Please enable JavaScript.

Coggle requires JavaScript to display documents.

정보보안 총괄 (Computer Science [ACM(Association for Computing Machinery) 분류]…

- - - - Types
        
        Relational DataBase(RDB)
        [TTA]
        
        Types
        
        ORACLE
        
        SQLite
        
        MySQL
        
        Related Secuirty Command
        
        skip-networking : 서버는 로컬에서의 유닉스 소켓 접속만을 허용하게 된다.
        
        PostgreSQL
        
        IBM - DB2
        
        SQL Server
        
        Structured Query Language(SQL)
        [코글]
        
        데이터 처리 조작 언어
        (DML, Data Manipulation Language)
        
        Derivative or Supplement
        
        Prepared Statement
        [위키] [블로그-효율내용] [티스토리-보안]
        
        In database management systems (DBMS), a prepared statement or parameterized statement is a feature used to execute the same or similar database statements repeatedly with high efficiency.
        
        데이터 접근 제어 언어
        (DCL, data control language)
        
        데이터 정의어
        (DDL, Data Definition Language)
        
        NoSQL
        [TTA]
        
        제품종류
        
        아파치 카산드라(Apache Cassandra)
        
        하둡(Hadoop)
        
        몽고디비(MongoDB)
    - - 멤캐시디
        (Memcached)
        [위키]
        
        Issue
        
        어마어마한 증폭 가능케 해주는 멤캐시드, 새로운 위협(180228)
        [보안뉴스]
    - - 접근통제
      - 추론통제
      - 흐름통제
  - - - Advanced Persistent Threat(APT)
        [wiki]
        
        라이프 사이클
        [위키]
        
        Initial compromise
        
        Establish foothold
        
        Escalate privileges
        
        Internal reconnaissance
        
        Move laterally
        
        Maintain presence
        
        Complete mission
    - - IT 베이스라인 방어 접근법
        (IT Baseline Protection)
        [위키]
        
        The IT baseline protection approach from the German Federal Office for Information Security is a methodology to identify and implement computer security measures in an organization.
      - 업무연속성계획(BCP)
        (Business Continuity Planning)
        [위키]
        
        Business continuity planning (or business continuity and resiliency planning) is the process of creating systems of prevention and recovery to deal with potential threats to a company. In addition to prevention, the goal is to enable ongoing operations before and during execution of disaster recovery.
      - Firewall
        [Wiki]
        
        firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.
        
        Software
        
        Linux
        
        Apps
        
        Netfilter
        [wiki]
        
        Netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers.
        
        ipset
        
        iptables
        [wiki] [Tutorial] [Blog-Tutorial2] [limit 보충설명]
        
        iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules
        
        NuFW
        
        Linux distribution(distro)
        
        Derivative or Supplement
        
        Web Application Firewall
        [wiki]
        
        A web application firewall (or WAF) filters, monitors, and blocks HTTP traffic to and from a web application. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications while regular firewalls serve as a safety gate between servers. By inspecting HTTP traffic, it can prevent attacks stemming from web application security flaws, such as SQL injection, cross-site scripting (XSS), file inclusion, and security misconfigurations.
        
        Software
        
        ModSecurity (Modsec)
        [wiki]
        
        ModSecurity, sometimes called Modsec, is an open-source web application firewall (WAF). Originally designed as a module for the Apache HTTP Server, it has evolved to provide an array of Hypertext Transfer Protocol request and response filtering capabilities along with other security features across a number of different platforms including Apache HTTP Server, Microsoft IIS and Nginx.
      - Application Security
        [wiki]
        
        Application security encompasses measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
        
        Types
        
        Secure Coding
        [wiki]
        
        Secure coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities.
      - Authentication
        [wiki]
        Authentication is the act of proving an assertion, such as the identity of a computer system user.
        
        Password Authentication
        
        Credential Stuffing
        [wiki]
        
        Credential stuffing is a type of cyberattack where stolen account credentials typically consisting of lists of usernames and/or email addresses and the corresponding passwords (often from a data breach) are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application.
    - - Types of Attacks
        
        Networks are subject to attacks from malicious sources. Attacks can be from two categories: "Passive" when a network intruder intercepts data traveling through the network, and "Active" in which an intruder initiates commands to disrupt the network's normal operation or to conduct reconnaissance and lateral movements to find and gain access to assets available via the network.
        
        Active
        
        Injection Exploits
        
        SQL
        
        Computer Security Exploits
        
        SQL injection
        [TTA] [OWASP]
        
        Web Application Security
        [wiki] [TTA]
        
        Web application security is a branch of information security that deals specifically with security of websites, web applications and web services. At a high level, web application security draws on the principles of application security but applies them specifically to internet and web systems
        
        Cross Site Scripting(XSS)
        [TTA] [KISA] [OWASP]
        
        Dom(Document Object Model) 기반 XSS 공격
        (Dom-based vulnerabilities)
        
        반사 XSS 공격
        (Non-persistent or Reflected)
        
        웹 애플리케이션의 지정된 변수를 이용할 때 발생하는 취약점을 이용
        
        저장 XSS 공격
        (Persistent or Stored)
        
        취약한 웹 애플리케이션을 이용하여 웹 서버에 영구적으로 저장
        예) 게시판
        
        Cross-Site Request Fogery(CSRF)
        [KISA] [TTA]
        
        File Inclusion Vulnerability
        [wiki]
        
        A file inclusion vulnerability is a type of web vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time.
        
        (Address Resolution Protocol Spoofing)
        [TTA] [위키]
        
        Denial-of-Service Attack(DoS)
        [wiki]
        
        denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
        
        Attack Techniques
        
        Internet Control Message Protocol(ICMP) flood
        
        Smurf Attack
        [wiki]
        The Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address.
        
