中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/65665
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41648443      Online Users : 1454
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/65665


    Title: 以交叉稽核解決多人共用帳號登入遠端主機歸責問題之技術研究;Utilizing cross referencing to resolve the accountability problem of multiple logging to remote hosts with shared accounts
    Authors: 廖建興;Liao,Chien-hsing
    Contributors: 資訊管理學系在職專班
    Keywords: 歸責問題;跳板主機;資安監控中心;帳號關聯系統;Jump Station;Security Operator Center;Accountability Problem;Account Correlation System
    Date: 2014-07-24
    Issue Date: 2014-10-15 17:07:50 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 根據國外研究機構的資安調查,人為因素造成資安事件的比例高達6成。為了降低人為因素資安事件造成對伺服器的影響,企業與政府機關採用了跳板主機(Jump Station)管理機制強化對伺服器的存取控制,防止內部主機可以直接登入伺服器。在資安監控中心(Security Operator Center,SOC)的資安監控架構裡,資安管理服務供應商(Managed Security Service Provider,MSSP)會在客戶網路環境中擺放日誌蒐集主機,該主機被稱為前端資安設備(Front-end Security Appliance,FSA),在FSA的管理上就是採用跳板主機的管理機制。但是由於SOC管理者在登入遠端FSA時使用共用帳號,因此當多人由跳板主機登入遠端FSA時,會產生無法得知是由那個管理者帳號登入的問題,本研究稱之為帳號歸責問題(Accountability Problem)。為解決帳號歸責問題,本研究分析資安監控中心監控架構,設計出一套帳號關聯系統(Account Correlation System,ACS)。透過分析資安架構中各元件功能需求、進行系統實現並模擬資安監控架構建立測試環境,藉由蒐集跳板主機連線紀錄、防火牆流量日誌與前端主機系統稽核日誌或事件檢視器日誌,以三種日誌交叉稽核方式設計關聯規則(Correlation Rule)。當管理者透過跳板主機使用共用帳號登入遠端FSA時,ACS會記錄下跳板主機上的管理者帳號登入與其他相關資訊。經過實驗測試,測試結果成功驗證ACS可以有效解決帳號歸責問題。;According to security survey of foreign research institutions, the proportion of security incidents caused by human factors is as high as 60%. To reduce such kind of security incidents, many enterprises and government agencies control the server access with jump station to prevent internal hosts form directly logging to the server. However, as the Security Operator Center (SOC) administrators usually logging to remote Front-end Security Appliance (FSA) with a shared account, when multiple SOC administrators logging to a remote FSA from the same jump station, it will produce the accountability problem, which means we don’t know which administrator is responsible for the logon action. To solve this problem, in this thesis, we analyze the SOC monitoring framework and design an Account Correlation System (ACS). The ACS collects the jump station connection logs and firewall traffic logs and servers audit logs, and then correlates these logs according to a set of correlation rules designed in this study. Our experimental results show that the ACS can effectively solve the accountability problem in an SOC environment.
    Appears in Collections:[Executive Master of Information Management] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML870View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明