跳到主要內容

臺灣博碩士論文加值系統

(44.200.86.95) 您好!臺灣時間:2024/05/25 15:41
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:黃怡誠
研究生(外文):I-Cheng Huang
論文名稱:網路存取控制運用於高科技製造業之研究
論文名稱(外文):Implementation of Network Access Control for International Companies: A Case Study of A High-tech Company
指導教授:吳帆吳帆引用關係
指導教授(外文):Fan Wu
口試委員:阮金聲黃惠苓吳帆
口試委員(外文):Jin-Sheng RoanHui-Ling HuangFan Wu
口試日期:2015-07-07
學位類別:碩士
校院名稱:國立中正大學
系所名稱:資訊管理學系暨研究所
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2015
畢業學年度:103
語文別:中文
論文頁數:85
中文關鍵詞:網路存取控制電腦攜出電腦病毒安全漏洞终端准入網絡訪問控制
外文關鍵詞:network access controlNACnetwork admission controlBYODendpoint securityvulnerability assessmentISO27001
相關次數:
  • 被引用被引用:3
  • 點閱點閱:480
  • 評分評分:
  • 下載下載:107
  • 收藏至我的研究室書目清單書目收藏:1
高科技製造業是一種高度運用知識和資訊系統的產業,且因高度資訊化運用,使得企業網路形態錯綜複雜與多元化。在激烈競爭的今日,快速反應已成為企業必備競爭力,國際間相互投資的發展加速了經濟全球化的進程,出差活動更加頻繁,出差時往往需要隨身攜帶電腦,快速回應客戶需求。由於上述的原因使得電腦攜出企業防護網為目前企業常態。近年來,知名企業被攻擊的國際資安事件頻傳,共同的攻擊管道為中毒的終端電腦,故離開企業的電腦其安全風險日益升高。且任何一台電腦中毒,都會經由網路擴散到整體企業,在高度依賴資訊系統的企業環境中,電腦中毒無法使用時將造成工作的停擺,進而造成相當程度的損失。故強化終端電腦的資安環境為一迫切重要之工作。因此,如何使終端電腦中毒率以及安全漏洞修補率等資安指標最佳化,員工在外部使用電腦以提升行動力和生產力的同時,也能夠維持各資訊設備最佳的安全等級,創造公司競爭優勢,乃成為此業界不斷追求的目標。企業需要一套完善的解決方案,以確保員工將企業電腦攜出公司與帶回公司的資訊安全。網路存取控制NAC(Network Access Control)原本應用於企業內部終端電腦與網路管理,基於前述高科技製造業存在電腦脫離防護網的病毒議題,本研究嘗試運用網路存取控制來解決此企業難題,目的在於探究導入NAC對企業實質效益與新應用範圍、導入NAC之成功關鍵因素。本研究發現,導入NAC確實可以提升防毒軟體更新率、下降未安裝防毒軟體電腦數量而全面提升電腦安全層級,證實用NAC建立電腦安全機制可落實企業管理規範。本研究之創新設計電腦攜出偵測器可精準偵測攜出帶回電腦,協助企業強化管理此類電腦。本研究成功利用非實體的網路資訊偵測出實體物品實際動態,未來研究者可以利用此研究結果,創造出新的商業模式。
High-tech manufacturing is an industry that uses substantial amounts of knowledge and information. Because of the extent of information technology employed, computer network patterns are complex and diverse. In today’s intensely competitive environment, quick responses have become an essential source of competitiveness for businesses. The frequent investment made among foreign businesses has accelerated the process of economic globalization. Business trips are becoming more frequent. These trips typically require using portable computers to allow rapid responses to client requests. For these reasons, carrying computers beyond a company’s protective network has become a norm. In recent years, the networks of many reputable companies have been attacked through viruses on computer terminals. The security risks for computers that leave companies are steadily rising. A virus in a single computer can spread throughout a network and infect an entire company. In business environments heavily reliant upon information systems, business operations halt when computers are infected, resulting in substantial losses. Therefore, strengthening the security of computers in information environments is a critical task. In addition, companies have endeavored to optimize information security metrics (e.g., reducing the infection rates of computers and increasing the fix rates of security vulnerabilities). This effort is aimed at allowing their employees to use their computers outside the scope of the company’s protective network while maintaining optimal security ratings for their information equipment. Consequently, employee mobility and productivity can be enhanced, thereby creating competitive advantages for the company. Businesses require a complete solution for ensuring information security when employees take their business computers out of the company. Network access control (NAC) was originally applied to internal computer terminals and network management. Because viruses infecting computers that are used outside of a protective network is a common problem in the high-tech manufacturing industry, we used NAC to address this problem. The tangible benefits of introducing NAC, the range of new applications, and key factors for the successful introduction of NAC were investigated. The results indicated that corporate management regulations could include establishing computer security mechanisms that use NAC. For example, computers leaving the company unauthorized could be detected accurately. The innovative detector designed in this study for identifying computers leaving the company can clearly improve the security of computers outside of the company’s protective network without affecting the company’s internal computer environment. In this study, we successfully used nonphysical network information to detect the actual movements of physical objects. Future researchers can reference these results to create new business models.
誌  謝 II
摘  要 III
Abstract IV
目  錄 VI
圖 目 錄 VII
表 目 錄 VIII
第一章 緒論 1
第一節 研究背景與動機 1
第二節 研究目的 6
第三節 預期研究貢獻 8
第四節 研究流程 9
第二章 文獻探討 10
第一節 NAC介紹 10
第二節 惡意程式對企業的影響 23
第三節 NAC應用與網路安全國內外相關研究 29
第三章 研究方法 41
第一節 研究方法:個案研究法 41
第二節 個案背景說明 43
第三節 個案公司NAC導入/應用策略 44
第四節 個案之創新構想 54
第四章 個案導入NAC之效益評估方法 57
第一節 攜出偵測器測試 57
第二節 NAC導入後防毒軟體有效性評估 59
第五章 個案導入NAC之效益分析與結果 61
第一節 個案導入NAC之效益分析與結果 61
第二節 個案導入NAC對員工的衝擊 69
第六章 結論與未來研究方向 70
第一節 結論 70
第二節 研究限制 74
第三節 未來研究方向 75
參考文獻 79