        1 more item...
        
        SYN Flood
        [wiki]
        
        A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.SYN flood is a protocol attack
        
        Slowloris
        [wiki)] [IT위키]
        
        Slowloris allows a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services and ports.
        
        Passive
        
        Sniffing
        
        Promiscuous Mode
        [wiki]
        
        promiscuous mode is a mode for a wired network interface controller (NIC) or wireless network interface controller (WNIC) that causes the controller to pass all traffic it receives to the central processing unit (CPU) rather than passing only the frames that the controller is specifically programmed to receive. This mode is normally used for packet sniffing that takes place on a router or on a computer connected to a wired network or one being part of a wireless LAN.
    - - 강제적 접근 통제(MAC)
        (Mandatory Access Control)
        [TTA] [IT위키]
      - 역할 기반 접근제어(RBAC)
        (Role Based Access Control)
        [TTA] [IT위키]
      - 벨-라파듈라 보안 모델
        (Bell-LaPadula Security Model)
        [TTA] [IT위키]
      - 비바 무결성 모델(Biba Integrity Model)
        [TTA] [IT위키]
      - 임의적 접근제어(DAC)
        (Discretionary Access Control)
        [TTA] [IT위키]
    - - Category
        
        IDS can be classified by where detection takes place (network or host) or the detection method that is employed (signature or anomaly-based)
        
        설치에 따른 분류
        (Analyzed Activity)
        
        호스트 기반 침입 탐지 시스템(HIDS)
        (Host Intrusion-Detection Systems)
        
        네트워크 기반 침입 탐지 시스템(NIDS)
        (Network Intrusion-Detection Systems)
        
        탐지방법에 따른 분류
        (Detection Method)
        
        시그니처 기반 탐지 or 지식기반 침입탐지
        (Signature-based) or (Misuse Detection)
        
        행위기반 탐지
        (Anomaly-based)
      - Derivative or Supplement
        
        침입방지시스템(IPS)
        (Intrusion Prevention System)
        [TTA] [위키]
        
        종류
        (Types)
        
        무선 침입 방지 시스템(WIPS)
        (Wireless Intrusion Prevention System)
        
        호스트 기반 침입 방지 시스템(HIPS)
        (Host-based Intrusion Prevention System)
        
        네트워크 기반 침입 방지 시스템(NIPS)
        (Network-based Intrusion Prevention System)
        
        탐지방법에 따른 분류
        (Detection Method)
        
        시그니처 기반 탐지
        (Signature-based Detection)
        
        통계적 이상 징후 기반 탐지
        (Statistical Anomaly-based Detection)
        
        상태 저장 프로토콜 분석 탐지
        (Stateful Protocol Analysis Detection)
        
        소프트웨어(SW)
        
        Snort
        [TTA] [TTA2-탐지규칙 요구사항] [wiki]
        
        Snort is a free open source network intrusion detection system and intrusion prevention system created in 1998 by Martin Roesch, founder and former CTO of Sourcefire. Snort is now developed by Cisco, which purchased Sourcefire in 2013.
      - 관련 용어
        (Related Terms)
        [위키]
        
        False Positive
        
        False Negative
    - - 암호학적 해시함수 & 메시지 인증코드
        (Cryptographic hash function)
        (Message Authentication Codes)
        [위키]
        
        공통 기능
        (Common Functions)
        
        메시지 다이제스트 알고리즘(MD5)
        (Message Digest Algorithm 5)
        [TTA] [MD5 익스플로잇]
    - - Types
        
        Supply Chain Attack
        [wiki]
        
        A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply network. A supply chain attack can occur in any industry, from the financial sector, oil industry or government sector. Cybercriminals typically tamper with the manufacturing process of a product by installing a rootkit or hardware-based spying components.
    - - Basic Principles
        
        Key Concepts
        
        Confidentiality
        
        Integrity
        
        Availability
        
        Non-repudiation
    - - Method
        
        White Box
        
        Gray Box
        
        Black Box
        [wiki]
        
        Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings.
      - Software Frameworks
        
        Burp Suite
        
        OWASP ZAP
      - Penetration Testing Phases
        
        1. Reconnaissance
        
        2. Scanning
        
        3. Gaining Access
        
        4. Maintaining Access
        
        5. Covering Tracks
  - - - 마크업 언어
        (Markup Language)
        
        하이퍼텍스트 마크업 언어(HTML)
        (HyperText Markup Language)
        [코글]
      - 스크립팅 언어
        (Scripting Language)
        [위키] [나무위키] [티스토리]
        
        파이썬(Python)
        [코글]
        
        객체 지향 기반 인터프리터 방식의 고급 프로그래밍 언어
        
        자바스크립트(JavaScript)
        
        클라이언트 사이드(client-side)
        [코글]
        
        하이퍼텍스트 프리프로세서(PHP) (Hypertext Preprocessor)
        [코글]
        
        서버 사이드(server-side)
      - 객체 지향 언어(OOL)
        (Object-Oriented Language)
        
        파이선(Python)
        [코글]
        
        객체 지향 기반 인터프리터 방식의
        고급 프로그래밍 언어
      - C and C++
        [코글]
      - 평가전략
        (Evaluation Strategy)
        [위키]
        
        Evaluation strategies are used by programming languages to determine two things—when to evaluate the arguments of a function call and what kind of value to pass to the function.
        
        Strict Evaluation
        
        In strict evaluation, the arguments to a function are always evaluated completely before the function is applied.
        
