日防夜防特權最難防
TRANSCRIPT
![Page 1: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/1.jpg)
1
lhYU解忠翰 產i顧k�
日 期U&01)/4/&1
日防m防特權最難防
機o保全攻防演練三部曲
![Page 2: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/2.jpg)
2
3T SLIQPGLK 6aM
1 so管理 & 側錄軟體
3 權限管理
4 服c管理
) 資產Tg約T廠商
1 p案管理te
& 軟體開發te 3 軟體i質管理 4 端對端行為分析
1 操作自動d & 批次自動d 3 資料/檔案交zte 4 te監y軟體 ) 資料u管理r具
6 網路軟體與管理
1 防資料洩露 & APT 3 虛擬機n全
4 資料u監y防護 ) 資料 ao/變造 6 ao/金鑰管理
PCLMIC 6aKaECmCKP
3KDNaOPNQAPQNC 6aKaECmCKP
3KDLNmaPGLK 6aKaECmCKP
AP 6aKaECmCKP
歷f紀錄/l表/稽核
S01 S3
S PIaPDLNm BYO./APP. SaaS/-ILQB
健檢/訓練 1 資n檢測 & 教育訓練 3 /-5CaNKGKE課程
1 顧k & 健檢 3 訓練 4 p案
文管/SOP/46
服c
![Page 3: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/3.jpg)
3
3KDLNmaPGLK
3T SLIQPGLK 6aM
PCLMIC AMMIGAaPGLK
3KDNaOPNQAPQNC
![Page 4: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/4.jpg)
4
��"
%-�(����� �+#
��#�" ��$
/�#�����!�
�,*���$
/.����&
�� ��
���"
/.��
�#%-�(�, +
� )�&-$
����&-�'�
岩崎 弥太郎三菱財閥歴代総帥
![Page 5: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/5.jpg)
5
![Page 6: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/6.jpg)
6
特權洩密
洩密頻發
高層有間諜
習近平下令嚴
抓
高層洩密
疑洩密大陸 hTC新機恐延後推出
高層洩密
主管機關稽核
求償!!
入監服刑!!
重大損失!!
懲處!!
![Page 7: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/7.jpg)
7
WK21_HCDRN �PT6
■ G�RN �P�0����RN �P�0a?k�■ �O!3M�■ f�3M�/� �E�/�
( ( .[�"
@O!���I�#JX!���O!�
■ g�3M\89,�Z��. �&b^>UN�)`%
LUN�eVFO!,�. �&$d��
■ h�3MCD��]� ���*�7��������� )) ( ) �:4#JB<��
■ i�3M�0CD�\5Sc�T�Sc�(=Sc
��������A�-+O!�-+;'��■ j�3MWY��� Q2�I��*����
主管機關稽核
![Page 8: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/8.jpg)
9
FIFTY SHADES OF
Information SECURITY
���...
������
![Page 9: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/9.jpg)
11
T
s
多 ( 有中
新
多
))
o A
s
) /
s
om
(/
(
/
030TY S2A./S O0 3N0OR6AT3ON S/-UR3TY
![Page 10: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/10.jpg)
12
PCLMIC
3KDNaOPNQAPQNC
3KDLNmaPGLK
AP
Information
3T SLIQPGLK 6aM
![Page 11: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/11.jpg)
13
![Page 12: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/12.jpg)
14
PCLMIC
3KDNaOPNQAPQNC
3KDLNmaPGLK
AP
Information
3T SLIQPGLK 6aM
![Page 13: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/13.jpg)
u (DMZ)
Web AP
TS
TS
&
C
![Page 14: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/14.jpg)
16
u (DMZ)
Web AP
TS
TS
&
安全性需求 威脅分析程式碼安全
掃描
(白箱工具)
弱點掃描(黑箱工具)
滲透測試
應用系統防火牆
AP Security
![Page 15: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/15.jpg)
19
Database /
ERP Call Center
l
m (B2B/B2C/B2B2C/C2C/…)
q
也
APT
WebAP
q l
USB L
XSS
SQL Injection
也
AP
Sensitive Data Exposure
Comment InjectionCross-Site
Request Forgery
Unvalidated Redirects & Forwards
Broken Authentication
Missing Function Level Access Control
Broken Session Management
C
![Page 16: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/16.jpg)
19
Database /
ERP Call Center
l
m (B2B/B2C/B2B2C/C2C/…)
q
也
APT
WebAP
q l
USB L
XSS
SQL Injection
也
AP
Sensitive Data Exposure
Comment InjectionCross-Site
Request Forgery
Unvalidated Redirects & Forwards
Broken Authentication
Missing Function Level Access Control
Broken Session Management
Advanced Persistent
Threat
C
![Page 17: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/17.jpg)
20
Front-end
Back-end
Data warehousingDatabase /
ERP Call Center
l
m (B2B/B2C/B2B2C/C2C/…)
GSS Information Security Solution Blueprint
![Page 18: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/18.jpg)
20
Front-end
Back-end
Data warehousingDatabase /
ERP Call Center
l
m (B2B/B2C/B2B2C/C2C/…)
⼈人
W
GSS Information Security Solution Blueprint
![Page 19: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/19.jpg)
21
PCLMIC
3KDNaOPNQAPQNC
3KDLNmaPGLK
AP
Information
3T SLIQPGLK 6aM
![Page 20: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/20.jpg)
22
GSS Information Security Solution Blueprint
![Page 21: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/21.jpg)
23
! !!"!!655 要
![Page 22: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/22.jpg)
23
?
?
! !!"!!655 要
![Page 23: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/23.jpg)
23
?
?
! !!"!!655 要
![Page 24: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/24.jpg)
24
! !!"!!655 要
![Page 25: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/25.jpg)
25
1.的 c W的 cS 上
s!
![Page 26: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/26.jpg)
25
1.的 c W的 cS 上
2.a S上 P W
s!
![Page 27: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/27.jpg)
25
1.的 c W的 cS 上
2.a S上 P W
3. W Lu L W
s!
![Page 28: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/28.jpg)
25
1.的 c W的 cS 上
2.a S上 P W
3. W Lu L W
4.來 Ws!
![Page 29: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/29.jpg)
25
1.的 c W的 cS 上
2.a S上 P W
3. W Lu L W
4.來 W
5.V W 的 W
s!
![Page 30: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/30.jpg)
26
GSS GSS GSS GSS GSS GSS GSS GSS
GSS GSS GSS GSS GSS GSS GSS GSS
GSS GSS GSS GSS GSS GSS GSS GSS
GSS GSS GSS GSS GSS GSS GSS GSS
GSS GSS GSS GSS GSS GSS GSS GSS
/Application Security
Network Security
Information Security
SIEM
Web Application Firewall
SSO
IDM
Infrastructure Security Man
aged
Sec
urit
y Se
rvic
e
1SS SCAQNGPR TLPaI SLIQPGLK
e-Learning
DB
![Page 31: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/31.jpg)
27
/
Information Security
SSO IDM
Infrastructure Security
1SS SCAQNGPR TLPaI SLIQPGLK
![Page 32: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/32.jpg)
28
Q&A
![Page 33: 日防夜防特權最難防](https://reader031.vdocuments.pub/reader031/viewer/2022030312/58ed64ea1a28ab65668b46d9/html5/thumbnails/33.jpg)
32
TFaKHO