中文部分:
[1]ICC國際元器件中心. (民101). 各種連網設備的安裝數量將於2016年達到13.4億台. from http://www.eccn.com/news_2012021308323722.htm

[2]Intel、iThome調查中心. (民103). 2014年度臺灣BYOD應用現況大調查. from http://www.intel.com.tw/content/dam/www/public/apac/tw/zh/asset/it-managers/intel-ithome-report-v2-tw.pdf

[3]iThome. (民96a). NAC強力執法. from http://www.ithome.com.tw/node/46194

[4]iThome. (民96b). 南亞科技以NAC消弭百分之一的風險. from http://online.ithome.com.tw/itadm/article.php?c=46194&s=10

[5]方仁威. (民93). 資訊安全管理系統驗證作業之研究. (博士), 國立交通大學, 新竹市.

[6]王旭正、楊中皇、李榮三. (民101). 電腦網路與行動服務安全實務. 新北市: 博碩文化.

[7]李琰. (民102). 企業網絡終端準入控制解決方案. 數字技術與應用(6), 14-15.

[8]周芊, 陳. (民97). 網路中的危檢. 台北縣: 國立空中大學.

[9]孫文玲. (民102). 走入生活的智慧聯網:匯流科技、政策與產業. 台北市: 財團法人資訊工業策進會科技法律研究所.

[10]張維君. (民96). 想存取網路先過這一關,NAC為進出企業的端點設備把關. from http://www.digitimes.com.tw/tw/dt/n/shwnws.asp?CnlID=13&Cat=500&Cat1=&id=38881#ixzz3aPssUCrt

[11]游健治. (民90). 24個天才11個意外. 台北: 新新聞文化出版.

[12]費兹吉拉特、丹尼斯. (民96). 企業資料通訊與網路概論(郡喻美,譯). 臺北市: 臺灣東華.

[13]黃士銘, 李. (民95). 企業資料通訊. 台北: 全華科技.

[14]楊中皇. (民97). 網路安全理論與實務第二版. 台北市: 學貫行銷.

[15]楊鴻儒. (民79). 個案研究活用法. 台北市: 大展出版社.

[16]經濟部中小企業處. (民104). 中小企業認定標準. Retrieved from http://www.moeasmea.gov.tw/ct.asp?xItem=672&ctNode=214.

[17]資安人科技網. (民102). 南韓遭大規模病毒攻擊,駭客來自歐美四國. from http://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=7372#ixzz3IZOjQnv3

[18]潘天佑. (民100). 資訊安全概論與實務(第二版). 台北: 碁峯資訊.