        Call by Value
        [GeeksforGeeks]
        
        Call by Reference
        [GeeksforGeeks]
      - 프로그래밍 언어 개념
        (Programming Language Concepts)
        
        자료형
        (Data Types)
        
        포인터
        (Pointer)
        [위키]
        
        Physical Address
        
        Virtual Address
  - - - Unix and Unix-like operating systems
        [위키]
        
        The Unix-like family is a diverse group of operating systems, with several major sub-categories including System V, BSD, and Linux. The name "UNIX" is a trademark of The Open Group which licenses it for use with any operating system that has been shown to conform to their definitions. "UNIX-like" is commonly used to refer to the large set of operating systems which resemble the original UNIX.
        
        Unix or Linux
        
        Linux Kernel
        [wiki]
        
        Technical
        
        Components
        
        장착형 인증 모듈(Linux PAM)
        (Pluggable Authenticaion Modules)
        [위키] [TTA] [안랩]
        
        APIs
        
        FileSystem
        [wiki]
        
        a file system or filesystem (often abbreviated to fs) controls how data is stored and retrieved. Without a file system, data placed in a storage medium would be one large body of data with no way to tell where one piece of data stops and the next begins.
        
        Conventional directory layout
        
        3 more items...
        
        Userspace
        
        Daemon
        [wiki]
        
        In multitasking computer operating systems, a daemon is a computer program that runs as a background process, rather than being under the direct control of an interactive user. Traditionally, the process names of a daemon end with the letter d, for clarification that the process is in fact a daemon, and for differentiation between a daemon and a normal computer program. For example, syslogd is a daemon that implements system logging facility, and sshd is a daemon that serves incoming SSH connections.
        
        1 more item...
        
        Unix user management and
        Support-related utilities
        
        Stubs
        
        utmp, wtmp, btmp
        
        keep track of all logins and logouts to the system
        [위키] [StackExchange]
        
        Command-Line Interface
        [wiki]
        
        A command-line interface (CLI) processes commands to a computer program in the form of lines of text. The program which handles the interface is called a command-line interpreter or command-line processor.
        
        Searching
        
        find
        [wiki] [블로그-사용법, 옵션]
        
        find is a command-line utility that locates files based on some user-specified criteria and then applies some requested action on each matched object.
        
        grep
        
        Access Rights Flags
        
        Set User ID(Setuid)
        
        4701 on an executable file owned by 'root' and the group 'root'
        
        A user named 'thompson' attempts to execute the file. The executable permission for all users is set (the '1') so 'thompson' can execute the file. The file owner is 'root' and the SUID permission is set (the '4') - so the file is executed as 'root'.
        
        Set Group ID(Setgid)
        
        Sticky Bit
        
        Packet Analyzer
        
        tcpdump
        [wiki] [티스토리-사용법]
        
        tcpdump is a data-network packet analyzer computer program that runs under a command line interface. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, tcpdump is free software.
      - Windows
        
        Microsoft Windows Components
        
        Security
        
        BitLocker
        [wiki]
        
        BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the AES encryption algorithm in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector.
  - - - 프로젝트 관리
        (Project Management)
        [위키]
        
        프로젝트 위험 관리
        (Project Risk Management)
        [위키]
        
        Risk management activities are applied to project management. Project risk is defined by PMI as, "an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives."
        
        위험관리계획
        (Risk Management Plan)
        [위키]
        
        A risk management plan is a document that a project manager prepares to foresee risks, estimate impacts, and define responses to risks.
        
        위험대응
        (Risk Response)
        
        회피(Avoid)
        
        Change plans to circumvent the problem
        
        제어(Control, Mitigate, Modify, Reduce)
        
        Reduce threat impact or likelihood (or both) through intermediate steps
        
        수용(Accept, Retain)
        
        Assume the chance of the negative impact (or auto-insurance), eventually budget the cost (e.g. via a contingency budget line)
        
        전가(Transfer, Share)
        
        Outsource risk (or a portion of the risk) to a third party or parties that can manage the outcome. This is done financially through insurance contracts or hedging transactions, or operationally through outsourcing an activity.
        
        정보보호 위험관리 가이드
        (KISA : 수탁기관[한국정보시스템감사통제협회])
        [KISA]
        
        정보보호관리체계 인증 획득에 관심이 있는 업체 및 기관이 정보보호관리체계를 쉽게 수립할 수 있도록 방법론과 설명을 제공하고 정보보호관리체계 인증제도에 대한 해설서를 제공함으로써 수요기관의 정보보호 수준을 향상시키고 정보보호관리체계 인증을 활성화시켜 궁극적으로 국가정보통신기반의 신뢰성 확보 및 정보보호수준을 제고하는데 그 목적이 있다.
        
        제3장 위험분석 방법론
        
        제1절 위험의 구성요소
        
        위험의 구성 요소
        
        4 more items...
        
        제2절 위험분석 방법론 소개
        
        정보기술 보안 관리를 위한 국제 표준 지침인 ISO / IEC 13335-1에서는 위험분석 전략을 크게 4가지로 나눈다.
        
        베이스라인 접근법(Baseline Approach)
        
        비정형 접근법(Informal Approach)
        
        상세 위험분석(Detailed Risk Analysis)
        
        복합 접근법(Combined Approach)
        
        상세 위험분석
        
        2 more items...
  - - - 메모리 관리
        (Memory Management)
        [위키]
        
        Memory management is a form of resource management applied to computer memory. The essential requirement of memory management is to provide ways to dynamically allocate portions of memory to programs at their request, and free it for reuse when no longer needed.
        
        Memory Safety
        [위키]
        
        Memory safety is the state of being protected from various software bugs and security vulnerabilities when dealing with memory access, such as buffer overflows and dangling pointers.
        
        Buffer Overflow or Buffer Overrun
        [위키]
        
        Exploitation
        
        Stack-based Exploitation
        [위키]
        
        Protection Schemes
        
        3 more items...
        
