Responsive image
博碩士論文 etd-0730103-164304 詳細資訊
Title page for etd-0730103-164304
論文名稱
Title
台灣網路安全資料分析與整合
Network Security Analysis and Summary in Taiwan
系所名稱
Department
畢業學年期
Year, semester
語文別
Language
學位類別
Degree
頁數
Number of pages
50
研究生
Author
指導教授
Advisor
召集委員
Convenor
口試委員
Advisory Committee
口試日期
Date of Exam
2003-07-01
繳交日期
Date of Submission
2003-07-30
關鍵字
Keywords
台灣電腦網路危機處理暨協調中心、網路安全、安全檢測系統、入侵事件、安全漏洞
network security, Security Auditing System, incident report, SAS, TWCERT/CC, critical Internet security vulnerabilities
統計
Statistics
本論文已被瀏覽 5781 次,被下載 0
The thesis/dissertation has been browsed 5781 times, has been downloaded 0 times.
中文摘要
隨著人們對電腦以及網路的依賴,威脅也隨之而來。愈來愈多的網路安全相關組織、公司與工具跟著出現以捍衛網際網路的安全。為了避免遭受駭客的攻擊,使用者可以在網際網路找到許多網路安全相關的資源,只要他們知道如何這些資源在哪或是善用搜尋的工具。但是從另外一個觀點來看,這麼多的資訊對於一般的使用者而言是種負擔,因為他們並不曉得哪些資訊才是重要需要優先吸收處理的。這會讓他們很困惑,結果變成什麼事都不作。對於他們而言,他們需要的是分析整合過的網路安全相關資訊,與他們所使用的系統或服務相關的資訊,而不是所有的網路安全資訊。
在本研究中,我們整合了在TWCERT/CC裡的資訊系統,並且從中挖掘那些對於在台灣使用網際網路的人們最有用的網路安全資訊,像是在台灣最具威脅性的網路安全漏洞。這就像是美國SANS TOP 20所提供的資訊,只是在這我們提供的資訊更適合於台灣。在整合TWCERT/CC的資訊系統後,可以提供給使用者更特別且扼要的資訊,那他們就可以優先處理這些問題。

關鍵字:網路安全、安全漏洞、入侵事件、安全檢測系統、台灣電腦網路危機處理暨協調中心
Abstract
With the increasing reliance on the Internet and computers, threats also increase. More and more foundations, companies and tools of computer network security emerge to defense the Internet. To prevent the attacks form crackers, plenty of resources about network security were developed on the Internet and people can get the resource they want as long as they know where the professional network security information is. But from another point of view, too much information would become a great burden to general users on the Internet, because they have no idea what information is the most important. This make them confuse, and the only thing they can do is do nothing. They need summarized security information and the advise for his own system and services, instead of all system security information.

In this research, we integrate the systems in TWCERT/CC and discover the most helpful information to those who access the Internet in Taiwan, such as, the most threatened vulnerabilities in Taiwan. The information is like the SANS TOP 20. The unity of the entire system in TWCERT/CC could give administrators more specific and summarized information and their prior job is to fix the most vulnerable holes according to the information offered.

