<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Credential on Tarragon</title><link>https://tarrragon.github.io/blog/tags/credential/</link><description>Recent content in Credential on Tarragon</description><generator>Hugo -- gohugo.io</generator><language>zh-TW</language><copyright>Tarragon (CC BY 4.0)</copyright><lastBuildDate>Thu, 30 Apr 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://tarrragon.github.io/blog/tags/credential/index.xml" rel="self" type="application/rss+xml"/><item><title>Snowflake 2024:SaaS Credential 重用壓力</title><link>https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/field-cases/snowflake-2024-credential-reuse-pressure/</link><pubDate>Thu, 30 Apr 2026 00:00:00 +0000</pubDate><guid>https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/field-cases/snowflake-2024-credential-reuse-pressure/</guid><description>&lt;p>本案例的責任是提供 SaaS data platform credential 壓力素材。Snowflake 2024 事件顯示,當 customer instance 的 credential 透過 infostealer 外流、且 MFA 與 network allow list 未強制時,SaaS 資料平台會成為大規模資料外送入口。&lt;/p>
&lt;h2 id="來源">來源&lt;/h2>
&lt;table>
 &lt;thead>
 &lt;tr>
 &lt;th>來源&lt;/th>
 &lt;th>可引用範圍&lt;/th>
 &lt;/tr>
 &lt;/thead>
 &lt;tbody>
 &lt;tr>
 &lt;td>&lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion">Mandiant / Google Cloud:UNC5537 targets Snowflake&lt;/a>&lt;/td>
 &lt;td>initial access、infostealer 來源、TTP、IOC&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>&lt;a href="https://www.cybersecuritydive.com/news/100-snowflake-customers-attacked/718454/">Snowflake security advisory(整理見 Cybersecurity Dive)&lt;/a>&lt;/td>
 &lt;td>受影響 customer instance、平台立場、recommended actions&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>&lt;a href="https://www.techtarget.com/searchsecurity/news/366588655/Mandiant-Exposed-credentials-led-to-Snowflake-attacks">TechTarget:Mandiant root cause 摘要&lt;/a>&lt;/td>
 &lt;td>credential reuse、MFA 缺口、credential 長期有效性&lt;/td>
 &lt;/tr>
 &lt;/tbody>
&lt;/table>
&lt;h2 id="defender-pressure">Defender Pressure&lt;/h2>
&lt;table>
 &lt;thead>
 &lt;tr>
 &lt;th>壓力&lt;/th>
 &lt;th>服務判讀&lt;/th>
 &lt;/tr>
 &lt;/thead>
 &lt;tbody>
 &lt;tr>
 &lt;td>Credential hygiene pressure&lt;/td>
 &lt;td>infostealer 外流的舊 credential 仍長期有效&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>MFA enforcement pressure&lt;/td>
 &lt;td>SaaS data platform 需要平台側可強制的 MFA&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>Network boundary pressure&lt;/td>
 &lt;td>資料平台需要 IP / VPC allow list 收斂存取來源&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>Shared responsibility pressure&lt;/td>
 &lt;td>客戶與供應商需要對齊偵測、通報與佐證義務&lt;/td>
 &lt;/tr>
 &lt;/tbody>
&lt;/table>
&lt;h2 id="control-gap">Control Gap&lt;/h2>
&lt;p>控制缺口的核心是 SaaS 資料平台的 credential lifecycle 與 network boundary 屬於客戶責任範圍,但平台缺少強制基線。沒有 MFA、沒有 allow list、credential 長期未輪替,是同類事件重複出現的共通結構。&lt;/p>
&lt;h2 id="detection-route">Detection Route&lt;/h2>
&lt;table>
 &lt;thead>
 &lt;tr>
 &lt;th>訊號&lt;/th>
 &lt;th>判讀用途&lt;/th>
 &lt;th>下一步&lt;/th>
 &lt;/tr>
 &lt;/thead>
 &lt;tbody>
 &lt;tr>
 &lt;td>資料平台出現非預期 IP 大量查詢&lt;/td>