        Heap-based Exploitation
        [wiki]
        
        Memory on the heap is dynamically allocated at runtime and typically contains program data. Exploitation is performed by corrupting this data in specific ways to cause the application to overwrite internal structures such as linked list pointers.
  - - - Types
        
        Computer Forensics
- - - - 한국정보보호산업협회(KISIA)
        (Korea Information Security Industry Association)
      - 한국정보통신기술협회(TTA)
        (Telecommunications Technology Association)
      - 한국인터넷진흥원(KISA)
        (Korea Internet & Security Agency)
        [wiki]
        
        The Korea Internet & Security Agency is the Ministry of Science and ICT's sub-organization dealing with the allocation and maintenance of South Korea's IPv4/IPv6 address space (and the related WHOIS information), Autonomous System Numbers, and the .kr country code top-level domain (ccTLD), and also responsible for cybersecurity of the Internet within South Korea, and runs the Korea Computer Emergency Response Team Coordination Center, a.k.a. KrCERT/CC, for the private sector of the country.
        
        소프트웨어 개발보안 가이드
        
        주요정보통신기반시설 기술적 취약점
        분석ㆍ평가 방법 상세가이드
        
        사이버위협 경보단계
        [KISA]
        
        정보보호 및 개인정보보호관리체계 인증(ISMS-P)
        (Personal information & Information Security Management System)
        [KISA]
        
        관리체계 수립 및 운영
        
        보호대책 요구사항
        
        개인정보 처리단계별 요구사항
        
        소프트웨어 보안약점 진단가이드
    - - 행정안전부(MOIS)
        (Ministry of the Interior and Safety)
        
        소프트웨어 개발보안 가이드
        
        소프트웨어 보안약점 진단가이드
      - 과학기술정보통신부(MSIT)
        (Ministry of Science and ICT)
        
        주요정보통신기반시설 기술적 취약점
        분석ㆍ평가 방법 상세가이드
    - - 정보통신망 이용 촉진 및 정보보호등에 관한 법률(정보통신망법)
        [국가법령정보센터]
        
        이 법은 정보통신망의 이용을 촉진하고 정보통신서비스를 이용하는 자를 보호함과 아울러 정보통신망을 건전하고 안전하게 이용할 수 있는 환경을 조성하여 국민생활의 향상과 공공복리의 증진에 이바지함을 목적으로 한다.
        
        시행령
        
        제17조(개인정보 이용내역의 통지)
        ② 법 제30조의2제1항에 따라 이용자에게 통지하여야 하는 정보의 종류는 다음 각 호와 같다.
        
        개인정보의 수집ㆍ이용 목적 및 수집한 개인정보의 항목
        
        개인정보를 제공받은 자와 그 제공 목적 및 제공한 개인정보의 항목. 다만, 「통신비밀보호법」 제13조, 제13조의2, 제13조의4 및 「전기통신사업법」 제83조제3항에 따라 제공한 정보는 제외한다.
        
        법 제25조에 따른 개인정보 처리위탁을 받은 자 및 그 처리위탁을 하는 업무의 내용
        
        행정규칙
        
        개인정보의 기술적ㆍ관리적 보호조치 기준
        
        ① 이 기준은 정보통신서비스 제공자 등이 이용자의 개인정보를 취급함에 있어서 개인정보가 분실·도난·누출·변조·훼손 등이 되지 아니하도록 안전성을 확보하기 위하여 취하여야 하는 기술적·관리적 보호조치의 최소한의 기준을 정하는 것을 목적으로 한다.
        ② 정보통신서비스 제공자등은 사업규모, 개인정보 보유 수 등을 고려하여 스스로의 환경에 맞는 개인정보 보호조치 기준을 수립하여 시행하여야 한다.
        
        제4조(접근통제)
        
        ⑧ 정보통신서비스 제공자등은 개인정보취급자를 대상으로 다음 각 호의 사항을 포함하는 비밀번호 작성규칙을 수립하고, 이를 적용ㆍ운용하여야 한다.
        
        영문, 숫자, 특수문자 등 2종류 이상을 조합하여 최소 10자리 이상 또는 3종류 이상을 조합하여 최소 8자리 이상의 길이로 구성
        
        연속적인 숫자나 생일, 전화번호 등 추측하기 쉬운 개인정보 및 아이디와 비슷한 비밀번호는 사용하지 않는 것을 권고
        
        비밀번호 유효기간을 설정하여 반기별 1회 이상 변경
        
        제23조의2(주민등록번호의 사용 제한)
        ① 정보통신서비스 제공자는 다음 각 호의 어느 하나에 해당하는 경우를 제외하고는 이용자의 주민등록번호를 수집ㆍ이용할 수 없다.
        
        제23조의3에 따라 본인확인기관으로 지정받은 경우
        
        「전기통신사업법」 제38조제1항에 따라 기간통신사업자로부터 이동통신서비스 등을 제공받아 재판매하는 전기통신사업자가 제23조의3에 따라 본인확인기관으로 지정받은 이동통신사업자의 본인확인업무 수행과 관련하여 이용자의 주민등록번호를 수집ㆍ이용하는 경우
        ② 제1항제3호에 따라 주민등록번호를 수집ㆍ이용할 수 있는 경우에도 이용자의 주민등록번호를 사용하지 아니하고 본인을 확인하는 방법(이하 "대체수단"이라 한다)을 제공하여야 한다.
        
