博碩士論文 111453040 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:74 、訪客IP:18.226.248.194
姓名 黃知緯(Chih-Wei Huang)  查詢紙本館藏   畢業系所 資訊管理學系在職專班
論文名稱 基於軟體定義廣域網路建置安全存取服務邊緣架構之研究-以T公司為例
(Research on the Construction of Secure Access Service Edge Architecture Based on Software-Defined Wide Area Network: A Case Study of T Company)
相關論文
★ 應用數位版權管理機制於數位影音光碟內容保護之研究★ 以應用程式虛擬化技術達成企業軟體版權管理之研究
★ 以IAX2為基礎之網頁電話架構設計★ 應用機器學習技術協助警察偵辦詐騙案件之研究
★ 擴充防止詐欺及保護隱私功能之帳戶式票務系統研究-以大眾運輸為例★ 網際網路半結構化資料之蒐集與整合研究
★ 電子商務環境下網路購物幫手之研究★ 網路安全縱深防護機制之研究
★ 國家寬頻實驗網路上資源預先保留與資源衝突之研究★ 以樹狀關聯式架構偵測電子郵件病毒之研究
★ 考量地區差異性之隨選視訊系統影片配置研究★ 不信任區域網路中數位證據保留之研究
★ 入侵偵測系統事件說明暨自動增加偵測規則之整合性輔助系統研發★ 利用程序追蹤方法關聯分散式入侵偵測系統之入侵警示研究
★ 一種網頁資訊擷取程式之自動化產生技術研發★ 應用XML/XACML於工作流程管理系統之授權管制研究
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 (2026-8-1以後開放)
摘要(中) 本研究探討如何利用軟體定義廣域網路(SD-WAN)與防火牆整合架構,結合零信任網路存取(ZTNA)技術,來建構安全存取服務邊緣架構(SASE)。已知目前金融業網路環境面臨的問題包括:中心化和專線依賴的網路架構,導致網路的調整和擴展費時又昂貴;而傳統的邊界安全防護難以應對日益複雜的網路環境,如遠端服務存取和雲端應用的支持等。本研究目標在模擬個案公司環境下,實作SASE架構,並針對市場上常見的SASE解決方案進行功能探討,以探究實際導入時的議題及需求。研究發現,SASE架構能夠有效整合SD-WAN和ZTNA等新技術,通過將各種網路和安全功能集成到一個統一平台,SASE確保只有經過授權的用戶和設備才能訪問特定的應用程序和數據,提高了企業的安全態勢,同時簡化了網路管理,降低運營成本。本研究提供了一個實施SASE的參考範例,證明了SASE架構在金融機構數字化轉型中的適用性和實施效益。研究建議企業在未來的網路規劃和擴展中,應將SD-WAN和SASE技術作為數位轉型的重要一環;同時,企業還需要充分了解自身對網路和安全的需求,並在導入新架構時謹慎評估,以避免影響關鍵業務運行。
摘要(英) This study explores how to utilize Software-Defined Wide Area Networking (SD-WAN) integrated with firewall architecture and combined with Zero Trust Network Access (ZTNA) technology to construct a Secure Access Service Edge (SASE) framework. The financial industry′s current network environment faces several challenges, including the centralized and leased line-dependent network architecture that makes network adjustments and expansions time-consuming and expensive. Traditional perimeter security measures are inadequate for the increasingly complex network environments, such as supporting remote access services and cloud applications. The objective of this study is to implement the SASE framework in a simulated environment of a case company and to investigate the functionalities of commonly available SASE solutions in the market, thereby exploring the issues and requirements during actual implementation. The findings indicate that the SASE framework can effectively integrate new technologies such as SD-WAN and ZTNA. By consolidating various network and security functions into a unified platform, SASE ensures that only authorized users and devices can access specific applications and data, enhancing the organization′s security posture while simplifying network management and reducing operational costs. This study provides a reference example for implementing SASE, demonstrating its applicability and benefits in the digital transformation of financial institutions. It recommends that organizations consider SD-WAN and SASE technologies as integral parts of their digital transformation strategies in future network planning and expansion. Additionally, organizations need to fully understand their network and security requirements and carefully evaluate the new architecture during implementation to avoid disrupting critical business operations.
關鍵字(中) ★ 軟體定義廣域網路
★ 零信任網路存取
★ 安全存取服務邊緣
★ 防火牆
關鍵字(英) ★ Software-defined Wide Area Network (SD-WAN)
★ Zero Trust Network Access (ZTNA)
★ Secure Access Service Edge (SASE)
★ Firewall
論文目次 摘要 i
ABSTRACT ii
誌 謝 iii
目錄 iv
表目錄 vi
圖目錄 vii
第一章 緒論 1
1.1 研究背景 1
1.2 研究動機及目的 3
1.3 研究方法 9
1.4 論文章節架構 9
第二章 文獻探討 11
2.1 軟體定義廣域網路 13
2.2 零信任網路存取 18
2.3 安全存取服務邊緣架構 20
第三章 個案研究 24
3.1 個案介紹 24
3.2 個案架構 24
3.3 實驗架構 27
第四章 實驗結果與分析 31
4.1 SD-WAN功能性驗證 34
4.2 SD-WAN安全性驗證 37
4.3 ZTNA外部存取權限驗證 39
4.4 ZTNA內部存取權限驗證 41
第五章 結論與建議 48
5.1 研究結論 48
5.2 未來研究方向 50
參考文獻 51
參考文獻 [1] 蘇思云, "券商APP連線異常 因台固、中華電信網路互連斷訊," in 中央通訊社, 張均懋 ed, 2022.
