management. As a countermeasure to this, companies and institutions are shifting to cloud computing-based technology, virtual desktop service (DaaS, Desktop as a Service). However, in the virtual desktop service, which is a cloud computing-based technology, the shared responsibility model is responsible for user access control and data security. In this paper, based on the shared responsibility model in the virtual desktop service environment, we propose a cloud-based hardware security module (Cloud HSM) and edge-DRM proxy as an improvement method for user access control and data security.

• International Journal of Computer Science & Network Security
• /
• v.22 no.7
• /
• pp.85-90
• /
• 2022

In modern conditions of the development of public relations, there is a continuous development of technologies. This not only reflects the convenience of service users, and new technology but also contributes to the emergence of new disputes to protect the rights of stakeholders. Therefore, it is urgent to study the distinctions between the jurisdiction of commercial, civil and administrative courts in resolving IT disputes. The work aims to study the peculiarities of delimitation of the jurisdiction of commercial, civil, and administrative courts through the prism of IT measurement. The research methodology consists of such methods as a historical, comparative-legal, formal-logical, empirical, method of analogy, method of synthesis, method of analysis, and systematic method. Examining the specifics of delimiting the jurisdiction of commercial, civil, and administrative courts through the IT dimension, it was concluded that there is a problem in determining the jurisdiction of the court. In addition, the judicial practice on this issue is quite variable, which negatively affects the predictability of technology in resolving potential disputes. In this regard, the criterion models for distinguishing between commercial, administrative, and civil proceedings according to the legal classification of the parties, as well as the nature of the claim are identified. This separation will contribute to a more accurate application of legal norms and methods of application of administrative norms and reduce the number of cases of improper proceedings.

• International Journal of Computer Science & Network Security
• /
• v.22 no.11
• /
• pp.199-203
• /
• 2022

The article aims at studying the institution of human rights and civil freedoms with due regard to the anthropological approach in the theory of law. To the greatest extent, the provisions of non-classical legal science are confirmed in the Anglo-Saxon legal family, which endows the judge with law-making functions. In this regard, the role of a person in the legal sphere is increasing. The main research method was deduction used to study the anthropological approach to the institution of human rights and freedoms. The article also utilizes the inductive method, the method of systematic scientific analysis, comparative legal and historical methods. To solve the task set, the authors considered the legal foundations and features of human rights and freedoms in the modern world. The article proves that the classical legal discourse, represented by various types of interpretation, reduces the rule of law to the analysis of its logical structure and does not answer the questions posed. It is concluded that the prerequisite for the anthropological approach in the theory of law is the use of human-like concepts in modern legislation (guilt, justice, peculiar ferocity, child abuse, willful evasion, conscientiousness).

• Cartoon and Animation Studies
• /
• s.40
• /
• pp.337-365
• /
• 2015

The objective of this study proposes the new user's addiction model in 'Social Network Games' (SNGs). Research model is derived from the separation of two characteristics. First one is logical characteristics that includes 'Functional' (F), 'Keystroke' (K), and 'Goal' (G). Second one is feeling characteristics that consists a few factors such as 'Emotion' (E), 'Social' (S), and 'Affection' (A). For the pre-test, a total of 30 participants responded to survey in order to inspect the fitness of research questionnaire, roughly validity of the proposed model, and the direction of this reseach. After that for the main test, a total 300 users participated in this research. The final number of effective participants were 261 because 39 were insincere respondents and without playing SNGs who were excluded. Then we examined the measurement model by performing 'Partial Least Squares - Structural Equation Modeling' (PLS-SEM) analysis to test the research hypothesis empirically. The results of the measurement and structural model test lend support to the proposed research model by providing a good fit to the construct data. Interestingly, the model showed the significant effects of the interaction between eleven hypothesis(H1,H2,H3,H4,H5,H6,H7,H8,H9,H10, H12). Only one hypothesis decision t-value not supported that is involved the relationship between SNGs Addiction and Keystroke, H11(1.193). This research expect to contributes to an exploratory SNGs research to clarify the base of addition and will aids understanding of users' behavior associated with SNGs development.