US Patent No. 9,444,845

NETWORK SECURITY APPARATUS AND METHOD


Patent No. 9,444,845
Issue Date September 13, 2016
Title Network Security Apparatus And Method
Inventorship Jeong-Han Yun, Daejeon (KR)
Heemin Kim, Daejeon (KR)
Kyoung-Ho Kim, Gokseong-gun (KR)
Woonyon Kim, Daejeon (KR)
Byung-gil Min, Cheongju-si (KR)
Assignee ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE, Daejeon (KR)

Claim of US Patent No. 9,444,845

1. A network security method comprising:
receiving, by a network security apparatus including three ports, including a security port and a communication port, network
security apparatus setting information, security policies and log generation policies through the security port from a security
monitoring network, wherein the network security apparatus is installed at a communication node to monitor security of the
communication node, and the security port is connected to the security monitoring network while the communication port is
connected to a communication node network for communication of the communication node, the security monitoring network being
physically separated from the communication node network;

checking whether the security policies comply with a security policy setting format;
if the security policies comply with the security policy setting format, monitoring whether the communication node to which
the network security apparatus has been applied communicates in compliance with the security policies;

generating a monitoring log based on the log generation policies, and checking whether the monitoring log complies with a
log setting format; and

if the monitoring log complies with the log setting format, transmitting a security log generated based on the log generation
policies through the security port to the security monitoring network, thereby performing network security,

wherein the monitoring of security of the communication node is not performed through the communication node network but through
the security monitoring network, without either using resource of the communication node or imposing additional traffic on
the communication node network.