Basic Search / Detailed Display

Author: 盧宣良
Hsuan-Liang Lu
Thesis Title: 電子郵件社交工程演練之自動化教育訓練系統
Automatic Education Training System for E-mail Social Engineering Drill
Advisor: 羅乃維
Nai-Wei Lo
Committee: 吳宗成
Tzong-Chen Wu
Shi-Cho Cha
Degree: 碩士
Department: 管理學院 - 資訊管理系
Department of Information Management
Thesis Publication Year: 2011
Graduation Academic Year: 99
Language: 中文
Pages: 61
Keywords (in Chinese): 社交工程教育訓練資訊安全自動化
Keywords (in other languages): Social Engineering, Education Training, Information Security, Automatic
Reference times: Clicks: 94Downloads: 3
School Collection Retrieve National Library Collection Retrieve Error Report
  • 在現今的社會中,資訊網路的發展非常迅速,且被廣泛地應用在生活中,使我們的生活更加方便也更有效率。但伴隨著電腦與網路的普及,駭客技術亦有所提昇,故資訊安全已經成為一個越來越不可輕忽的議題。雖然企業針對網路安全建立了它們自己的防護系統,然而這樣還是不夠的。資安專家把他們的精力花在他們認為最好的方式身上:防火牆與其他安全機制,例如SSL(Secure Sockets Layer)。但是雖然防火牆與其他安全機制能有效預防駭客侵入企業電腦網路,但卻無法阻止最重大的電腦犯罪來源:內部員工。許多人認為間諜活動是由那些資金充足的組織所進行的,所以只能由政府出來制止。然而,美國工業安全協會與學者Katz的研究表示超過70%上的資訊盜竊是內部員工所需負責的。大部份員工對於資訊安全抱持著草率的態度,而導致企業內部產生資訊安全漏洞。這種利用人類弱點的攻擊手段,也就是所謂的「社交工程」,可能是最難以克服的。
    ( 1 ) 如何自動化產生含有社交工程訊號之社交工程電子郵件
    ( 2 ) 如何自動進行完整的社交工程演練與教育訓練

    Nowadays, the Information Network is developed rapidly and utilized widely to make our life more convenient and efficient. Due to the popularity of computers, networks and the rapid progress of hacker skills, the issue of information security becomes more and more important. Although generally the companies construct their security systems for network protection, however, that is still indefensible. Information security professionals focus their efforts on what they know best: Firewalls and other Internet security mechanisms like Secure Sockets Layer(SSL). While firewalls and other Internet security mechanisms go a long way in preventing the hackers from intruding into a corporate computer network, they do nothing to stop the most significant source of computer crime: the employees. Many people believe that the espionage is committed by well financed organizations that can only be stopped by national agencies. However, studies show that employees were responsible for more than 70% of information related thefts. Most of the employees are careless with information security that causes the information security vulnerability in an enterprise. The human approach in terms of 'Social Engineering' is probably the most difficult one to be dealt with.

    Consequently, this study adopts Social Engineering and Information Security to construct an Automatic Education Training System for E-mail Social Engineering Drill. The objective of this study is helping employers to construct the concept of information security of E-mail Social Engineering for employees by importing this system, related practice. Therefore, this paper comprises two issues as listed below:

    1. How to automate the E-mail of social engineering include Signals of social engineering.
    2. How to automate a complete social engineering drill and training

    摘要 I Abstract II 誌謝 IV 目錄 V 圖目錄 VII 表目錄 VIII 第一章 緒論 1 1.1 研究背景 1 1.2 研究動機 7 1.3 研究目的 9 1.4 研究方法 11 1.5 論文架構 12 第二章 文獻探討 13 2.1 社交工程 13 2.2 社交工程教育訓練 14 第三章 系統設計 17 3.1 需求分析 17 3.1.1 應用程式端需求分析 18 3.1.2 網頁資料庫端需求分析 21 3.2 系統架構 22 3.2.1 系統架構 22 3.2.2 應用程式端內部功能結構 23 3.2.3 網頁資料庫端內部功能結構 25 3.3 系統流程 26 3.3.1 電子郵件社交工程系統流程(使用者端) 26 3.3.2 電子郵件社交工程系統流程(收件者端) 28 第四章 系統實作 29 4.1 系統實作環境 29 4.2 系統介面與功能介紹 31 4.2.1 應用程式端系統介面(郵件發送設定)與功能介紹 31 4.2.2 應用程式端系統介面(自訂郵件與資料查詢) 與功能介紹 36 4.2.3 網頁資料庫端系統介面與功能介紹 39 4.3 系統執行流程 40 4.4 社交工程電子郵件解析 45 4.4.1 收件者收件情形 45 4.4.2 社交工程郵件內容 48 4.5 網頁資料庫端資料解析 52 4.6 實作問題與結論匯整 53 第五章 結論與未來展望 58 5.1 結論 58 5.2 未來展望 60 參考文獻 62

    [1] Sericon Technology Inc.(2005), Introduction to SSL. from
    [2] American Society for Industrial Security (1996), Study on the Theft of Proprietary Information , Arlington, VA: ASIS.
    [3] Katz, A. (1995), Computers: The Changing Face of Criminality , Unpublished dissertation: Michigan State University
    [4] 教育部(2010),教育部99年度學術機構分組防範惡意電子郵件社交工程演練計畫
    [5] 梁定澎(1997),資訊管理研究方法總論,資訊管理學報,第四卷第一期:p.1-7
    [6] Joan Goodchild (2010), Social Engineering: The Basics.
    [7] NISCC Briefing (2006), Social engineering against information systems: what is it and how do you protect yourself ?
    [8] Check Point & Ponemon Institute (2011), Check Point and Ponemon Survey Validates Need for 3D Security. from
    [9] Pei-Wen Liu, Jia-Chyi Wu, Pei-Ching Liu TWNCERT (2008), The Best Practice to Protect against Social Engineering Attacks in E-mail Form.

    無法下載圖示 Full text public date 2016/07/12 (Intranet public)
    Full text public date This full text is not authorized to be published. (Internet public)
    Full text public date This full text is not authorized to be published. (National library)