ࡱ> $' !"#abjbjll4>>>>>$gb!}Yaaaaab}Y}Y``888aH }Y`}Y`<8a<88J0\p` lB(0~pp\}Y\aa8aaaaabb8aaaaaaaaaaaaaaaaKm CX:>40B>: 5 4> B5=45@=>W 4>:C<5=B0FVW $>@<0 4>40B:C 4> B5=45@=>W ?@>?>78FVW O:C 3>BCT CG0A=8: B0 =040T 70<>2=8:C. "5E=VG=0 A?5F8DV:0FVO. =D>@<0FVO ?@> B5E=VG=V, O:VA=V B0 :V;L:VA=V E0@0:B5@8AB8:8 ?@54<5B0 70:C?V2;V ?0:5BV2 ?@>3@0<=>3> 70157?5G5==O 4;O <5@56 =B5@=5B B0 =B@0=5B (:>4 48220000-6 70  021:2015) (?@>3@0<=89 :><?;5:A 70E8ABC 5;5:B@>==>W ?>HB8) V4 ______________(2:070B8 ?>2=C =072C CG0A=8:0)_______, O:89 T (281@0B8 ?>B@V1=5: ?;0B=8:><  01> ?;0B=8:>< T48=>3> ?>40B:C, 01> =5@57845=B><). 030;L=V C<>28 ?>AB02:8 ">20@C: 8, __________(2:070B8 ?>2=C =072C CG0A=8:0) ?V4B25@46CT<>, I> >7=09><;5=V V7 >40B:>< 1 ("5E=VG=0 A?5F8DV:0FVO. =D>@<0FVO ?@> =5>1EV4=V B5E=VG=V, O:VA=V B0 :V;L:VA=V E0@0:B5@8AB8:8 ?@54<5B0 70:C?V2;V) 4> B5=45@=>W 4>:C<5=B0FVW B0 7>1>2 O7CT<>AL ?>AB028B8 B>20@: ?0:5BV8 ?@>3@0<=>3> 70157?5G5==O 4;O <5@56 =B5@=5B B0 =B@0=5B (:>4 48220000-6 70  021:2015) (?@>3@0<=89 :><?;5:A 70E8ABC 5;5:B@>==>W ?>HB8) C2V4?>2V4=>ABV 4> CAVE C<>2 B0 4>:C<5=BV2, I> T =52V4 T<=>N G0AB8=>N B5=45@=>W 4>:C<5=B0FVW. #<>28 ?>AB02:8: (DAP  (4;O =5@57845=BV2) DDP  (4;O @57845=BV2 ) 70<>2=8: 2818@0T ?>B@V1=5  73V4=> 7 " !. DVFV9=V ?@028;0 B;C<0G5==O B>@3>25;L=8E B5@<V=V2 V6=0@>4=>W B>@3>2>W ?0;0B8 (@540:FVO 2020 @>:C) (2V4?>2V4=> 4> ?.?.1.4.3 @>74V;C I "). #<>28 >?;0B8: _________________________________________________ (7 C@0EC20==O< ?.?. 1.6.3 B5=45@=>W 4>:C<5=B0FVW) !B@>: ?>AB02:8 B>20@C: 73V4=> 7 ?.?. 1.4.4 @>74V;C  ". !B@>: 4VW 40=>W B5=45@=>W ?@>?>78FVW AB0=>28BL: 120 4=V2 V7 40B8 :V=F52>3> AB@>:C ?>40==O B5=45@=8E ?@>?>78FV9. @V< B>3>, <8 ?>3>46CT<>AL 7 ?@>5:B>< 4>3>2>@C ?@> 70:C?V2;N, 28:;045=8<8 C >40B:C 3 4> B5=45@=>W 4>:C<5=B0FVW. /:I> <8, O: #G0A=8: 40=>3> B5=45@C 1C45<> 287=0G5=V 70<>2=8:>< ?5@5<>6F5<, <8 15@5<> =0 A515 7>1>2 O70==O I>4> C:;040==O 4>3>2>@C ?@> 70:C?V2;N 2 5;5:B@>==V9 D>@<V (4;O @57845=BV2)/ ?0?5@>2V9 D>@<V (4;O =5@57845=BV2) =5 ?V7=VH5 =V6 G5@57 20 4=V2 7 4=O ?@89=OBBO @VH5==O ?@> =0<V@ C:;0AB8 4>3>2V@ ?@> 70:C?V2;N 2V4?>2V4=> 4> 28<>3 B5=45@=>W 4>:C<5=B0FVW B0 =0H>W B5=45@=>W ?@>?>78FVW I>4> O:>W ?@89=OB> @VH5==O ?@> =0<V@ C:;0AB8 4>3>2V@ ?@> 70:C?V2;N B0 28:>=0B8 2AV C<>28, ?5@5410G5=V 4>3>2>@>< ?@> 70:C?V2;N. # 28?04:C >1@C=B>20=>W =5>1EV4=>ABV AB@>: 4;O C:;040==O 4>3>2>@C <>65 1CB8 ?@>4>265=89 4> 60 4=V2. # @07V =0H>W 2V4<>28 2V4 ?V4?8A0==O 4>3>2>@C ?@> 70:C?V2;N 2V4?>2V4=> 4> 28<>3 B5=45@=>W 4>:C<5=B0FVW, =5C:;045==O 4>3>2>@C ?@> 70:C?V2;N 7 28=8 CG0A=8:0 01> =5=040==O 70<>2=8:C ?V4?8A0=>3> 4>3>2>@C C AB@>:, 287=0G5=89 0:>=>< #:@0W=8 "@> ?C1;VG=V 70:C?V2;V" (V7 7<V=0<8 B0 4>?>2=5==O<8) (=040;V  0:>=), 01> =5=040==O 4>:C<5=BV2, I> ?V4B25@46CNBL 2V4ACB=VABL ?V4AB02, CAB0=>2;5=8E AB0BB5N 17 0:>=C, 70<>2=8: 2V4E8;OT B5=45@=C ?@>?>78FVN, 287=0G0T ?5@5<>6FO ?@>F54C@8 70:C?V2;V A5@54 B8E CG0A=8:V2, AB@>: 4VW B5=45@=>W ?@>?>78FVW O:8E I5 =5 <8=C2, B0 ?@89<0T @VH5==O ?@> =0<V@ C:;0AB8 4>3>2V@ ?@> 70:C?V2;N C ?>@O4:C B0 =0 C<>20E, 287=0G5=8E AB0BB5N 33 0:>=C. 5B0;L=V B5E=VG=V 28<>38, I> 3>BCNBL #G0A=8:8 70 7<VAB>< ?> D>@<V, I> =02545=0 =86G5 B0 >40B:C 1 4> FVTW 4>:C<5=B0FVW. "5E=VG=V E0@0:B5@8AB8:8 . 8<>38 4> ?@>3@0<=>3> 70157?5G5==O /:I> =86G5, C B5E=VG=8E 28<>30E 4> @>3@0<=>3> :><?;5:AC 70E8ABC 5;5:B@>==>W ?>HB8 ?@8 >?8AV E0@0:B5@8AB8: 707=0G0TBLAO ?52=0 B>@3>20 <0@:0 01> ?0B5=B, A;V4 22060B8 2V4?>2V4=89 >?8A C 7=0G5==V 01> 5:2V20;5=B 73V4=> 7 28<>30<8 ?C=:BC 3 G0AB8=8 2 AB0BBV 22 0:>=C #:@0W=8 @> ?C1;VG=V 70:C?V2;V. #G0A=8: <>65 70?@>?>=C20B8 5:2V20;5=B. @8 FL><C 70?@>?>=>20=V @VH5==O, I> T 5:2V20;5=B>< ?>28==V <0B8 =5 3V@H5 B5E=VG=V ?0@0<5B@8 =V6 BV, O:V 707=0G5=V 2 B5E=VG=8E 28<>30E 4> ?V4A8AB5< :><?;5:AC V=D>@<0FV9=>3> 70E8ABC. @54<5B>< 70:C?V2;V T ?>AB0G0==O ?@8<V@=8:V2 ?@>3@0<=>3> 70157?5G5==O: !8AB5<0 70E8ABC 5;5:B@>==>W ?>HB8 Cisco Email Security (01> 5:2V20;5=B)  ?>28==0 70157?5G8B8 ?>2=>FV==89 :>=B@>;L 5;5:B@>==>W ?>HB8 B0 70E8AB :>@?>@0B82=8E :>@8ABC20GV2 2V4 0B0:, I> ?>H8@NNBLAO, 70 4>?><>3>N 5;5:B@>==8E ?>2V4><;5=L. V4A8AB5<0 ?>28==0 <0B8 0@EVB5:BC@C B8?C 7>2=VH=L>3> H;N7C, I> @50;V7CT DC=:FV>=0; DV;LB@0FVW ?>HB>2>3> B@0DV:C ?V4?@8T<AB20, 70E8AB 2V4 H:V4;82>3>  B0 A?0<C. !8AB5<0 28O2;5==O B0 0=0;V7C A:;04=8E 703@>7 McAfee Virtual Advanced Threat Defense Appliance (01> 5:2V20;5=B)  ?>28==0 2V4?>2V40B8 70 F5=B@0;V7>20=89 70E8AB 2V4 H?83C=AL:>3> B0 V=H>3> H:V4;82>3> , 2:;NG0NG8 703@>78 =C;L>2>3> 4=O. V4A8AB5<0 ?>28==0 <0B8 0@EVB5:BC@C B8?C SandBox; # 0<>2=8:0 2AB0=>2;5=0, =0;0HB>20=0 B0 V=B53@>20=0 !8AB5<0 70E8ABC 5;5:B@>==>W ?>HB8 Cisco Email Security B0 !8AB5<0 28O2;5==O B0 0=0;V7C A:;04=8E 703@>7 McAfee Virtual Advanced Threat Defense Appliance. # @07V ?>40==O 5:2V20;5=BV2 ?>28==> 2@0EC20B8 @>1>B8 ?> 2?@>20465==N, V=B53@0FVW B0 <V3@0FVW @VH5==O. 8<>38 4> @>1>B ?> 2?@>20465==N V V=B53@0FVW =02545=V C @>74V;V II. !B@>: ?V4B@8<:8 ?@>3@0<=>3> 70157?5G5==O (40;V - ) 7 1>:C 28@>1=8:0 (B5E=VG=0 ?V4B@8<:0 , >=>2;5==O ?@>3@0<=8E <>4C;V2), =0 2A5 70?@>?>=>20=5 #G0A=8:>< , ?>28=5= 1CB8 =5 <5=H8< =V6 12 <VAOFV2. 5B0;L=89 >?8A 28<>3 4> DC=:FV>=0;C, 0@EVB5:BC@8 B0 C<>2 5:A?;C0B0FVW ?@>3@0<=>3> 70157?5G5==O =02545=> C "01;8FV 1. "01;8FO 1 ! ?\?8<>38 0<>2=8:01.8<>38 4> !8AB5<8 70E8ABC 5;5:B@>==>W ?>HB8 Cisco Email Security (40;V  !8AB5<0), 01> 5:2V20;5=B1.1.V;L:VA=V E0@0:B5@8AB8:81.1.1.!8AB5<0 70E8ABC 5;5:B@>==>W ?>HB8 ?>28==0 1CB8 @50;V7>20=0 C 283;O4V >:@5<>3> 2V@BC0;L=>3> ?@8AB@>N (40;V  ?@8AB@V9), G5@57 O:89 74V9A=NTBLAO ?5@5A8;0==O B0 ?5@52V@:0 ;8ABV2. !8AB5<0 ?>28==0 1CB8 70157?5G5=0 =5>1EV4=8<8 :><?;5:B0<8 70E8ABC AB@>:>< 4VW =0 12 <VAOFV2, 0 A0<5: ><?;5:B 70E8ABC 2EV4=>W 5;5:B@>==>W ?>HB8 2V4 2V@CAV2, A?0<C B0 0B0: =C;L>2>3> 4=O, 0 B0:>6 >=>2;5==O @5?CB0FV9=8E 107 4;O 1600 0:B82=8E ?>HB>28E A:@8=L>:; ><?;5:B 70E8ABC 5;5:B@>==>W ?>HB8 2V4 7;>2<8A=>3>  7 <>6;82VABN @5B@>A?5:B82=>3> 0=0;V7C, 0 B0:>6 >=>2;5==O @5?CB0FV9=8E 107 4;O 1600 0:B82=8E ?>HB>28E A:@8=L>:.1.2.@EVB5:BC@0 B0 D>@<-D0:B>@1.2.1.V@BC0;L=89 ?@8AB@V9 V7 2AB0=>2;5=8< ?@>3@0<=8< 70157?5G5==O<.1.2.2.0O2=0 <>6;82VABL @>73>@B0==O 1C4L-O:>W :V;L:>ABV 2V@BC0;L=8E ?@8AB@>W2 157 =5>1EV4=>ABV 4>40B:>2>3> ;VF5=7C20==O.1.3.!8AB5<=V 40=V1.3.1.@>4C:B82=VABL ?@8 0:B820FVW CAVE A5@2VAV2 157?5:8 (0=B8A?0<, 0=B82V@CA, 70E8AB 2V4 2@07;82>AB59 =C;L>2>3> 4=O (40;V - 0-day 0B0:), 70E8AB 2V4 malware B>I>) ?@8 A5@54=L><C ?>2V4><;5==V C G5@7V 160 1 =5 <5=H =V6 250 000 ?>2V4><;5=L =0 3>48=C.1.4.A=>2=V DC=:FV>=0;L=V 28<>381.4.1.!8AB5<0 <0T ;VF5=7C20B8AO 2V4?>2V4=> 4> :V;L:>ABV :>@8ABC20GV2, O:V 28:>@8AB>2CNBL DV;LB@ 0=B8A?0<, 0=B82V@CA, 70E8AB 2V4 0-day 0B0:.1.4.2.!8AB5<0 ?>28=5=0 <0B8 DC=:FV>=0; 0=B8A?0<, 0=B82V@CA, DLP, H8D@C20==O ?