- 學位論文
企業組織內部網路初期導入政府零信任架構之建議做法
Recommended Practices for the Initial Implementation of Government Zero Trust Architecture in an Organization's Intranet
摘要
針對我國近年所發生的重大資安事件進行統整分析,發現多可歸咎於企業內部網路之安全風險問題。而且隨著雲端服務蓬勃發展、遠端存取需求擴增等資訊環境的持續變化,傳統網路安全策略重視邊界防護的作法頻頻遇到不同形式的破口,內部網路不再是一個安全的邊界範圍。政府推動零信任架構,主要目的是解決現今網路環境複雜,造成信任邊界不明之資安問題。因此,本文基於政府零信任架構參考指引,針對企業組織內部網路,提出初步導入零信任架構之建議做法。其目的是透過零信任架構之三大核心機制,身分鑑別、設備鑑別和信任推斷,在既有的資安軟硬體設備下進行補強及優化,藉以初期提升內部網路的資安防護能力。 為實現此目的,本文依據金管會導入零信任架構參考指引之原則分級表,針對企業組織內部網路如何達成初期導入之傳統階段目標,提出分析及建議。其建議結合實證設計,利用既有資安軟硬體設備和內部Windows網域環境,通過組態設定和自動化腳本以提升導入初期之資安防護。同時運用了ChatGPT生成式AI技術,輔助開發和維護資安維運相關之腳本,以降低導入之技術門檻及提高工作效能。 驗證過程採自行評量及專家訪談方式,依據實際規範對實務設計示範進行檢驗。結果顯示本文所提出的建議做法,在強化內部網路資安防護上,有助於符合初期導入零信任架構參考指引之傳統階段目標。未來,隨著新興科技的不斷進步,這些建議做法有望進一步優化和應用,為企業組織內部網路的資安防護帶來更完整的發展。
並列摘要
This study gathers and analyzes significant cybersecurity incidents in Taiwan in recent years, revealing that most can be attributed to security risks within an organization's intranet. With the rapid development of cloud services and increasing demand for remote access, traditional network security strategies that emphasize perimeter defense have frequently encountered various vulnerabilities. Internal networks are no longer a secure boundary. The government promotes a Zero Trust Architecture (ZTA) to address cybersecurity issues arising from unclear trust boundaries in today's complex network environments. Based on the government's Zero Trust Architecture Reference Guide, this paper proposes preliminary recommendations for implementing ZTA in an organization's intranet. The goal is to enhance and optimize existing cybersecurity infrastructure through ZTA's three core mechanisms: identity authentication, device authentication, and trust inference, thereby improving the initial phase cybersecurity protection of intranets. To achieve this, the study utilizes the principles outlined in the Financial Supervisory Commission's ZTA reference guide to analyze and recommend strategies for achieving the objectives of the traditional stage of ZTA implementation in an organization's intranet. The recommendations are validated through an empirical design that leverages existing cybersecurity hardware, software, and Windows domain environments. Configuration settings and automated scripts are employed to strengthen cybersecurity protection during the initial implementation phase. Additionally, ChatGPT generative AI technology is applied to assist in developing and maintaining cybersecurity operational scripts, reducing technical barriers and improving efficiency during implementation. The empirical results, validated through self-assessment and expert interviews, demonstrate that the proposed recommendations effectively strengthen intranet cybersecurity by meeting the objectives of the traditional stage of ZTA implementation. The study provides practical implementation and verification methods based on concrete regulatory standards. As emerging technologies continue to evolve, these recommendations can be further optimized and applied, contributing to a more comprehensive cybersecurity framework for intranets.