[19]蔡渭水. (民90). 大陸經營環境變遷對台商投資影響之研究--高科技產業 : 以通訊, 資訊, 消費性電子及半導體為例. 臺北市: 經濟部投資審議委員會.

[20]趨勢科技. (民104). 針對進階持續性滲透攻擊的客製化防禦. from http://www.trendmicro.com/cloud-content/us/pdfs/business/white-papers/wp_custom-defense-against-targeted-attacks.pdf

[21]趨勢科技全球技術支援與研發中心. (民102). 給IT管理員的 6 個網路安全建議. from http://blog.trendmicro.com.tw/?p=6867

[22]顏春煌, 林., 劉仲鑫,郭秋田. (民101). 電腦病毒防護入門. 新北市: 國立空中大學.


英文部分:
[1]Albanesius, C. (2015). 6 Tech Issues Obama's State of the Union Pledged to Tackle. PC magazine. from http://www.pcmag.com/article2/0,2817,2475457,00.asp

[2]Andrus, F. (2011a). An Adaptive Approach to Network Security. from http://innetworktech.com/wp-content/uploads/2013/07/An_Adaptive_Approach_to_Network_Security.pdf

[3]Andrus, F. (2011b). Beyond scan and block: an adaptive approach to network access control. Network Security, 2011(11), 5-9. doi: 10.1016/S1353-4858(11)70117-9

[4]Benbasat, I., Goldstein, D. K., & Mead, M. (1987). The Case Research Strategy in Studies of Information Systems. MIS Quarterly, 11(3), 369-386. doi: 10.2307/248684

[5]Benito, Á. C. (2009). Analysis and evaluation of property-based NAC policies within the context of TNC.

[6]Bort, J. (2008). Experts debate NAC: usefulness vs. cost. from http://www.networkworld.com/article/2273972/lan-wan/experts-debate-nac--usefulness-vs--cost.html

[7]Bridwell, L. M. (2004). ICSA Labs 10th Annual Computer Virus Prevalence Survey.

[8]Chen, T. M., & Walsh, P. J. (2013). Chapter 5 - Guarding Against Network Intrusions. In J. R. Vacca (Ed.), Computer and Information Security Handbook (Second Edition) (pp. 81-95). Boston: Morgan Kaufmann.

[9]Cisco. (2003). Network Admission Control. from http://www.bizforum.org/whitepapers/cisco-5.htm http://www.cisco.com/go/nac

[10]CSI. (2011). 2010/11 CSI Computer Crime and Security Survey.

[11]CSSP, D. (2009). Recommended Proctice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies. US-CERT Defense In Depth (October 2009).

[12]Daniels, K. (2013). How to Achieve Complete Network Visibility with NAC. Credit Control, 34(8/9), 97-99.

[13]Dave, S., Mahadevia, J., & Trivedi, B. (2011). Security policy implementation using connection and event log to achieve network access control. Paper presented at the Proceedings of the International Conference on Advances in Computing and Artificial Intelligence, Rajpura/Punjab, India.

[14]Dignan, L. (2013). Internet of things: $8.9 trillion market in 2020, 212 billion connected things. from http://www.zdnet.com/article/internet-of-things-8-9-trillion-market-in-2020-212-billion-connected-things/

[15]Enders, R., & Schwarz, H. J. (2013). Network Endpoints and Attribute Based Access Controls.

[16]Frias-Martinez, V. (2009). A Network Access Control Mechanism Based on Behavior Profiles. Paper presented at the 2009 Annual Computer Security Applications Conference. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5380530

[17]Gable, G. G. (1994). Integrating case study and survey research methods: an example in information systems. European journal of information systems, 3(2), 112-126.

[18]Gartner. (2009a). Magic Quadrant for Network Access Control.

[19]Gartner. (2009b). Network Access Control (NAC). from http://www.gartner.com/it-glossary/network-access-control-na

[20]Gartner. (2011). Magic Quadrant for Network Access Control.

[21]Gartner. (2012). Will BYOD revive the network-access control idea? Gartner thinks it will.

[22]Gartner. (2013). Magic Quadrant for Network Access Control.

[23]Gartner. (2014). Hype Cycle for Infrastructure Protection, 2014.

[24]Geer, D. (2010). Whatever Happened to Network-Access-Control Technology? Computer, 43(9), 13-16. doi: 10.1109/mc.2010.269

[25]Gemalto. (2015). 2014 Year of Mega Breaches & Identity Theft.