        제31조(법정대리인의 권리)
        ① 정보통신서비스 제공자등이 만 14세 미만의 아동으로부터 개인정보 수집ㆍ이용ㆍ제공 등의 동의를 받으려면 그 법정대리인의 동의를 받아야 하고, 대통령령으로 정하는 바에 따라 법정대리인이 동의하였는지를 확인하여야 한다. 이 경우 정보통신서비스 제공자는 그 아동에게 법정대리인의 동의를 받거나 법정대리인이 동의하였는지를 확인하기 위하여 필요한 법정대리인의 성명 등 최소한의 정보를 요구할 수 있다.
      - 정보통신기반 보호법
        [국가법령정보센터]
        
        이 법은 전자적 침해행위에 대비하여 주요정보통신기반시설의 보호에 관한 대책을 수립ㆍ시행함으로써 동 시설을 안정적으로 운용하도록 하여 국가의 안전과 국민생활의 안정을 보장하는 것을 목적으로 한다.
        
        제16조(정보공유ㆍ분석센터) (ISAC)
        (Information Sharing and Analysis Center)
        [TTA] [IT위키]
        
        제8조(주요정보통신기반시설의 지정 등)
        
        해당 정보통신기반시설을 관리하는 기관이 수행하는 업무의 국가사회적 중요성
        
        제1호에 따른 기관이 수행하는 업무의 정보통신기반시설에 대한 의존도
        
        다른 정보통신기반시설과의 상호연계성
        
        침해사고가 발생할 경우 국가안전보장과 경제사회에 미치는 피해규모 및 범위
        
        침해사고의 발생가능성 또는 그 복구의 용이성
      - 위치정보의 보호 및 이용 등에 관한 법률(위치정보법)
        [국가법령정보센터]
      - 개인정보 보호법
        [국가법령정보센터]
        
        이 법은 개인정보의 처리 및 보호에 관한 사항을 정함으로써 개인의 자유와 권리를 보호하고, 나아가 개인의 존엄과 가치를 구현함을 목적으로 한다.
        
        시행령
        
        행정규칙
        
        개인정보의 안전성 확보조치 기준
        [국가법령센터]
        
        이 기준은 「개인정보 보호법」(이하 "법"이라 한다) 제23조제2항, 제24조제3항 및 제29조와 같은 법 시행령(이하 "영"이라 한다) 제21조 및 제30조에 따라 개인정보처리자가 개인정보를 처리함에 있어서 개인정보가 분실·도난·유출·위조·변조 또는 훼손되지 아니하도록 안전성 확보에 필요한 기술적·관리적 및 물리적 안전조치에 관한 최소한의 기준을 정하는 것을 목적으로 한다.
        
        제2조(정의)
        
        "개인정보처리시스템"이란 데이터베이스시스템 등 개인정보를 처리할 수 있도록 체계적으로 구성한 시스템을 말한다.
        
        "비밀번호"란 정보주체 또는 개인정보취급자 등이 개인정보처리시스템, 업무용 컴퓨터 또는 정보통신망 등에 접속할 때 식별자와 함께 입력하여 정당한 접속 권한을 가진 자라는 것을 식별할 수 있도록 시스템에 전달해야 하는 고유의 문자열로서 타인에게 공개되지 않는 정보를 말한다.
        
        제7조(개인정보의 암호화)
        
        ③ 개인정보처리자는 인터넷 구간 및 인터넷 구간과 내부망의 중간 지점(DMZ : Demilitarized Zone)에 고유식별정보를 저장하는 경우에는 이를 암호화하여야 한다.
        
        제5조(접근 권한의 관리)
        
        ① 개인정보처리자는 개인정보처리시스템에 대한 접근 권한을 업무 수행에 필요한 최소한의 범위로 업무 담당자에 따라 차등 부여하여야 한다.
        ② 개인정보처리자는 전보 또는 퇴직 등 인사이동이 발생하여 개인정보취급자가 변경되었을 경우 지체없이 개인정보처리시스템의 접근 권한을 변경 또는 말소하여야 한다.
        ③ 개인정보처리자는 제1항 및 제2항에 의한 권한 부여, 변경 또는 말소에 대한 내역을 기록하고, 그 기록을 최소 3년간 보관하여야 한다.
        
        제8조(접속기록의 보관 및 점검)
        
        ① 개인정보처리자는 개인정보취급자가 개인정보처리시스템에 접속한 기록을 1년 이상 보관·관리하여야 한다. 다만, 5만명 이상의 정보주체에 관하여 개인정보를 처리하거나, 고유식별정보 또는 민감정보를 처리하는 개인정보처리시스템의 경우에는 2년 이상 보관·관리하여야 한다.
        ② 개인정보처리자는 개인정보의 오·남용, 분실·도난·유출·위조·변조 또는 훼손 등에 대응하기 위하여 개인정보처리시스템의 접속기록 등을 월 1회 이상 점검하여야 한다. 특히 개인정보를 다운로드한 것이 발견되었을 경우에는 내부관리 계획으로 정하는 바에 따라 그 사유를 반드시 확인하여야 한다.
        
        제6조(접근통제)
        
        ④ 고유식별정보를 처리하는 개인정보처리자는 인터넷 홈페이지를 통해 고유식별정보가 유출·변조·훼손되지 않도록 연 1회 이상 취약점을 점검하고 필요한 보완 조치를 하여야 한다.
        
        23조(민감정보의 처리 제한)
        
        ①개인정보처리자는 사상ㆍ신념, 노동조합ㆍ정당의 가입ㆍ탈퇴, 정치적 견해, 건강, 성생활 등에 관한 정보, 그 밖에 정보주체의 사생활을 현저히 침해할 우려가 있는 개인정보로서 대통령령으로 정하는 정보(이하 "민감정보"라 한다)를 처리하여서는 아니 된다. 다만, 다음 각 호의 어느 하나에 해당하는 경우에는 그러하지 아니하다.
        