 &lt;td>判斷 credential 是否被濫用&lt;/td>
 &lt;td>啟動 &lt;a href="https://tarrragon.github.io/blog/backend/knowledge-cards/token-revocation/" data-link-title="Token Revocation" data-link-desc="說明事件中如何撤銷 token，縮短可利用窗口">token revocation&lt;/a> 與 allow list&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>同一 user account 跨多次 infostealer 命中&lt;/td>
 &lt;td>判斷 credential 仍有效期&lt;/td>
 &lt;td>啟動強制輪替與 MFA enforcement&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>客戶通報資料外流早於平台告警&lt;/td>
 &lt;td>判斷 detection coverage gap&lt;/td>
 &lt;td>啟動 platform / customer log 對齊&lt;/td>
 &lt;/tr>
 &lt;/tbody>
&lt;/table>
&lt;h2 id="exercise-hook">Exercise Hook&lt;/h2>
&lt;p>本案例可支撐 &lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/scenarios/low-frequency-exfiltration-tabletop/" data-link-title="Low-frequency Exfiltration Tabletop" data-link-desc="以受管檔案傳輸系統外送風險設計資料範圍與通報 tabletop">Low-frequency exfiltration tabletop&lt;/a> 的 SaaS 資料平台變體。演練重點是確認 credential、MFA、network boundary 與通報流程是否能在共享責任邊界內快速協作。&lt;/p>
&lt;h2 id="write-back-target">Write-back Target&lt;/h2>
&lt;ul>
&lt;li>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/data-protection-and-masking-governance/" data-link-title="7.4 資料保護與遮罩治理" data-link-desc="以問題驅動方式整理資料分級、遮罩、匯出與備份治理">7.4 資料保護與遮罩治理&lt;/a>&lt;/li>
&lt;li>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/identity-access-boundary/" data-link-title="7.2 身分與授權邊界" data-link-desc="以問題驅動方式整理身分、授權、會話與供應商身分鏈">7.2 身分與授權邊界&lt;/a>&lt;/li>
&lt;li>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/control-patterns/detection-lifecycle-pattern/" data-link-title="Detection Lifecycle Pattern" data-link-desc="定義偵測規則如何管理來源、邏輯、測試事件、誤報與退場">Detection lifecycle pattern&lt;/a>&lt;/li>
&lt;li>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/control-patterns/evidence-chain-pattern/" data-link-title="Evidence Chain Pattern" data-link-desc="定義事故與演練需要保存的訊號、決策、artifact、timeline 與 retention 證據">Evidence chain pattern&lt;/a>&lt;/li>
&lt;/ul></description><content:encoded><![CDATA[<p>本案例的責任是提供 SaaS data platform credential 壓力素材。Snowflake 2024 事件顯示,當 customer instance 的 credential 透過 infostealer 外流、且 MFA 與 network allow list 未強制時,SaaS 資料平台會成為大規模資料外送入口。</p>
<h2 id="來源">來源</h2>
<table>
  <thead>
      <tr>
          <th>來源</th>
          <th>可引用範圍</th>
      </tr>
  </thead>
  <tbody>
      <tr>
          <td><a href="https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion">Mandiant / Google Cloud:UNC5537 targets Snowflake</a></td>
          <td>initial access、infostealer 來源、TTP、IOC</td>
      </tr>
      <tr>
          <td><a href="https://www.cybersecuritydive.com/news/100-snowflake-customers-attacked/718454/">Snowflake security advisory(整理見 Cybersecurity Dive)</a></td>
          <td>受影響 customer instance、平台立場、recommended actions</td>
      </tr>
      <tr>
          <td><a href="https://www.techtarget.com/searchsecurity/news/366588655/Mandiant-Exposed-credentials-led-to-Snowflake-attacks">TechTarget:Mandiant root cause 摘要</a></td>
          <td>credential reuse、MFA 缺口、credential 長期有效性</td>
