Security gateway apparatus for controlling of policy-based network security and its proceeding method

摘要

PURPOSE: A security gateway device for a policy-based network security control and an operating method therefor are provided to dynamically meet a cyber terror by updating a correspondence policy according to a terror type in a policy cache when the cyber terror is generated and applying the updated policy to a newly generated cyber terror. CONSTITUTION: A CPA(Cyber Patrol Agent)(201) receives a cyber terror detection signal, and transmits the received cyber terror detection signal to a CPCS(Cyber Patrol Control System)(300). A policy receiving unit(202) receives a policy corresponding to the cyber terror detection signal from the CPCS(300). A security policy engine(203) receives the policies from the policy receiving unit(202), and outputs a dynamic security policy among the policies. A QoS(Quality of Service) policy executing engine(206) receives the policies from the policy receiving unit(202), and outputs a dynamic QoS policy among the policies. A security policy cache(204) receives the dynamic security policy from the security policy engine(203), and stores the received dynamic security policy according to the type of a cyber terror by a schema unit. A policy cache(205) receives the dynamic security policy of the schema unit from the security policy cache(204), receives the dynamic QoS policy from the QoS policy executing engine(206), updates policy information, and outputs updated policy information to the policy receiving unit(202) for dynamically corresponding to the cyber terror.