[2] L. S. Andy Lawrence, "The causes and impacts of IT and data center outages," RISK AND RESILIENCY 2023. Accessed: 2024/06/20. [Online]. Available: https://datacenter.uptimeinstitute.com/rs/711-RIA-145/images/AnnualOutageAnalysis2023.03092023.pdf
[3] O. B. Scott Rose, Stu Mitchell, Sean Connelly, "Zero Trust Architecture," National Institute of Standards and Technology, Computer Security 2020. [Online]. Available: https://doi.org/10.6028/NIST.SP.800-207
[4] "Improving the Nation′s Cybersecurity." https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity (accessed 02/18, 2024).
[5] "Speech by Mr David Koh, Chief Executive, Cyber Security Agency Of Singapore on “Recent Cybersecurity Challenges, Dilemmas And Solutions From A National Perspective”, at Israel Cyber Week 2021." https://www.csa.gov.sg/News-Events/speeches/2021/speech-by-mr-david-koh-at-israel-cyber-week-2021 (accessed 1/30, 2024).
[6] 金融管理監督委員會. (2022). 金融資安行動方案2.0.
[7] "Timeline of Cyber Incidents Involving Financial Institutions." https://carnegieendowment.org/specialprojects/protectingfinancialstability/timeline (accessed 03/31, 2024).
[8] 資安人. "Akamai: 美國金融機構遭遇史上最大規模DDoS攻擊." 資安人. https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10690 (accessed 05/03, 2024).
[9] 伶克. "金融與銀行業平均每週遭受 4,664 次網路攻擊,如何強化資安免疫系統?." TechOrange. https://buzzorange.com/techorange/2023/02/08/cybersecurity-in-the-financial-services-industry/ (accessed 05/03, 2024).
[10] 蔡一郎, "數位時代下的多層次防禦," 國土及公共治理季刊, vol. 第七卷, 第四期, 2019.
[11] 叶朝阳,王欣,张士聪,詹智勇,刘伊莎, "SASE 云安全研究与实践," 电信科学, vol. 第1期, 2022.
[12] 李长连,马季春,蔺旋, "基于SD-WAN 构建SASE 模型思路浅析," 邮电设计技术, 2021.
[13] 全硕,王旭亮,朱泽亚, "5G+时代的软件定义安全技术架构研究与实践," 电信科学, vol. 第12期, 2021.
[14] 孙超,邵源,韩广广,徐丹, "新一轮科技革命对交通发展的影响及应对策略," 城市交通, vol. 第十九卷, 2021.
[15] 史凡, "对云网融合技术创新的相关思考," 电信科学, vol. 第7期, 2020.
[16] R. K.Yin, 個案研究. 弘智文化, 2001.
[17] D. Conrad. "The evolution of the VPN and its importance in the age of cloud computing." Dan Conrad. https://www.techradar.com/features/the-evolution-of-the-vpn-and-its-importance-in-the-age-of-cloud-computing (accessed 05/16, 2024).
[18] 中華電信. "國內數據電路零售價費率." https://www.cht.com.tw/home/enterprise/hinet/hinet-line/domestic-circuit (accessed 04/21, 2024).
[19] 中華電信. "國際出租數據電路月租費." https://www.cht.com.tw/home/enterprise/hinet/hinet-line/international-circuit (accessed 04/21, 2024).
[20] N. S. Jonathan Forest, Andrew Lerner, Karen Brown, "Magic Quadrant for SD-WAN," I&O Platforms, 2023.
[21] P. A. Network. "Prisma Access Docs." Palo Alto Network. https://docs.paloaltonetworks.com/prisma/prisma-access/preferred/2-2/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/list-of-prisma-access-locations (accessed 03/04, 2024).
[22] S. Nyberg. "Inside VMware SASE PoPs: The Engine Behind VMware SD-WAN." https://blogs.vmware.com/sase/2022/07/13/inside-vmware-sase-pops-the-engine-behind-vmware-sd-wan/ (accessed 03/11, 2024).
[23] Cisco. "Cisco Umbrella SIG User Guide." Cisco. https://docs.umbrella.com/umbrella-user-guide/docs/reserved-ip-terms (accessed 03/15, 2024).
[24] Fortinet. "Fortinet reference guide." Fortinet. https://docs.fortinet.com/document/fortisase/23.1.21/reference-guide/663044/global-data-centers (accessed 03/28, 2024).
[25] 徐富桂, "網路邊緣安全存取服務SASE發展趨勢," ITIS 智網, pp. 1-6, 2017. [Online]. Available: http://www.itis.org.tw/.
[26] J. F. Andrew Lerner, Neil MacDonald, Nat Smith, Charlie Winckless, "Magic Quadrant for Single-Vendor SASE," I&O Platforms, 2023.
[27] 微軟. "什麼是安全存取服務邊緣 (SASE)?." https://www.microsoft.com/zh-tw/security/business/security-101/what-is-sase (accessed 05/19, 2024).
指導教授 陳奕明(Yi-Ming Chen) 審核日期 2024-7-23
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明