在當今各種企業中，製造執行系統( Manufacturing Execution System)已成為各生產線必要的组成部分。它充當物理領域和數字領域之間的重要紐帶，已經是智慧工廠不可或缺的條件之一。在監測過程中迎來困難的挑戰，缺乏高效的數據採集、接收和處理。因此通過使用MES可以促進關鍵數據向雲端的無縫傳輸。製造過程的優化不僅提高了效率，最大限度地減少了人為錯誤的可能性，還增強了數據一致性，並加快了雲計算的速度。然而MES還需要正視資訊安全，將資訊安全的自我檢測與修正應用於製造領域，利用ISO27001為標準進行滲透測試和評估，達成基於網頁的製造執行系統的資安防護。

本研究透過基於Debian的開源系統Kali Linux 來對MES進行滲透測試。根據多種開源程式的執行成果進行漏洞修補，達成MES整體資安架構的提升。對用戶而言，可以強化自身的密碼強度，也可依賴基於網頁登入的防禦機制可以大幅度地將低被黑客入侵破解的概率。研究中使用的技術包含虛實整合系統、基於網頁的應用程式、雲製造、物聯網、資訊安全、ISO27001和滲透測試。

本研究透過基於網頁的執行製造系統為測試目標。首先建置虛擬Kali Linux作業系統，透過網路攻擊和滲透收集目標資訊，並分析評估結果。根據評估所展示的風險對系統進行修正。新用戶需滿足密碼強度規則。最後在資料庫內記錄用戶錯誤登入次數和時間，系統會在錯誤超過目標次數後短暫封鎖帳號。相較於以往MES，基於網頁給了用戶更大的方便性，隨著資安意識抬頭，從便利性與安全性兩者中取的平衡。

In the present landscape of diverse enterprises, the Manufacturing Execution System (MES) has evolved into an essential component of various production lines. It serves as a vital link between the physical and digital domains, establishing itself as an indispensable requirement for smart factories. The monitoring process encounters challenging obstacles, characterized by a lack of efficient data collection, reception, and processing. Consequently, the utilization of MES facilitates the seamless transmission of critical data to the cloud. The optimization of the manufacturing process not only enhances efficiency but also minimizes the potential for human errors to the utmost extent. Furthermore, it reinforces data consistency and expedites cloud computing capabilities. However, it is imperative for MES to acknowledge the significance of information security. Implementing self-assessment and corrective measures for information security in the manufacturing domain and employing ISO27001 as a benchmark for conducting penetration testing and evaluation are essential to achieving robust cybersecurity protection for web-based manufacturing execution systems.

This study conducts penetration testing on MES using Kali Linux, an open-source system based on Debian. By addressing vulnerabilities identified through the execution of various open-source programs, the overall security architecture of MES is enhanced. For end-users, strengthening password complexity and relying on web-based login defense mechanisms significantly reduce the probability of hackers infiltrating and compromising the system. The techniques employed in this research encompass integrated virtual and physical systems, web-based applications, cloud manufacturing, Internet of Things (IoT), information security, ISO27001, and penetration testing.

This study focuses on a web-based manufacturing execution system as the testing target. Firstly, a virtual Kali Linux operating system is set up to gather target information through network attacks and penetration testing, followed by the analysis and evaluation of the results. Based on the identified risks, necessary modifications are made to the system. New users are required to comply with password strength rules. Finally, user login attempts and timestamps are recorded in the database, and the system temporarily blocks accounts after exceeding the designated number of failed attempts. Compared to traditional MES systems, the web-based approach offers greater convenience to users while striking a balance between usability and security, considering the rising awareness of information security.

1 H. Susanto and M. N. Almunawar. Information security management systems: a novel framework and software as a tool for compliance with information security standard. CRC Press$, 2018.

2 P. Schubert and F. Adisa. Cloud computing for standard erp systems: reference framework and research agenda. 2011.

3 P. Helo, M. Suorsa, Y. Hao, and P. Anussornnitisarn. Toward a cloud-based manufacturing execution system for distributed manufacturing. Computers in Industry, 65(4):646–656, 2014.

4 B. Saenz de Ugarte, A. Artiba, and R. Pellerin. Manufacturing execution system a literature review. Production planning and control, 20(6):525–539, 2009.

5 Microsoft. Discrete manufacturing cloud computing survey 2011.

6 L. R. Chen. Web Based Cloud Manufacturing Information System for CNC Machine. Master thesis, National Taiwan University of Science and Technology, Taipei, Taiwan. 2020.

