lp5 103036 資訊安全服務 採購規範 - bot.com.t · pdf file一、第1 項資安 ......
TRANSCRIPT
1
1
1
1 1
DNS IP(Command and ControlC&C) 6
2 2 2
(/) 1 100 Mbyte
2 1
3
Office Adobe Acrobat Adobe flash player
20 0.3
2
4
Office Adobe Acrobat Adobe flash player
5 0.3
( MS AD)
AD(Group Policy) AD ( LDAP)( 3 )
1 0.25 5
() IP
1 0.5
()
(*)
(*)
1 1 1
()
2 2 4
()
1 2 2
0.3 20 6
3
()
(*)
(*)
0.3 5 1.5
0.25 1 0.25
0.5 1 0.5
: 8 ()
:
()
:(*=)*
:
1 CCNA(Cisco Certified Network Associate)
2 CEH(Certified Ethical Hacker)CHFI (Computer Hacking Forensic Investigation)
3 NSPA (Network Security Packet Analysis)
4 MCSE (Microsoft Certified Solutions Expert)
5 CISSP(Certified Information Systems Security Professional)ISO/CNS 27001 Lead Auditor
4
18
1 2 3 4 5 6 7 1() 2
/// 3
1 (
) 2
( DNS ) (
)
5
3 ( IP )
4 Office Adobe Acrobat Adobe flash player ()
5 ( AD) ()
6 ( IP
) 4 5 6 1 2 3() 4( )
1 2
3
4(Group Policy) 5(Rule)(Port)
6
2 SOC - SOC
900 EPS(Event Per Second)
EPS EPS EPS EPS
EPS () 250
300 (Firewall )
500 150
(IDS) 450 250 300 (IPS) 500 300 400 (WAF ) 1500
() 150 300
500
250 200 150 150 150 500
150 DNS 250
1SOC
(1) 30
7
( SIEM )
Rule 2 24
3 5 104 24
2 1
SOC
21 (
)
3 A
IP B (IPDNS) C
8
D E
3
1 3
()
2 A
B()
C
D
4 1
A
BSymantec
C ICSTMicrosoftSecurityFocus
9
CERT D Zone-HOWASP
E CNNGoogle Yahoo F Zero-Day 2 3
3 2
AIPS/IDS B
C
5
SOC - SOC
365 (365*)
:(365 x24) 365 24
SOC SOC
SOC :
1 CCNA (Cisco Certified Network Associate)
2 NSPA (Network Security Packet Analysis)
10
3 MCSE (Microsoft Certified Solutions Expert)
LPIC (Linux Professional Institute Certification)RHCE (Red Hat Certified Engineer)
18
1SOC 2SOC 3SOC 4SOC 5 6 7 1SOC
2SOC () 1 2
3 4 3
4
SOC
11
3 SOC - SOC
2300 EPS(Event Per Second)
EPS EPS EPS
EPS
() 250 300
(Firewall ) 500 150
(IDS) 450 250 300 (IPS) 500 300 400 (WAF ) 1500
() 150 300
500
250 200 150 150 150 500
150 DNS 250
1SOC
(1) 30
12
( SIEM )
Rule 2 24
3
5 78 24
2 1
SOC
21 (
)
3 A IP B (IPDNS) C
13
D E
3 1 7
()
2 A
B()
C
D 4 1 A B Symantec C ICSTMicrosoftSecurityFocus
14
CERT D Zone-HOWASP E CNNGoogle Yahoo F Zero-Day
2 3
3 2 AIPS/IDS B C 5
SOC -
SOC
365 (365*)
: (365 x24 )365 24
SOC SOC
SOC :
1 CCNA (Cisco Certified Network Associate)
2 NSPA (Network Security Packet Analysis)
15
3 MCSE (Microsoft Certified Solutions Expert)
LPIC (Linux Professional Institute Certification)RHCE (Red Hat Certified Engineer)
18