Key words: network security, critical Internet security vulnerabilities, incident report, SAS, Security Auditing System, TWCERT/CC
目次 Table of Contents
1. Introduction 1
1.1. Network Environment 1
1.2. Threats to the Internet 3
1.3. The foundations, companies and tools of computer network security 5
1.4. The motivation and objectives of the research 7
1.5. The research process 9
2. Related studies 10
2.1. TWCERT/CC and the systems of the TWCERT/CC 10
2.1.1. The Incident Response system 10
2.1.2. The Security Auditing System (SAS) 12
2.1.3. The advisory system 13
2.2. The SANS TOP 20 14
3. Research design 16
3.1. System architecture 16
3.2. Approach for finding the most threatened vulnerabilities in Taiwan 17
3.3. The proposed Approach for finding the latest plugins 24
3.4. The proposed Approach for finding the vulnerabilities based on SAS 28
4. System implementation and evaluation 33
4.1. System development tools 33
4.2. Case study -- Some famous network incidents 34
4.2.1. NIMDA worm 34
4.2.2. SQL Worm - Slammer 36
4.2.3. Milkit [31] 37
4.3. The results of the evaluation 38
4.3.1. Detection of the NIMDA worm 38
4.3.2. Detection of SQL Worm-Slammer 40
4.3.3. Detection of Milkit 42
5. Conclusions and Future work 44
5.1. Conclusions 44
5.2. Future work 45
Reference 47
參考文獻 References
[1] Vint Cerf, A Brief History of the Internet and Related Networks,
http://www.isoc.org/internet/history/cerf.shtml
[2] A Brief History of the Internet,
http://www.isoc.org/internet/history/brief.shtml
[3] Nua Internet surveys, Online internet surveys, demographics, statistics and market research,
http://www.nua.ie/surveys/
[4] IDC is the provider of technology intelligence, industry analysis, market data, and strategic and tactical guidance to builders, providers, and users of information technology.
http://www.idcresearch.com/
[5] Reuters is the provider of Financial News and Full News Coverage,
http://www.reuters.com/
[6] FIND is an authoritative website that provide abundant and professional information on Internet demographics and trends in Taiwan.
http://www.find.org.tw/0105/home_new.asp
[7] The CERT Coordination Center (CERT/CC) is a center of Internet security expertise.
http://www.cert.org/
[8] CERT/CC Statistics 1988-2003
http://www.cert.org/stats/
[9] SANS is the trusted leader in information security research, certification and education,
http://www.sans.org/
[10] SecurityFocus,
http://www.securityfocus.com/
[11] Internet Security Systems, Inc.
http://www.iss.net/
[12] Nessus,
http://www.nessus.org/
[13] SAINT vulnerability scanner detects network vulnerabilities,
http://www.saintcorporation.com/products/saint_engine.html
[14] Symantec NetRecon
http://enterprisesecurity.symantec.com/products/products.cfm?productID=46
[15] The Taiwan Computer Emergency Response Team / Coordination Center, TWCERT/CC
http://www.cert.org.tw
[16] The Security Auditing System (SAS) of the TWCERT/CC
https://www.cert.org.tw/member/
[17] The SANS TOP 20,
www.sans.org/top20/
[18] CVE, a list of standardized names for vulnerabilities and other information security exposures.
http://www.cve.mitre.org/
[19] BugTraq,
http://www.securityfocus.com/popups/forums/bugtraq/intro.shtml
[20] CERTR Advisory CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow In IIS Indexing Service DLL
http://www.cert.org/advisories/CA-2001-19.html
[21] CERTR Advisory CA-2001-13 Buffer Overflow In IIS Indexing Service DLL
http://www.cert.org/advisories/CA-2001-13.html
[22] Microsoft Security Bulletin MS01-033
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp
[23] Symantec. Security Response -- CodeRed Worm
http://www.sarc.com/avcenter/venc/data/codered.worm.html
[24] CERTR Advisory CA-2001-26 Nimda Worm
http://www.cert.org/advisories/CA-2001-26.html
[25] CERT/CC Vulnerability Note VU#111677, Microsoft IIS 4.0 / 5.0 vulnerable to directory traversal via extended unicode in url
http://www.kb.cert.org/vuls/id/111677
[26] CERTR Advisory CA-2001-12 Superfluous Decoding Vulnerability in IIS
http://www.cert.org/advisories/CA-2001-12.html
[27] Symantec. Security Response -- W32.Nimda.A@mm
http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html
[28] CERTR Advisory CA-2003-04 MS-SQL Server Worm
http://www.cert.org/advisories/CA-2003-04.html
[29] CERT/CC Vulnerability Note VU#484891
http://www.kb.cert.org/vuls/id/484891
[30] Microsoft, PSS Security Response Team Alert - New Worm: W32.Slammer
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/virus/alerts/slammer.asp
[31] Mike Wisener, GCIA and Joe Stewart, GCIH, Milkit: An Innovator of Old Technology.
http://www.lurhq.com/sig-milkit.html
[33] 林佳明, Oversea incident report automatic and analysis, 2002/10/01
[34] Network World Fusion, Vulnerability assessment tools compare-o-matic
http://www.nwfusion.com/reviews/2002/vulnerability0204compare.jsp
電子全文 Fulltext
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
論文使用權限 Thesis access permission:校內校外均不公開 not available
開放時間 Available:
校內 Campus:永不公開 not available
校外 Off-campus:永不公開 not available

您的 IP(校外) 位址是 44.203.58.132
論文開放下載的時間是 校外不公開

Your IP address is 44.203.58.132
This thesis will be available to you on Indicate off-campus access is not available.

紙本論文 Printed copies
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。
開放時間 available 已公開 available

QR Code