[26]Hancock, B. (1998). Security views. Computers & Security, 17(4), 280-292. doi: http://dx.doi.org/10.1016/S0167-4048(98)80007-2

[27]Hockaday, R. (2008). When mobile phones become mainstream clients. from http://www.computerweekly.com/opinion/When-mobile-phones-become-mainstream-clients

[28]Holtsnider, B., & Jaffe, B. D. (2012). Chapter 8 - Security and Compliance. In B. H. D. Jaffe (Ed.), IT Manager's Handbook (Third Edition) (pp. 205-246). Boston: Morgan Kaufmann.

[29]Joint_Technical_Committee. (2005). ISO/IEC 27001:2005 INTERNATIONAL STANDARD: International Organization for Standardization.

[30]Kelley, J., Campagna, R., & Wessels, D. (2009). Network Access Control For Dummies: For Dummies.

[31]Li, B., Springer, J., Bebis, G., & Hadi Gunes, M. (2013). A survey of network flow applications. Journal of Network and Computer Applications, 36(2), 567-581. doi: http://dx.doi.org/10.1016/j.jnca.2012.12.020

[32Macfarlane, R., Buchanan, W., Ekonomou, E., Uthmani, O., Fan, L., & Lo, O. (2012). Formal security policy implementations in network firewalls. Computers & Security, 31(2), 253-270. doi: http://dx.doi.org/10.1016/j.cose.2011.10.003

[33]McAfee. (2015). Improve Visibility and Control of Endpoints—Including Managed and BYOD. from http://www.mcafee.com/tw/resources/solution-briefs/sb-forescout.pdf

[34]Microsoft. (2014). Network Access Protection. from http://msdn.microsoft.com/en-us/library/windows/desktop/aa369712(v=vs.85).aspx

[35]Mohr, J. A. (2006). Bridging the growing support gap through proactive deployment of emerging technologies. Paper presented at the Proceedings of the 34th annual ACM SIGUCCS fall conference: expanding the boundaries, Edmonton, Alberta, Canada.

[36]Montgomery, D. C. (2008). Design and analysis of experiments: John Wiley & Sons.

[37]Nayak, A. K., Reimers, A., Feamster, N., & Clark, R. (2009). Resonance: dynamic access control for enterprise networks. Paper presented at the Proceedings of the 1st ACM workshop on Research on enterprise networking, Barcelona, Spain.

[38]OECD. (2002). Guidelines for Security of Information Systems: Organisation for Economic Co-operation and Development.

[39]Oltsik, J. (2013). Goodbye NAC, Hello EVAS (Endpoint visibility, access, and security)
from http://www.networkworld.com/article/2224939/cisco-subnet/goodbye-nac--hello-evas--endpoint-visibility--access--and-security-.html

[40]P.Bizeau. (2010). Take control of your LAN with FreeNAC. from http://freenac.net/

[41]Parhi, S. (2012). Attacks Due to Flaw of Protocols Used In Network Access Control (NAC), Their Solutions and Issues: A Survey. International Journal of Computer Network and Information Security (IJCNIS), 4(3), 31.

[42]Raspberry-Pi-Foundation. (2015). Raspberry Pi from http://www.raspberrypi.com.tw/

[43]Snyder, J. (2010). NAC: What went wrong? , from http://www.networkworld.com/article/2209345/security/nac--what-went-wrong-.html

[44]Symantec. (2015). The 2015 Internet Security Threat Report. Symantec Corporation.

[45]The_Economist. (2015). Is Kim Jong Un innocent, The Economist. Retrieved from http://www.economist.com/news/united-states/21637402-america-was-too-quick-blame-north-korea-hack-attack-sony-kim-jong-un

[46]Weinberg, N. (2008). NAC: Hot technology for 2008. from http://www.networkworld.com/article/2289831/lan-wan/nac--hot-technology-for-2008.html

[47]Williams, P. A. H. (2008). In a ‘trusting’ environment, everyone is responsible for information security. Information Security Technical Report, 13(4), 207-215. doi: http://dx.doi.org/10.1016/j.istr.2008.10.009

[48]Wilson, J. (2009). Rich Knowledge Becomes Powerful Enforcement. from http://www.infonetics.com/whitepapers/2009-Infonetics-Research-The-Evolution-of-Network-Access-Control-FINAL-112309.pdf

[49]Zhang, Y., He, J., Zhao, B., Huang, Z., & Liu, R. (2015). Towards more pro-active access control in computer systems and networks. Computers & Security, 49(0), 132-146. doi: http://dx.doi.org/10.1016/j.cose.2014.12.001

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top