近年來隨著商業網路服務的快速興起,資訊安全的研究人員們持續不斷地試圖去尋找應對日新月異的各種安全威脅之最佳方法。攻擊者經常為了牟取個人利益而造成網際網路服務的損害;我們可以將他們的行為稱為"給予(損傷)"和"獲取(利益)"。本文對於一般通常較為脆弱的網路商業服務之邊緣伺服器,提出了一種新穎的防禦解決方案。該解決方案可以通過不給出任何網路通訊回應以及可以避免許多網路上令人頭痛的破壞性威脅例如從DDoS攻擊之戰場中直接逃脫,並且亦可防止重要檔案或敏感資訊外洩。在網路結構的關鍵入口點上,啟用各策略即可以防禦保護其重要網路服務,避免遭受外部威脅的攻擊傷害。本網路安全解決方案內容包含AlterNAtion Mechanism for MAintaining network service connectivity (ANAMMA)策略和Software One-way Gateway (SOG)政策。借助ANAMMA,使用者可以在伺服器以跨路由器的途徑移動到不同子網域的另一個新"鄰居區域網路",並且同時保持服務的網路連線繼續進行該服務。以軟體為基礎的單向通訊政策SOG將可以使入口點永遠不會成為網際網路重要服務的駭客入侵點。;With the rapid growth of commercial network services in recent years, researchers have tried to find the best way to counteract security threats. Attackers conduct taking benefits and causing damage often; we could also call their behaviors as "give and take". This dissertation proposes a novel defense solution for a place of commercial services which are fragile places: edge servers. This solution can defense information leakages by giving no response or defense destructive issues such as Distributed Denial of Service (DDoS) attacks by escaping from the battlefield directly. Enabling the strategy and the policy on critical entry points of a network structure may defense and protect a significant service from external threats. It includes a novel strategy called AlterNAtion Mechanism for MAintaining network service connectivity (ANAMMA) and a policy of an edge gateway based on software named Software One-way Gateway (SOG). With ANAMMA, users can maintain their connections and continue their service while the server is moving to another "Neighbor-LAN" of a new different subnet across routers. The policy of software-based unidirectional communication, SOG, will make an entry point never be a "hack-entry" point of a service.
