2004 1. 2.
1. 2
Web 3
4
5
6
PDA 7
USB CD DVD 8
9
10
11
LAN 12
13
14
P2P Web USB CD,DVD PDA 15
CD,DVD USB 16
17
18
19
VPN 20
PC 21
LAN 22
23
24
ISO/IEC17799 25
26
27
28
29
DDoS DoS DoS DDoS DoS ( ) ( ) 30
1 2 OS 3 Web 4 CGI ASP 5 31
OS Web ID 32
33
34
2004 (1) 1. 2.
1. 2
3
4
5
6
7
JNSA 2003 2002 U ISP 2003 JNSA 2003 JNSA 2004 3 8
2003 JNSA 9
Simple-EP 10
2003 JNSA 5 1 ( 500 2.0 6.0 2.0 1.0 500 2.0 6.0 2.0 1.0 1 12000 JNSA 1 U 22 3 3 10 1 100 11
12
No. 46 11 2 25 16 2003 JNSA 2004 3 13
2003 JNSA 2004 3 14
73% 73 59 9% 15
16
5 3 1 17
ISO/IEC17799 TR13335 GMITS IPA Web http://www.ipa.go.jp/security/awareness/awareness.html 18
IPA IT IT SOHO 19
20
21
1 400 6 66 600 8 75 150 9 16 5 3 1 0 1 10 22
PC 23
PC 1 200 7 29 IDS 150 8 19 PC 300 9 33 5 3 1 0 24
ROSI Return On Security Investment http://www.macnica.net/lanch/lanch56/se01.html 25
http://www.soumu.go.jp/s-news/2004/040705_2.html 100 500 34.2 1000 5000 18.7 7.1% 100 500 46 35 49 100 40 26
IT http://www.meti.go.jp/policy/consumer/press/0005547/index.html 4,491 6,834.7 66,969.5 875.7 1 IT 14 IT 1.4 0.1 10 1 IT 11 1 9 2,854 ( 15.6 ) 27
28
2004 (2) 1. 2. 1 2 3
1 2 3 2
1) 2) 3) Web 4) 5) 6) 3
1) 2) 1) 2) 1. 2. 3. 3. 4. 4
3)Web 4) 5) 3) Web 4) 5) 1. 2. Web 3. 4. 5
6) PGP S/MIME PGP S/MIME S/MIME PGP 6
7
8
(IDS OS 9
IDS LAN 10
1 (r) (w) (x) 11
: ID 12
USB IC 2003 7 http://www.ipa.go.jp/security/fy14/reports/authentication/index.html 13
Internet IP 14
TCP/IP 15
WWW HTTP) 80 25 21 SMTP) FTP 110 POP3) 16
4 17
LAN 18
( ) 19
20
IDS IDS 21
IDS IDS 22
/ Tripwire 23
Microsoft Baseline Security Analyzer (HfNetChk) http://www.microsoft.com/japan/technet/security/tools/tools/mbsahome.asp Microsoft Software Update Services(SUS) http://www.microsoft.com/japan/windows2000/windowsupdate/sus/default.asp Solaris http://docs.sun.com/db/doc/817-2462/6mi4fl28n?l=ja&a=view Nessus http://www.nessus.org/ SARA (Security Auditor's Research Assistant) http://www-arc.com/sara/ 24
/ / 25
) Web 26
Web Web Web Web Web Web 27
28
ISO/IEC17799 127 29
) 1 2 30
31
http://www.ipa.go.jp/security/publications/dokuhon/index.html 32
PDCA Act Check Do Plan ( ) 33
IPA/ISEC ( http://www.ipa.go.jp/security/ ) JPCERT/CC ( http://www.jpcert.or.jp/ ) CERT/CC ( http://www.cert.org/ ) SANS Institute (http://www.sans.org/ ) SecurityFocus (http://www.securityfocus.com/) Web 34