      </tr>
  </tbody>
</table>
<h2 id="defender-pressure">Defender Pressure</h2>
<table>
  <thead>
      <tr>
          <th>壓力</th>
          <th>服務判讀</th>
      </tr>
  </thead>
  <tbody>
      <tr>
          <td>Credential hygiene pressure</td>
          <td>infostealer 外流的舊 credential 仍長期有效</td>
      </tr>
      <tr>
          <td>MFA enforcement pressure</td>
          <td>SaaS data platform 需要平台側可強制的 MFA</td>
      </tr>
      <tr>
          <td>Network boundary pressure</td>
          <td>資料平台需要 IP / VPC allow list 收斂存取來源</td>
      </tr>
      <tr>
          <td>Shared responsibility pressure</td>
          <td>客戶與供應商需要對齊偵測、通報與佐證義務</td>
      </tr>
  </tbody>
</table>
<h2 id="control-gap">Control Gap</h2>
<p>控制缺口的核心是 SaaS 資料平台的 credential lifecycle 與 network boundary 屬於客戶責任範圍,但平台缺少強制基線。沒有 MFA、沒有 allow list、credential 長期未輪替,是同類事件重複出現的共通結構。</p>
<h2 id="detection-route">Detection Route</h2>
<table>
  <thead>
      <tr>
          <th>訊號</th>
          <th>判讀用途</th>
          <th>下一步</th>
      </tr>
  </thead>
  <tbody>
      <tr>
          <td>資料平台出現非預期 IP 大量查詢</td>
          <td>判斷 credential 是否被濫用</td>
          <td>啟動 <a href="/blog/backend/knowledge-cards/token-revocation/" data-link-title="Token Revocation" data-link-desc="說明事件中如何撤銷 token，縮短可利用窗口">token revocation</a> 與 allow list</td>
      </tr>
      <tr>
          <td>同一 user account 跨多次 infostealer 命中</td>
          <td>判斷 credential 仍有效期</td>
          <td>啟動強制輪替與 MFA enforcement</td>
      </tr>
      <tr>
          <td>客戶通報資料外流早於平台告警</td>
          <td>判斷 detection coverage gap</td>
          <td>啟動 platform / customer log 對齊</td>
      </tr>
  </tbody>
</table>
<h2 id="exercise-hook">Exercise Hook</h2>
<p>本案例可支撐 <a href="/blog/backend/07-security-data-protection/blue-team/materials/scenarios/low-frequency-exfiltration-tabletop/" data-link-title="Low-frequency Exfiltration Tabletop" data-link-desc="以受管檔案傳輸系統外送風險設計資料範圍與通報 tabletop">Low-frequency exfiltration tabletop</a> 的 SaaS 資料平台變體。演練重點是確認 credential、MFA、network boundary 與通報流程是否能在共享責任邊界內快速協作。</p>
<h2 id="write-back-target">Write-back Target</h2>
<ul>
<li><a href="/blog/backend/07-security-data-protection/data-protection-and-masking-governance/" data-link-title="7.4 資料保護與遮罩治理" data-link-desc="以問題驅動方式整理資料分級、遮罩、匯出與備份治理">7.4 資料保護與遮罩治理</a></li>
<li><a href="/blog/backend/07-security-data-protection/identity-access-boundary/" data-link-title="7.2 身分與授權邊界" data-link-desc="以問題驅動方式整理身分、授權、會話與供應商身分鏈">7.2 身分與授權邊界</a></li>
<li><a href="/blog/backend/07-security-data-protection/blue-team/materials/control-patterns/detection-lifecycle-pattern/" data-link-title="Detection Lifecycle Pattern" data-link-desc="定義偵測規則如何管理來源、邏輯、測試事件、誤報與退場">Detection lifecycle pattern</a></li>
<li><a href="/blog/backend/07-security-data-protection/blue-team/materials/control-patterns/evidence-chain-pattern/" data-link-title="Evidence Chain Pattern" data-link-desc="定義事故與演練需要保存的訊號、決策、artifact、timeline 與 retention 證據">Evidence chain pattern</a></li>
</ul>
