1. Telecom Technology Center IT 基準安全防護介紹 報告人：楊詔同 評估師 財團法人電信技術中心 95 年 9 月 19 日

2. Forward-Looking, Professional, Energetic www.ttc.org.tw - 2 - Contents  Introduction  IT Security Process  IT Structure Analysis  IT Baseline Protection Modeling  Brief Outline of Existing Modules

3. Forward-Looking, Professional, Energetic www.ttc.org.tw - 3 - Introduction

4. Forward-Looking, Professional, Energetic www.ttc.org.tw - 4 - Introduction  The IT Baseline Protection Manual contains standard security safeguards, implementation advice and aids for numerous IT configurations which are typically found in IT systems today. This information is intended to assist with the rapid solution of common security problems, support endeavors aimed at raising the security level of IT systems and simplify the creation of IT security policies. The standard security safeguards collected together in the IT Baseline Protection Manual are aimed at a protection requirement which applies to most IT systems.

5. Forward-Looking, Professional, Energetic www.ttc.org.tw - 5 - IT Security Process

6. Forward-Looking, Professional, Energetic www.ttc.org.tw - 6 - IT Security Process  Develop an IT security policy  Select and establish an appropriate organizational structure for IT security management  Creation of an IT security concept  Implement the IT security safeguards  Training and security awareness  Maintain IT security in ongoing operations

7. Forward-Looking, Professional, Energetic www.ttc.org.tw - 7 - IT Structure Analysis

8. Forward-Looking, Professional, Energetic www.ttc.org.tw - 8 - IT Structure Analysis  The existing infrastructure  The underlying organizational and personnel situation which forms a background to the use of the IT assets  The IT systems used, both networked and non-networked  The communication links between the IT systems and with the outside world  The IT applications run on the IT assets

9. Forward-Looking, Professional, Energetic www.ttc.org.tw - 9 - IT Structure Analysis — Sub-task  Preparing a network plan  Reducing complexity by identifying groups of similar assets  Collecting information about the IT systems  Capturing information about the IT applications and related information

10. Forward-Looking, Professional, Energetic www.ttc.org.tw - 10 - Analysis of A Network Plan  IT system, i.e. clients and server computers, active network components (such as hubs, switches, routers), network printers etc.  Network connections between these systems, i.e. LAN connections (e.g. ethernet, token ring), backbone technologies (e.g. FDDI, ATM), etc.  Connections between the are under consideration and the outside world, i.e. dial-in access over ISDN or modem, Internet connections using ISDN, modem or routers, radio links or leased lines to remote buildings or sites.

11. Forward-Looking, Professional, Energetic www.ttc.org.tw - 11 - Objects Represented for Each IT System  A unique name (for example the full host name or an identification number)  Type and function (for example, database server for application X)  The underlying platform (i.e. hardware platform and operation system)  Location (e.g. building and room number)  Name of the responsible administrator  Type of network connection and network address

12. Forward-Looking, Professional, Energetic www.ttc.org.tw - 12 - Network Connections Information  Type of cabling (e.g. fiber optic cable)  The maximum data transmission rate (e.g. 10 Mbps)  The network protocols used on the lower layers (e.g. ethernet, TCP/IP)  For external connections, details of the external network (e.g. Internet, name of provider)

13. Forward-Looking, Professional, Energetic www.ttc.org.tw - 13 - IT Baseline Protection Modeling

14. Forward-Looking, Professional, Energetic www.ttc.org.tw - 14 - Modules  IT baseline protection of generic components  Infrastructure  Non-network systems  Networked systems  Data transmission systems  Telecommunications  Other IT components

15. Forward-Looking, Professional, Energetic www.ttc.org.tw - 15 - Threat Catalogues  Force majeure  Organizational shortcomings  Human failure  Technical failure  Deliberate Acts

16. Forward-Looking, Professional, Energetic www.ttc.org.tw - 16 - Safeguards Catalogues  Infrastructural safeguards  Organizational safeguards  Personnel safeguards  Safeguards relating to hardware and software  Safeguards in communications  Contingency planning

17. Forward-Looking, Professional, Energetic www.ttc.org.tw - 17 - Force Majeure Organizational shortcomings Human Failure Technical Failure Deliberate Acts ITBPM Philosophy IT Baseline Protection of Generic Components Infrastructure Non-Networked SystemsNetworked Systems Data Transmission SystemsTelecommunications Other IT Components Infrastructural safeguards Organizational safeguards Personnel safeguards Safeguards relating to hardware and software Safeguards in Communications Contingency Planning

18. Forward-Looking, Professional, Energetic www.ttc.org.tw - 18 - Brief Outline of Existing Modules IT Baseline Protection of Generic Components

19. Forward-Looking, Professional, Energetic www.ttc.org.tw - 19 - IT Baseline Protection of Generic Components  IT Security Management  Organization  Personnel  Contingency Planning Concept  Data Backup Policy  Computer Virus Protection Concept  Crypto-Concept  Handling of Security Incidents  Hardware and Software Management  Outsourcing

20. Forward-Looking, Professional, Energetic www.ttc.org.tw - 20 - IT Security Management  This module uses a systematic approach to establishing functional IT security management and adapting it over time in line with developments in business operations.

21. Forward-Looking, Professional, Energetic www.ttc.org.tw - 21 - IT Security Management  Threat Scenario — example  Organizational shortcomings T 2.66 Lack of, or inadequate, IT security management –Lack of personal responsibility –Inadequate support from management –Inadequate strategic and conceptual requirements –Insufficient or misdirected investment –Impracticability of safeguard concepts –Failure to update the IT security process

22. Forward-Looking, Professional, Energetic www.ttc.org.tw - 22 - IT Security Management  Recommended countermeasures — example  Organization S 2.191 Establishment of the IT security process –Drawing up of an Information Security Policy –Selection and establishment of an appropriate organizational structure for IT security –Drawing up a schedule of existing IT systems –Definition of the procedure for drawing up the IT security concept –Implementation of IT security measures –IT security in ongoing operations –Maintaining secure operations

23. Forward-Looking, Professional, Energetic www.ttc.org.tw - 23 - Organization  This module lists the organizational procedures that are basically required for IT security. Examples are the determination of responsibilities, data media administration and procedures regarding the use of passwords. They apply to every IT system.

24. Forward-Looking, Professional, Energetic www.ttc.org.tw - 24 - Organization  Threat Scenario — example  Organizational shortcomings T 2.1 Lack of, or insufficient, rules –Poor resource management could seriously impair scheduled operations in a computer centre e.g. simply because an order for printer paper has been forgotten. –Hand-held fire extinguishers once purchased need to be maintained systematically so that they are ready for operation in case of fire.

