文化大學機構典藏 CCUR:Item 987654321/28729
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 46867/50733 (92%)
造访人次 : 11890058      在线人数 : 725
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻
    主页登入上传说明关于CCUR管理 到手机版


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://irlib.pccu.edu.tw/handle/987654321/28729


    题名: 異質資安設備協同防禦機制之研究
    A Study on Cooperative Defense Mechanism Using Heterogeneous Information Security Devices
    作者: 劉彥志
    孫振東
    李志仁
    贡献者: 華岡工程學報
    关键词: 縱深防禦
    協同防禦
    資安設備
    Defense-in-Depth
    cooperative defense
    information security device
    日期: 2011-01
    上传时间: 2014-10-31 14:25:40 (UTC+8)
    摘要: 根據網路攻擊技術發展的趨勢,傳統的防火牆已不足以阻擋各種安全威脅,而整合威脅管理(UTM)雖然可以提供全方位的基本防護,但在功能與效能上也無法盡善盡美,而且單一資訊安全閘道平台很難長期抵禦瞬息萬變的網路攻擊。因此如果能結合其它網路閘道設備,協同合作以組成縱深防禦,則是一個未來趨勢。在以往的縱深防禦概念中,大部份均需限制為相同廠牌的設備結合,或需第三方的協同產品來實現協同工作。本研究提出一個使用異質資安設備且無需額外控制裝置之協同縱深防禦網路安全機制(Cooperative Defense-in-depth Network Security Mechanism;CDNSM),此機制首先在相關的異質網路設備間建立管理關係,彼此間可以通訊,當資安事件確定發生時可以建立協同防禦規則,形成縱深防禦系統。此系統利用具網路第三層路徑過濾的路由器與企業內的核心交換器建立隔離區,經由多層次的防禦以降低潛在的資安威脅風險。最後本研究用Untangle UTM、Cisco Router、和D-Link Switch等異質設備實現CDNSM,實驗結果顯示性能較現有廠牌所用機制有顯著改進。
    According to the development trend of network attack techniques, the traditional firewall is not good enough to block various security threats. Recently, although UTM can provide basic protection, its function and effectiveness are not comprehensive. Besides, a single information security gateway is also insufficient to defend against various network attacks. Therefore, combining and coordinating independent network security devices to form a cooperative and defense-in-depth system will be a future trend. In the past, a cooperative and defense-in-depth system is required to have components of the same brand or a third-party coordinator to perform the security work. This study proposes a cooperative and defense-in-depth network security mechanism (CDNSM) using heterogeneous information security devices without an extra network control device. This mechanism first establishes the network management relation among the related heterogeneous devices in order to communicate with each other. Then, it creates cooperative defense rules to form a defend-in-depth system when any threats are identified. This security system utilizes routers with routing filter of network layer 3 and core switches to form a segregated zone for decreasing the risk of potential information security threats through multiple layers of defense. Finally, this study uses Untangle UTM, Cisco Router, and D-Link Switch to implement the mechanism. The experimental results show that the performance of CDNSM has a significant improvement over that of currently used mechanism.
    關聯: 華岡工程學報 ; 27 期 (2011 / 01 / 01) , P116 - 124
    显示于类别:[工學院] 學報-華岡工程學報

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML197检视/开启


    在CCUR中所有的数据项都受到原著作权保护.


    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回馈