頁籤選單縮合
題 名 | 政府機關電子郵件社交工程演練與防護--以行政院環境保護署為例=The E-mail Social Engineering Tactics and security Issues in Environmental Protection Administration |
---|---|
作 者 | 黃素梅; | 書刊名 | 行政院環境保護署環境監測及資訊處技術彙刊 |
卷 期 | 4 2010.04[民99.04] |
頁 次 | 頁170-195 |
分類號 | 448.6 |
關鍵詞 | 社交工程; 電子郵件; 資訊安全; 網路釣魚; Social engineering; E-mail; Information security; Phishing; |
語 文 | 中文(Chinese) |
中文摘要 | 隨著網際網路蓬勃發展,電子郵件已逐漸取代紙本書信,成為21世紀重要的訊息傳送管道。惟電子郵件的便利與快速傳播的特性,除了正面商業利益,卻也成為駭客從事惡意訊息或程式散播的負面管道,衍生資安事件。在眾多電子郵件攻擊手法中,最常見的即是電子郵件社交工程。駭客透過寄送引人注意的養生、政治、八卦影視等信件主旨,吸引收件者開啟信件、點閱郵件內夾帶的連結與附件,以遂行其植入木馬或竊取資料的目的。這類攻擊手法極易傷害企業或個人的資料及電腦系統。 本文旨在探討電子郵件社交工程的手法與安全使用電子郵件的方式,並研究政府機關所採行的電子郵件社交工程各項防範作為。近年來政府機關以模擬駭客進行電子郵件社交工程的演練機制及相關配套措施來提升機關人員的防範意識。各機關參與演練結果,平均打開社交工程演練信件比例已從43%降為22.29%,點閱連結或打開附件比例從23.9%降為13.52%。我們在環保署的資通業務操作上,也看到顯著的績效,環保署的員工打開社交工程演練信件比例從39.73%大幅降為6.29%,點閱連結或打開附件比例也從23.52%降為3.38%。促使環保署從97年度被行政院資通安全會報評定「應加強防護」,於98度躍升為「防護績優機關」。 |
英文摘要 | As the Internet booming, e-mail has been gradually replaced paper correspondence, and become an important communication tool in the 21st century. However, convenience and rapid spread of e-mail features, apart from the positive business interests, but it has also become engaged channel for malicious hackers to spread negative messages or programs causing information security incidents. Among many e-mail attack techniques, the most commonly used is e-mail social engineering. Hackers send the e-mail with interesting subjects such as health topics, politics, and gossip to attract the recipient to open the letter. When the recipient clicks on some iocns or URL links in the e-mail, a Trojan program or some veruses might infect his/her computer systems. Such attacks might lead to great information security risks for both the organizations and individuals. This article aims to explore the e-mail social engineering tactics and security issues when using e-mail. We investigate in details on various e-mail social engineering methods and try to figure out the ways to prevent and defend the attacks of e-mail social engineering. In recent years, Taiwan government had adopted a number of approaches including the simulation of hackers’ behaviors and implemented without warning to enhance the awareness of e-mail users. The results show that government employees in test have improved their awareness and defending skills dramatically. The rate of opening risky e-mails and clicking risky attachments or icons had reduced from 43% to 22.29% and from 23.9% to 13.52% by average. For the employees of Taiwna EPA, the performance presents even much better. The rate of opening risky e-mails and clicking risky attachments or icons had reduced from 39.73% to 6.29%, and from 23.52% to 3.38% by average respectively. That makes Taiwan EPA an outstanding government agency in the field of information security implementations and operations. |
本系統中英文摘要資訊取自各篇刊載內容。