        정보주체에게 제15조제2항 각 호 또는 제17조제2항 각 호의 사항을 알리고 다른 개인정보의 처리에 대한 동의와 별도로 동의를 받은 경우
        
        법령에서 민감정보의 처리를 요구하거나 허용하는 경우
        
        25조(영상정보처리기기의 설치ㆍ운영 제한)
        
        ④ 제1항 각 호에 따라 영상정보처리기기를 설치ㆍ운영하는 자(이하 "영상정보처리기기운영자"라 한다)는 정보주체가 쉽게 인식할 수 있도록 다음 각 호의 사항이 포함된 안내판을 설치하는 등 필요한 조치를 하여야 한다. 다만, 「군사기지 및 군사시설 보호법」 제2조제2호에 따른 군사시설, 「통합방위법」 제2조제13호에 따른 국가중요시설, 그 밖에 대통령령으로 정하는 시설에 대하여는 그러하지 아니하다.
        
        설치 목적 및 장소
        
        촬영 범위 및 시간
        
        관리책임자 성명 및 연락처
        
        그 밖에 대통령령으로 정하는 사항
        
        제17조(개인정보의 제공)
        
        ① 개인정보처리자는 다음 각 호의 어느 하나에 해당되는 경우에는 정보주체의 개인정보를 제3자에게 제공할 수 있다.
        
        정보주체의 동의를 받는 경우
        
        제15조제1항제2호ㆍ제3호ㆍ제5호 및 제39조의3제2항제2호ㆍ제3호에 따라 개인정보를 수집한 목적 범위에서 개인정보를 제공하는 경우
        
        ② 개인정보처리자는 제1항제1호에 따른 동의를 받을 때에는 다음 각 호의 사항을 정보주체에게 알려야 한다. 다음 각 호의 어느 하나의 사항을 변경하는 경우에도 이를 알리고 동의를 받아야 한다.
        
        개인정보를 제공받는 자
        
        개인정보를 제공받는 자의 개인정보 이용 목적
        
        제공하는 개인정보의 항목
        
        개인정보를 제공받는 자의 개인정보 보유 및 이용 기간
        
        동의를 거부할 권리가 있다는 사실 및 동의 거부에 따른 불이익이 있는 경우에는 그 불이익의 내용
      - 전자서명법
        [국가법령정보센터]
        
        이 법은 전자문서의 안전성과 신뢰성을 확보하고 그 이용을 활성화하기 위하여 전자서명에 관한 기본적인 사항을 정함으로써 국가사회의 정보화를 촉진하고 국민생활의 편익을 증진함을 목적으로 한다.
        
        공인인증기관 : 코스콤, 한국정보인증, 금융결제원, 한국전산원, 한국전자인증, 한국무역정보통신
        
        제16조(공인인증서의 효력의 소멸 등)
        ①공인인증기관이 발급한 공인인증서는 다음 각호의 1에 해당하는 사유가 발생한 경우에는 그 사유가 발생한 때에 그 효력이 소멸된다.
        
        공인인증서의 유효기간이 경과한 경우
        
        제12조제1항의 규정에 의하여 공인인증기관의 지정이 취소된 경우
        
        제17조의 규정에 의하여 공인인증서의 효력이 정지된 경우
        
        제18조의 규정에 의하여 공인인증서가 폐지된 경우
  - - - ISO Standard
        
        개방형 시스템 간 상호 접속(OSI)
        (Open Systems Interconnection)
        [TTA] [위키]
        
        OSI 7 계층 모델(OSI RM)
        (Open System Interconnection 7 Layer Model)
        (OSI Reference Model)
        [위키] [TTA] [TCP/IP 프로토콜 모음과 차이]
        
        The Open Systems Interconnection model (OSI model) is a conceptual model that characterises and standardises the communication functions of a telecommunication or computing system without regard to its underlying internal structure and technology.
        
        전송 계층
        (Transport Layer)
        
        망 계층
        (Network Layer)
        
        보안 인터넷 프로토콜(IPSec)
        (Internet Protocol Security)
        [TTA] [KISA1] [KISA2]
        
        표현 계층
        (Presentation Layer)
        
        데이터링크 계층
        (DataLink Layer)
        
        주소 결정 프로토콜(ARP)
        (Address Resolution Protocol)
        [TTA] [Ahnlab] [위키]
        
        가상랜
        (Virtual LAN)
        
        물리 계층
        (Physical Layer)
        
        응용 계층
        (Application Layer)
        
        세션 계층
        (Session Layer)
        
        공통평가기준(CC)
        (Common Criteria)
        [TTA] [wiki]
        
        The Common Criteria for Information Technology Security Evaluation is an international standard (ISO/IEC 15408) for computer security certification.
        
        Key Concepts
        
        Target of Evaluation(TOE)
        
        the product or system that is the subject of the evaluation. The evaluation serves to validate claims made about the target. To be of practical use, the evaluation must verify the target's security features. This is done through the following
        
        보호 프로파일, Protection Profile(PP)
        [TTA]
        
        a document, typically created by a user or user community, which identifies security requirements for a class of security devices relevant to that user for a particular purpose. Product vendors can choose to implement products that comply with one or more PPs, and have their products evaluated against those PPs.
        
        보안 목표 명세서, Security Target(ST)
        [TTA]
        
        Security Functional Requirements(SFRs)
        
        Security Assurance Requirements(SARs)
        
        descriptions of the measures taken during development and evaluation of the product to assure compliance with the claimed security functionality.
        
