博碩士論文 101453006 完整後設資料紀錄

DC 欄位 語言
DC.contributor資訊管理學系在職專班zh_TW
DC.creator廖建興zh_TW
DC.creatorChien-hsing Liaoen_US
dc.date.accessioned2014-7-24T07:39:07Z
dc.date.available2014-7-24T07:39:07Z
dc.date.issued2014
dc.identifier.urihttp://ir.lib.ncu.edu.tw:88/thesis/view_etd.asp?URN=101453006
dc.contributor.department資訊管理學系在職專班zh_TW
DC.description國立中央大學zh_TW
DC.descriptionNational Central Universityen_US
dc.description.abstract根據國外研究機構的資安調查,人為因素造成資安事件的比例高達6成。為了降低人為因素資安事件造成對伺服器的影響,企業與政府機關採用了跳板主機(Jump Station)管理機制強化對伺服器的存取控制,防止內部主機可以直接登入伺服器。在資安監控中心(Security Operator Center,SOC)的資安監控架構裡,資安管理服務供應商(Managed Security Service Provider,MSSP)會在客戶網路環境中擺放日誌蒐集主機,該主機被稱為前端資安設備(Front-end Security Appliance,FSA),在FSA的管理上就是採用跳板主機的管理機制。但是由於SOC管理者在登入遠端FSA時使用共用帳號,因此當多人由跳板主機登入遠端FSA時,會產生無法得知是由那個管理者帳號登入的問題,本研究稱之為帳號歸責問題(Accountability Problem)。為解決帳號歸責問題,本研究分析資安監控中心監控架構,設計出一套帳號關聯系統(Account Correlation System,ACS)。透過分析資安架構中各元件功能需求、進行系統實現並模擬資安監控架構建立測試環境,藉由蒐集跳板主機連線紀錄、防火牆流量日誌與前端主機系統稽核日誌或事件檢視器日誌,以三種日誌交叉稽核方式設計關聯規則(Correlation Rule)。當管理者透過跳板主機使用共用帳號登入遠端FSA時,ACS會記錄下跳板主機上的管理者帳號登入與其他相關資訊。經過實驗測試,測試結果成功驗證ACS可以有效解決帳號歸責問題。zh_TW
dc.description.abstractAccording to security survey of foreign research institutions, the proportion of security incidents caused by human factors is as high as 60%. To reduce such kind of security incidents, many enterprises and government agencies control the server access with jump station to prevent internal hosts form directly logging to the server. However, as the Security Operator Center (SOC) administrators usually logging to remote Front-end Security Appliance (FSA) with a shared account, when multiple SOC administrators logging to a remote FSA from the same jump station, it will produce the accountability problem, which means we don’t know which administrator is responsible for the logon action. To solve this problem, in this thesis, we analyze the SOC monitoring framework and design an Account Correlation System (ACS). The ACS collects the jump station connection logs and firewall traffic logs and servers audit logs, and then correlates these logs according to a set of correlation rules designed in this study. Our experimental results show that the ACS can effectively solve the accountability problem in an SOC environment.en_US
DC.subject歸責問題zh_TW
DC.subject跳板主機zh_TW
DC.subject資安監控中心zh_TW
DC.subject帳號關聯系統zh_TW
DC.subjectJump Stationen_US
DC.subjectSecurity Operator Centeren_US
DC.subjectAccountability Problemen_US
DC.subjectAccount Correlation Systemen_US
DC.title以交叉稽核解決多人共用帳號登入遠端主機歸責問題之技術研究zh_TW
dc.language.isozh-TWzh-TW
DC.titleUtilizing cross referencing to resolve the accountability problem of multiple logging to remote hosts with shared accountsen_US
DC.type博碩士論文zh_TW
DC.typethesisen_US
DC.publisherNational Central Universityen_US

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明