>HB8, 70E8AB 2V4 0B0: 0-day, 70E8AB 2V4 DVH8=3, 70E8AB 2V4 spoofing, @5?CB0FV9=C DV;LB@0FVN, 0 B0:>6 A8AB5<C F5=B@0;V7>20=>3> C?@02;V==O V=B53@>20=C 2 @0<:0E >4=>3> ?@8AB@>N. !8AB5<0 ?>28==0 0=0;V7C20B8 O: 2EV4=C, B0: V 28EV4=C ?>HBC. 1.5.@>4C:B82=VABL1.5.1.!8AB5<0 <0T 70157?5G8B8 :><?;5:B 70E8ABC =0 1600 :>@8ABC20GV2.1.5.2.!8AB5<0 ?>28=5=0 =0;560B8 4> ?@>3@0<=>3> 70157?5G5==O :>@?>@0B82=>3> @V2=O (Enterprise Grade) B0 <0AHB01C20B8AO =5 <5=H =V6 4> 3000 :>@8ABC20GV2.1.6.?5@0FV9=0 >1>;>=:01.6.1.!8AB5<0 <0T O2;OB8 A>1>N ?@>3@0<=89 :><?;5:A, >A=0I5=89 70E8I5=>N V A?5FV0;V7>20=>N >?5@0FV9=>N A8AB5<>N.1.7.@>4C:B82=VABL V 28<>38 4> 157?5:81.7.1.!8AB5<0 <0T 1CB8 ?>1C4>20=0 =0 70E8I5=V9 V ?>A8;5=V9 >?5@0FV9=V9 A8AB5<V V Mail Transfer Agent (40;V  MTA). MTA ?>28=5= 1CB8 AB2>@5=89 157AB5:>2>N <>2>N ?@>3@0<C20==O 4;O <V=V<V70FVW <>6;82>ABV 0B0:8 ?5@5?>2=5==O 1CD5@0.1.7.2.!8AB5<0 =5 ?>28==0 28:>@8AB>2C20B8 opensource MTA (01> 6 1C4L-O:89 ?5@5@>1;5=89 opensource MTA, O: sendmail, qmail 01> postfix) 4;O <V=V<V70FVW 2?;82C <>6;82>ABV 5:A?;C0B0FVW 2V4><8E 2@07;82>AB59 @>7?>2AN465=8E open-source ?@>4C:BV2.1.7.3.!8AB5<0 <0T 28:>@8AB>2C20B8 2;0A=C D09;>2C A8AB5<C >?B8<V7>20=C 4;O @>1>B8 7 G5@30<8 ?>2V4><;5=L.1.7.4.!8AB5<0 ?>28==0 <0B8 <>6;82VABL ?5@52V@OB8 =0 ?@54<5B A?CDV=30 4><5=V2. /:I> 2V4?@02=8: A?@>1CT ?V4@>18B8 4><5=, ?>2V4><;5==O ?>28==> 1CB8 2840;5=> 01> 2V4?@02;5=> 2 :0@0=B8=. @V< ?5@52V@:8 =0 A?CDV=3 H;N7 B0:>6 ?>28=5= ?V4B@8<C20B8 25@8DV:0FVN SPF, DomainKeys / DKIM V DMARC.1.7.5.!8AB5<0 ?>28==> <0B8 <5E0=V7<8 70E8ABC 2V4 ?V4@>1:8 V<5= 2 ?>;V From: e-mail, 2@0E>2CNGV <>6;82V 20@V0FVW V<5=. 1.7.6.!8AB5<0 ?>28==0 <0B8 21C4>20=V <5E0=V7<8 4;O 70E8ABC 2V4 0B0: Denial of Service 70 4>?><>3>N @V7=8E <5B>4V2, 2:;NG0NG8, 0;5 =5 >1<56CNG8, =0ABC?=V: 4V9A=5==O :>=B@>;N SMTP A5AVW V >1<565==O B@0DV:C 2V4?>2V4=> 4> IP 04@5A8 2V4?@02=8:0, 4><5=V2, @5?CB0FVTN V 04@5A>N 2V4?@02=8:0 :>=25@B0 5;5:B@>==>3> ?>2V4><;5==O; @87=0G5==O <0:A8<0;L=>W :V;L:>ABV SMTP A5AV9 =0 IP 04@5AC; @87=0G5==O <0:A8<0;L=>W :V;L:>ABV ?>2V4><;5=L =0 7 T4=0==O, <0:A8<0;L=>W :V;L:>ABV >45@6C20GV2 =0 3>48=C, <0:A8<0;L=>W :V;L:>ABV =5?@028;L=8E >45@6C20GV2 =0 3>48=C.1.7.7.!8AB5<0 ?>28==0 <0B8 <>6;82VABL 70E8ABC 2V4 0B0: :;0AC 4>A;V465==O :0B0;>3C 70 4>?><>3>N @V7=8E <5B>4V2, 2:;NG0NG8, 0;5 =5 >1<56CNG8, =0ABC?=V: =B53@0FVO 7 AD 01> LDAP :0B0;>30<8 4;O V45=B8DV:0FVW =5?@028;L=8E >45@6C20GV2. >28==V ?V4B@8<C20B8AL 70?8B8 2 @50;L=><C G0AV V =5 28:>@8AB>2C20B8AO A8=E@>=V70FVO 70?8AV2, I>1 =5 AB8:0B8AO 7 ?@>1;5<>N @>7A8=E@>=V70FVW; !8AB5<0 ?>28==0 <0B8 <5E0=V7< 74V9A=5==O SMTP Conversational Bounce 4;O =52V@=8E >45@6C20GV2 (70?>1V30==O Non-Delivery Report Attack).; 5@C20==O <0:A8<0;L=>N :V;L:VABN ?>2V4><;5=L-@8:>H5BV2 =0 3>48=C (bounces) 2V4?>2V4=> 4> IP 04@5A8 2V4?@02=8:0, 4><5=>< 01> @5?CB0FVTN.1.7.8.!8AB5<0 ?>28==0 <0B8 <>6;82VABL 74V9A=N20B8 <>=VB>@8=3 ?>HB>2>3> B@0DV:C V 28O2;5==O 0B0: 70 4>?><>3>N @V7=8E <5B>4V2, 2:;NG0NG8, 0;5 =5 >1<56CNG8 B0:5: >=VB>@8=3 email-?>B>:V2 2 @50;L=><C G0AV 7 <>6;82VABN ?5@53;O4C 45B0;59 ?> 4><5=C B0 IP 04@5A>N; !B0B8AB8:0 2 @50;L=><C G0AV 70 =52V@=8<8 >45@6C20G0<8, 7C?8=5=8E @5?CB0FV9=>N A8AB5<>N, 28O2;5==O A?0<C V 2V@CAV2, 7C?8=5=><C DV;LB@>< :>=B5=BC V >G8I5=8<8 ?>2V4><;5==O<8; !B0B8AB8:0 2 @50;L=><C G0AV 70 >AB0==N 3>48=C, 45=L, B8645=L V <VAOFL ?@> ?>2V4><;5==O, O:V 1C;8 7C?8=5=V @5?CB0FV9=8< DV;LB@><, 2V4:8=CBV V ?@89=OBV 7 T4=0==O, ?>2V4><;5==O A?0< V 2V@CA8 06 4> @V2=O 4><5=C V :>@8ABC20G0.1.7.9. VH5==O ?>28==> ?V4B@8<C20B8 ?5@52V@:C ?>2V4><;5=L-@8:>H5BV2 (Bounce Verification), ?@8 O:V9 2AV 28EV4=V ?>2V4><;5==O B53CNBLAO 70 4>?><>3>N F8D@>2>W <VB:8 4;O B>3>, I>1 70157?5G8B8 DV;LB@0FVN bounce-0B0: =0 H;N7V.1.7.10. VH5==O ?>28==> ?V4B@8<C20B8 B5E=>;>3VN 2V@BC0;L=8E IP / H;N7V2, :>;8 =0 >4=><C ?@8AB@>W <>6=0 =0AB@>WB8 =5 <5=H5 =V6 254 04@5A8, V 28:>@8AB>2C20B8 FV 04@5A8 O: 28EV4=V IP 4;O 2V4?@02:8 ?>2V4><;5=L (?@8<VB:0: B5E=>;>3VW 2V@BC0;V70FVW =5 @>73;O40NBLAO O: B5E=>;>3VW 2V@BC0;L=8E H;N7V2 2 FL><C :>=B5:ABV).1.7.11."5E=>;>3VO 2V@BC0;L=8E IP / H;N7V2 <0T 4020B8 <>6;82VABL @>74V;OB8 ?>HB>289 H;N7 =0 45:V;L:0 2V@BC0;L=8E 04@5A IP / H;N7V2, 7 O:8E ?>B@V1=> 2V4?@02;OB8 01> >B@8<C20B8 ?>HBC. >6=0 2V@BC0;L=0 04@5A0 IP / H;N7C <0T ?V4;O30B8 =0;0HBC20==N IP-04@5A8, V<5=V E>AB0, 4><5=C V ?>HB>2>W G5@38.1.7.12."5E=>;>3VO 2V@BC0;L=8E IP / H;N7V2 ?>28==0 4020B8 <>6;82VABL :;VT=B>2V 287=0G8B8 listener, O:89 ?@82'O70=89 4> 2V@BC0;L=>3> H;N7C 7 =0;0HBC20==O< V=482V4C0;L=8E :>=B@>;L=8E CAB0=>2>: 4;O :>6=>3> H;N7C.1.7.13.!8AB5<0 =5 ?>28==0 <0B8 <>4C;O webmail, >A:V;L:8 2V= 4>72>;OT 2V440;5=8< 0B0:CNG8< 74V9A=8B8 0B0:C C@07;82>ABV Directory Traversal.1.7.14.!8AB5<0 <0T ?V4B@8<C20B8 <>6;82VABL 2V4AB565==O ?>2V4><;5=L 157?>A5@54=L> =0 ?@8AB@>W 7 =0O2=VABN 3=CG:>3> 3@0DVG=>3> V=B5@D59AC :>@8ABC20G0< 4;O ?>HC:C ?>2V4><;5=L.1.7.15.!8AB5<0 <0T ?V4B@8<C20B8 4>40B:>289 0=B8A?0< <5E0=V7< 2V4 V=H>3> 28@>1=8:0 (25=4>@0) V >4=>G0A=C @>1>BC >1>E <5E0=V7<V2 4;O 4>AO3=5==O >?B8<0;L=>3> @57C;LB0BC 28O2;5==O V ?><8;:>28E A?@0FL>2C20=L.1.7.16.!8AB5<0 ?>28==> ?V4B@8<C20B8 IPv6 4;O H;N7C, AB0B8G=V <0@H@CB8, SMTP <0@H@CB8, B@0AC20==O, ?>HC:, @5?CB0FVN, 04@5A0FVN.1.7.17.!8AB5<0 ?>28==> 2:;NG0B8 70E8AB 2V4 Cross-Site Request Forgeries (CSRF) B0 V=H8E 0B0: =0 web V=B5@D59A.1.7.18. VH5==O ?>28==> ?V4B@8<C20B8 DC=:FVN SMTP Call Ahead 4;O ?5@52V@:8 04@5A >45@6C20GV2 =0 SMTP A5@25@V ?@8 =54>ABC?=>ABV 01> =5<>6;82>ABV ?V4:;NG5==O LDAP. 1.8.#?@02;V==O ?>;VB8:0<81.8.1.!8AB5<0 <0T ?V4B@8<C20B8 :>=B@>;L O: 2EV4=>3>, B0: V 28EV4=>3> B@0DV:C =0 >4=><C ?@8AB@>W, 28:>@8AB>2CNG8 ?V4:;NG5==O >4=8< 01> 45:V;L:><0 V=B5@D59A0<8.1.8.2.!8AB5<0 <0T 4>72>;OB8 =0;0HBC20==O ?>;VB8: email 4;O 2EV4=8E V 28EV4=8E ;8ABV2 V =0;0HB>2C20B8 A8AB5<8 0=B8A?0<, 0=B82V@CA, DV;LB@8 :>=B5=BC, DV;LB@0 0-day.1.8.3.!8AB5<0 <0T 4>72>;OB8 AB2>@5==O @V7=8E ?>;VB8: =0 >A=>2V @V7=8E :><1V=0FV9 2V4?@02=8:V2, >45@6C20GV2, LDAP 3@C? 2V4?@02=8:V2, LDAP 3@C? >45@6C20GV2.1.8.4.!8AB5<0, I> 28:>@8AB>2CT B5E=>;>3VN 2V@BC0;L=8E H;N7V2, ?>28==0 <0B8 <>6;82VABL 70157?5G8B8 :V;L:0 20@V0=BV2 V45=B8DV:0FV9 2C7;V2, 2:;NG0NG8, 0;5 =5 >1<56CNG8 B0:5: @87=0G5==O @V7=8E IP 04@5A 2 @0<:0E >4=>3> ?@8AB@>N 4;O B>3>, I>1 ?@87=0G8B8 @V7=V V45=B8DV:0B>@8 2C7;V2 V B0:>6 2;0A=C ?>;VB8:C >1@>1:8 B@0DV:C V 3@C?8 >45@6C20GV2 (:>65= IP ?@54AB02;OT >48= 45?0@B0<5=B V >48= MX); >65= IP 2 @0<:0E >4=>3> ?@8AB@>N <>65 2V4?>2V40B8 @V7=8< SMTP 2V4?>2V44N V 10=5@>< SMTP Response and Banner; 0;0HBC20==O SMTP 10=5@0, V<5=V 2C7;0 B0 :>4C 2V4?>2V4V =0 IP 04@5AC 01> =0 3@C?C.1.8.5.!8AB5<0 <0T ?V4B@8<C20B8 :V;L:0 4><5=V2 =0 IP 04@5AC 01> 45:V;L:0 4><5=V2 =0 :V;L:0 IP 04@5A 2 @0<:0E >4=>3> email Security H;N7C.1.8.6.!8AB5<0 <0T 70157?5GC20B8 T48=89 3@0DVG=89 V=B5@D59A C?