7 Y. Zhang, G. Zhang, J. Wang, S. Sun, S. Si, and T. Yang. Real-time information capturing and integration framework of the internet of manufacturing things. International Journal of Computer Integrated Manufacturing, 28(8):811–822, 2015.

8 R. Y. Zhong, Q. Dai, T. Qu, G. Hu, and G. Q. Huang. Rfid-enabled real-time manufacturing execution system for mass-customization production. Robotics and Computer-Integrated Manufacturing, 29(2):283–292, 2013.

9 P. D. U. Coronado, R. Lynn, W. Louhichi, M. Parto, E. Wescoat, and T. Kurfess. Part data integration in the shop floor digital twin: Mobile and cloud technologies to enable a manufacturing execution system. Journal of manufacturing systems, 48:25–33, 2018.

10 N. V. Olijnyk. A quantitative examination of the intellectual profile and evolution of information security from 1965 to 2015. Scientometrics, 105(2):883–904, 2015.

11 S. Maji, H. Jain, V. Pandey, and V. A. Siddiqui. White hat security-an overview of penetration testing tools. Available at SSRN 4159095$, 2022.

12 H. M. Z. Al Shebli and B. D. Beheshti. A study on penetration testing process and tools. In 2018 IEEE Long Island Systems, Applications and Technology Conference$ (LISAT), 1–7, IEEE, 2018.

13 M. Z. Hussain, M. Z. Hasan, M. Taimoor, A. Chughtai, M. Taimoor, and A. Chughtai. Penetration testing in system administration. International Journal of Scientific & Technology Research, 6(6):275–278, 2017.

14 A. Goldberg, R. Buff, and A. Schmitt. A comparison of http and https performance. Computer Measurement Group, CMG98$, 8, 1998.

15 C. Adams, G.-V. Jourdan, J.-P. Levac, and F. Prevost. Lightweight protection against brute force login attacks on web applications. In 2010 Eighth International Conference on Privacy, Security and Trust, 181–188, IEEE, 2010.

16 A. Adams and M. A. Sasse. Users are not the enemy. Communications of the ACM, 42(12):40–46, 1999.

17 M. Dell’Amico, P. Michiardi, and Y. Roudier. Password strength: An empirical analysis. In 2010 Proceedings IEEE INFOCOM, 1–9, IEEE, 2010.

18 J. A. Cazier and B. D. Medlin. Password security: An empirical investigation into ecommerce passwords and their crack times. Information Systems Security, 15(6):45–55, 2006.

19 P. Zheng, H. Wang, Z. Sang, R. Y. Zhong, Y. Liu, C. Liu, K. Mubarok, S. Yu, and X. Xu. Smart manufacturing systems for industry 4.0: Conceptual framework, scenarios, and future perspectives. Frontiers of Mechanical Engineering, 13:137–150, 2018.

20 A. Napoleone, M. Macchi, and A. Pozzetti. A review on the characteristics of cyberphysical systems for the future smart factories. Journal of manufacturing systems, 54:305–335, 2020.

21 R. Drath and A. Horch. Industrie 4.0: Hit or hype?[industry forum]. IEEE industrial $electronics magazine, 8(2):56–58, 2014.

22 I. R. Al-Saedi, F. M. Mohammed, and S. S. Obayes. Cnc machine based on embedded wireless and internet of things for workshop development. In 2017 International Conference on Control, Automation and Diagnosis (ICCAD), 439–444 IEEE, 2017.

23 N. Zhang. A cloud-based platform for big data-driven cps modeling of robots. IEEE Access, 9:34667–34680, 2021.

24 X. Xu. From cloud computing to cloud manufacturing. Robotics and computer-integrated manufacturing, 28(1):75–86, 2012.

25 A. N. Fajar, H. Christian, and A. S. Girsang. Evaluation of iso 27001 implementation towards information security of cloud service customer in pt. indodev niaga internet. In Journal of Physics: Conference Series, volume 1090, 012060. IOP Publishing, 2018.

26 R. Hertzog, J. O’Gorman, and M. Aharoni. Kali linux revealed. Mastering the Penetration Testing Distribution, 2017.

27 D. Florˆencio, C. Herley, and B. Coskun. Do strong web passwords accomplish anything? HotSec, 7(6):159, 2007.