學術產出-會議論文

文章檢視/開啟

書目匯出

Google ScholarTM

政大圖書館

引文資訊

TAIR相關學術產出

題名 A Secure PC-Based Architecture for Remote Server Management
作者 林鳳銘;張景堯;李蔡彥
貢獻者 資科系
關鍵詞 主控台; 序列埠; 修補程式
Server Console; Serial Port; Patch; IP-Based KVM
日期 2006-11
上傳時間 9-一月-2009 16:53:48 (UTC+8)
摘要 網際網路不斷發展,每天都有為數不少各式各樣的新伺服器上線,提供各種不同的服務。伺服器提供的服務也許不同,但對每一部伺服器而言,共同的例行工作就是伺服器的管理。一般而言,伺服器的管理者必須透過網路或者站在主控台(console)前進行管理的工作;如何簡化且安全地管理伺服器,是一項十分重要的課題。在本文中,我們改變原有透過網路或在主控台前來直接管理伺服器的方法,而提出另一種透過PC-based防火牆與序列埠主控台管理系統(Serial Console Management)來管理伺服器的架構。這個架構類似內含防火牆的IP-based KVM,但所花費的成本僅需要一般等級的PC伺服器。透過這種架構,管理者不必擔心新安裝好的伺服器一旦接上網路後,就立刻中毒或者被入侵;管理者也不一定要站在主控台前來管理伺服器,而可以在伺服器上線後安全地對新系統執行修補(patch)或者Windows update的動作,以確保伺服器的安全狀態。為了瞭解進出伺服器的資訊,我們也同時在所提出架構中的防火牆上,建立了一個簡單而且可以輸出Netflow資訊的架構,讓我們可以透過網路流通的資訊來進一步掌握伺服器的狀態。
With the continuous development of the Internet, new network services are brought on-line every day. Despite the service contents provided by the servers are different, a common routine task for every server is daily system administration. Generally speaking, the administrator of a server uses the network or stands in front of the machine to remotely or directly perform the tasks of system administration. It is an important issue on how to provide a convenient management scheme without sacrificing system security. In this paper, we have proposed a new economical architecture with a PC-based firewall and a serial console management scheme to provide the service of remote server management. The architecture is similar to IP-based KVM but the cost is much less. By the use of this architecture, the system administrator does not need to worry about that a server may be infected or intruded before necessary security patches are applied. The system administrators can remotely bring a system on-line and then apply system patches or windows updates without putting the system security into jeopardy. In order to understand the information flowing in and out of the server, we have also implemented a netflow-based monitoring system to proactively detect network anomalies.
關聯 Proceedings of the 2006 Taiwan Academic Network Conference
資料類型 conference
dc.contributor 資科系en_US
dc.creator (作者) 林鳳銘;張景堯;李蔡彥zh_TW
dc.date (日期) 2006-11en_US
dc.date.accessioned 9-一月-2009 16:53:48 (UTC+8)-
dc.date.available 9-一月-2009 16:53:48 (UTC+8)-
dc.date.issued (上傳時間) 9-一月-2009 16:53:48 (UTC+8)-
dc.identifier.uri (URI) https://nccur.lib.nccu.edu.tw/handle/140.119/23927-
dc.description.abstract (摘要) 網際網路不斷發展,每天都有為數不少各式各樣的新伺服器上線,提供各種不同的服務。伺服器提供的服務也許不同,但對每一部伺服器而言,共同的例行工作就是伺服器的管理。一般而言,伺服器的管理者必須透過網路或者站在主控台(console)前進行管理的工作;如何簡化且安全地管理伺服器,是一項十分重要的課題。在本文中,我們改變原有透過網路或在主控台前來直接管理伺服器的方法,而提出另一種透過PC-based防火牆與序列埠主控台管理系統(Serial Console Management)來管理伺服器的架構。這個架構類似內含防火牆的IP-based KVM,但所花費的成本僅需要一般等級的PC伺服器。透過這種架構,管理者不必擔心新安裝好的伺服器一旦接上網路後,就立刻中毒或者被入侵;管理者也不一定要站在主控台前來管理伺服器,而可以在伺服器上線後安全地對新系統執行修補(patch)或者Windows update的動作,以確保伺服器的安全狀態。為了瞭解進出伺服器的資訊,我們也同時在所提出架構中的防火牆上,建立了一個簡單而且可以輸出Netflow資訊的架構,讓我們可以透過網路流通的資訊來進一步掌握伺服器的狀態。-
dc.description.abstract (摘要) With the continuous development of the Internet, new network services are brought on-line every day. Despite the service contents provided by the servers are different, a common routine task for every server is daily system administration. Generally speaking, the administrator of a server uses the network or stands in front of the machine to remotely or directly perform the tasks of system administration. It is an important issue on how to provide a convenient management scheme without sacrificing system security. In this paper, we have proposed a new economical architecture with a PC-based firewall and a serial console management scheme to provide the service of remote server management. The architecture is similar to IP-based KVM but the cost is much less. By the use of this architecture, the system administrator does not need to worry about that a server may be infected or intruded before necessary security patches are applied. The system administrators can remotely bring a system on-line and then apply system patches or windows updates without putting the system security into jeopardy. In order to understand the information flowing in and out of the server, we have also implemented a netflow-based monitoring system to proactively detect network anomalies.-
dc.format application/pdfen_US
dc.format.extent 561041 bytes-
dc.format.mimetype application/pdf-
dc.language zh-Twen_US
dc.language en-USen_US
dc.language.iso en_US-
dc.relation (關聯) Proceedings of the 2006 Taiwan Academic Network Conferenceen_US
dc.subject (關鍵詞) 主控台; 序列埠; 修補程式-
dc.subject (關鍵詞) Server Console; Serial Port; Patch; IP-Based KVM-
dc.title (題名) A Secure PC-Based Architecture for Remote Server Managementen_US
dc.type (資料類型) conferenceen