@02;V==O 7 <>6;82VABN ?5@53;O4C 2AVE ?>;VB8: 4;O ?@>AB>3> :5@C20==O.1.8.7.!8AB5<0 ?>28==0 <0B8 <>6;82VABL 70AB>A>2C20B8 ?>;VB8:8 =0 >A=>2V @V7=8E 3@C? 2V4?@02=8:V2, 2:;NG0NG8, 0;5 =5 >1<56CNG8 B0:5: '>@=V A?8A:8 ?> IP, 4><5=C 01> @5?CB0FVW; V;V A?8A:8 ?> IP, 4><5=C 01> @5?CB0FVW; !B>@>==V Realtime Blackhole list (RBLs); !B>@>==V Open Relay Blacklist (ORBLs); V;V V G>@=V A?8A:8 2V4?@02=8:V2 V >45@6C20GV2.1.8.8.!8AB5<0 ?>28==0 <0B8 <>6;82VABL 701;>:C20B8 01> >1<568B8 =51060=8E 2V4?@02=8:V2 V 287=0G8B8 V=482V4C0;L=V ?>;VB8:8 4;O 2V4?@02=8:V2 (O: 2=CB@VH=VE, B0: V 7>2=VH=VE) 70 4>?><>3>N @V7=8E <5B>4V2, 2:;NG0NG8, 0;5 =5 >1<56CNG8 B0:5: IP 2V4?@02=8:0, 4V0?07>= IP; ><5=; 5?CB0FVO; DNS A?8A>:.1.8.9.!8AB5<0 ?>28==0 <0B8 <>6;82VABL >1<56C20B8 email B@0DV: 70 IP-04@5A>N, 4><5=C, @5?CB0FVW, 04@5A>N 2V4?@02=8:0 :>=25@B0 5;5:B@>==>3> ?>2V4><;5==O 70 4>?><>3>N @V7=8E <5B>4V2, 2:;NG0NG8, 0;5 =5 >1<56CNG8 B0:5: 0:A8<0;L=0 :V;L:VABL >45@6C20GV2 =0 3>48=C; 0:A8<0;L=0 :V;L:VABL >45@6C20GV2 2 >48=8FN G0AC (=0 >A=>2V 04@5A8 2V4?@02=8:0 :>=25@B0 5;5:B@>==>3> ?>2V4><;5==O).1.8.10.!8AB5<0 <0T 28:>@8AB>2C20B8 =0;0HBC20==O 45B0;L=8E ?>;VB8: email 2:;NG0NG8, 0;5 =5 >1<56CNG8 B0:5: 5@53;O4 72>@>B=>3> DNS 4><5=C B0 ?@87=0G5==O ?>;VB8:; 0:A8<0;L=V =0;0HBC20==O ?>;VB8: 2V4?@02=8:V2; 0:A8<0;L=0 :V;L:VABL ?>2V4><;5=L =0 7'T4=0==O; 0:A8<0;L=0 :V;L:VABL >45@6C20GV2 =0 7'T4=0==O; 0:A8<0;L=89 @>7<V@ ?>2V4><;5==O; 0:A8<0;L=0 :V;L:VABL >4=>G0A=8E A5AV9 =0 IP 04@5AC; :;NG5==O TLS V >?FVW 2:;NG5==O; SMTP 02B5=B8DV:0FVO V >?FVW 2:;NG5==O.1.8.11.!8AB5<0 ?>28==0 <0B8 <>6;82VABL 74V9A=N20B8 DV;LB@0FVN ?@8T4=0=8E D09;V2 70 4>?><>3>N @V7=8E <5B>4V2, 2:;NG0NG8, 0;5 =5 >1<56CNG8 B0:5: !?@026=V9 B8? D09;C, ?>2V4><;5==O <VAB8BL D09;, B8? O:>3> 71V30TBLAO 7 H01;>=><, 0 =5 7 @>7H8@5==O<; $09;. >2V4><;5==O <VAB8BL D09;, V<'O O:>3> 71V30TBLAO 7 @53C;O@=8< 28@07><; >7H8@5==O D09;C. >2V4><;5==O <VAB8BL D09; 7 ?52=8< @>7H8@5==O<. MIME B8? - ?>2V4><;5==O <VAB8BL D09; ?52=>3> MIME B8?C.1.8.12.!8AB5<0 <0T ?@>?>=C20B8 <>6;82VABL 2V4?@02;OB8 ?>2V4><;5==O 2 :0@0=B8=, 4C1;V:0B, 28@V70B8 ?@8T4=0=V D09;8, 2V4?@028B8 ?@8E>20=C :>?VN 01> ?5@5=0?@028B8 ?>HBC =0 V=H89 E>AB 01> V=H><C >45@6C20GC, 70<V=8B8 FV;5 ?>2V4><;5==O 01> BV;L:8 ?@8T4=0=89 D09; 7 287=0G5=8< H01;>=>< ?>2V4><;5==O.1.8.13.>;VB8:8 >1@>1:8 email 2 70?@>?>=>20=><C @VH5==V ?>28==V <0B8 7<>3C ?5@52V@OB8 2V4?@02=8:0 4;O IP-04@5A8, DNS PTR V 04@5A8 2V4?@02=8:0 :>=25@B0 5;5:B@>==>3> ?>2V4><;5==O, 0 B0:>6 <0B8 B01;8FV 28=OB:V2.1.8.14.!8AB5<0 <0T ?V4B@8<C20B8 <0@H@CB870FVN LDAP, <0A:C (email NAT) LDAP, 0 B0:>6 ?5@52V@:C 04@5A 2 LDAP.1.8.15.!8AB5<0 <0T 4>72>;OB8 V=482V4C0;L=89 4>ABC? 4> @V7=8E :0@0=B8=V2 4;O @V7=8E :>@8ABC20GV2, 2:;NG0NG8 4>ABC? 4> Policy / Virus :0@0=B8=.1.8.16.!8AB5<0 ?>28==0 <0B8 <>6;82VABL =0;0HBC20==O DV;LB@V2 :>=B5=BC O: 7 GUI, B0: V 7 CLI.1.8.17.$V;LB@8 CLI ?>28==V 2:;NG0B8 45B0;L=C A:@8?B>2C <>2C, I> 4>72>;OT 04<V=VAB@0B>@0< 1C4C20B8 A:;04=V AB@C:BC@8 if-then-else.1.8.18.!8AB5<0 <0T ?V4B@8<C20B8 A;>2=8:8 7 203>28<8 :>5DVFVT=B0<8. ;O :>6=>3> >1'T:B0 2 A;>2=8:C :;VT=B <>65 287=0G8B8 B5@<V= "2030", V 287=0G8B8 3@0=8G=5 7=0G5==O A?@0FL>2C20==O 28E>4OG8 7 AC<8 203>28E :>5DVFVT=BV2.1.8.19.!8AB5<0 <0T ?V4B@8<C20B8 28O2;5==O email 0B0: 2 ?52=89 ?5@V>4 G0AC 7 ?52=>N :V;L:VABN ?>2V4><;5=L:  >4=VTW V BVTW 6 B5<>N 70 >AB0==N 3>48=C;  >4=8< V B8< 65 2V4?@02=8:>< :>=25@B0 5;5:B@>==>3> ?>2V4><;5==O 70 >AB0==N 3>48=C.1.9.8<>38 4> A8AB5<8 70E8ABC 2V4 A?0<C1.9.1.!8AB5<0 <0T DV;LB@C20B8 A?0< 70 4>?><>3>N =01>@C @V7=8E <5B>4V2, 2:;NG0NG8, 0;5 =5 >1<56CNG8, B0:V: =B53@>20=89 0=B8A?0< DV;LB@ 2 ?@8AB@V9; FHJl( r 2 4 B V v z ޹޴yoh`V`ohNhhuhu6huhu6>*huhu>* huhuhuhu5\huhu\hrhhV35 hy5hT}hymHsH hT}hyhhLx5hZehLx5 hu5hLx56\]!hO hLx56B*\]php0hZehLx56hZehLx56\]hLx hZehLxhZehLx5\HJ }["$ 2( Px 4 #\'*.25@9a$gdV3"$ 2( Px 4 #\'*.25@9a$gdy%$ 2( Px 4 #\'*.25@9da$gdLx$hd&d@&P^ha$gdLx$hd-DM ^ha$gdLx $da$gdLx > @ ,*,JwiXX d@&`gdO d`gdO d-DM `gdO  & Fd-DM ^`gdA~ d@&`gdO % 2( Px 4 #\'*.25@9`gdO "$ 2( Px 4 #\'*.25@9a$gdLx z < > @ .NP^nprt,N~$*,JLz ɳzqehet"het"6nHtHhO 6nHtHhet"het"nHtHhwGhZehLx6mH sH hLxhZehLx6hZehLx>*hZehLx6>* hZehLx hyhyhyhe hehe he5\ hLx5\hZehLx5\ hZehu huhuhuhu5>*$JLNPt } & F.d-DM ^.gdA~ @&^`gdLx d@&`gdO  @&`gdO d`gdO `gdO  d@&`gdO  d@&`gdy 04LNP4 6 r t ŴveWLWAhLx5\nHtHhj5\nHtHhohLx5\nHtH hLxB*fHphq &huhuB*fHphq )hZehLx6B*fHphq )h.2hLx6B*fHphq h]B*fHphq &h.2hLxB*fHphq huhu6PJhuhuPJh] hZehLxh]hLx5t v x %%%www d`gd6U9d$d%d&d'd(d1$@&NOPQR`gd6U $da$gd3.$ d]a$gd3. d]`gd/$d`a$gdFt v J#%*%%%%%&&f''(f)h)))***P-dzscQs@dz h6Uh6UB*PJ\phtH"h6Uh6Uh2B*PJ]phh6Uh6UB*PJ\]phh6Uh6UB*PJphtH"h6Uh6U5B*PJ\]phh6Uh6UB*PJ]phh6Uh6U5B*PJ]phh6Uh6UB*PJph h6Uh6Uh6Uh6U5B*PJph h3.h3.h3.h3.5PJ\nH"tH"$hFhF5B*PJnH"phtH"%(**-A5 d`gd6U@$ed$d%d&d'd(d1$@&NOPQR^e`a$gd6U?$ & F}d$d%d&d'd(d1$NOPQR`}a$gd6Um$>$ & F}d$d%d&d'd(d1$NOPQR`}a$gd6UP-R---p///Z0|00000161x1z1|111111R3ðҝxfxSҌB!h6Uh6UB*PJnHphtH$h6Uh6UB*PJ\nHphtH"h6Uh6U5B*PJ\]ph'h6Uh6U5B*PJ\nHphtH!h6Uh6UB*CJPJaJph$h6Uh6U5B*PJnHphtH$h6Uh6U6B*PJnHphtHh6Uh6U6B*PJphh6Uh6U5B*PJphh6Uh6UB*PJph!h6Uh6UB*PJmHphsH--n/p/Z0P:$d$d%d&d'd(d1$NOPQR`a$gd6U7d$d%d&d'd(d1$NOPQR`gd6U<$d$d%d&d'd(d1$@&NOPQR`a$gd6UZ0\0^0`0b0d0f0h0|0>$ !d$d%d&d'd(d1$NOPQR`a$gd6U:$d$d%d&d'd(d1$NOPQR`a$gd6U|0~0000nn?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U$d$If^`a$gd6U:$d$d%d&d'd(d1$NOPQR`a$gd6U000z1g((?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Ukd$$Ifl40%G!  t0%44 la"pytez1|11h)?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Ukd$$Ifl0%G!  t0%44 la"pyte111,kd$$Ifl0%G!  t0%44 la"pyte<d$$d%d&d'd(d1$IfNOPQR`gd6U113*5t6<<E$ & Fd$$d%d&d'd(d*$1$IfNOPQR^a$gd6Um$=d$$d%d&d'd(d*$1$IfNOPQR`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UR34426:6t6v66666B7D7F7T7:8<8F8`8b8d8r8:*:V:X:Z:::::;;;;0>2><>Z>\>j>>>>@@N@P@R@`@4A6A@AAAAAPCҿҟҟҿҟҰҒҟҿҒҒҰҒҿҟh6Uh6UB*PJph!h6Uh6UB*PJnHphtHh6Uh6U5B*PJph$h6Uh6U5B*PJnHphtH!h6Uh6UB*CJPJaJphh6Uh6U5B*PJphh6Uh6UB*PJph9t6v66D?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdF$$Ifl0%G! t0%44 la"yte666*kd$$Ifl0%G!  t0%44 la"pyte=d$$d%d&d'd(d*$1$IfNOPQR`gd6U66D7F7T7:82|kd$$Ifl0%G! t0%44 la"yted$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U:8<8F8D?