25. Forward-Looking, Professional, Energetic www.ttc.org.tw - 25 - Organization  Recommended countermeasures — example  Organization S 2.1 Specification of responsibilities and of requirements documents for IT uses –Advisable to lay down regulations on: »Data backup »Keeping data archives »Transport of data media »Data transmission »Destruction of data media »Documentation on IT procedures, software, IT configuration »Use of passwords »Physical access permissions »Access authorizations »Access rights »Resources management »Purchase and leasing of hardware and software »Maintenance and repair work »Software: acceptance and approval »Software: application development »Privacy protection »Protection against computer viruses »Auditing »Emergency precautions »Practices in case of infringement of the security policy

26. Forward-Looking, Professional, Energetic www.ttc.org.tw - 26 - Personnel  The "Personnel" module describes staff- related safeguards to be observed for the achievement of IT security. Examples are arrangements during staff absences, training activities, and systematic procedures regarding the termination of employment. They apply regardless of the type of IT system employed.

27. Forward-Looking, Professional, Energetic www.ttc.org.tw - 27 - Personnel  Threat Scenario — example  Force Majeure T 1.1 Loss of personnel –Due to prolonged illness, the Network Administrator was away from work –While the Administrator was on holiday

28. Forward-Looking, Professional, Energetic www.ttc.org.tw - 28 - Personnel  Recommended countermeasures — example  Personnel S 3.3 Deputizing arrangements –For assumption of tasks by substitutes, sufficient documentation must be provided on the current status of the relevant procedures and on the respective project –As a rule, designation of a substitute will not suffice; consideration must be given to the training required by substitutes so that they will be qualified to assume the specific tasks. If it comes to light that there are persons who, on account of their specialist knowledge, cannot be replaced at short notice, their unavailability constitutes a serious threat to normal operations. In such cases, training of a substitute is of crucial importance –Designated substitutes may be granted the necessary entry and access rights only when they actually have to act as deputies

29. Forward-Looking, Professional, Energetic www.ttc.org.tw - 29 - Contingency Planning Concept  This module presents a procedure for drawing up a contingency planning concept and is especially important for larger IT systems.

30. Forward-Looking, Professional, Energetic www.ttc.org.tw - 30 - Contingency Planning Concept  Threat Scenario — example  Force Majeure T 1.2 –Due to voltage spikes in the power supply, the power supply unit for an important IT system is destroyed –A power failure in an internet service provider’s storage system resulted in this being shut down –Firmware is loaded onto an IT system for which it is unsuited

31. Forward-Looking, Professional, Energetic www.ttc.org.tw - 31 - Contingency Planning Concept  Recommended countermeasures — example  Contingency Planning S 6.9 Contingency plans for selected incidents –Contingency plans will have to be established to provide against the following incidents: »Fire »Water ingress »Power failure, »Failure of the air-conditioning system »Explosion »Breakdown of data transmission »Sabotage.

32. Forward-Looking, Professional, Energetic www.ttc.org.tw - 32 - Data Backup Policy  This module shows how a sound data backup policy can be systematically developed. It is especially intended for larger IT systems or IT systems on which a large amount of data is stored.

33. Forward-Looking, Professional, Energetic www.ttc.org.tw - 33 - Data Backup Policy  Threat Scenario — example  Technical Failures T 4.13 Loss of stored data –Demagnetization of magnetic data media due to ageing or unsuitable environmental conditions (temperature, air moisture) –Exposure of magnetic data media to external magnetic fields –Destruction of data media by force majeure, e.g. fire or water –Inadvertent deletion or overwriting of files –Intentional or accidental setting of deletion flags in archive systems –Technical failure of external storage (headcrash) –Faulty data media –Uncontrolled changes in stored data (loss of integrity) –Deliberate destruction of data through computer-viruses etc

34. Forward-Looking, Professional, Energetic www.ttc.org.tw - 34 - Data Backup Policy  Recommended countermeasures — example  Contingency Planning S 6.36 Stipulating a minimal data backup policy –Minimal data backup policy ： »Software All software, whether purchased or created personally, is to be protected once by means of a full backup. »System data System data are to be backed up with at least one generation per month. »Application data All application data are to be protected by means of a full backup at least once a month »Protocol data All protocol data are to be protected by means of a full backup at least once a month

35. Forward-Looking, Professional, Energetic www.ttc.org.tw - 35 - Computer Virus Protection Concept  The aim of the computer virus protection concept is to create a suitable package of safeguards which will enable penetration of an organization's IT systems by computer viruses to be prevented or detected as early as possible so that countermeasures can be taken and possible damage can be minimized.

36. Forward-Looking, Professional, Energetic www.ttc.org.tw - 36 - Computer Virus Protection Concept  Threat Scenario — example  Deliberate Acts T 5.23 Computer viruses –W32.Bacalid

37. Forward-Looking, Professional, Energetic www.ttc.org.tw - 37 - Computer Virus Protection Concept  Recommended countermeasures — example  Hardware and Software S 4.33 Use of a virus scanning program when exchanging of data media and data transmission –Awareness raising »Dependence of the institution on the use of IT »Description of the hazard potential »Damage scenarios »IT systems potentially affected –Necessary protective measures »Computer virus protection strategy »Updating computer virus scanning programs –Procedures »Regulations on protection against computer viruses »Regulation of responsibilities

38. Forward-Looking, Professional, Energetic www.ttc.org.tw - 38 - 2006 年上半年前 20 大資安威脅 資料來源：趨勢科技， 2006/9

39. Forward-Looking, Professional, Energetic www.ttc.org.tw - 39 - 2006 年上半年資安威脅  行動裝置安全威脅將成最大隱憂  行動裝置惡意程式的數量快速攀升，依據上半年 累積總數與一月對照成長了 12.4 倍；相較於一月， 六月的行動裝置威脅亦已是年初的 4 倍！其中去年 9 月份首次出現，在三月份已被發現到這隻能造成 桌上型電腦與行動裝置交叉感染的第 17 個變種－ SYMBOS_CARDTRP.R ，顯見該類病毒活躍速 度之快。 Gartner 在 2005 年第二季預測 3G 行動電 話將在年底突破 1 億美元大關、智慧型手機將在 2008 年達到 2 億美元的規模，相信在用戶數量激 增的催化下，行動裝置安全威脅恐將急速壯大。 資料來源：趨勢科技， 2006/9

40. Forward-Looking, Professional, Energetic www.ttc.org.tw - 40 - 2006 年上半年資安威脅  灰色軟體成長倍數  強勢推銷的廣告軟體、間諜程式等灰色軟體在上 半年引發了高達 2 百萬件左右的通報案例。相較於 一月，追蹤軟體成長了 7.8 倍、廣告程式 7.2 倍、 BHO 6 倍，皆顯示了驚人的成長幅度。 資料來源：趨勢科技， 2006/9

