Research on financial institutional network partition design for anti-hacking

Abstract

Enforced from February 18th, 2013, the network separation system has been promoted as a solution to block the leak of important information in public institution or in private, which has been increased continuously. Under pretext of continuity, the entire finance system has operated the integrated network of intranet and Internet before the network separation system. Such operational environment led more internal and external threats due to development of APT or malwares and carelessness of insider, and the government has prepared the high level security solution called the network separation. Through the network separation, based on the guideline of financial authority, the intranet and the Internet have been separated to protect the corporate and private information from the malware infection or hacking through the external Internet. In this thesis, through the concept of network separation and the case of establishment of network separation in the financial field, the structure is to be evaluated, and through the safety of system, efficiency of management, and safety operation solution of data system, the optimized network separation system in the financial field is to be designed. Furthermore, the network separation system is categorized into the establishment of network separation solution, establishment of network connection solution, establishment of network, and establishment of infrastructure for information protection to be evaluated. Therefore, the system establishment and connection through detailed analysis of regulation are required, and the assurance of security and performance and safety of the network separation system through the integration of conventional security system and new establishment and process are studied.