近年來,DDoS攻擊的新聞不斷,除了金融業者以外,許多企業也紛紛效仿制定每年一次的DDoS攻防演練,為的是避免企業出現因為DDoS攻擊損造成的巨量損失。但DDoS攻防演練過程的順遂與否往往與執行人員的技術背景、經驗及應變能力高度相關,在企業人員輪調的機制下,常有不熟悉的人員擔任該任務導致不同的問題發生。
本研究將採用實驗法方式進行實作DDoS攻防演練並整理出在優化過後的演練流程透過實作仍可能會發生到的問題,並針對這些問題提出改善建議方案。由這些改善建議可以優化回到DDoS演練流程,使整體流程更加容易執行且避免掉不必要的問題發生。
In recent years, there have been constant news reports about DDoS attacks. Besides financial institutions, many companies have also begun conducting annual DDoS attack and defense drills to avoid the massive losses caused by such attacks. However, the success of these drills often depends heavily on the technical background, experience, and responsiveness of the personnel involved. With the frequent rotation of personnel within companies, unfamiliar staff may be assigned these tasks, leading to various problems.
This study will adopt an experimental method to conduct DDoS attack and defense drills, identify issues that may still arise after optimizing the drill process, and propose improvement suggestions for these issues. These suggestions can be used to further optimize the DDoS drill process, making it easier to execute and avoiding unnecessary problems.