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd$$Ifl0%G! t0%44 la"yteF8b8d8*kd$$Ifl0%G!  t0%44 la"pyte=d$$d%d&d'd(d*$1$IfNOPQR`gd6Ud8r8X:=d$$d%d&d'd(d*$1$IfNOPQR`gd6U@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6UX:Z:d:B@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6U|kdb$$Ifl0%G! t0%44 la"yted:::*kd$$Ifl0%G!  t0%44 la"pyte=d$$d%d&d'd(d*$1$IfNOPQR`gd6U::;;;0|kd$$Ifl0%G! t0%44 la"yted$*$If`gd6U@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6U;=0>2>E|kd5$$Ifl0%G! t0%44 la"yte=d$$d%d&d'd(d*$1$IfNOPQR`gd6U2><>Z>=d$$d%d&d'd(d*$1$IfNOPQR`gd6U@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6UZ>\>j>h'@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6Ukd$$Ifl0%G!  t0%44 la"pytej>>>>@q0@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6U|kd~$$Ifl0%G! t0%44 la"yted$*$If`gd6U@@(@B@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6U|kd $$Ifl0%G! t0%44 la"yte(@P@R@*kd $$Ifl0%G!  t0%44 la"pyte=d$$d%d&d'd(d*$1$IfNOPQR`gd6UR@`@4A6A@A0|kdQ $$Ifl0%G! t0%44 la"yted$*$If`gd6U@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6U@AAA*kd $$Ifl0%G!  t0%44 la"pyte=d$$d%d&d'd(d*$1$IfNOPQR`gd6UAARCTC0|kd $$Ifl0%G! t0%44 la"yted$*$If`gd6U@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6UPCRCTCbCCC6E8EFE F FFFHHHVHILIMMMRRRWWWhYjYzY[[[&^(^8^___```DbFbVbcccdddeee ggBgDgFgRgƶh6Uh6U5B*PJphh6Uh6Uh4B*PJphh6Uh6UB*PJphh6Uh6UB*PJph!h6Uh6UB*CJPJaJphh6Uh6U5B*PJph;TCbC6E8EFE F2|kd$ $$Ifl0%G! t0%44 la"yted$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U F FFFHD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd $$Ifl0%G! t0%44 la"yteFHHHVHILItJD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd $$Ifl0%G! t0%44 la"ytetJK8LMM=|kdL$$Ifl0%G! t0%44 la"yteE$ & Fd$$d%d&d'd(d*$1$IfNOPQR^a$gd6Um$MMNpPQRjjjD$ & Fd$$d%d&d'd(d*$1$IfNOPQR^a$gd6Ud$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6URRRSD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd$$Ifl0%G! t0%44 la"yteSTUWW;|kd`$$Ifl0%G! t0%44 la"yteH$ & FWd$$d%d&d'd(d*$1$IfNOPQR^`Wa$gd6UWWhYjYzY[2|kd$$Ifl0%G! t0%44 la"yted$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U[[[&^D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdt$$Ifl0%G! t0%44 la"yte&^(^8^_D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd$$Ifl0%G! t0%44 la"yte___`D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd$$Ifl0%G! t0%44 la"yte```DbD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd$$Ifl0%G! t0%44 la"yteDbFbVbcD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd$$Ifl0%G! t0%44 la"ytecccdD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd&$$Ifl0%G! t0%44 la"ytedddeD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd$$Ifl0%G! t0%44 la"yteeee gD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd:$$Ifl0%G! t0%44 la"yte gggDgD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd$$Ifl0%G! t0%44 la"yteDgFgTgh)?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UkdN$$Ifl0%G!  t0%44 la"pyteRgTghhhhiii k kkooopppqqqvtxttvvvyyyX}Z}j}ҀԀ "2ƄȄ؄†ĆԆ@BRhjlz0ҥUh6Uh6U5B*PJphh6Uh6UB*PJph!h6Uh6UB*CJPJaJphh6Uh6U5B*PJphh6Uh6UB*PJph!h6Uh6UB*PJnHphtH@Tghhhiq2?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd $$Ifl0%G! t0%44 la"yted$*$If`gd6Uiii kD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd$$Ifl0%G! t0%44 la"yte k kkdlD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd!$$Ifl0%G! t0%44 la"ytedlnnoo;|kd$$Ifl0%G! t0%44 la"yteH$ & FWd$$d%d&d'd(d*$1$IfNOPQR^`Wa$gd6Uoopppq2|kd5$$Ifl0%G! t0%44 la"yted$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UqqqrD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd$$Ifl0%G! t0%44 la"ytersnsstvtxt;|kdI$$Ifl0%G! t0%44 la"yteH$ & FWd$$d%d&d'd(d*$1$IfNOPQR^`Wa$gd6UxttNvvvvvffffH$ & FWd$$d%d&d'd(d*$1$IfNOPQR^`Wa$gd6Ud$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UvvvtxD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd$$Ifl0%G! t0%44 la"ytetxxyy;|kd]$$Ifl0%G! t0%44 la"yteH$ & FWd$$d%d&d'd(d*$1$IfNOPQR^`Wa$gd6UyyzzZ{{|^|| }X}ffffffffH$ & FWd$$d%d&d'd(d*$1$IfNOPQR^`Wa$gd6Ud$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U X}Z}j}z~D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd$$Ifl0%G! t0%44 la"ytez~DbҀԀ;|kdq$$Ifl0%G! t0%44 la"yteH$ & FWd$$d%d&d'd(d*$1$IfNOPQR^`Wa$gd6UԀ "2Ƅ2|kd$$Ifl0%G! t0%44 la"yted$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UƄȄ؄D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd$$Ifl0%G! t0%44 la"yte†D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd$$Ifl0%G! t0%44 la"yte†ĆԆD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd$$Ifl0%G! t0%44 la"yteD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd#$$Ifl0%G! t0%44 la"yte@D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd$$Ifl0%G! t0%44 la"yte@BRD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd7$$Ifl0%G! t0%44 la"yten;|kd$$Ifl0%G! t0%44 la"yteH$ & FWd$$d%d&d'd(d*$1$IfNOPQR^`Wa$gd6U"jd$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Ujlzh)?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UkdK $$Ifl0%G!  t0%44 la"pytezB1t12223H$ & FWd$$d%d&d'd(d*$1$IfNOPQR^`Wa$gd6Ud$*$If`gd6U2>@V2=5289 ?V4EV4 4> DV;LB@0FVW A?0<C 7 @5?CB0FV9=8< DV;LB@>< 2 O:>ABV ?5@H>3> @V2=O V :>=B5=B=8< 0=B8A?0<-DV;LB@>< 2 O:>ABV 4@C3>3> @V2=O; V4B@8<:0 1V;LH =V6 >4=>3> 0=B8A?0< DV;LB@0; 0;0HBC20==O @V7=8E ?>;VB8: 70E8ABC 2V4 A?0<C 4;O @V7=8E :>@8ABC20GV2; "5E=>;>3VO @5?CB0FV9=>W DV;LB@0FVW (Sender IP / domain) =0 >4=><C ?@8AB@>W; "5E=>;>3VO 28O2;5==O :>=B5=BC =0 >A=>2V :>=B5=BC; "5E=>;>3VO 040?B82=>3> =02G0==O 4;O 5D5:B82=>3> 70E8ABC 2V4 Snowshoe A?0<C.1.9.2.!8AB5<0 <0T 1CB8 ?>2=VABN V=B53@>20=0 @07>< V7 !8AB5<>N 70E8ABC 5;5:B@>==>W ?>HB8 2 T48=5 ?@>3@0<=5 @VH5==O.1.9.3."5E=>;>3VO 3;>10;L=>W @5?CB0FV9=>W DV;LB@0FVW ?>28==0 <0B8 <>6;82VABL 1;>:C20B8 2V4?@02=8:0 =0 5B0?V ?V4:;NG5==O 157 7020=B065==O V 0=0;V7C ?>2=>3> ;8AB0 ?5@54 287=0G5==O< @5?CB0FVW 2V4?@02=8:0.1.9.4. 5?CB0FVO 2V4?@02=8:0 ?>28==0 :5HC20B8AO ?52=89 G0A.1.9.5.!8AB5<0 ?>28==0 <0B8 @5?CB0FV9=C DV;LB@0FVN.1.9.6.!8AB5<0 ?>28==0 <0B8 <>6;82VABL >=>2;N20B8 ?@028;0 0=B8A?0< =5 @V4H5 =V6 1 @07 C 5 E28;8=.1.9.7.!8AB5<0 <0T 28O2;OB8 A?0< 2 7>1@065==OE, ?@8 FL><C =5 ?>28==> 28:>@8AB>2C20B8AO @5AC@A=><VAB:5 @>7?V7=020==O 7>1@065=L. /:I>  4;O @>7?V7=0==O 7>1@065=L =5 T G0AB8=>N A8AB5<8, B> 4>40B:>25  B0 ;VF5=7VW ?>28==V 2E>48B8 4> ?>AB02:8.1.9.8.!8AB5<0 ?>28==0 <0B8 <>6;82VABL 7<V=8 ?>;VB8: 2 @50;L=><C G0AV =0 >A=>2V 4><5=C, IP 04@5A8 V >=>2;N20B8 ?>;VB8:8 2 @50;L=><C G0AV 4;O 1;>:C20==O/>1<56C20==O =51060=8E 2V4?@02=8:V2.1.9.9.!8AB5<0 ?>28==0 <0B8 <>6;82VABL 04<V=VAB@C20==O 7 <V=V<0;L=8<8 7CA8;;O<8 157 ?>ABV9=>3> ?V4AB@>N20==O 01> ?V43>=:8 ?@028;, AB2>@5==O 0=B8A?0< ?@028; 2@CG=C B>I>.1.9.10.!8AB5<0 ?>28==0 <0B8 A?5FV0;V7>20=89 :0@0=B8= 4;O A?0<C V 70157?5GC20B8 V=482V4C0;L=89 :>=B@>;L 4>ABC?C :>@8ABC20GV2 4> FL>3> :0@0=B8=C.1.9.11.!8AB5<0 <0T 70157?5GC20B8 A?8A:8, I> =0;0HB>2CNBLAO :>@8ABC20G5<. Safelist/Blocklist. >65= :>@8ABC20G ?>28=5= <0B8 <>6;82VABL V=482V4C0;L=> C?@02;OB8 A2>W< A?8A:><.1.9.12. VH5==O Spam Quarantine <0T :>=A>;V4C20B8 A?0<-;8AB8 4;O :>@8ABC20GV2, O:V <0NBL :V;L:0 email 04@5A.1.9.13.!8AB5<0 <0T ?V4B@8<C20B8 O: ;>:0;L=V (=0 >:@5<8E ?@8AB@>OE), B0: V 3;>10;L=89 (4;O 45:V;L:>E ?@8AB@>W2) 0=B8-A?0< :0@0=B8=.1.9.14.!8AB5<0 <0T @53C;O@=> 2V4?