利用入侵偵測系統之資訊於擬定大學校園資訊安全對策

Abstract

本研究探討對象為T大學的資訊中心，T大學為國內一所研究型學校，具有許多國家級研究機構，其資訊中心為該區域教學研究網際網路系統的中心，因此時常遭遇到資訊安全上的攻擊。為了減少資訊安全上的損失，該資訊中心引入「入侵偵測系統(Intrusion Detection System, IDS)」以減少資訊安全威脅事件發生，但由於依然必須等待攻擊發生後才能有所處理，未能達到預先防範的效用，且資源分配發散，在處理及追蹤上耗費了大量財力與人力資源。故本研究進一步藉由個案T大學的入侵偵測系統進行研究，分析資訊通路上的歷史資訊與記錄。首先分析校園環境中易產生的威脅類型，並進一步歸納出九種主要的資訊事件以及搜尋風險程度大的地點，接著由事件發生地點的角度找出其影響程度大的資訊事件種類，並以整體資訊安全事件分析來進行補充，最後藉由上述分析推展出適合個案校園的防護對策以佈署資源於風險程度大的地點，使得個案校園資訊安全事件的整體涵蓋率達到80%。透過本研究成果，個案校園得以提升其開放式環境的資訊安全以及防護未來風險，而相關非營利組織可引以參考作為妥善佈署資訊安全資源的依據。

This study analyzes data from the information center of T University. The information center of T University is the core of regional academic Internet, and therefore it suffered from information attacks frequently. In order to reduce the loss from information security, the information center applied the Intrusion Detection System (IDS). But because the treatment still can only be done after attacks happened, it can’t achieve the effect of prevention. Furthermore, the resource scattered and the information center spent a lot of resource on tracking and dealing with these attacks. This study uses the historical information from the Intrusion Detection System to do further analysis. Significant categories of incidents and high-risk locations will be found out first. Then this study analyzes these data in location aspect. And the last analysis comes from incident overview analysis. Moreover, strategies which correspond to the analysis and the character of each location will be established to apply limited resource to these high-risk locations. As a result, about 80% of incidents can be covered and the information security level of open environment will be raised. And the result of this study can be a reference to related non-profit organizations for allocating limited resource on information security.