41. Forward-Looking, Professional, Energetic www.ttc.org.tw - 41 - 2006 年上半年資安威脅  犯罪程式推陳出新  使用 VoIP 語音網路釣魚詐騙手法 (Voice Phishing) 。於今 年 6 月時，詐騙集團藉由電子郵件加網路電話語音手法， 騙取加州聖塔巴巴拉信託銀行存款客戶的金融資料。這次 是網釣新招，結合網路語音電話（ VOIP ），佈局出一個 更新的仿冒詐騙陷阱。利用網路語音電話中回錯相容或容 錯編碼的不良程式，誘騙受害人致電一個地方區碼的電話 號碼，比如洛杉磯，用戶撥通後會聽到一段電話錄音，表 示客戶存款帳戶因安全問題遭到凍結，需要進行特定手續 才能回復運作，要用戶輸入帳戶號碼，而這群歹徒可能隱 身世界任何角落。此案至今未破，銀行已通知客戶要提高 警覺以防遭詐。 資料來源：趨勢科技， 2006/9

42. Forward-Looking, Professional, Energetic www.ttc.org.tw - 42 - 2006 年上半年資安威脅  網路釣魚網址由 81% 下滑至 4% ；網址列覆 蓋法由 13% 飆升至 96% 。  網路釣魚詐騙技巧出現逆轉，網路釣魚技巧中， 原本高佔 81% 比例的網路釣魚網址下滑僅剩 4% ， 而網址列覆蓋法則是變成最主要手法，強占 96% 的比例，較上年度綜合報告中 13% 的比例有大幅 成長。 資料來源：趨勢科技， 2006/9

43. Forward-Looking, Professional, Energetic www.ttc.org.tw - 43 - Crypto-Concept  This module describes a procedure whereby in a heterogeneous environment both the data stored locally and the data to be transmitted can be protected effectively through cryptographic procedures and techniques.

44. Forward-Looking, Professional, Energetic www.ttc.org.tw - 44 - Crypto-Concept  Threat Scenario — example  Deliberate Acts T 5.71 Loss of confidentiality of classified information –Reading out data –Copying data –Reading of data backups –Monitoring data transmission lines –Viewing data on a screen

45. Forward-Looking, Professional, Energetic www.ttc.org.tw - 45 - Crypto-Concept  Recommended countermeasures — example  Organization S 2.161 Development of a cryptographic concept –An example of a crypto concept is shown in the following table of contents »Definitions »Threat scenario as motivational background »Specifying the organization’s internal security policy »Influencing factors »Determining the use of the concept »Key management

46. Forward-Looking, Professional, Energetic www.ttc.org.tw - 46 - Handling of Security Incidents  To maintain IT security in ongoing operations, it is necessary to have developed and practice a policy for the handling of security incidents. A security incident is an event whose impact could cause significant loss or damage. To prevent or contain any loss or damage, security incidents should be dealt with swiftly and efficiently.

47. Forward-Looking, Professional, Energetic www.ttc.org.tw - 47 - Handling of Security Incidents  Threat Scenario — example  Organizational Shortcomings T 2.62 Inappropriate handling of security incidents –New computer viruses containing damaging functionality at first occur on a sporadic basis but afterwards they are found on a wide scale –Inconsistencies are found in the log files of a firewall –New security weaknesses in the used IT systems become known

48. Forward-Looking, Professional, Energetic www.ttc.org.tw - 48 - Handling of Security Incidents  Recommended countermeasures — example  Contingency Planning S 6.58 Establishment of a management system for handling security incidents –Establish a management system handling security incidents. »Inclusion in the security guidelines »Specification of responsibilities »Procedural rules and reporting channel for handling security incidents »Escalation strategy for security incidents »Setting priorities »Methodology for investigating and assessing security incidents »Implementation of measures for taking remedial action in connection with security incidents »Notification of parties affected »Evaluation of a security incident »Use of detection measures for security incidents »Effectiveness testing

49. Forward-Looking, Professional, Energetic www.ttc.org.tw - 49 - Hardware and Software Management  The aim of the “Hardware and Software Management” module is to ensure that IT operations are managed and organised properly. To this end the main focus in the module is on recommendations for procedures and sequences which refer specifically to IT hardware or software components.

50. Forward-Looking, Professional, Energetic www.ttc.org.tw - 50 - Hardware and Software Management  Threat Scenario — example  Technical Failures T 4.43 Undocumented functions –In a number of IT systems backdoors that were inserted and then forgotten about by the developers but were originally intended to facilitate maintenance have been found, which, however, also made it possible to obtain administrator rights with a trivial password

51. Forward-Looking, Professional, Energetic www.ttc.org.tw - 51 - Hardware and Software Management  Recommended countermeasures — example  Hardware and Software S 4.65 Testing of new hardware and software –The testing systems in use should always be isolated from the actual production environment –The used of isolated testing systems is also required to check self-extracting files, such as those received via e- mail, for damaging functions

52. Forward-Looking, Professional, Energetic www.ttc.org.tw - 52 - Outsourcing  The Outsourcing module describes IT security safeguards which should be followed where work or business processes of an organization are outsourced either partially or wholly to external service providers. Outsourcing can entail both the use and operation of hardware and software, and also services.

53. Forward-Looking, Professional, Energetic www.ttc.org.tw - 53 - Outsourcing  Threat Scenario — example  Organizational Shortcomings T 2.84 Unsatisfactory contractual arrangements with an external service provider –Outsourced data or systems are inadequately protected because the outsourcing service provider is not aware of their protection requirement

54. Forward-Looking, Professional, Energetic www.ttc.org.tw - 54 - Outsourcing  Recommended countermeasures — example  Organization S 2.250 Determining an outsourcing strategy –Expertise –Employees –IT systems and applications

55. Forward-Looking, Professional, Energetic www.ttc.org.tw - 55 - Brief Outline of Existing Modules Infrastructure

56. Forward-Looking, Professional, Energetic www.ttc.org.tw - 56 - Infrastructure  Buildings  Cabling  Rooms  Office  Server Room  Data Media Archives  Technical Infrastructure Room  Protective Cabinets  Working place at home (telecommuting)  Computer Centers

57. Forward-Looking, Professional, Energetic www.ttc.org.tw - 57 - Building  This module specifies the safeguards which must be observed in every building in which data is processed. These include safeguards relating to the power supply, fire protection and building protection, as well as organizational safeguards such as key management.

58. Forward-Looking, Professional, Energetic www.ttc.org.tw - 58 - Building  Threat Scenario — example  Deliberate Acts T 5.3 Unauthorized entry into a building –A nocturnal break-in into an office building

59. Forward-Looking, Professional, Energetic www.ttc.org.tw - 59 - Building  Recommended countermeasures — example  Organization S 1.19 Protection against entering and breaking –Protecting doors or windows through which outsiders could gain entry by means of security shutters –Special cylinder locks, additional locks and bars –Securing of basement light shafts –Locking of unused side-entrances –Burglar-proof emergency exits –Burglar-resistant doors –Locking of goods lifts and passenger lifts outside office hours

60. Forward-Looking, Professional, Energetic www.ttc.org.tw - 60 - Cabling  The "Cabling" module recommends safeguards which should be adopted when laying utility and communications lines in a building. Subjects covered include fire sealing of routes, selection of appropriate types of cables and documentation of cabling.

61. Forward-Looking, Professional, Energetic www.ttc.org.tw - 61 - Cabling  Threat Scenario — example  Deliberate Acts T 5.7 Line tapping –It is thus wrong to assume that messages sent by e-mail are the equivalent of letters in the classical sense. As e- mail messages can be read throughout their journey through the internet, a more appropriate comparison is with postcards –Some manufacturers supply sniffer programs along with their operating systems for the purpose of debugging networks. However, these can be used to intercept data as well

62. Forward-Looking, Professional, Energetic www.ttc.org.tw - 62 - Cabling  Recommended countermeasures — example  Infrastructure S 1.22 Physical protection of lines and distributions –Concealed wiring of lines –Steel-armored conduits for lines –Running lines in mechanically solid and lockable ducts –Locking of distributors –Electrical monitoring of distributors and ducts

63. Forward-Looking, Professional, Energetic www.ttc.org.tw - 63 - Room — Office  The "Office" module covers all the safeguards to be observed in connection with the use of IT in an office. Subjects covered include closed windows and doors and supervision of visitors and contractors.

64. Forward-Looking, Professional, Energetic www.ttc.org.tw - 64 - Room — Office  Threat Scenario — example  Human Error T 3.6 Hazards posed by cleaning staff or outside staff –Cleaning staff may accidentally detach a plug-in connection, water may seep into equipment, documents may be mislaid or even removed with the garbage –In one computer centre, painting work was to be carried out in the machine rooms. By mistake, the painter knocked his ladder against the central emergency switch of the power supply and triggered it

65. Forward-Looking, Professional, Energetic www.ttc.org.tw - 65 - Room — Office  Recommended countermeasures — example  Organization S 2.16 Supervising or escorting outside staff/visitors –Strangers (visitors, craftsmen, maintenance and cleaning staff) should not be left unattended, except in rooms specifically designed for such purposes

66. Forward-Looking, Professional, Energetic www.ttc.org.tw - 66 - Room — Server Rooms  This module lists the safeguards to be observed in the use of a room housing a server (for IT systems or PBXs). Subjects covered include avoiding water pipes, air conditioning, local uninterruptible power supply (UPS) and smoking bans.

67. Forward-Looking, Professional, Energetic www.ttc.org.tw - 67 - Room — Server Rooms  Threat Scenario — example  Technical Failures T 4.6 Voltage variations / over-voltage / under-voltage –Over-voltages can also occur outside the electric power supply system, on all the other electrically conducting networks (e.g. telephone connections, building services management system, water or gas pipes etc.)

68. Forward-Looking, Professional, Energetic www.ttc.org.tw - 68 - Room — Server Rooms  Recommended countermeasures — example  Infrastructure S 1.28 Local uninterruptible power supply [ups] –Offline UPS –Online UPS

69. Forward-Looking, Professional, Energetic www.ttc.org.tw - 69 - Room — Data Media Archives  If a room is used to accommodate data media archives, certain requirements for IT security must be adhered to. These are presented in the form of safeguards for IT Baseline Protection. Subjects covered include hand-held fire extinguishers, use of safety doors and smoking bans.

70. Forward-Looking, Professional, Energetic www.ttc.org.tw - 70 - Room — Data Media Archives  Threat Scenario — example  Deliberate Acts T 5.4 Theft –It was not possible to determine whether any documents had been copied or tampered with

71. Forward-Looking, Professional, Energetic www.ttc.org.tw - 71 - Room — Data Media Archives  Recommended countermeasures — example  Infrastructure S 1.15 Closed windows and doors –Windows and outward leading doors (balconies, patios) should be closed whenever a room is unoccupied

72. Forward-Looking, Professional, Energetic www.ttc.org.tw - 72 - Room — Technical Infrastructure Rooms  It is also necessary to take certain IT security measures in rooms where technical infrastructure is installed, for instance the PTT cable entry room, distributor room and low-voltage distribution room. These are specified in this section.

73. Forward-Looking, Professional, Energetic www.ttc.org.tw - 73 - Room — Technical Infrastructure Rooms  Threat Scenario — example  Technical Failures T 4.1 Disruption of power supply –All infrastructure installations nowadays are either directly or indirectly dependent on electric power, e.g. lifts, pneumatic post systems, air conditioning, alarm systems and telephone private branch exchanges. Even the water supply in high-rise buildings relies on electric power due to the use of pumps to generate pressure in the upper storeys

74. Forward-Looking, Professional, Energetic www.ttc.org.tw - 74 - Room — Technical Infrastructure Rooms  Recommended countermeasures — example  Infrastructure S 1.3 Adapted segmentation of circuits –It is essential to review, and, where appropriate, to adjust the electric installation when rooms are to be used for different purposes and when changes and amendments are made to the technical equipment (IT, air-conditioning, lighting)

75. Forward-Looking, Professional, Energetic www.ttc.org.tw - 75 - Protective cabinets  Secure cabinets can be used to increase protection in rooms where data media or hardware are kept (e.g. server rooms or data media archives). If necessary, a special server cabinet can be used as an alternative to a server room. The necessary procedures for obtaining, sitting and using a secure cabinet are described in this module.

76. Forward-Looking, Professional, Energetic www.ttc.org.tw - 76 - Protective cabinets  Threat Scenario — example  Deliberate Acts T 1.16 Earthquake –Earthquakes may lead to destruction of property

77. Forward-Looking, Professional, Energetic www.ttc.org.tw - 77 - Protective cabinets  Recommended countermeasures — example  Infrastructure S 1.40 Appropriate sitting of protective cabinets –Due to the generally high weight of protective cabinets, the load-bearing capacity of the floor must be tested before installation at the place of installation

78. Forward-Looking, Professional, Energetic www.ttc.org.tw - 78 - Working place at home (telecommuting)  This module describes the measures required to set up a teleworkstation with an appropriate security standard in such a way that it can be used for official tasks.

79. Forward-Looking, Professional, Energetic www.ttc.org.tw - 79 - Working place at home (telecommuting)  Threat Scenario — example  Organizational Shortcomings T 2.48 Inadequate disposal of data media and documents at the home work place –The consequential damage depends on the value of the information extracted

80. Forward-Looking, Professional, Energetic www.ttc.org.tw - 80 - Working place at home (telecommuting)  Recommended countermeasures — example  Infrastructure S 1.44 Suitable configuration of a home workplace –Sufficient space for furniture and the desktop monitor –Visual shielding of the monitor if it could be observed through a window

81. Forward-Looking, Professional, Energetic www.ttc.org.tw - 81 - Computer Centers  A computer centre comprises the facilities and premises necessary to operate a large data processing system installed centrally for a number of offices. This module contains recommendations as to security measures for a computer centre whose security requirements lie between those of a server room and those of a high-security computer centre.

82. Forward-Looking, Professional, Energetic www.ttc.org.tw - 82 - Computer Centers  Threat Scenario — example  Technical Failures T 4.1 Disruption of power supply –Power failures are actually a regular occurrence

83. Forward-Looking, Professional, Energetic www.ttc.org.tw - 83 - Computer Centers  Recommended countermeasures — example  Infrastructure S 1.56 Secondary power supply –Emergency Power Supply –UPS

84. Forward-Looking, Professional, Energetic www.ttc.org.tw - 84 - Brief Outline of Existing Modules Non-Networked Systems

85. Forward-Looking, Professional, Energetic www.ttc.org.tw - 85 - Non-Networked Systems  DOS PC (single user)  UNIX Systems  Laptop PCs  PCs with a Non-Constant User Population  PC under Windows NT  PC with Windows 95  Windows 2000 Client  Internet PC  Stand-Alone IT systems

86. Forward-Looking, Professional, Energetic www.ttc.org.tw - 86 - DOS PC (Single User)  This module specifies the safeguards which must be adhered to when using a normal PC that is routinely used by several users. Subjects covered include PC security products, password protection, use of a virus detection program, regular backups.

87. Forward-Looking, Professional, Energetic www.ttc.org.tw - 87 - DOS PC (Single User)  Threat Scenario — example  Human Error T 3.8 Improper use of the IT system –The terminal is not locked during temporary absence

88. Forward-Looking, Professional, Energetic www.ttc.org.tw - 88 - DOS PC (Single User)  Recommended countermeasures — example  Hardware and Software S 4.2 Screen Lock –It should be possible for the user to activate the screen lock manually –The screen lock should be automatically initiated after a predefined period of inactivity

89. Forward-Looking, Professional, Energetic www.ttc.org.tw - 89 - UNIX Systems  This module considers IT systems which run under the UNIX or Linux operating systems and are operated either on a stand-alone basis or as a client in a network. Terminals or PCs which are run as terminals can be connected. Both organizational and UNIX-specific safeguards are listed.

90. Forward-Looking, Professional, Energetic www.ttc.org.tw - 90 - UNIX Systems  Threat Scenario — example  Deliberate Acts T 5.19 Abuse of Administrator rights –Misuse of user rights entails the deliberate exploitation of opportunities acquired either rightfully or illicitly to harm a system or its users

91. Forward-Looking, Professional, Energetic www.ttc.org.tw - 91 - UNIX Systems  Recommended countermeasures — example  Personnel S 3.10 Selection of a trustworthy administrator and his substitute –Administrators and their deputies can access, and possibly alter, all stored data and allocate rights in a way that allows serious potential misuse

92. Forward-Looking, Professional, Energetic www.ttc.org.tw - 92 - Laptop PCs  Compared with a normal PC, a portable PC (laptop) requires additional IT security safeguards because it is exposed to other threats due to its mobile nature. Examples of additional safeguards which apply to laptop PCs are suitable safe- keeping during mobile use and use of an encryption product.

93. Forward-Looking, Professional, Energetic www.ttc.org.tw - 93 - Laptop PCs  Threat Scenario — example  Deliberate Acts T 5.4 Theft –Theft of IT equipment, accessories, software or data results not only in the expense of having to replace the equipment or to restore it to working order, but also in losses resulting from lack of availability. Loss of confidentiality and the results of this can also be damaging

94. Forward-Looking, Professional, Energetic www.ttc.org.tw - 94 - Laptop PCs  Recommended countermeasures — example  Hardware and Software S 4.29 Use of an encryption production for laptop PCs –In order to prevent sensitive data being read from a laptop PC which, despite all precaution, has been stolen, an encryption program should be used

95. Forward-Looking, Professional, Energetic www.ttc.org.tw - 95 - 歷年來國際重大資料遺失案件列表 發生時間當事人遺失途徑事件嚴重性 2000 年 3 月英國國家安全局幹員筆記型電腦於倫敦 火車站被竊 遺失北愛爾蘭的機密資料 2001 年 4 月英國國防部軍官將筆記型電腦遺忘 在計程車後座 國防機密丟失 2005 年 3 月加州柏克萊大學研究所 入學許可辦公室 筆記型電腦於辦公 室內被竊 9.8 萬人姓名、出生日、住址、 和社會安全號碼外洩 2006 年 2 月美國會計師事務所 Ernst & Young 員工 放在汽車中的筆記 型電腦隨著汽車一 起失竊 會計公司客戶 Hotel.com 的 24.3 萬名顧客資料，計有姓名、地址、 和信用卡號 2006 年 4 月美國退伍軍人事務部員 工 工作用筆記型電腦 於家中失竊 全美 2,600 萬名退伍軍人，與其 配偶的個人資料全部外洩 2006 年 5 月美國學生貸款公司 Texas Guaranteed Student Loan 的 IT 顧問 遺失存有重要資料 的硬碟 130 萬名顧客身份會有遭盜用的 可能 資料來源： DIGITIME 企業 IT 整理， 2006/8

96. Forward-Looking, Professional, Energetic www.ttc.org.tw - 96 - 筆記型電腦安全機制 智慧卡應用 (HP 提供 ) 手掌靜脈辨識 ( 毛履兆攝影 ) TPM ( 台灣聯想提供 )

97. Forward-Looking, Professional, Energetic www.ttc.org.tw - 97 - 安全防護等級建議配備 Security Level Security Chip Enabled System Password Set Hard Drive Password Set Secure Windows Login Fingerprint Available Outstandin g Yes SuperiorYesNoYes GoodNo Yes NormalNo Yes 資料來源： Wave System 網站、 DIGITIME 企業 IT 整理， 2006/8

98. Forward-Looking, Professional, Energetic www.ttc.org.tw - 98 - Brief Outline of Existing Modules Networked Systems

99. Forward-Looking, Professional, Energetic www.ttc.org.tw - 99 - Networked Systems  Server-Supported Network  UNIX Servers  Peer-to-Peer Services  Windows NT Network  Novell Netware 3.x  Novel Netware 4.x  Heterogeneous networks  Network and System Management  Windows 2000 Server  S/390 and zSeries Mainframes

100. Forward-Looking, Professional, Energetic www.ttc.org.tw - 100 - Server-Supported Network  The necessary safeguards that must be taken into account when operating a server-supported network are explained in this module. These considerations are independent of the server and client operating systems.

101. Forward-Looking, Professional, Energetic www.ttc.org.tw - 101 - Server-Supported Network  Threat Scenario — example  Deliberate Acts T 5.21 Trojan horses –TROJ_Generic

102. Forward-Looking, Professional, Energetic www.ttc.org.tw - 102 - Server-Supported Network  Recommended countermeasures — example  Organization S 2.204 Prevention of insecure network access –Every communication to the internal network must without exception be effected over a secure channel

103. Forward-Looking, Professional, Energetic www.ttc.org.tw - 103 - Peer-to-Peer Services  This section describes how a peer-to- peer service can be securely operated for IT Baseline Protection. Topics include the design of such a network from the point of view of security, administrative options and functional limitations.

104. Forward-Looking, Professional, Energetic www.ttc.org.tw - 104 - Peer-to-Peer Services  Threat Scenario — example  Organization Shortcoming T 2.25 Reduction of transmission or execution speed caused by Peer-to-Peer functions –BT –emule –Kazza –edonkey –ezPeer

105. Forward-Looking, Professional, Energetic www.ttc.org.tw - 105 - Peer-to-Peer Services  Recommended countermeasures — example  Organization S 2.67 Defining a security strategy for peer-to-peer networks –The service to be performed by each operating system and the scope of this service should first be defined –In particular, it should be clarified whether the peer-to- peer functions of the operating system, i.e. shared resources such as printers or directories should be used at all.

106. Forward-Looking, Professional, Energetic www.ttc.org.tw - 106 - Brief Outline of Existing Modules Data Transmission Systems

107. Forward-Looking, Professional, Energetic www.ttc.org.tw - 107 - Data Transmission Systems  Exchange of Data Media  Modem  Security Gateway (firewall)  E-mail  Web Servers  Remote Access  Lotus Notes  Internet Information Server  Apache Web Server  Exchange/Outlook 2000  Routers and Switches

108. Forward-Looking, Professional, Energetic www.ttc.org.tw - 108 - Exchange of Data Media  This module describes the safeguards which should be considered when exchanging data media. Technical measures, such as encryption, are described, as well as the correct choice of delivery method. These measures are addressed particularly at situations where data media are exchanged on a regular basis.

109. Forward-Looking, Professional, Energetic www.ttc.org.tw - 109 - Exchange of Data Media  Threat Scenario — example  Deliberate Acts T 5.29 Unauthorized copying of data media –Confidential engineering results are to be transported from a development laboratory in town X to a production site in town Y. If the data media are mailed without any supervision or control, the possibility cannot be excluded that the information on them could be copied illegally and perhaps sold to a competitor, without detection of this disclosure of information

110. Forward-Looking, Professional, Energetic www.ttc.org.tw - 110 - Exchange of Data Media  Recommended countermeasures — example  Hardware and Software S 4.34 Using encryption, checksums or digital signatures –Protection of confidentiality by means of encryption –Integrity protection using checksums, encryption or digital signatures

111. Forward-Looking, Professional, Energetic www.ttc.org.tw - 111 - E-mail  The safeguards required for secure communication via e-mail on the part of both the mail server and the mail client are listed. The safeguards that have to be observed by the users are also presented.

112. Forward-Looking, Professional, Energetic www.ttc.org.tw - 112 - E-mail  Threat Scenario — example  Deliberate Acts T 5.71 Loss of confidentiality of classified information –Monitoring data transmission lines

113. Forward-Looking, Professional, Energetic www.ttc.org.tw - 113 - E-mail  Recommended countermeasures — example  Communication S 5.63 Use of GnuPG or PGP –Encryption and digital signatures

114. Forward-Looking, Professional, Energetic www.ttc.org.tw - 114 - Web Servers  A web server is an IT system which makes files from an information database available to web clients. A web client, also called a browser, displays the information from a web server on the user's computer. The security of web usage is based on the security of the web server, the web client and the communications link between the two. The "Web Servers" module describes the safeguards required for secure use of the web.

115. Forward-Looking, Professional, Energetic www.ttc.org.tw - 115 - Web Servers  Threat Scenario — example  Technical Failures T 4.39 Software design errors –XSS

116. Forward-Looking, Professional, Energetic www.ttc.org.tw - 116 - Web Servers  Recommended countermeasures — example  Organization S 2.173 Determining a web security strategy –The requirements specified in the web security strategy can then be used as the basis for regular checking of whether the measures taken are in fact adequate

117. Forward-Looking, Professional, Energetic www.ttc.org.tw - 117 - Web 2.0  WEB2.0 是由美國出版媒體公司 O'REILLY 在 一場會議上所提出，其中最大的一項革命性 變化是從 1.0 時代的民主化，進階轉型到互動、 參與和共享精神。這類似軟體業界開放程式 碼的概念，讓使用者自由發揮，開發出不同 的應用。部落格 (BLOG) 、影音共享的 YOUTUBE 、網路相簿 FLICKR 以及維基百科 全書 (WIKIPEDIA) 等，都是在 WEB2.0 時代中 最熱門的網站。

118. Forward-Looking, Professional, Energetic www.ttc.org.tw - 118 - Web 2.0 Security Issue  Ajax 是一系列用來使網頁更具互動性的技術 的總稱。運用這些技術，網頁與服務器可自 動交換少量數據，以刷新部分網頁（如不斷 變化的股價或比分），讓網頁「活」起來。  同時造就了 XSS 漏洞更活耀的舞台。

119. Forward-Looking, Professional, Energetic www.ttc.org.tw - 119 - Web 2.0 Security Event  利用 XSS 漏洞的最著名事件，是 2005 年 10 月份 MySpace 網站遭到的相對 良性攻擊。  19 歲的洛杉磯軟體開發員「 Samy 」編寫了一段蠕蟲程序，令他獲得了逾 100 萬網上「好友」，直至 MySpace 使該程序失效。他在自己的 MySpace 簡介裡，置入一段 JavaScript 代碼，這樣每個查看簡介的人會 在不知不覺中執行這段代碼。這段代碼把他列為該用戶的好友之一，而 在通常情況下，列為好友需要得到該用戶的同意，但他寫的蠕蟲使用 Ajax 技術，使之在後台批准他的請求。  接著，該蠕蟲會打開該用戶自己的簡介，把惡意代碼復制進去，並把 Samy 添加到那裡的任何英雄列表中，還附上一句話：「 Samy 是我最敬 佩的英雄」。同樣，任何查看該用戶簡介的人也會被感染，這樣 Samy 的 名聲和「人氣」迅速擴大到 100 萬 MySpace 會員。  此時，該網站的管理員才發覺大量活動，被迫將 MySpace 關閉數小時， 以清除該蠕蟲病毒。 資料來源：英國金融時報整理， 2006/8

120. Forward-Looking, Professional, Energetic www.ttc.org.tw - 120 - Brief Outline of Existing Modules Telecommunications

121. Forward-Looking, Professional, Energetic www.ttc.org.tw - 121 - Telecommunications  Telecommunications System (Private Branch Exchange, PBX)  Fax Machine  Answering Machine  Lan Connection of an IT system via ISDN  Fax Servers  Mobile Phones  PDAs

122. Forward-Looking, Professional, Energetic www.ttc.org.tw - 122 - Mobile Phones  This section presents a set of security safeguards for the components mobile phone.

123. Forward-Looking, Professional, Energetic www.ttc.org.tw - 123 - Mobile Phones  Threat Scenario — example  Deliberate Acts T 5.2 Manipulation of data or software –There are a number of ways in which data or software can be manipulated: through incorrect data input, changes to access rights, modification of accounting data or correspondence, changes to the operating system software etc

124. Forward-Looking, Professional, Energetic www.ttc.org.tw - 124 - Mobile Phones  Recommended countermeasures — example  Hardware and Software S 4.114 Use of the security mechanisms provided on mobile phones –Firewall –Anti-virus –IDS –USIM Card (certified by Common Criteria) –DRM

125. Forward-Looking, Professional, Energetic www.ttc.org.tw - 125 - Mobile Phone Virus 名稱類型平台特性破壞性 SymbOS.Commwarrior.A ( 武士病毒 ) 蠕蟲 SPAM EPOC 透過藍芽、 MMS 傳輸  破壞手機系統及應用程式無法正常運作  散播 MMS 給通訊錄中最多 256 個朋友、造 成手機通訊費用增加  利用社交工程手法，誘使接收著開啟 MMS  每月 14 日第一個小時會重新啟動裝置系統 SYMBOS-DAMPIG.A ( 呆豬病毒 ) 特洛伊 木馬 EPOC 透過藍芽傳 輸  關閉應用程式並植入許多種的食人魚變種 蠕蟲  破壞手機系統及應用程式無法正常運作 SYMBOS_SKULLS.E ( 骷髏頭病毒 ) 特洛伊 木馬 EPOC 透過藍芽傳 輸  會將應用程式圖示取代成骷髏頭  破壞手機系統及應用程式無法正常運作  使用者必須將手機重置，但通訊錄或檔案、 程式將會全部消失  其他變種會偽成新版的 Flash 播放軟體  其他變動會植入食人魚、病毒等惡意程式 SymbOS.Doomboot.A 特洛伊 木馬 EPOC  會分別在手機裝置內植入惡意程式與 SymbOS.Commwarrior.B 的複製檔  裝置重新啟動後，惡意程式會開啟並造成 手機部份功能無法運作 資料來源：電子時報整理， 2005/8

126. Forward-Looking, Professional, Energetic www.ttc.org.tw - 126 - Mobile Phone Virus 名稱類型平台特性破壞性 SymbOS.Cabir.M ( 食人魚 ) 蠕蟲 EPOC 透過藍芽傳 輸  攻擊手機附近藍芽手機或裝置 ( 如藍芽印表 機等 )  阻斷手機藍芽的連結與傳輸  頻繁使用藍芽介面，造成手機電池的消耗 殆盡 SymbOS.Lasco.A 病毒 蠕蟲 EPOC 透過藍芽傳 輸  既是藍芽蠕蟲，也是會造成感染的病毒  會出現是否要透過藍芽接收訊息的提示文 字  會嘗將自己傳給其他藍芽裝置 SymbOS.Fontal.A 特洛伊 木馬 EPOC 手機檔共用 或網際網路 聊天傳輸  向手機作業系統植入惡意檔，手機重新啟 動時系統將無法開啟  破壞手機作業系統的程式管理器，阻止用 戶下載安全新的應用程式，也阻止用戶將病 毒刪除  只有將手機記憶體格式化並重新安裝作業 系統，但重要資料將喪失 SYMBOS_LOCKNUT 特洛伊 木馬 EPOC 藍芽  會造成某些按鍵失效，甚至讓使用者的電 話當機  透過弱點導致 Symbian OS 7.0 裝置當機  少數變動會安全食人魚蠕蟲 資料來源：電子時報整理， 2005/8

127. Forward-Looking, Professional, Energetic www.ttc.org.tw - 127 - Mobile Phone Virus 名稱類型平台特性破壞性 Sms_flood 駭客程 式 MMS  專門針對能夠發送短信的網站，利用其功 能上的一些漏洞向用戶手機發送大量短信  給中毒用戶帶來了成倍的短信開支 VBS.Timofonica 蠕蟲 Windo ws Outlook  該病毒通過運營商的系統向任意用戶發送 罵人短信  透過 Outlook 來大量散播  屬 VB 描述語言蠕蟲 EPOC.Ghost.Joke 玩笑程 式 EPOC 透過郵件  會在螢幕左上角出現 ”Everyone hates you” 等訊息窗 EPOC.Sprite.Joke 玩笑程 式 EPOC 透過郵件  會不斷出現劃過螢幕的小飛機 EPOC.Nice.Joke 玩笑程 式 EPOC 透過郵件  會在螢幕左上角出現不同訊息的小視窗， 如 ”Just do it” EPOC.Lights.Joke 玩笑程 式 EPOC 透過郵件  會續不斷地閃爍手機螢幕 EPOC.FalseAlarm.Joke 玩笑程 式 EPOC 透過郵件  會出現警告嗶聲 資料來源：電子時報整理， 2005/8

128. Forward-Looking, Professional, Energetic www.ttc.org.tw - 128 - Mobile Phone Virus 名稱類型平台特性破壞性 EPOC.Fake.Joke 玩笑程 式 EPOC3 2 透過郵件  出現騙人的格式化畫面 EPOC.Disowner.Joke (EPOC_BANDINFO.A) 玩笑程 式 EPOC3 2 透過郵件  會修改用戶資訊改為 ”Some fool own this”  會建新一個新目錄夾，用來儲存組態檔及 原始用戶資訊 EPOC.Alone.Joke 玩笑程 式 EPOC 透過郵件  會假裝正透過紅外線在下載惡意程式  接著出現 WARNING-VIRUS 的訊息  會鎖住手機鍵鑑，必須輸入 ”Leave me alone” 才能恢復正常 Backdoor.Brador.A 後門程 式 WinCE 透過郵件  針對 Windows Mobile 2003 或只感染 Strong ARM-Based 裝置  會不斷地透過 Email 將中毒裝置的 IP 位置傳 給攻擊駭客，同時的打開 TCP Port 2989 並 等待攻擊者的進一步指示  駭客可遠端執行目錄內容列表、上下載檔 案、顯示訊息窗或執行特定指令 資料來源：電子時報整理， 2005/8