@02;OB8 ?>2V4><;5==O :>@8ABC20G0< ?@8 ?>?040==V ;8ABV2 2 A?0<-:0@0=B8=.1.9.15.<VAB ?>2V4><;5==O ?>28=5= =0;0HB>2C20B8AO.1.9.16.# =>B8DV:0FVW ?>28==0 <VAB8B8AO ?>A8;0==O =0 ;8AB8 2 :0@0=B8=V.1.9.17.# ?@>?>=>20=><C @VH5==V ?>28==V 1CB8 ?;03V=8 4;O ?>?C;O@=8E groupware @VH5=L (MS Outlook B0 V=H.). &V ?;03V=8 ?>28==V ?V4B@8<C20B8 @>7A8;:C 72VBV2 ?@> ?@>?CI5=89 A?0<, ?><8;:>2V A?@0FL>2C20==O, DVH8=3 V 2V@CA8.1.9.18.!8AB5<0 <0T ?V4B@8<C20B8 4>40B:>2V <>28 4;O End User Spam Quarantine. >:@5<0, <0T 1CB8 ?@8ACB=O >1>2'O7:>20 ?V4B@8<:0 C:@0W=AL:>W 01> @>AV9AL:>W <>28.1.10.$C=:FV>=0; =B82V@CAC B0 =B8-malware1.10.1. VH5==O ?>28==> <0B8 DC=:FV>=0; A:0=C20==O =0 2V@CA8 V=B53@>20=89 2 ?@8AB@V9.1.10.2.!8AB5<0 <0T ?V4B@8<C20B8 1V;LH =V6 >48= 0=B82V@CA=89 <5E0=V7< V :>6=5 ?>2V4><;5==O <0T A:0=C20B8AO 45:V;L:><0 <5E0=V7<0<8. 1.10.3.!8AB5<0 <0T 70157?5GC20B8 70E8AB 2V4 0B0: 0-day 4;O B>3>, I>1 701;>:C20B8 FV;L>2V email 0B0:8 =0 4>40B>: 4> 0-day 2V@CA=8< 0B0:0<.1.10.4.!8AB5<0 <0T 70157?5GC20B8 48=0<VG=89 :0@0=B8=, :C48 2V4?@02;ONBLAO ?V4>7@V;V =0 2V@CA ?>2V4><;5==O 4> B8E ?V@, ?>:8 =5 7'O28BLAO ?V4B25@465=0 A83=0BC@0 01> ?>:8 =5 70:V=G8BLAO <0:A8<0;L=89 G0A 715@V30==O ?>2V4><;5=L.1.10.5.!8AB5<0 ?>28==0 <0B8 <>6;82VABL 7020=B06C20B8 A83=0BC@8 02B><0B8G=> 70 @>7:;04><.1.10.6.!8AB5<0 <0T A:0=C20B8 AB8A;V V 0@EV2=V D09;8.1.10.7.!8AB5<0 <0T 70157?5GC20B8 70E8AB 2V4 ?>H8@N20=>3> A?0<C, DVH8=3C, 0B0: 0-day V 70?>1V30B8 :>@8ABC20GV2 2V4 7020=B065==O malware 01> ?>H8@5==O 206;82>W V=D>@<0FVW.1.10.8.$V;LB@ 70E8ABC 2V4 0B0: 0-day ?>28=5= ?5@570?8AC20B8 URL 2 ?>2V4><;5==OE 4;O B>3>, I>1 70E8AB8B8 :;VT=BV2 2V4 2V42V4C20==O H:V4;828E 251-2C7;V2 V 4>4020==O ?>2V4><;5=L ?@> H:V4;82VABL ?>A8;0==O.1.10.9.!8AB5<0 <0T V45=B8DV:C20B8 D09;>2V 703@>78 C 2EV4=8E ?>2V4><;5==OE =0 >A=>2V @5?CB0FVW D09;C, 0=0;V7C D09;C 01> 6 7<V=8 25@48:BC.1.10.10. VH5==O ?>28==> ?V4B@8<C20B8 287=0G5==O @5?CB0FVW URL 2 ;8AB0E V :0B53>@VW URL 2 ;8AB0E.1.10.11.!8AB5<0 ?>28==0 <0B8 <>6;82VABL 28O2;5==O >DVA=8E 4>:C<5=BV2 ?>?C;O@=8E D>@<0BV2 (MS Office ole B0 xml) 70 <0:@>A0<8 B0 287=0G5==O 4;O =8E >:@5<8E ?@028; >1@>1:8.1.11.$C=:FV>=0; 04<V=VAB@C20==O1.11.1.!8AB5<0 ?>28==0 <0B8 <>6;82VABL =040==O =01>@C 72VBV2 V 6C@=0;V2, 2:;NG0NG8, 0;5 =5 >1<56CNG8 B0:5: @0DVG=89 <>=VB>@ 2EV4=>W B0 28EV4=>W ?>HB8 70 >AB0==N 3>48=C, 45=L, B8645=L, <VAOFL; !?8A>: >1@>1:8 email; 2VB8 ?>B>:V2 email (A?8A>: 2AVE ?>2V4><;5=L =0 :>=:@5B=>3> >45@6C20G0 70 ?52=89 ?5@V>4 G0AC 7 45B0;O<8, O: ?@89<0;>AO V >1@>1;O;>AO ?>2V4><;5==O); !B0B8AB8:0 email V ?@>?CA:=0 740B=VABL; @0DV: ?@>?CA:=>W 740B=>ABV A8AB5<8 4;O A5@54=L>3> B0 <0:A8<0;L=>3> :V;L:>ABV ?>2V4><;5=L 2 G5@7V, 7030;L=0 :V;L:VABL 2EV4=8E 7'T4=0=L V ?>2V4><;5=L, A5@54=O :V;L:VABL ?>2V4><;5=L, A5@54=V9 @>7<V@ ?>2V4><;5=L V 7030;L=89 @>7<V@ ?>2V4><;5=L, 7020=B065==O A8AB5<8 2 FV;><C V ?> ?@>F5A0E, V <>6;82VABL VT@0@EVG=>3> ?5@53;O4C 2AVE 28I5 ?5@5;VG5=8E 72VBV2.1.11.2.!8AB5<0 <0T ?V4B@8<C20B8 :V;L:0 DNS A5@25@V2 7 @V7=8<8 <5B>40<8, 2:;NG0NG8, 0;5 =5 >1<56CNG8 B0:5: V4B@8<:0 O: Internet Root DNS B0: V ;>:0;L=8E DNS A5@25@V2; V4B@8<:0 45:V;L:>E DNS A5@25@V2 2V4?>2V4=> 4> ?@87=0G5==O 4><5=C.1.11.3. VH5==O ?>28==> 70157?5GC20B8 <>6;82VABL F5=B@0;V7>20=>3> 2V4AB565==O ?>2V4><;5=L 4;O 42>E 01> 1V;LH5 ?@8AB@>W2 7 28:>@8AB0==O< @V7=8E :@8B5@VW2 ?>HC:C (2V4?@02=8:, >B@8<C20G, G0A, @5?CB0FVO, @57C;LB0B8 @>1>B8 DV;LB@V2 V B.4.).1.11.4.!8AB5<0 ?>28==0 <0B8 <>6;82VABL ?>1C4>28 F5=B@0;V7>20=8E 72VBV2, 2:;NG0NG8, 0;5 =5 >1<56CNG8 B0:5: &5=B@0;V7>20=V 72VB8 4;O 45:V;L:>E ?@8AB@>W2; 2VB 4;O 2AVE ?>2V4><;5=L 01> 4;O 3@C?8 4><5=V2; 2VB 70 >1AO3>< ?>HB8 4;O :>@8ABC20GV2 (top n >45@6C20GV2 4;O A?0<C, 2V@CAV2, 7030;L=>W :V;L:>ABV ?>HB8, @>7<V@>< ?>2V4><;5=L); 2VB ?@> >1AO3 ?>HB8 4;O 4><5=C (top 2EV4=>W B0 28EV4=>W ?>HB8 4;O 4><5=C, A?0<C V 2V@CAV2); 2VB ?@> ?>@CH5==O ?>;VB8: 01> :>=B5=B=><C DV;LB@C; 2VB ?@> 5D5:B82=VABL Outbreak; 2VB ?@> 2EV4=V B0 28EV4=V 2V@CA8.1.11.5.!8AB5<0 <0T 70157?5GC20B8 ?>2=V VAB>@8G=V 45B0;V ?@> ?>2V4><;5==O 2 ?>HC:C. >28==0 ?@54 O2;OB8AO ?>2=0 V=D>@<0FVO ?@> ?>2V4><;5==O, 2:;NG0NG8 IP 04@5A0, @5?CB0FVN A8AB5<8-2V4?@02=8:0, @57C;LB0B8 A:0=C20==O =0 A?0<, 2V@CA8 V B.4.1.11.6.!8AB5<0 <0T 70157?5GC20B8 72VB8, 4>ABC?=V O: 2 HTLM, B0: V 2 PDF V CSV D>@<0B0E.1.11.7.!8AB5<0 <0T 70157?5GC20B8 <>=VB>@8=3 A8AB5<8 70 4>?><>3>N =0ABC?=>3> ?@>B>:>;V2: SNMP v2 / v3; MIB-II; XML; Syslog.1.11.8.!8AB5<0 <0T =04A8;0B8 ?>?5@5465==O C 283;O4V SNMP V email ?>?5@5465=L1.11.9.!8AB5<0 ?>28==0 <0B8 V=B5@D59A8 HTTPS, SSH V ?>A;V4>2=C :>=A>;L.1.11.10.!8AB5<0 ?>28==0 <0B8 DC=:FV>=0; F5=B@0;V7>20=>3> C?@02;V==O 21C4>20=89 2 :>=A>;L 7 <>6;82VABN C?@02;V==O 45:V;L:><0 ?@8AB@>O<8 2 @568<V peer2peer V A8=E@>=V70FVTN :>=DV3C@0FVW ?> 2AV9 !8AB5<V.1.11.11.!8AB5<0 ?>28==0 <0B8 @V7=V <5B>48 >=>2;5=L, 2:;NG0NG8, 0;5 =5 >1<56CNG8, =0ABC?=5: !8AB5<=V >=>2;5==O.  <>6;82VABN 2V4=>2;5==O ?>HB>28E A5@2VAV2 ?@>BO3>< =5 1V;LH5 5 E28;8=; =>2;5==O 0=B8A?0< <5E0=V7<C; =>2;5==O 0=B82V@CAC; 2B><0B8G=V >=>2;5==O Outbreak (0-day 2V@CAV2).1.11.12.!8AB5<0 ?>28==0 <0B8 21C4>20=89 DC=:FV>=0; ?V4B@8<:8 G5@57 :>=A>;L V G5@57 GUI 7 <>6;82VABN 2V4?@02:8 45B0;L=>W V=D>@<0FVW 2 A;C61C B5E=VG=>W ?V4B@8<:8.1.11.13.!8AB5<0 <0T 2:;NG0B8 <>6;82VABL ?>25@=5==O 107>2>W ! =0 ?>?5@54=N 25@AVN 2 @07V =5240;>3> >=>2;5==O.1.11.14.!8AB5<0 ?>28==0 <0B8 DC=:FV>=0; 45;53>20=>3> 04<V=VAB@C20==O 7 3=CG:8< :>=B@>;5< :>@8ABC20GV2 V ?@87=0G5=8E 4;O :>@8ABC20G0 @>;59.1.11.15.!8AB5<0 <0T >1>2'O7:>2> ?V4B@8<C20B8 3@0DVG=89 V=B5@D59A C:@0W=AL:>N 01> @>AV9AL:>N <>2>N.1.12.>=B@>;L 4>AB02:81.12.1.!8AB5<0 ?>28==0 <0B8 <>6;82VABL :>=B@>;N20B8 28EV4=89 ?>BV: email ?> IP / 4><5=C 7 @V7=8<8 G5@30<8 =0 4><5= ?@87=0G5==O.1.12.2.!8AB5<0 ?>28==0 <0B8 <>6;82VABL :>=B@>;N ?5@540GV email ?> 4><5=C B0 :>=B@>;N A5AVW.1.12.3. VH5==O ?>28==> <0B8 <>6;82VABL <>48DV:C20B8 ?>2V4><;5==O, 4>4020B8 ?V4?8A 01> 703>;>2>:, 7<V=N20B8 B5<C 01> 4>4020B8 703>;>2:8.1.12.4.!8AB5<0 ?>28==0 <0B8 <>6;82VABL O: ?5@52V@:8, B0: V ?V4?8AC ?>2V4><;5=L 2V4?>2V4=> 4> AB0=40@BC DomainKey Identified Mail (DKIM), 2:;NG0NG8, 0;5 =5 >1<56CNG8, B0:5: V4?8A 28EV4=8E ?>2V4><;5=L 70 4>?><>3>N DKIM; 5@52V@:0 2EV4=8E ?>2V4><;5=L 70 4>?><>3>N DKIM.1.12.5.!8AB5<0 ?>28==0 <0B8 ?>28=5= <0B8 <>6;82VABL 28:>=C20B8 @V7=V ?@>DV;V @>1>B8 ?>2V4><;5=L-@8:>H5BV2 =0 >A=>2V 4><5=C.1.12.6.!8AB5<0 <0T ?V4B@8<C20B8 SMTP 02B5=B8DV:0FVN.1.12.7.!8AB5<0 <0T ?V4B@8<C20B8 =0AB@>9:8 SMTP TLS =0 >A=>2V =0;0HBC20=L :>=B5=B=>3> DV;LB@C.1.12.8.!8AB5<0 <0T ?V4B@8<C20B8 SPF (Sender Policy Framework Verification) V SIDF (Sender ID Framework). SPF V SIDF - F5 <5B>48 4;O ?5@52V@:8 02B5=B8G=>ABV email =0 107V DNS 70?8AV2.1.13.70T<>4VO 7 V=H8<8 @VH5==O<81.13.1.!8AB5<0 <0T ?V4B@8<C20B8 V=B53@0FVN 2V4 28@>1=8:0 7 ;>:0;L=8<8 A8AB5<0<8 B8?C Sandbox AB>@>==VE 28@>1=8:V2.1.13.2.!8AB5<0 ?