]]></content:encoded></item><item><title>Credential Hygiene Pattern</title><link>https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/control-patterns/credential-hygiene-pattern/</link><pubDate>Thu, 30 Apr 2026 00:00:00 +0000</pubDate><guid>https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/control-patterns/credential-hygiene-pattern/</guid><description>&lt;p>Credential hygiene pattern 的責任是把 credential 生命週期變成可驗證基線。它讓平台、SaaS 與身份系統共享同一套 MFA、rotation、infostealer 監控與 network boundary 欄位,降低 credential 重用引發的事件比例。&lt;/p>
&lt;h2 id="支撐素材">支撐素材&lt;/h2>
&lt;table>
 &lt;thead>
 &lt;tr>
 &lt;th>素材&lt;/th>
 &lt;th>可支撐論點&lt;/th>
 &lt;/tr>
 &lt;/thead>
 &lt;tbody>
 &lt;tr>
 &lt;td>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/field-cases/snowflake-2024-credential-reuse-pressure/" data-link-title="Snowflake 2024:SaaS Credential 重用壓力" data-link-desc="把 Snowflake UNC5537 事件轉成 SaaS data platform credential、MFA 與 network allow list 壓力素材">Snowflake credential reuse case&lt;/a>&lt;/td>
 &lt;td>infostealer credential 仍長期有效、MFA 與 allow list 缺口&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/field-cases/mgm-2023-helpdesk-social-engineering-pressure/" data-link-title="MGM 2023:Helpdesk 社交工程壓力" data-link-desc="把 MGM Resorts 2023 事件轉成 helpdesk 驗證、IdP 高權限保護與營運中斷壓力素材">MGM helpdesk case&lt;/a>&lt;/td>
 &lt;td>helpdesk 重置流程承載身份重建責任,需要與 MFA 對齊&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/field-cases/change-healthcare-2024-recovery-and-dependency-pressure/" data-link-title="Change Healthcare 2024:復原與外部依賴壓力" data-link-desc="把 Change Healthcare 事件轉成關鍵服務復原、外部依賴與通報協調壓力素材">Change Healthcare recovery case&lt;/a>&lt;/td>
 &lt;td>對外入口缺少 MFA 是 ransomware initial access 起點&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/field-cases/okta-support-token-2023-identity-pressure/" data-link-title="Okta 2023 Support Token：身份支援流程壓力" data-link-desc="把 Okta 2023 support system incident 轉成身份供應鏈與支援流程的藍隊案例素材">Okta support token case&lt;/a>&lt;/td>
 &lt;td>session token 與支援附件需要納入 credential 治理&lt;/td>
 &lt;/tr>
 &lt;/tbody>
&lt;/table>
&lt;h2 id="欄位">欄位&lt;/h2>
&lt;table>
 &lt;thead>
 &lt;tr>
 &lt;th>欄位&lt;/th>
 &lt;th>責任&lt;/th>
 &lt;/tr>
 &lt;/thead>
 &lt;tbody>
 &lt;tr>
 &lt;td>MFA enforcement&lt;/td>
 &lt;td>定義對外入口、admin 與 SaaS 的 MFA 基線&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>Rotation policy&lt;/td>
 &lt;td>定義 credential、token、key 的輪替週期與觸發&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>Reset workflow&lt;/td>
 &lt;td>定義 helpdesk 重置與 callback 驗證流程&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>Exposure monitoring&lt;/td>
 &lt;td>監控 infostealer、credential dump 與外洩來源&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>Network boundary&lt;/td>
 &lt;td>定義 IP / VPC / device allow list&lt;/td>
 &lt;/tr>
 &lt;/tbody>
&lt;/table>
&lt;h2 id="判讀訊號">判讀訊號&lt;/h2>
&lt;table>
 &lt;thead>
 &lt;tr>
 &lt;th>訊號&lt;/th>
 &lt;th>代表需求&lt;/th>
 &lt;/tr>
 &lt;/thead>
 &lt;tbody>
 &lt;tr>
 &lt;td>infostealer 命中後 credential 仍有效&lt;/td>
 &lt;td>需要 rotation policy 與 exposure monitoring&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>SaaS 平台缺少 MFA 強制&lt;/td>
