文化大學機構典藏 CCUR:Item 987654321/28729
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 46867/50733 (92%)
Visitors : 11890256      Online Users : 795
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: https://irlib.pccu.edu.tw/handle/987654321/28729


    Title: 異質資安設備協同防禦機制之研究
    A Study on Cooperative Defense Mechanism Using Heterogeneous Information Security Devices
    Authors: 劉彥志
    孫振東
    李志仁
    Contributors: 華岡工程學報
    Keywords: 縱深防禦
    協同防禦
    資安設備
    Defense-in-Depth
    cooperative defense
    information security device
    Date: 2011-01
    Issue Date: 2014-10-31 14:25:40 (UTC+8)
    Abstract: 根據網路攻擊技術發展的趨勢,傳統的防火牆已不足以阻擋各種安全威脅,而整合威脅管理(UTM)雖然可以提供全方位的基本防護,但在功能與效能上也無法盡善盡美,而且單一資訊安全閘道平台很難長期抵禦瞬息萬變的網路攻擊。因此如果能結合其它網路閘道設備,協同合作以組成縱深防禦,則是一個未來趨勢。在以往的縱深防禦概念中,大部份均需限制為相同廠牌的設備結合,或需第三方的協同產品來實現協同工作。本研究提出一個使用異質資安設備且無需額外控制裝置之協同縱深防禦網路安全機制(Cooperative Defense-in-depth Network Security Mechanism;CDNSM),此機制首先在相關的異質網路設備間建立管理關係,彼此間可以通訊,當資安事件確定發生時可以建立協同防禦規則,形成縱深防禦系統。此系統利用具網路第三層路徑過濾的路由器與企業內的核心交換器建立隔離區,經由多層次的防禦以降低潛在的資安威脅風險。最後本研究用Untangle UTM、Cisco Router、和D-Link Switch等異質設備實現CDNSM,實驗結果顯示性能較現有廠牌所用機制有顯著改進。
    According to the development trend of network attack techniques, the traditional firewall is not good enough to block various security threats. Recently, although UTM can provide basic protection, its function and effectiveness are not comprehensive. Besides, a single information security gateway is also insufficient to defend against various network attacks. Therefore, combining and coordinating independent network security devices to form a cooperative and defense-in-depth system will be a future trend. In the past, a cooperative and defense-in-depth system is required to have components of the same brand or a third-party coordinator to perform the security work. This study proposes a cooperative and defense-in-depth network security mechanism (CDNSM) using heterogeneous information security devices without an extra network control device. This mechanism first establishes the network management relation among the related heterogeneous devices in order to communicate with each other. Then, it creates cooperative defense rules to form a defend-in-depth system when any threats are identified. This security system utilizes routers with routing filter of network layer 3 and core switches to form a segregated zone for decreasing the risk of potential information security threats through multiple layers of defense. Finally, this study uses Untangle UTM, Cisco Router, and D-Link Switch to implement the mechanism. The experimental results show that the performance of CDNSM has a significant improvement over that of currently used mechanism.
    Relation: 華岡工程學報 ; 27 期 (2011 / 01 / 01) , P116 - 124
    Appears in Collections:[College of Engineering] Chinese Culture University Hwa Kang Journal of Engineering

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML197View/Open


    View Licence

    All items in CCUR are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback