# Conference Record 緩解方案 -> 系統漏洞（系統/軟件沒更新）  ## 定期釣魚郵件測試 & 可能危害 第一次：20% 被釣到，第二次10% > Not enough, must improve further Possible Scenario: Employee2 Computer got phished -> Possible Behaviour: 1. Complete Data loss 2. Computer remotely controlled (CMC) -> Can manipulate devices in internal netowrk (ex. ERP), can attack these devices 3. Can use IP scanning to see which devices are open 4. malicious traffic masked by IP scanning ## How to solve this? ### Setting up Noval OS Server In between ERP Server & Employees set up normal server (can be PC & Server)  * Noval OS Server: constantly updates stuff * Employee: pushed data to normal server, say got phished the malicious data (packets) will be contained within normal server, and will not harm ERP server. :::info **goal** solve loophole persisting in OS layer ::: :::warning Company Comments 1. What OS is required? Linux / Ubuntu...(Linux Distributions) 2. Trigger Application is already present, hard to know if can be successfully implemented, have to ask the company responsible for the ERP system. 3. Possible effects to performance? Needs further evaluation. ::: ### Let's make it safer! :::danger Enemy attack from within, also need to implement safety measures within the ERP server to prevent internal loopholes Ex. Got root priv. / SQL injection ::: Solution: WAF in between Noval OS and ERP Server  Might use SQL injection -> WAF detects the attack -> WAF blocks attack by dropping malicious traffic * ==challenging implementation !== * Such attack hard to come by (-> no practical need to actually implement this!) :::warning **Comments** * Needs to consult ERP server company ::: Solution 2: **Use traffic surveillance to know where attack is coming from.** Reasons: Attacker might DoS ERP Server To-Do: Track traffic coming to ERP server and detect anything suspicious. Recommended Tracking Appications: Appflow :::warning **Comments** 1. 實際運行可能性存疑 2. 可否真正引用程式 3. 程式都在資料庫裡面 4. 主要為資安人員沒有這方面專業 5. 沒有這個目前也抓得出異常流量 6. 問過廠商，當時有報價，會裝EDR系統，監控ERP server異常行為，不清楚現今版本的EDR是否能支援 ::: :::success Reply EDR -> Only suited for traffic tracking, cannot defend against attacks directed to OS ::: ## 引入ISO-27001？ :::warning **Comment** 目前沒有考慮 ::: 可以先制定資安政策問題 * 防火牆 * 適當架構 我們可以供ISO導入前置工作：資安相關工作、相關規範、相關政策 :::warning **Comments** User 使用時綁手綁腳 -> 引發反彈 Ex 文件加密： User覺得不方便，使用時需要遠端連線，若讓User自行連線，則需要購買License，成本過高，效益差 ::: ### 資安意識問題 * 員工亂貼密碼在螢幕上，有想引入密碼管理器的想法？ :::warning **Comment** 沒有規劃，多一個系統 = 多一個風險 若密碼管理器掌握公司員工密碼，造成更大資安危害 ::: <-> 對比人為不確定性，降低其他層面資安危害，減緩人為方面問題 :::warning **Comment** 日後趨向無密碼方式（看出來甲方真的不想裝） ::: ### 未來展望 提出公司方面希望改善的部分，我們就此處理，就效能、使用者方便性著重考慮 :::warning 公司資安走向 Server 主機維護NDR（委託給外面廠商管理），給其他廠商24小時進行管理 改進地方： 1. NAC 網路存取控制 （User產線，用Wi-Fi連內部網路，其中存在資安風險） 2. 還沒想到，跟工程師討論 ::: ### 下次訪談內容 * 資安政策 * 引入NDR、NAC想法 * 分享導入NDR、NAC經驗