>28==0 <0B8 <>6;82VABL >B@8<0==O V=48:0B>@V2 :><?@><5B0FVW 2V4 AB>@>==VE ?>AB0G0;L=8:V2, 7>:@5<0 VirusTotal, B0 270T<>4VOB8 7 A8AB5<0<8 @>7A;V4C20==O B0 @503C20==O :V15@ V=F845=BV2.1.14.8A=>2:8 =570;56=8E 5:A?5@BV21.14.1.8@>1=8: 70?@>?>=>20=>3>  <0T 2>;>4VB8 AB0BCA>< Leader 73V4=> 7 Gartner Magic Quadrant for Secure email Gateways 70 >AB0==V 3 @>:8.1.15.8<>38 4> DLP1.15.1!8AB5<0 ?>28==0 <0B8 =5 <5=H5 100 21C4>20=8E ?>;VB8:. >28==0 1CB8 <>6;82VABL 28:>@8AB>2C20B8 21C4>20=V ?>;VB8:8 O: >A=>2C 4;O ?>1C4>28 2;0A=8E ?>;VB8:. >6;82VABL =0;0HBC20==O 02B><0B8G=8E @50:FV9 C 283;O4V =>BVDV:0FV9, ?V4?8AV2, H8D@C20==O ;8AB0, =0?@02;5==O 4> :0@0=B8=C.1.16.0@0=BV9=89 B5@<V= B0 @>7H8@5=0 30@0=BVO1.16.1.!8AB5<0 <0T 70157?5GC20B8AL @>7H8@5=>N 30@0=BVTN 2V4 28@>1=8:0 AB@>:>< =5 <5=H =V6 =0 12 <VAOFV2.1.16.2.#<>28 @>7H8@5=>W 30@0=BVW ?>28==V 2:;NG0B8 2 A515: <>6;82VABL @5TAB@0FVW A5@2VA=8E 28?04:V2 2 @568<V 24E7E365, >=>2;5==O <V:@>:>4C A8AB5<8 V 25@AV9 2AB0=>2;5=>3> ?@>3@0<=>3> 70157?5G5==O; >B@8<0==O 0:BC0;L=8E @5?CB0FV9=8E 107, 107 465@5; A?0<C, 2V@CAV2 B0 2AVE =5>1EV4=8E >=>2;5=L 2V4 28@>1=8:0; >B@8<0==O >A=>2=8E B0 ?@><V6=8E @5;V7V2 ?@>3@0<=>3> 70157?5G5==O G5@57 A09B 28@>1=8:0, CB@8<0==O ?@>3@0<=8E :>4V2 C 0:BC0;L=><C AB0=V 2V4?>2V4=> 4> @5:><5=40FV9 28@>1=8:0, 2 B><C G8A;V <V:@>:>4V2 ?@8AB@>W2; =040==O :>=AC;LB0FV9 ?> B5;5D>=C, 5;5:B@>==V9 ?>HBV B0 =0 A09BV ?V4B@8<:8 28@>1=8:0 ?> ?8B0==OE CAB0=>2:8, :>=DV3C@C20==O V 5:A?;C0B0FVW >1;04=0==O 7 ?>=54V;:0 ?> =54V;N 7 00.00 4> 24.00 3>48= FV;>4>1>2>; ?>ABV9=89 (24E7) 02B>@87>20=89 4>ABC? 4> A09BC 28@>1=8:0.2.8<>38 4> !8AB5<8 28O2;5==O B0 0=0;V7C A:;04=8E 703@>7 (40;V  !8AB5<0)2.1.$C=:FV>=0; 0=0;V7C D09;V2 McAfee Virtual Advanced Threat Defense Appliance2.1.1.B@8<0==O D09;V2 =0 ?5@52V@:C ?>28==> 74V9A=N20B8AO O: 2 02B><0B8G=><C, B0: V 2 @CG=><C @568<V.2.1.2.!8AB5<0 ?>28==0 <0B8 <>6;82VABL HB0B=8< DC=:FV>=0;>< >@30=V7C20B8 02B><0B87>20=5 >B@8<0==O D09;V2 =0 ?5@52V@:C C 7030;L=C B5:C >4=>3> <5@5652>3> A53<5=BC B0 ?5@5<VI5==O ?5@52V@5=8E D09;V2 B0 72VBV2 C V=HC 7030;L=C B5:C V=H>3> <5@5652>3> A53<5=BC.2.1.3.5@52V@:0 D09;V2 ?>28==0 74V9A=N20B8 287=0G5==O WE @5?CB0FVW V :;0AC.2.1.4.!8AB5<0 ?>28==0 <0B8 DC=:FV>=0; O: 48=0<VG=>3> (70?CA: D09;C 2 70E8I5=V9 2V@BC0;L=><C A5@54>28IV), B0: V AB0B8G=>3> 0=0;V7C :>4C (?5@52V@:0 ?> A83=0BC@0<, ?5@52V@:0 :>=B@>;L=>W AC<8 ?> E<0@=V9 107V @5?CB0FV9).2.1.5.!8AB5<0 ?>28==0 <0B8 <>6;82VABL =0;0HBC20==O :>=DV3C@0FV9 =5 <5=H5 32 2V@BC0;L=8E <0H8= 4;O 0=0;V7C 7 >?5@0FV9=8<8 A8AB5<0<8, 2:070=8<8 2 @>74V;V V4B@8<:0 >?5@0FV9=8E A8AB5< (4;O 0=0;V7C/5<C;OFVW).2.1.6.4<V=VAB@0B>@ A8AB5<8 ?>28=5= <0B8 <>6;82VABL 7<V=8 :>=DV3C@0FV9 2V@BC0;L=8E <0H8= =0 O:8E 2 ?>40;LH><C 1C45 74V9A=N20B8AO ?5@52V@:0.2.1.7.!8AB5<0 ?>28==0 <0B8 DC=:FV>=0; >B@8<0==O @57C;LB0BC 0=0;V7C 703@>78 2 @>73>@=CB><C 283;O4V (72VBC), I> 2:;NG0T 2 A515 <0@:5@8 :><?@><5B0FVW.2.1.8. 57C;LB0B8 ?5@52V@:8 D09;V2 (@5?CB0FVW) ?>28==V 70=>A8B8AO 2 ;>:0;L=89 A5@25@ @5?CB0FV9, O:89 ?>28=5= <0B8 7<>3C C @568<V H8=8 ?5@540GV 40=8E >1<V=N20B8AL V=D>@<0FVTN ?@> =>2V 703@>78 7 V=H8<8 5;5<5=B0<8 A8AB5<8 70E8ABC.2.1.9.@8 ?5@52V@FV D09;C 2 @CG=><C @568<V 04<V=VAB@0B>@ A8AB5<8 ?>28=5= <0B8 <>6;82VABL ?5@53;O4C ?@>F5AC ?5@52V@:8 =0 2V@BC0;L=V9 <0H8=V 2 @568<V @50;L=>3> G0AC B0 2?;820B8 =0 ?@>F5A ?5@52V@:8.2.1.10!8AB5<0 ?>28==0 <0B8 DC=:FV>=0; ?>1C4>28 0=0;VB8G=8E 72VBV2 (forensic): 3@0DVG=8E 72VBV2, I> V;NAB@CNBL 72V4:8 ?@89H;> 70@065==O (D09;, <5@560, 5;5:B@>==0 ?>HB0 V B.4.), >7=0:8 V=D5:FVW, O:V H:V4;82V 5;5<5=B8 70?CA:0;8AO, 4> O:8E 40=8E 1C;> 74V9A=5=> 4>ABC?, O:V ?@>F5A8 1C;8 704VO=V, O: H:V4;825  @>7?>2AN46C20;>AO ?> <5@56V, @V25=L @878:C V B.4.2.1.11.!8AB5<0 ?>28==0 <0B8 <>6;82VABL >B@8<0==O >@83V=0;L=8E 7@07:V2 D09;V2 4;O ?>40;LH>3> 0=0;V7C.2.1.12.!8AB5<0 ?>28==0 <0B8 <>6;82VABL 4>4020==O 2;0A=>@CG AB2>@5=8E Yara-?@028;.2.1.13.!8AB5<0 ?>28==0 <0B8 <>6;82VABL 2:;NG5==O 01> 2V4:;NG5==O DC=:FV>=0;C I>4> >B@8<0==O @5?CB0FVW D09;V2 7 7>2=VH=L>3> A5@2VAC 28@>1=8:0.2.1.14.!8AB5<0 ?>28==0 <0B8 DC=:FV>=0; 715@V30==O 2 ;>:0;L=V9 107V 40=8E V=48:0B>@V2 :><?@><5B0FVW 4;O 28:>@8AB0==O WE 2 <091CB=VE 0=0;V70E.2.2.70T<>4VO 7 V=H8<8 @VH5==O<82.2.1.!8AB5<0 ?>28==0 <0B8 <>6;82VABL ?5@540GV V=D>@<0FVW ?@> =>2V 703@>78 4> A8AB5<8 C?@02;V==O V=D>@<0FVTN ?@> 157?5:C B0 V=F845=B0<8 V=D>@<0FV9=>W 157?5:8 (SIEM); 2.2.2.!8AB5<0 ?>28==0 <0B8 <>6;82VABL 02B><0B8G=>3> >B@8<0==O D09;V2 7 70?@>?>=>20=>N !8AB5<>N 70E8ABC 5;5:B@>==>W ?>HB8 (28<>38 =02545=V C ?.1) B0 Microsoft Exchange 4;O 0=0;V7C 7 ?>40;LH8< 1;>:C20==O< ;8AB0 2 @07V 28O2;5==O 703@>78.2.2.3.!8AB5<0 ?>28==0 <0B8 <>6;82VABL V=B53@0FVW B0 02B><0B8G=>3> >=>2;5==O V=D>@<0FVW ?@> 703@>78 7 <V6<5@56528< 5:@0=>< Palo Alto PA-3050, I> 28:>@8AB>2CT 0<>2=8:. 2.2.4.!8AB5<0 ?>28==0 <0B8 <>6;82VABL 02B><0B8G=>3> >B@8<0==O D09;V2 7 ?>HB>2>3> A5@25@C (MTA).2.2.5.!8AB5<0 ?>28==0 <0B8 <>6;82VABL ?5@540GV <0@:5@V2 :><?@><5B0FVW (IoC) 4> A8AB5<8 C?@02;V==O V=D>@<0FVTN ?@> 157?5:C B0 V=F845=B0<8 V=D>@<0FV9=>W 157?5:8 (SIEM). 2.3.V4B@8<:0 >?5@0FV9=8E A8AB5<2.3.1.>6;82VABL 5<C;OFVW 70?CA:C D09;V2 =0 =0ABC?=8E >?5@0FV9=8E A8AB5<0E: Windows: XP SP2, SP3; 7  10; Server 2003 SP1  2016, Android: 2.3 B0 28I5;2.3.2.V4A8AB5<0 <0T ?V4B@8<C20B8 @>73>@B0==O C 2V@BC0;L=><C A5@54>28IV 25@AVW VMware 5.5 V 28I5, B0 Microsoft Hyper-V. II. 8<>38 4> ?>A;C3 V7 2?@>20465==O C @07V ?>AB0G0==O 5:2V20;5=B=>3> @VH5==O  @0<:0E 2?@>20465==O @>3@0<=>3> :><?;5:AC 70E8ABC 5;5:B@>==>W ?>HB8 8:>=025FL ?>28=5= =040B8 =0ABC?=V ?>A;C38 =02545=V 2 "01;8FV 2: "01;8FO 2 ! ?\?8<>38 0<>2=8:01. >73>@B0==O ><?;5:AC1.1.  >73>@B0==O V ?>G0B:>25 :>=DV3C@C20==O ?V4A8AB5< ><?;5:AC =0 <0940=G8:C 0<>2=8:0.1.2.!B2>@5==O 2V@BC0;L=8E >1@07V2 VA=CNG8E ! 0<>2=8:0.1.3.70T<=0 V=B53@0FVO ?V4A8AB5< ><?;5:AC.1.4.=B53@0FVO 7 ;>:0;L=8< A5@25@>< @5?CB0FV9.1.5.=B53@0FVO 7 <V6<5@56528< 5:@0=>< Palo Alto PA-3050.1.6.=B53@0FVO 7 SIEM-A8AB5<>N.1.7.=B53@0FVO 7 A8AB5<>N Cisco ISE1.8.0;0HBC20==O A8AB5<8 ?5@52V@:8 B0 ?5@5<VI5==O D09;V2 7 7030;L=>W B5:8 >4=>3> A53<5=B0 <5@56V 2 7030;L=C B5:C V=H>3> A53<5=B0 <5@56V.1.9.  >7@>1:0 4>:C<5=B0FVW: V=AB@C:FVO 04<V=VAB@0B>@0; V=AB@C:FVO :>@8ABC20G0; ?0A?>@B A8AB5<8; ?@>3@0<0 V <5B>48:0 B5ABC20==O.1.10.@>2545==O ?>?5@54=VE 28?@>1C20=L A8AB5<8.2. 2545==O 2 5:A?;C0B0FVN2.1.V43>B>2:0 B0 2V4?@02;5==O A5@VW B5AB>28E DVH8=3>28E ;8ABV2 7 @V7=8< 7;>2<8A=8< =020=B065==O<: ;5:B@>==V ;8AB8 7 ?>A8;0==O<8 =0 :>=B@>;L>20=C DVH8=3>2C AB>@V=:C; ;5:B@>==V ;8AB8 A 2:;045=8<8 5:A?;>9B0<8; 51-AB>@V=:8 7 21C4>20=8<8 5:A?;>9B0<8; 51-AB>@V=:8 A 21C4>20=8<8 0B0:CNG8<8 <>4C;O<8 O:V 02B><0B8G=> ?V418@0NBL 5:A?;>9B8 4;O 0B0:8 =0 1@0C75@; Portable D09;8 7 21C4>20=8<8 5:A?;>9B0<8; 2.2. 