有鑑於近年來各國政府、企業組織及重大關鍵設施遭駭客攻擊(含病毒攻擊與駭客植入木馬入侵等)事件頻傳,引發國際輿論與各國政府的高度關注,也造成資訊普及化、高度e化組織的莫大衝擊;而「資訊與網路的運用」亦是廿一世紀先進國家國力的主要表徵,故對於資訊安全事件的持續擴大與嚴峻考驗,各相關單位正研析因應對策,以面對各種可能的威脅並降低資訊與網路運用的風險,已是刻不容緩且亟待解決的課題。 另因國內、外對駭客攻擊的研究多偏重於網際網路(Internet)部份,而有關組織內部網路(Intranet)遭駭客攻擊入侵的相關研究報告與學術著作卻不多見,因此本篇論文將著墨於內部網路遭受駭客攻擊的可能方式,藉蒐整相關研究文獻及筆者實務經驗的個人體認,試著從駭客入侵的個案中,探究內部網路可能面對的脆弱性,並進而提出相關檢討分析對策,以為因應。 此外,本文亦將分析並整理各類突破防火牆,進入內部網路的攻擊可能方式,以及探討木馬程式的植入、啟動與行為模式分析,研析木馬程式所造成的威脅與風險所在。最後,針對前述之威脅,提出如何強化組織中內部網路的安全作為並針對本文所研訂的問卷分析結果作一相互印證,進而從管理、實務作業及技術等各個層面歸納出強化內部網路安全性的建言,供各界參考運用,以作為強化維護資訊網路的安全基石,俾利爾後杜絕網路上類似攻擊事件一再發生。
While hacker attacks , including attacks exploiting virus and Trojan Horse, on government, enterprise and facility network systems are rampant across the globe these years, issues related to cyber safety and security and bringing tremendous impacts on information popularization and organizational electronization have caught global attention. As information and network applications are the symbol of power of developed countries in the 21st century, related units are drawing out responsive actions to control the rise and to eliminate the challenge of information security events in order to face all possible threats and to minimize risks out of information and network applications. While most studies home and abroad focus on hacker attacks on the Internet, this paper has investigated manners of hacker attacks on intranets through review of literature and from viewpoint of personal experience in order to explore and analyze the vulnerabilities of intranets and to propose suggestions for remedy. This paper also investigated the possible ways to break into the firewalls for attacking the intranet, analyzed the injection, activation and activity pattern of Trojan horses, and studied the threats and risks of Trojan horse programs. Finally, methods for enhancing the safety and security of intranet systems were proposed and the results of survey developed by this study were verified. Suggestions for enhancing the safety and security of intranet systems from the aspects of management, practice and technology have been made as reference for maintaining the safety and security of the national defense system and for eliminating similar attacks on network systems in the future.