本篇論文提出一個新的方法,利用Linux上的Iptables內建模組來建置規則,可以有效阻斷非明碼的即時通訊軟體Skype及QQ。由於即時通訊軟體Skype及QQ是採用加密且不公開的通訊協定,因此讓企業的員工認為使用即時通訊軟體Skype及QQ時通話將不受管理,而樂於使用,導致企業網路管理上的資訊安全問題,因此網路出現各種解決方法,例如:針對特定的伺服器做阻斷、對開放的Port有所限制、分析封包找出封包特徵等方式,但是實際上的結果卻是無法正確阻斷的,而本篇論文提出的方法是不需要花費任何的費用下,利用自由軟體Iptables即可達到有效的阻斷非明碼的即時通訊軟體Skype及QQ。最後,論文會解釋上述其他阻斷方法失敗的原因,並且測試不同環境下對本篇論文提出的阻斷方法造成的影響及說明結果。
This thesis introduces an innovative method, which uses Iptables module of Linux system to establish filter rules that can effectively block encryption Instant Messenger, Skype and QQ. Because Skype and QQ use encryption and private communication protocol, Employees like to use Skype and QQ for not being managed. It is result in information security of managing industry network, so there are every kind of solution on the internet, like blocking particular servers, restricting public ports on network, and analyzing packets for figuring out packet specific. But these solutions can not block Skype and QQ completely in fact. However, this paper provides the solution of using free Iptables to certainly block encryption Instant Messenger, Skype and QQ with no need of extra cost. In the end of this paper will explain the reason why the prior blocking solutions failed, and mention this paper’s experimental result in different environment.