0;0HBC20==O B0 0=0;V7 @>1>B8 ><?;5:AC C @568<V A?0< DV;LB@0FVW;2.3. #AC=5==O 70C2065=L 70 @57C;LB0B0<8 4>A;V4=>W 5:A?;C0B0FVW;2.4.@>2545==O ?@89<0;L=8E 28?@>1C20=L ><?;5:AC V 740G0 2 ?@><8A;>2C 5:A?;C0B0FVN. 2.5. >1>B8 7 <V3@0FVW @VH5==O.3. V43>B>2:0 :>@8ABC20GV23.1.@>2>48BLAO V=AB@C:B06V :>@8ABC20GV2 0<>2=8:0 70 B0:8<8 =0?@O<:0<8: A=>28 @>1>B8 7 ><?;5:A><  =5 <5=H5 1 4=V2; >1>B0 04<V=VAB@0B>@0 ><?;5:AC  =5 <5=H5 2 4=V2; >=DV3C@0FVO ><?;5:AC  =5 <5=H5 2 4=V2.3.2.=AB@C:B06V 4;O :>@8ABC20GV2 ?>28==V ?@>2>48B8AO A?5FV0;VAB><, A5@B8DV:>20=8< 28@>1=8:>< ?@>3@0<=>3> 70157?5G5==O. 0@BVABL ?>A;C3 7 2AB0=>2;5==O B0 =0;0HBC20==O (?V43>B>2:0 :>@8ABC20GV2) 2:;NG5=> 4> 20@B>ABV ?@54<5B0 70:C?V2;V. "5E=VG=V, O:VA=V B0 :V;L:VA=V E0@0:B5@8AB8:8 ?@54<5BC 70:C?V2;V, 2:070=V 0<8 C FV9 B5=45@=V9 ?@>?>78FVW, ?>2=VABN 2V4?>2V40NBL =5>1EV4=8< 0<>2=8:C B5E=VG=8<, O:VA=8< B0 :V;L:VA=8< E0@0:B5@8AB8:0< ?@54<5BC 70:C?V2;V, 28:;045=8< 0<>2=8:>< C >40B:C 1 4> B5=45@=>W 4>:C<5=B0FVW. V4 CG0A=8:0 ?V4?8A02: ___________ ____________ (?>A040) (...)     033333444466$6&66666667 777779999; ;,;.;z<|<<<====>> ??????@@@@AAAA"B$B2B4BBBBBlDnD|D~DEEh6Uh6UB*PJph!h6Uh6UB*PJnHphtH!h6Uh6UB*CJPJaJphh6Uh6U5B*PJphh6Uh6UB*PJphG3334D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd !$$Ifl0%G! t0%44 la"yte4446D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd!$$Ifl0%G! t0%44 la"yte66&66D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd"$$Ifl0%G! t0%44 la"yte6666D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd"$$Ifl0%G! t0%44 la"yte66 77D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd2#$$Ifl0%G! t0%44 la"yte7779D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd#$$Ifl0%G! t0%44 la"yte999;D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdF$$$Ifl0%G! t0%44 la"yte; ;.;z<D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd$$$Ifl0%G! t0%44 la"ytez<|<<=D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdZ%$$Ifl0%G! t0%44 la"yte===>D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd%$$Ifl0%G! t0%44 la"yte>>??D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdn&$$Ifl0%G! t0%44 la"yte???@D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd&$$Ifl0%G! t0%44 la"yte@@@AD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd'$$Ifl0%G! t0%44 la"yteAAA"BD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd ($$Ifl0%G! t0%44 la"yte"B$B4BBD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd($$Ifl0%G! t0%44 la"yteBBBlDD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd )$$Ifl0%G! t0%44 la"ytelDnD~DED2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd)$$Ifl0%G! t0%44 la"yteEEE FD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd4*$$Ifl0%G! t0%44 la"yteEF F FFFFFGGGHHHJJJTKVKfKKKKM M0MNNNOOOPPPQQQ0R2RBRXXX,XYYYZ[[[[` ` ``aaaabbbbӳӢӢӢӢӢӢӢ!h6Uh6UB*PJnHphtH$h6Uh6U5B*PJnHphtHh6Uh6UB*PJph!h6Uh6UB*CJPJaJphh6Uh6UB*PJphh6Uh6U5B*PJph@ F FFh)?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Ukd*$$Ifl0%G!  t0%44 la"pyteFFFFGq2?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd}+$$Ifl0%G! t0%44 la"yted$*$If`gd6UGGGHD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd,$$Ifl0%G! t0%44 la"yteHHHJD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd,$$Ifl0%G! t0%44 la"yteJJJTKD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd-$$Ifl0%G! t0%44 la"yteTKVKfKKD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd-$$Ifl0%G! t0%44 la"yteKKKMD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd/.$$Ifl0%G! t0%44 la"yteM M0MND2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd.$$Ifl0%G! t0%44 la"yteNNNOD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdC/$$Ifl0%G! t0%44 la"yteOOOPD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd/$$Ifl0%G! t0%44 la"ytePPPQD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdW0$$Ifl0%G! t0%44 la"yteQQQ0RD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd0$$Ifl0%G! t0%44 la"yte0R2RBRh)?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Ukdk1$$Ifl0%G!  t0%44 la"pyteBR SSS UZUXE$ & F d$$d%d&d'd(d*$1$IfNOPQR^a$gd6Um$d$*$If`gd6UXX,XXD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd*2$$Ifl0%G! t0%44 la"yteXlYYY=|kd2$$Ifl0%G! t0%44 la"yteE$ & F d$$d%d&d'd(d*$1$IfNOPQR^a$gd6Um$YZ[[[\2|kd>3$$Ifl0%G! t0%44 la"yted$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U\]b]b^___ `E$ & F d$$d%d&d'd(d*$1$IfNOPQR^a$gd6Um$ ` ``aD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd3$$Ifl0%G! t0%44 la"yteaaabD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdR4$$Ifl0%G! t0%44 la"ytebbbPcD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd4$$Ifl0%G! t0%44 la"ytePclc|cccc=|kdf5$$Ifl0%G! t0%44 la"yteE$ & F d$$d%d&d'd(d*$1$IfNOPQR^a$gd6Um$bcccc2d4d6dFddddd\f^f`frfhhhhiiiijjjjkkkklllllllmmmmnnnoooqqqrrr.s0s@ssst`ubuuuuuvҮҮ$h6Uh6U5B*PJnHphtH!h6Uh6UB*PJnHphtH!h6Uh6UB*CJPJaJphh6Uh6U5B*PJphh6Uh6UB*PJphDcc4d=d$$d%d&d'd(d*$1$IfNOPQR`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U4d6dFddD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd5$$Ifl0%G! t0%44 la"yteddd^fD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdz6$$Ifl0%G! t0%44 la"yte^f`frfgD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd7$$Ifl0%G! t0%44 la"ytegg h8hhh=|kd7$$Ifl0%G! t0%44 la"yteE$ & F d$$d%d&d'd(d*$1$IfNOPQR^a$gd6Um$hhiiij2|kd8$$Ifl0%G! t0%44 la"yted$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UjjjkD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd8$$Ifl0%G! t0%44 la"ytekkkD?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd,9$$Ifl0%G! t0%44 la"ytekllE|kd9$$Ifl0%G! t0%44 la"yte=d$$d%d&d'd(d*$1$IfNOPQR`gd6Ulll=d$$d%d&d'd(d*$1$IfNOPQR`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Ulllh)?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Ukd@:$$Ifl0%G!  t0%44 la"pytelmmmnq0@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6U|kd:$$Ifl0%G! t0%44 la"yted$*$If`gd6UnnnoB0d$*$If`gd6U@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6U|kd;$$Ifl0%G! t0%44 la"yteoooqB0d$*$If`gd6U@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6U|kd<$$Ifl0%G! t0%44 la"yteqbqqq;|kd<$$Ifl0%G! t0%44 la"yteH$ & F^d$$d%d&d'd(d*$1$IfNOPQR^^`a$gd6Uqqrrr.s0|kd'=$$Ifl0%G! t0%44 la"yted$*$If`gd6U@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6U.s0s@ssB0d$*$If`gd6U@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6U|kd=$$Ifl0%G! t0%44 la"ytesstB@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6U|kd;>$$Ifl0%G! t0%44 la"ytet`ubuE|kd>$$Ifl0%G! t0%44 la"yte=d$$d%d&d'd(d*$1$IfNOPQR`gd6Ubunuu=d$$d%d&d'd(d*$1$IfNOPQR`gd6U@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6Uuuuh'@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6UkdO?