 &lt;td>需要 MFA enforcement 基線&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>helpdesk 能在電話中重置高權限&lt;/td>
 &lt;td>需要 reset workflow 與 callback 驗證&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td>對外入口接受任意來源&lt;/td>
 &lt;td>需要 network boundary&lt;/td>
 &lt;/tr>
 &lt;/tbody>
&lt;/table>
&lt;h2 id="適用邊界">適用邊界&lt;/h2>
&lt;p>此模式適合 IdP、SaaS data platform、邊界 VPN、helpdesk 與支援系統。內部服務之間若已使用 &lt;a href="https://tarrragon.github.io/blog/backend/knowledge-cards/workload-identity/" data-link-title="Workload Identity" data-link-desc="用於機器工作負載的身份語意與授權邊界">workload identity&lt;/a>,可改用較輕量的 rotation 與監控欄位。&lt;/p>
&lt;h2 id="下一步路由">下一步路由&lt;/h2>
&lt;ul>
&lt;li>&lt;a href="https://tarrragon.github.io/blog/backend/knowledge-cards/token-revocation/" data-link-title="Token Revocation" data-link-desc="說明事件中如何撤銷 token，縮短可利用窗口">Token revocation&lt;/a>&lt;/li>
&lt;li>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/identity-access-boundary/" data-link-title="7.2 身分與授權邊界" data-link-desc="以問題驅動方式整理身分、授權、會話與供應商身分鏈">7.2 身分與授權邊界&lt;/a>&lt;/li>
&lt;li>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/scenarios/identity-support-token-tabletop/" data-link-title="Identity Support Token Tabletop" data-link-desc="以支援流程與 session token 風險設計身份接管 tabletop 情境">Identity support token tabletop&lt;/a>&lt;/li>
&lt;li>&lt;a href="https://tarrragon.github.io/blog/backend/07-security-data-protection/blue-team/materials/scenarios/low-frequency-exfiltration-tabletop/" data-link-title="Low-frequency Exfiltration Tabletop" data-link-desc="以受管檔案傳輸系統外送風險設計資料範圍與通報 tabletop">Low-frequency exfiltration tabletop&lt;/a>&lt;/li>
&lt;/ul></description><content:encoded><![CDATA[<p>Credential hygiene pattern 的責任是把 credential 生命週期變成可驗證基線。它讓平台、SaaS 與身份系統共享同一套 MFA、rotation、infostealer 監控與 network boundary 欄位,降低 credential 重用引發的事件比例。</p>
<h2 id="支撐素材">支撐素材</h2>
<table>
  <thead>
      <tr>
          <th>素材</th>
          <th>可支撐論點</th>
      </tr>
  </thead>
  <tbody>
      <tr>
          <td><a href="/blog/backend/07-security-data-protection/blue-team/materials/field-cases/snowflake-2024-credential-reuse-pressure/" data-link-title="Snowflake 2024:SaaS Credential 重用壓力" data-link-desc="把 Snowflake UNC5537 事件轉成 SaaS data platform credential、MFA 與 network allow list 壓力素材">Snowflake credential reuse case</a></td>
          <td>infostealer credential 仍長期有效、MFA 與 allow list 缺口</td>
      </tr>
      <tr>
          <td><a href="/blog/backend/07-security-data-protection/blue-team/materials/field-cases/mgm-2023-helpdesk-social-engineering-pressure/" data-link-title="MGM 2023:Helpdesk 社交工程壓力" data-link-desc="把 MGM Resorts 2023 事件轉成 helpdesk 驗證、IdP 高權限保護與營運中斷壓力素材">MGM helpdesk case</a></td>
          <td>helpdesk 重置流程承載身份重建責任,需要與 MFA 對齊</td>
      </tr>
      <tr>
          <td><a href="/blog/backend/07-security-data-protection/blue-team/materials/field-cases/change-healthcare-2024-recovery-and-dependency-pressure/" data-link-title="Change Healthcare 2024:復原與外部依賴壓力" data-link-desc="把 Change Healthcare 事件轉成關鍵服務復原、外部依賴與通報協調壓力素材">Change Healthcare recovery case</a></td>