        평가 보증 등급, Evaluation Assurance Level(EAL)
        [TTA]
        
        the numerical rating describing the depth and rigor of an evaluation.
    - - 2020 Top 10 Web Application Security Risks
        
        Injection
        
        Broken Authentication(취약한 인증)
        
        Sensitive Data Exposure(민감한 데이터 노출)
        
        XML External Entities(XML 외부 개체)
        
        Broken Access Control(취약한 접근 통제)
        
        Security Misconfigurations(잘못된 보안 구성)
        
        Cross Site Scripting(XSS)
        
        Insecure Deserialization(안전하지 않는 역직렬화)
        
        Using Components with known vulnerabilities(알려진 취약점이 있는 구성요소 사용)
        
        Insufficient logging and monitoring(불충분한 로깅 및 모니터링)
    - - Internet Protocol Suite
        [ktword] [OSI 7 Layer 차이점] [위키]
        
        The Internet protocol suite is the conceptual model and set of communications protocols used in the Internet and similar computer networks.
        
        Application Layer
        [wiki]
        
        An application layer is an abstraction layer that specifies the shared communications protocols and interface methods used by hosts in a communications network.
        
        HyperText Transfer Protocol(HTTP)
        [wiki]
        
        The Hypertext Transfer Protocol is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser.
        
        Derivative or Supplement
        
        HyperText Transfer Protocol Secure(HTTPS)
        [TTA] [위키]
        
        In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL).
        
        HTTPS URLs begin with "https://" and use port 443 by default, whereas, HTTP URLs begin with "http://" and use port 80 by default.
        
        HTTP, HTTPS 차이
        [위시켓]
        
        Request Methods
        [wiki]
        
        HTTP defines methods to indicate the desired action to be performed on the identified resource.
        
        GET
        [GET, POST 차이점]
        
        The GET method requests a representation of the specified resource. Requests using GET should only retrieve data and should have no other effect.
        
        HEAD
        
        POST
        [GET, POST 차이점]
        
        The POST method requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI.
        
        PUT
        
        DELETE
        
        TRACE
        
        OPTIONS
        
        CONNECT
        
        PATCH
        
        Header fields
        
        Cookie
        [TTA] [위키]
        
        보안소켓계층(SSL) / 전송계층보안(TLS)
        (Secure Socket Layer) / (Transport Layer Security)
        [위키]
        
        Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network.
        
        Protocol Details
        
        TLS record
        [wiki] [ktword]
        
        Related Terms
        
        Port
        
        a port is a communication endpoint. At the software level, within an operating system, a port is a logical construct that identifies a specific process or a type of network service.
        
        Related SW
        
        Port Scanner
        [wiki]
        
        1 more item...
        
        File Transfer Protocol
        [위키]
        
        The File Transfer Protocol is a standard network protocol used for the transfer of computer files between a client and server on a computer network.
        
        Protocol Overview
        
        Communication and Data Transfer
        
        FTP may run in active or passive mode, which determines how the data connection is established.
        In both cases, the client creates a TCP control connection from a random, usually an unprivileged, port N to the FTP server command port 21.
        
        어떤 모드이든 클라이언트가 TCP 제어 연결을 위한 랜덤 포트를 생성하여 서버의 21번 포트에 알린다.
        
        Active Mode
        
        In active mode, the client starts listening for incoming data connections from the server on port M. It sends the FTP command PORT M to inform the server on which port it is listening. The server then initiates a data channel to the client from its port 20, the FTP server data port.
        
        Passive Mode
        
        In situations where the client is behind a firewall and unable to accept incoming TCP connections, passive mode may be used. In this mode, the client uses the control connection to send a PASV command to the server and then receives a server IP address and server port number from the server, which the client then uses to open a data connection from an arbitrary client port to the server IP address and server port number received.
        
        Domain Name System(DNS)
        [wiki]
        
        DNS primarily uses the User Datagram Protocol (UDP) on port number 53 to serve requests.
        
        Related File
        
        HOSTS
        [wiki]
        
        In its function of resolving host names, the hosts file may be used to define any hostname or domain name for use in the local system.
        
        Operation
        
        Record Caching
        A standard practice in implementing name resolution in applications is to reduce the load on the Domain Name System servers by caching results locally, or in intermediate resolver hosts. Results obtained from a DNS request are always associated with the time to live (TTL), an expiration time after which the results must be discarded or refreshed. The TTL is set by the administrator of the authoritative DNS server. The period of validity may vary from a few seconds to days or even weeks.
        
        Simple Network Management Protocol(SNMP)
        [wiki]
        
        Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more.
        
        Protocol Details
        
        SNMP operates in the application layer of the Internet protocol suite. All SNMP messages are transported via User Datagram Protocol (UDP). The SNMP agent receives requests on UDP port 161. The manager may send requests from any available source port to port 161 in the agent. The agent response is sent back to the source port on the manager. The manager receives notifications (Traps and InformRequests) on port 162.
        
        Simple Mail Transfer Protocol(SMTP)
        [wiki]
        
        The Simple Mail Transfer Protocol is a communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. Proprietary systems such as Microsoft Exchange and IBM Notes and webmail systems such as Outlook.com, Gmail and Yahoo! Mail may use non-standard protocols internally, but all use SMTP when sending to or receiving email from outside their own systems. SMTP servers commonly use the Transmission Control Protocol on port number 25.
        
        Post Office Protocol(POP)
        [wiki]
        
        In computing, the Post Office Protocol (POP) is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server.
        POP version 3 (POP3) is the version in common use.
        
        전송 계층
        (Transport Layer)
        
        전송 제어 프로토콜(TCP)
        (Transmission Control Protocol)
        [TTA] [위키]
        
        TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network.
        TCP is connection-oriented, and a connection between client and server is established before data can be sent.
        
        TCP Stealth
        [위키]
        
        TCP Stealth is a proposed modification of the Transmission Control Protocol (TCP) to hide open ports of some TCP services from the public, in order to impede port scans.
        The proposal modifies the TCP three-way handshake by only accepting connections from clients that transmit a proof of knowledge of a shared secret. If the connection attempt does not use TCP Stealth, or if authentication fails, the server acts as if no service was listening on the port number.
        
