Open Access  Subscription Access

隨著資訊科技的進步，現代人擁有更多的通訊媒介可供選擇，例如：電子郵件、即時訊息以及網路電話等，而其中的網路電話有逐漸取代傳統PSTN (Pablic Switded Telepwoue Network)的趨勢。網路電話所採用的SIP(Sessiou Initial Protocol)協定雖具有簡單、快速、靈活且便利等特性，但是該協定是基於網際網路所設計，因此SIP也自然繼承了網際網路本身的弱點。有鑑於此，本研究使用滲透測試搭配攻擊樹的指引，針對使用SIP協定的網路電話系統進行安全檢測。本系統可以讓系統管理員明確地找出組織內部潛在的漏洞，以便及早修復。Along with the development of information technology, more communication tools, such as email, instant message, and internet telephony, become available. The progress on internet telephony is in its pivoting point to gradually replace the traditional public switched telephone network (PSTN) service. The Session Initiation Protocol (SIP) for the internet telephony has its advantage of simple, speedy, flexible, and convenient. However, SIP is based on internet infrastructure; it inherits all vulnerability natures associated with internet communication. We propose in this paper the vulnerability evaluations of the SIP phones using penetration test under the Attack Tree's guidance. Our proposed system will help administrators to precisely allocate potential internal weaknesses and to patch issues effectively.

網路電話; 攻擊樹; SIP; 滲透測試; Internet telephony; Attack Tree; SIP; Penetration test