129. Forward-Looking, Professional, Energetic www.ttc.org.tw - 129 - 手機中毒畫面 食人魚病毒中毒畫面 （賽門鐵克網站） Sprite 病毒會在畫面上出現飛來飛去的小飛機 （賽門鐵克網站） SYMBOS_SKULLS.E 骷髏頭病毒中毒畫面 （賽門鐵克網站）

130. Forward-Looking, Professional, Energetic www.ttc.org.tw - 130 -  2000 年全球第一隻手機病毒 Timofonica 的出 現，起初手機上的病毒攻擊，多半仍以 PC 平 台為攻擊基地。隨著 WAP 、 GPRS 、藍芽、 WiFi 、 3G 傳輸技術、 HSDPA 及 WiMAX 的接 連問市，手機病毒才開始有了散播的途徑。 除此之外， MMS 簡訊的大行其道，更成為手 機病毒藉以大量散佈的最佳管道。

131. Forward-Looking, Professional, Energetic www.ttc.org.tw - 131 - Brief Outline of Existing Modules Other IT Components

132. Forward-Looking, Professional, Energetic www.ttc.org.tw - 132 - Other IT Components  Standard Software  Databases  Telecommuting  Novel eDirectory  Archiving

133. Forward-Looking, Professional, Energetic www.ttc.org.tw - 133 - Standard Software  A procedure is described as to how the life cycle of standard software can be structured, i.e. requirements catalogue, selection, testing, approval, installation and deinstallation. Aspects such as functionality tests and security characteristics, installation instructions and release notices are described.

134. Forward-Looking, Professional, Energetic www.ttc.org.tw - 134 - Standard Software  Threat Scenario — example  Organization Shortcomings T 2.29 Software testing with production data –Software is tested with copies of production data in an isolated test environment

135. Forward-Looking, Professional, Energetic www.ttc.org.tw - 135 - Standard Software  Recommended countermeasures — example  Organization S 2.83 Testing standard software –Creating test data and test cases »Standard cases »limit values »Error cases »Exceptional cases

136. Forward-Looking, Professional, Energetic www.ttc.org.tw - 136 - Common Software Security Problem  Range & Type Errors  Buffer overflow  “Write-what-where” condition  Stack overflow  Heap overflow  Buffer underwrite  Wrap-around error  Integer overflow  Integer coercion error  Truncation error  Sign extension error

137. Forward-Looking, Professional, Energetic www.ttc.org.tw - 137 - Common Software Security Problem  Range & Type Errors  Signed to unsigned conversion error  Unsigned to signed conversion error  Unchecked array indexing  Miscalculated null termination  Improper string length checking  Covert storage channel  Failure to account for default case in switch  Null-pointer dereference  Using freed memory  Doubly freeing memory

138. Forward-Looking, Professional, Energetic www.ttc.org.tw - 138 - Common Software Security Problem  Range & Type Errors  Invoking untrusted mobile code  Cross-site scripting  Format string problem  Injection problem (“data” used as something else)  Command injection  Log injection  Reflection injection  SQL injection  Deserialization of untrusted data

139. Forward-Looking, Professional, Energetic www.ttc.org.tw - 139 - Common Software Security Problem  Environmental Problems  Reliance on data layout  Relative path library search  Relying on package-level scope  Insufficient entropy in PRNG  Failure of TRNG  Publicizing of private data when using inner classes  Trust of system event data  Resource exhaustion (file descriptor, disk space, sockets,...)  Information leak through class cloning  Information leak through serialization  Overflow of static internal buffer

140. Forward-Looking, Professional, Energetic www.ttc.org.tw - 140 - Common Software Security Problem  Synchronization & Timing Errors  State synchronization error  Covert timing channel  Symbolic name not mapping to correct object  Time of check, time of use race condition  Comparing classes by name  Race condition in switch  Race condition in signal handler  Unsafe function call from a signal handler  Failure to drop privileges when reasonable  Race condition in checking for certificate revocation

141. Forward-Looking, Professional, Energetic www.ttc.org.tw - 141 - Common Software Security Problem  Synchronization & Timing Errors  Passing mutable objects to an untrusted method  Mutable object returned  Accidental leaking of sensitive information through error messages  Accidental leaking of sensitive information through sent data  Accidental leaking of sensitive information through data queries  Race condition within a thread  Reflection attack in an auth protocol  Capture-replay

142. Forward-Looking, Professional, Energetic www.ttc.org.tw - 142 - Common Software Security Problem  Protocol Errors  Failure to follow chain of trust in certificate validation  Key exchange without entity authentication  Failure to validate host-specific certificate data  Failure to validate certificate expiration  Failure to check for certificate revocation  Failure to encrypt data  Failure to add integrity check value  Failure to check integrity check value  Use of hard-coded password  Use of hard-coded cryptographic key

143. Forward-Looking, Professional, Energetic www.ttc.org.tw - 143 - Common Software Security Problem  Protocol Errors  Storing passwords in a recoverable format  Trusting self-reported IP address  Trusting self-reported DNS name  Using referrer field for authentication  Using a broken or risky cryptographic algorithm  Using password systems  Using single-factor authentication  Not allowing password aging  Allowing password aging  Reusing a nonce, key pair in encryption

144. Forward-Looking, Professional, Energetic www.ttc.org.tw - 144 - Common Software Security Problem  Protocol Errors  Using a key past its expiration date  Not using a random IV with CBC mode  Failure to protect stored data from modification  Failure to provide confidentiality for stored data

145. Forward-Looking, Professional, Energetic www.ttc.org.tw - 145 - Common Software Security Problem  General Logic Errors  Ignored function return value  Missing parameter  Misinterpreted function return value  Uninitialized variable  Duplicate key in associative list (alist)  Deletion of data-structure sentinel  Addition of data-structure sentinel  Use of sizeof() on a pointer type  Unintentional pointer scaling  Improper pointer subtraction

146. Forward-Looking, Professional, Energetic www.ttc.org.tw - 146 - Common Software Security Problem  General Logic Errors  Assigning instead of comparing  Comparing instead of assigning  Incorrect block delimitation  Omitted break statement  Improper cleanup on thrown exception  Uncaught exception  Improper error handling  Improper temp file opening  Guessed or visible temporary file  Failure to deallocate data  Non-cryptographic PRNG  Failure to check whether privileges were dropped successfully

147. Forward-Looking, Professional, Energetic www.ttc.org.tw - 147 - 簡報完畢 敬請指教

148. Forward-Looking, Professional, Energetic www.ttc.org.tw - 148 - 連絡資訊 財團法人電信技術中心 評估師 楊詔同 地址： 220 台北縣板橋市四川路 1 段 326 號 4 樓 辦公室電話： 02-89535600 ext 217 傳真： 02-89535655 E-mail ： spencer@ttc.org.tw spencer@ttc.org.tw URL ： http://www.ttc.org.tw http://www.ttc.org.tw ITBPM Consultant ISO 15408 Evaluator ISO 27001 Lead Auditor