        TCP Segment Structure
        
        Transmission Control Protocol accepts data from a data stream, divides it into chunks, and adds a TCP header creating a TCP segment. The TCP segment is then encapsulated into an Internet Protocol (IP) datagram, and exchanged with peers.
        
        Flags (9 bits)
        [IT위키]
        
        Contains 9 1-bit flags (control bits) as follows
        
        NS
        
        CWE
        
        ECE
        
        URG
        
        ACK
        
        Indicates that the Acknowledgment field is significant. All packets after the initial SYN packet sent by the client should have this flag set.
        
        PSH
        
        RST
        
        Reset the connection
        
        SYN
        
        Synchronize sequence numbers. Only the first packet sent from each end should have this flag set. Some other flags and fields change meaning based on this flag, and some are only valid when it is set, and others when it is clear.
        
        FIN
        
        Last packet from sender
        
        Protocol Operation
        
        Connection Establishment
        [wiki]
        
        To establish a connection, TCP uses a three-way handshake. Before a client attempts to connect with a server, the server must first bind to and listen at a port to open it up for connections: this is called a passive open. Once the passive open is established, a client may initiate an active open. To establish a connection, the three-way (or 3-step) handshake occurs
        
        SYN: The active open is performed by the client sending a SYN to the server. The client sets the segment's sequence number to a random value A.
        
        SYN-ACK: In response, the server replies with a SYN-ACK. The acknowledgment number is set to one more than the received sequence number i.e. A+1, and the sequence number that the server chooses for the packet is another random number, B.
        
        ACK: Finally, the client sends an ACK back to the server. The sequence number is set to the received acknowledgement value i.e. A+1, and the acknowledgement number is set to one more than the received sequence number i.e. B+1.
        
        Connection Termination
        [wiki]
        
        The connection termination phase uses a four-way handshake, with each side of the connection terminating independently.
        
        사용자 데이터그램 프로토콜(UDP)
        (User Datagram Protocol)
        [TTA]
        
        세션 설정하지 않고 고속으로 데이터 전송
        
        Internet Layer
        [wiki]
        
        The internet layer is a group of internetworking methods, protocols, and specifications in the Internet protocol suite that are used to transport network packets from the originating host across network boundaries; if necessary, to the destination host specified by an IP address.
        
        (Internet Protocol Security)(IPsec)
        [TTA] [KISA1] [KISA2] [wiki]
        
        In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).
        
        Security Architecture
        
        The IPsec is an open standard as a part of the IPv4 suite. IPsec uses the following protocols to perform various functions
        
        Authentication Header(AH)
        
        AH ensures connectionless integrity by using a hash function and a secret shared key in the AH algorithm. AH also guarantees the data origin by authenticating IP packets. Optionally a sequence number can protect the IPsec packet's contents against replay attacks, using the sliding window technique and discarding old packets.
        
        Encapsulating Security Payloads(ESP)
        
        Encapsulating Security Payload (ESP) is a member of the IPsec protocol suite. It provides origin authenticity through source authentication, data integrity through hash functions and confidentiality through encryption protection for IP packets. ESP also supports encryption-only and authentication-only configurations, but using encryption without authentication is strongly discouraged because it is insecure.
        
        Security Association(SA)
        
        Modes of Operation
        The IPsec protocols AH and ESP can be implemented in a host-to-host transport mode, as well as in a network tunneling mode.
        
        Transport mode
        
        Tunnel mode
        
        Internet Control Message Protocol (ICMP)
        [wiki]
        
        The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address, for example, an error is indicated when a requested service is not available or that a host or router could not be reached.
        
        Internet Protocol
        [wiki]
        
        The Internet Protocol (IP) is the principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.
        
        Related Terms
        
        IP fragmentation
        [wiki]
        
        IP fragmentation is an Internet Protocol (IP) process that breaks packets into smaller pieces (fragments), so that the resulting pieces can pass through a link with a smaller maximum transmission unit (MTU) than the original packet size. The fragments are reassembled by the receiving host.
        
        Versions
        
        IPv4
        
        IPv6
        
        링크 계층
        (Link Layer)
        
        주소 결정 프로토콜(ARP)
        (Address Resolution Protocol)
        [TTA] [Ahnlab] [위키]
    - - CVE
        (Common Vulnerabilities and Exposures)
        [MITRE - CVE, CWE 차이]
      - CWE
        (Common Weakness Enumeration)
        [MITRE - CVE, CWE 차이]
    - - IEEE 802.11
        [wiki]
        
        IEEE 802.11 is part of the IEEE 802 set of local area network (LAN) protocols, and specifies the set of media access control (MAC) and physical layer (PHY) protocols for implementing wireless local area network (WLAN) Wi-Fi computer communication in various frequencies, including but not limited to 2.4 GHz, 5 GHz, 6 GHz, and 60 GHz frequency bands.
        
        Security Algorithm
        
        Wired Equivalent Privacy(WEP)
        [wiki]
        
        Wired Equivalent Privacy is a security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network.
        
        Encryption Details
        
        WEP uses the stream cipher RC4 for confidentiality, and the CRC-32 checksum for integrity.
        Standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated with a 24-bit initialization vector (IV) to form the RC4 key.
    - - RFC(Request For Comments)
        
        MD5(Message-Digest algorithm 5)
        [RFC 1321] [단방향 해쉬] [무결성 검사]
    - - 아파치(Apache)
        [TTA] [공식사이트][코글]
        
        월드 와이드 웹 컨소시엄(W3C) 서버용 소프트웨어
- - - - 변형
        (Variations)
        
        시나리오기법
        (Scenario)