/
Contents
""
IT
""
"" " "
IT ""
IT ""
1.0
2.0
IT
IT
1994 "147"
2008
2014 1.0
2015
2016
2017
2018
""
"+"
HW
2019 "+" 2.0
" "" "
**
IT
IT
IT ITIT
IT
/ / ...
IT
IT
1...n
1...n
"" A
B
C
PC ""
""
""
""""
/
//
...
SOP
ACTIVE DEFENSE
1
... ... ... ... ... ...
IDS/IPS
VPN
WEB
1
TAXII/ STIX
Web
API
IP
KV
2
KV
IP
4
WEB UI
CLI
PCAP
SSL
IPS TCP Proxy
AV
Other Proxy
UDP Proxy HTTP Proxy SMTP Proxy
DPI
3
AV
1 2 3 4
· TIP · ·
· · · APTAPT
· · APT ·
· ·
Web
/web
DNS
TIP
1
2
..................
6
2
1 · · · · · 2 · · · 3 · · /DNS/ · /Zabbix/Nagios/ · /SVN/Git · / 4
1
38
37
1
2
OA
683 541 142
3
222 161 61
4
14
14
0
5
949 745 204
VLAN 300+ WAF/IPS
sql
APT apt apt
1
APT
2
z
·
3
IOC IP
webshell IP
4
5
ftpsmboraclemysqlmssqlssh postgresqlpop3smtp IP
HW
IOC
WEB
3
EDR EDR
EDR
powerpoint &powershell& http://www[.]narrowbabwe[. ]net:3345/exp[.]doc CVE-2017-0199
U
4
IT /