95級碩士論文-基於SIP協定實現網路電話系統安全檢測機制

張貼者: G 10.07.2008 標籤: ,
劉作仁 基於SIP協定實現網路電話系統安全檢測機制

[ 摘要 ]
近年來隨著資訊科技的進步,現代人生活中使用資訊科技的比例也日益增加,再加上資訊科技所帶來的便利性,其相關產品及服務逐漸成為現代人生活中不可或缺的一部份。同時,由於網際網路的蓬勃發展,除了原有電話、手機、傳真…等通訊方式之外,其他基於網際網路所開發的通訊工具,如:電子郵件、即時訊息(Instant Message)以及網路電話(Voice over IP, VoIP)…等,也讓現代人在挑選通訊媒介時有了更多的選擇性。

許多新興的資訊科技猶如雙面刃,在給社會大眾往往只看到這些資訊科技所帶來便利之處,殊不知背後卻隱藏了許多不為人知的危機。舉例來說,目前使用於網路電話的SIP協定便是基於網際網路所設計的,因此也繼承了目前在網際網路上現有的攻擊。為了解決資訊安全的問題,許多弱點掃描的軟體也因應而生,而弱點掃描軟體所提供的結果報告對於缺乏經驗的系統管理者而言,這份報告只能提供目前系統有哪些弱點存在,並沒有辦法找出這些弱點之間的相關性。

因此,本研究利用滲透測試進行網路電話系統安全性檢測機制,搭配使用攻擊樹模擬駭客攻擊之手法以及不同的測試個案對網路電話系統進行檢測。以期能夠幫助缺乏經驗的使用者,找出網路電話系統中所存在的漏洞,並提供該漏洞的解決方法。
[ 英文摘要 ]
In recent years, with advances in IT, modern people living in the use of IT in increasing the proportion, together with the information technology brought about by the convenience, its products and services related to modern life has gradually become an integral part of the life. At the same time, due to the vigorous development of the Internet, in addition to the phone, cellular phone, fax and other means of communication, the other communication tools which developed on the Internet, such as: e-mail, instant messaging and VoIP (Voice over IP, VoIP) and so on, also bring modern people more options to choosing communication medium.

Many of the emerging information technology like a double-sided blade, in the community only see that these are often only brought about by information technology facilities of the Department, hardly realize that they hide behind a lot of unknown crisis. For instance, SIP, the most use of the VoIP, is a protocol that designed based on the Internet; it inherited the current available on the Internet vulnerability. In order to solve the information security issue, the more and more vulnerability scanner to be born. The report produced by vulnerability scanner for lack of experience of system managers can only inform the current system has vulnerabilities which might be used, and no way to find the correlation between each vulnerabilities.

Therefore, this study uses penetration test and attack tree designing a mechanism to inspect VoIP system security. Managers who are lack of experience forward to helping the system administrator to find out within the organization by the operation of the VoIP system in the existence of leaks, and provide the solution to the leaks.