本研究以某公司不完善之資訊安全機制為案例,建立防禦機制,並分析整體環境網路情況。為確認有無攻擊活動發生,本研究整合了Snort與Linux Kernel,利用Snort的規則與Netfilter的封包過濾功能,來提供防火牆的效果,以達成聯合防禦並實現入侵偵測系統(Intrusion Prevention System; IPS)。根據實測結果發現,本研究所提出的機制可有效減少該公司網路環境外部攻擊行為;在TCP方面入侵攻擊警報比整合前降低了2%,UDP沒有影響,ICMP警報可降低7%。整體而言,可阻擋41.17%的外部攻擊。本研究的成果可提供一個後續研究的範本,依照環境的不同狀況,新增或修改適當的安全性規則,讓整體防禦機制提升,並減少誤判的情形。
This thesis conducts the case study of a company’s imperfect information security mechanism. We establish a defense mechanism and analyze the security of the overall network environment both with and without the scheme. To confirm whether the attacks occurred, we integrate Snort and the Linux Kernel. Using Snort rules and Netfilter packet filtering functionality, we implement an intrusion prevention system (IPS) that provides joint defense capability with an efficient firewall. The experimental results show that our mechanism can effectively reduce the external network attacks. In the aspect of the TCP attacks, the intrusion alert is 2% less than that without the integrated mechanism. In the meantime, we are able to reduce 7% intrusion alerts for the ICMP attacks. Overall, we can block 41.17% external attacks with the proposed mechanism. The findings of this study may provide a template for future research. One can add or modify the appropriate security rules according to the specific environment to enhance the overall defense mechanisms and to reduce false positive conditions.
