摘要 |
The present invention relates to an electronic communications and, more particularly, to a security device and an operating method thereof. The operating method of the security device according to an embodiment of the present invention comprises determining whether a packet communicated between a plurality of host computers and the internet is a domain name server (DNS) response packet transmitted from the DNS; when the corresponding packet is the DNS response packet, determining whether a sub-domain name included in the DNS response packet is corresponding to an internally stored upper layer domain name, and updating the corresponding sub-domain name in a domain name table; and when the corresponding packet is not the DNS response packet, determining whether the sub-domain name is identical to one among sub-domain names in the domain name table, and blocking the corresponding packet. |