1SOC 2SOC 3SOC 4SOC 5 6 7 1SOC 2SOC () 1 2 3 4 3 4
: SOC
16
4 SOC - SOC
4900 EPS(Event Per Second)
EPS EPS EPS
EPS
() 250
300 (Firewall )
500 150
(IDS) 450 250 300 (IPS) 500 300 400 (WAF ) 1500
() 150 300
500
250 200 150 150 150 500
150 DNS 250
1SOC
17
1 30
( SIEM )
Rule 2 24
3
5 52 24
2 1
SOC
21 (
)
3 A IP B (IPDNS) C
18
D E
3
1 15
()
2 A
B()
C
D
4 1
A
B Symantec
19
C ICSTMicrosoftSecurityFocus CERT
D Zone-HOWASP
E CNNGoogle Yahoo F Zero-Day
2 3
3 2
AIPS/IDS B
C
5
SOC -
SOC
365 (365*)
: (365 x24 ) 365 24
SOC SOC
SOC :
1 CCNA (Cisco Certified Network Associate)
20
2 NSPA (Network Security Packet Analysis)
3 MCSE (Microsoft Certified Solutions Expert) LPIC (Linux Professional Institute Certification)RHCE (Red Hat Certified Engineer)
18
1SOC 2SOC 3SOC 4SOC 5 6 7 1SOC 2SOC () 1 2 3 4 3 4
21
SOC
22
5 2 () Web
1 1 Common Vulnerabilities and Exposures (CVE)( ) A B C D E F G 2 OWASP TOP 10 2013 AA1-Injection BA2-Broken Authentication and Session Management CA3-Cross-Site Scripting (XSS) DA4-Insecure Direct Object References EA5-Security Misconfiguration FA6-Sensitive Data Exposure GA7-Missing Function Level Access Control HA8-Cross-Site Request Forgery (CSRF) IA9-Using Components with Known Vulnerabilities JA10-Unvalidated Redirects and Forwards 2
23
3
1
4
()
(*
)
(*)
(VA)- ( 15 IP) IP 0.35 0 0 (VA)- ( 10 IP) IP 0.3 100 30
(WebVA)- URL 3 0 0 (WebVA)- URL 2 10 20
: 8 ()
: CEH(Certified
Ethical Hacker)
18
1 () 2
24
1 2 /// 3 A B C D 4 5
25
6 2 ()
1
2 1
()(false positivefalse negative)
3
4
HTTP
Session Cookie Session Session CSRF
26
(1) XSS SQL Injection LDAP Injection XML Injection SSI Injection XPath Injection Code Injection
(2) XSS SQL Injection OS Commanding HTTP
Web Service
WSDL XML XML XML
Ajax Ajax
SMTPPOP3 IMAP
WEB
FTPNETBIOS NFS
SSHTELNETVNC RDP
DNSPROXY SNMP
FirewallIDS/IPSDatabaseLDAP SMB
WEBFTPSSHTELNETSMTPPOP3IMAPSNMPNetBIOSRDPVNC Database
27
5
()
(*
)
(*
) (PT)- URL IP 16 1 16 (PT)- URL IP 15 100 1500
: 8 ()
: 1 CEH(Certified Ethical Hacker)
2 GPEN (GIAC Certified Penetration
Testers)GWAPT (GIAC Web Application Penetration Tester)
18
1 2 () 1
1()
2()
28
3()
2 /// 3
()(// URL IP///)
4 5
(IP/Domain)
29
7
1
1
1 2 5
2
3
3
//
4 1 8x5
2:
(*)
(5 /)
100 (1~100)
10
(5 /)
200 (101~200)
11
(5 /)
500 (201~500)
13
(5 /)
1000 (501~1000)
15
1:
30
2() 1,000
2: 8 ()
: CEH(Certified Ethical Hacker)
18
1 2 1 2 /// 3 1 2 3 4//
4 5
31