          <td>對外入口缺少 MFA 是 ransomware initial access 起點</td>
      </tr>
      <tr>
          <td><a href="/blog/backend/07-security-data-protection/blue-team/materials/field-cases/okta-support-token-2023-identity-pressure/" data-link-title="Okta 2023 Support Token：身份支援流程壓力" data-link-desc="把 Okta 2023 support system incident 轉成身份供應鏈與支援流程的藍隊案例素材">Okta support token case</a></td>
          <td>session token 與支援附件需要納入 credential 治理</td>
      </tr>
  </tbody>
</table>
<h2 id="欄位">欄位</h2>
<table>
  <thead>
      <tr>
          <th>欄位</th>
          <th>責任</th>
      </tr>
  </thead>
  <tbody>
      <tr>
          <td>MFA enforcement</td>
          <td>定義對外入口、admin 與 SaaS 的 MFA 基線</td>
      </tr>
      <tr>
          <td>Rotation policy</td>
          <td>定義 credential、token、key 的輪替週期與觸發</td>
      </tr>
      <tr>
          <td>Reset workflow</td>
          <td>定義 helpdesk 重置與 callback 驗證流程</td>
      </tr>
      <tr>
          <td>Exposure monitoring</td>
          <td>監控 infostealer、credential dump 與外洩來源</td>
      </tr>
      <tr>
          <td>Network boundary</td>
          <td>定義 IP / VPC / device allow list</td>
      </tr>
  </tbody>
</table>
<h2 id="判讀訊號">判讀訊號</h2>
<table>
  <thead>
      <tr>
          <th>訊號</th>
          <th>代表需求</th>
      </tr>
  </thead>
  <tbody>
      <tr>
          <td>infostealer 命中後 credential 仍有效</td>
          <td>需要 rotation policy 與 exposure monitoring</td>
      </tr>
      <tr>
          <td>SaaS 平台缺少 MFA 強制</td>
          <td>需要 MFA enforcement 基線</td>
      </tr>
      <tr>
          <td>helpdesk 能在電話中重置高權限</td>
          <td>需要 reset workflow 與 callback 驗證</td>
      </tr>
      <tr>
          <td>對外入口接受任意來源</td>
          <td>需要 network boundary</td>
      </tr>
  </tbody>
</table>
<h2 id="適用邊界">適用邊界</h2>
<p>此模式適合 IdP、SaaS data platform、邊界 VPN、helpdesk 與支援系統。內部服務之間若已使用 <a href="/blog/backend/knowledge-cards/workload-identity/" data-link-title="Workload Identity" data-link-desc="用於機器工作負載的身份語意與授權邊界">workload identity</a>,可改用較輕量的 rotation 與監控欄位。</p>
<h2 id="下一步路由">下一步路由</h2>
<ul>
<li><a href="/blog/backend/knowledge-cards/token-revocation/" data-link-title="Token Revocation" data-link-desc="說明事件中如何撤銷 token，縮短可利用窗口">Token revocation</a></li>
<li><a href="/blog/backend/07-security-data-protection/identity-access-boundary/" data-link-title="7.2 身分與授權邊界" data-link-desc="以問題驅動方式整理身分、授權、會話與供應商身分鏈">7.2 身分與授權邊界</a></li>
<li><a href="/blog/backend/07-security-data-protection/blue-team/materials/scenarios/identity-support-token-tabletop/" data-link-title="Identity Support Token Tabletop" data-link-desc="以支援流程與 session token 風險設計身份接管 tabletop 情境">Identity support token tabletop</a></li>
<li><a href="/blog/backend/07-security-data-protection/blue-team/materials/scenarios/low-frequency-exfiltration-tabletop/" data-link-title="Low-frequency Exfiltration Tabletop" data-link-desc="以受管檔案傳輸系統外送風險設計資料範圍與通報 tabletop">Low-frequency exfiltration tabletop</a></li>
</ul>
]]></content:encoded></item></channel></rss>