| 摘要: | 近年來由於網路攻擊的手法不斷推陳出新,使得網路安全面對前所未有的嚴厲挑戰,在日益嚴重的網路攻擊及惡意程式的危害下,需要調整過去被動防禦的心態,提昇到主動而且積極的防禦觀念,藉由收集攻擊資訊,分析攻擊方的相關資訊及各種手法,同步的提昇防禦方的技術能力,才能有效的防阻甚至進而反制惡意的網路攻擊。 入侵誘捕系統就是一種積極的資訊安全防禦系統代表,主要是針對目前常見的網頁威脅,像是網頁掛馬、惡意網站、網頁竄改、遠端攻擊等,提供一個偵測及反制的機制。國外資安廠商大都已建置類似的系統,但國內的資訊安全廠商對此仍少有研究。近年得知國內最大的網路服務提供業者 (Internet Service Provider, ISP) -中華電信成功建置一套入侵誘捕系統,故引起本研究深入了解的動機。 本研究探討電信服務商如何成功建置入侵誘捕系統,並以中華電信為研究對象。採用質性研究的個案研究法,訪談四位建置此入侵誘捕系統的之不同部門專家,探討建置過程的背景、遭遇的問題與解決方案,分析該系統所帶來的有形與無形效益,最後歸納出個案公司建置入侵誘捕系統的關鍵成功因素:除了高階主管全力支持且擁有充足的建置預算、優秀的專案建置團隊外,該公司擁有豐富的網路流量,分佈廣泛的網路節點也成為極大的助力,加上虛擬化技術的成熟與硬體的高效能助益下,皆成功造就此套入侵誘捕系統。藉由個案公司成功建置入侵誘捕系統之案例,本研究結果可提供其它企業導入入侵誘捕系統之參考。 The technique of Internet attack is always changing, so making the internet security faces an ever harsher challenge. We have to adjust the attitude from passive defense to promoting active and positive defense. By collecting the information of attacks and analyzing the information and methods of the attackers, this will enhance the ability of defenders to effectively discourage and further to counter malicious internet attacks. Honeypot is a representative of positive information security defense system (mainly for the current common web threats, such as drive-by download, malicious websites, web tampering, and remote attacks), which provides a mechanism to detect and counter attacks. Some foreign security companies are building similar systems, but few domestic security companies have built such systems. In recent years, the largest Internet Service Provider (ISP) in Taiwan – ChungHwa Telecom built a successful Honeypot, thus motivating this study. This thesis investigates how ChungHwa Telecom has successfully built a Honeypot system. The study applies the case study method and interviews four experts in building this Honeypot in the different groups. In order to investigate the background of problems encountered and solutions implemented, this study analyzes the tangible and intangible benefits of this system. Finally, the study summarizes the critical success factors for building this system. In addition to full support of top management and sufficient budget, an excellent building team, the company’s heavy network traffic, and widely distributed network nodes, coupled with the maturity of virtualization technology and the help of high-performance hardware, all are critical factors for the successful implementation of the Honeypot system,. This study can provide some guidelines for other companies when building a Honeypot system. |
