隨著嚴重特殊傳染性肺炎疫情爆發,居家辦公已經成為常見的工作模式,遠端連線的需求也隨之上升,其安全性也越來越被重視,像是遠端連線軟體的漏洞、使用者帳密被竊取、被植入後門程式等等都是常見的安全問題。 為了解決這些遠端連線的安全問題,本文在 Linux 作業系統實作了一套防禦機制 (RFAP),能夠有效的限制遠端連線使用者對特定檔案進行操作。RFAP 透過 socket 相關的操作來判斷使用者是否為遠端連線,若判斷為正在進行遠端連線,執行檔案操作的 system call 會進行額外的權限檢查。RFAP 能夠在不影響遠端連線者正常使用下運行,並且能夠完全保護重要的檔案,在遠端連線的情況下就算系統管理者的帳號也無法對受保護的檔案進行操作,希望這套新的機制可以讓使用者在遠端連線時更加安全。 ;With the outbreak of COVID-19 pandemic, work from home has become more and more popular, and the demand for remote connection has increased accordingly. The security of remote connections has also become increasingly important. Common security issues including vulnerabilities in remote connection software, password brute force attack, and the implantation of backdoor programs. To address these security concerns in remote connections, this thesis proposes the implementation of a defense mechanism called Remote File Access Protection (RFAP) in the Linux operating system. RFAP effectively restricts remote users from performing operations on specific files. RFAP determines whether a user is engaged in a remote connection by inspecting socket operations. If a remote connection is detected, additional permission checks are performed on file operation system calls. RFAP can operate without disrupting the normal usage of remote connections and provides complete protection for critical files. We hoped that this new mechanism will enhance the security of users during remote connections.
