- 期刊
以攻擊樹為基礎之SIP網路電話弱點檢測系統
SIP Phone Vulnerability Exam System Based on Attack Tree
摘要
隨著資訊科技的進步,現代人擁有更多的通訊媒介可供選擇,例如:電子郵件、即時訊息以及網路電話等,而其中的網路電話有逐漸取代傳統PSTN (Pablic Switded Telepwoue Network)的趨勢。網路電話所採用的SIP(Sessiou Initial Protocol)協定雖具有簡單、快速、靈活且便利等特性,但是該協定是基於網際網路所設計,因此SIP也自然繼承了網際網路本身的弱點。有鑑於此,本研究使用滲透測試搭配攻擊樹的指引,針對使用SIP協定的網路電話系統進行安全檢測。本系統可以讓系統管理員明確地找出組織內部潛在的漏洞,以便及早修復。
並列摘要
Along with the development of information technology, more communication tools, such as email, instant message, and internet telephony, become available. The progress on internet telephony is in its pivoting point to gradually replace the traditional public switched telephone network (PSTN) service. The Session Initiation Protocol (SIP) for the internet telephony has its advantage of simple, speedy, flexible, and convenient. However, SIP is based on internet infrastructure; it inherits all vulnerability natures associated with internet communication. We propose in this paper the vulnerability evaluations of the SIP phones using penetration test under the Attack Tree's guidance. Our proposed system will help administrators to precisely allocate potential internal weaknesses and to patch issues effectively.
延伸閱讀
- 楊欣哲、彭勝寶(2013)。延伸型攻擊樹分析法以評估網站安全風險之研究。資訊管理學報,20(1),1-38。https://www.airitilibrary.com/Article/Detail?DocID=16085752-201301-201303250015-201303250015-1-38
- 吳昌桓(2009)。一個基於監測網路通訊協定執行行為的入侵偵測系統〔碩士論文,國立臺灣大學〕。華藝線上圖書館。https://doi.org/10.6342/NTU.2009.03331
- Pan, J. L. (2011). 考量惡意攻擊及傳染病攻擊下攻擊者成功機率最小化之有效網路規劃與防禦策略 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2011.00778
- 柯鈞凱、楊中皇(2010)。結合弱點掃描和滲透測試之自動化Web安全檢測系統設計與實現。載於中華民國資訊安全學會(主編),全國資訊安全會議(頁186-190)。中華民國資訊安全學會。https://doi.org/10.29615/CISC.201005.0186
- Tse, D. W. K. (2014). A New Smartphone Privacy Protection Scheme Based on Anti-theft Technology. 電腦稽核, (30), 104-121. https://www.airitilibrary.com/Article/Detail?DocID=2073090X-201407-201408070021-201408070021-104-121