$$Ifl0%G!  t0%44 la"pyteuvvE|kd@$$Ifl0%G! t0%44 la"yte=d$$d%d&d'd(d*$1$IfNOPQR`gd6Uvvv x"x$x0xlxnx~xyyyyyy{{{L|N|^| }"}$}4}.028ȃʃhjlz8:<Jt68:H҇ԇև‰(*,:DFHVݡСݡССݡh6Uh6UB*PJph$h6Uh6U5B*PJnHphtHh6Uh6U5B*PJphh6Uh6UB*PJph!h6Uh6UB*PJnHphtH!h6Uh6UB*CJPJaJph?vv"x=d$$d%d&d'd(d*$1$IfNOPQR`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U"x$x0xB@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6U|kd@$$Ifl0%G! t0%44 la"yte0xlxnx*kd"A$$Ifl0%G!  t0%44 la"pyte=d$$d%d&d'd(d*$1$IfNOPQR`gd6Unx~xy=d$$d%d&d'd(d*$1$IfNOPQR`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UyyyyBB@$d$$d%d&d'd(d*$1$IfNOPQR`a$gd6U|kdA$$Ifl0%G! t0%44 la"yteyyyh)?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UkdkB$$Ifl0%G!  t0%44 la"pytey2zz{{E|kd*C$$Ifl0%G! t0%44 la"yte=d$$d%d&d'd(d*$1$IfNOPQR`gd6U{{L|d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UL|N|^|h)?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UkdC$$Ifl0%G!  t0%44 la"pyte^|"}$}4}}q2?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdsD$$Ifl0%G! t0%44 la"yted$*$If`gd6U}~"02=|kdD$$Ifl0%G! t0%44 la"yteE$ & Fd$$d%d&d'd(d*$1$IfNOPQR^a$gd6Um$28ȃ?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Uȃʃԃh)?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UkdE$$Ifl0%G!  t0%44 la"pyteԃjlVkdFF$$Ifl0%G!  t0%44 la"pyted$*$If`gd6Ulz:<J,|kdG$$Ifl0%G! t0%44 la"yted$1$5$7$8$H$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UJ8:Hԇk,?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdG$$Ifl0%G! t0%44 la"yted$1$5$7$8$H$If`gd6UԇևD,d$1$5$7$8$H$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdH$$Ifl0%G! t0%44 la"yte*D,d$1$5$7$8$H$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdH$$Ifl0%G! t0%44 la"yte*,:FD,d$1$5$7$8$H$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd-I$$Ifl0%G! t0%44 la"yteFHVrD2d$1$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdI$$Ifl0%G! t0%44 la"yteprt:<>LƐȐʐؐԓbdfv  J*,.>hHJL̗ΘΚ"JԜ֜؜ҡ$h6Uh6U5B*PJnHphtHh6Uh6UB*PJph!h6Uh6UB*PJnHphtH!h6Uh6UB*CJPJaJphh6Uh6U5B*PJphh6Uh6UB*PJph?rt<D2d$1$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdAJ$$Ifl0%G! t0%44 la"yte<>LȐD2d$1$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdJ$$Ifl0%G! t0%44 la"yteȐʐؐD2d$1$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdUK$$Ifl0%G! t0%44 la"ytedD2d$1$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdK$$Ifl0%G! t0%44 la"ytedfv D2d$1$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdiL$$Ifl0%G! t0%44 la"yte ,D2d$1$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdL$$Ifl0%G! t0%44 la"yte,.>JD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kd}M$$Ifl0%G! t0%44 la"yteJLVD2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdN$$Ifl0%G! t0%44 la"yteh)?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UkdN$$Ifl0%G!  t0%44 la"pyteq2?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdPO$$Ifl0%G! t0%44 la"yted$1$If`gd6UΚk,?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdO$$Ifl0%G! t0%44 la"yted$1$5$7$8$H$If`gd6U"֜D,d$1$5$7$8$H$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kddP$$Ifl0%G! t0%44 la"yte֜؜6D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdP$$Ifl0%G! t0%44 la"yte"468z|~.HtԡlpzҞp[(h6Uh6U5B*CJPJnHphtH h6Uh6U5B*CJPJph h6Uh6Uh6Uh6UPJh6U5B*PJ\phh6Uh6U5B*PJ\ph$h6Uh6U5B*PJnHphtH!h6Uh6UB*CJPJaJphh6Uh6U5B*PJph!h6Uh6UB*PJnHphtHh6Uh6UB*PJph68B|D2d$*$If`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdxQ$$Ifl0%G! t0%44 la"yte|~h)?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UkdR$$Ifl0%G!  t0%44 la"pytek,?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U|kdR$$Ifl0%G! t0%44 la"yted$1$5$7$8$H$If`gd6Uq_$:$d$d%d&d'd(d1$NOPQR`a$gd6U$]`a$gd6U|kdKS$$Ifl0%G! t0%44 la"yted$*$If`gd6UFHXZnpt~$d$If^`a$gd6U $`a$gde$]`a$gd6U]`gd6U:$d$d%d&d'd(d1$NOPQR`a$gd6Ut|!kdS$$Ifl40%,"  t0%44 l` a"pyte?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UԢ?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UҢԢ֢^`j¤̤468Bz|ĥƥȥХҥܦަFHLXZ>@Bȷȷ骷ȷȷ٪ȷȷȷ(h6Uh6UB*CJPJ\nHphtHh6Uh6UB*PJph!h6Uh6UB*CJPJaJph h6Uh6U5B*CJPJphh6Uh6U5B*PJ\ph+h6Uh6U5B*CJPJ\nHphtH:Ԣ֢b#?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UkdT$$Ifl0%,"  t0%44 l` a"pyte#kdvU$$Ifl0%,"  t0%44 l` a"pyte?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U@7d$$d%d&d'd(d1$IfNOPQR^7`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Ub#?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UkdBV$$Ifl0%,"  t0%44 l` a"pyte^`"kdW$$Ifl0%,"  t0%44 l` a"pyte@7d$$d%d&d'd(d1$IfNOPQR^7`gd6U`j@7d$$d%d&d'd(d1$IfNOPQR^7`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U¤̤b#?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UkdW$$Ifl0%,"  t0%44 l` a"pyte̤68#kdX$$Ifl0%,"  t0%44 l` a"pyte?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U8Bz@7d$$d%d&d'd(d1$IfNOPQR^7`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Uz|b#?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UkdrY$$Ifl0%,"  t0%44 l` a"pyteƥȥ#kd>Z$$Ifl0%,"  t0%44 l` a"pyte?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Uȥҥܦ?$#d$$d%d&d'd(d1$IfNOPQR`#a$gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Uܦަb#?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Ukd [$$Ifl0%,"  t0%44 l` a"pyteP@$ & Fd$$d%d&d'd(d1$IfNOPQRa$gd6Um$@7d$$d%d&d'd(d1$IfNOPQR^7`gd6Ub#?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Ukd[$$Ifl0%,"  t0%44 l` a"pyteFH"kd\$$Ifl0%,"  t0%44 l` a"pyte@7d$$d%d&d'd(d1$IfNOPQR^7`gd6UHZ?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Ub#?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Ukdn]$$Ifl0%,"  t0%44 l` a"pyteTܩ2V{{{{{D$ & FSd$$d%d&d'd(d1$IfNOPQR^Sa$gd6Um$@7d$$d%d&d'd(d1$IfNOPQR^7`gd6U#kd:^$$Ifl0%,"  t0%44 l` a"pyte?$d$$d%d&d'd(d1$IfNOPQR`a$gd6U@B#kd_$$Ifl0%,"  t0%44 l` a"pyte?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UBNPƬȬЬҬvxʭ̭8drt̼̼xqg]hp+shY5\h/h/5\ h/5\ h1=5\huh]5\huh3.5\ hy\h/CJaJheh6UB*PJphh6Uh6UB*PJ\phh6Uh6U5B*PJ\ph!h6Uh6UB*CJPJaJph(h6Uh6UB*CJPJ\nHphtHh6Uh6UB*PJph!BPƬ<d$$d%d&d'd(d1$IfNOPQR`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6UƬȬҬb#?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Ukd_$$Ifl0%,"  t0%44 l` a"pyteҬvx&kd`$$Ifl0%,"  t0%44 l` a"pyte<d$$d%d&d'd(d1$IfNOPQR`gd6Ux<d$$d%d&d'd(d1$IfNOPQR`gd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Ṷb#?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Ukdja$$Ifl0%,"  t0%44 l` a"pytḙkd6b$$Ifl0%,"  t0%44 l` a"pyteC$7d$$d%d&d'd(d1$IfNOPQR^7`a$gd6UZ@@@@$ & Fd$$d%d&d'd(d1$IfNOPQRa$gd6Um$@Vd$$d%d&d'd(d1$IfNOPQR^`Vgd6U?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Ub#?$d$$d%d&d'd(d1$IfNOPQR`a$gd6Ukdc$$Ifl0%,"  t0%44 l` a"pyte&kdc$$Ifl0%,"  t0%44 l` a"pyte<d$$d%d&d'd(d1$IfNOPQR`gd6Us_KK d-DM gd/ d-DM gde d-DM gdygd/7d$d%d&d'd(d1$NOPQR`gde:$d$d%d&d'd(d1$NOPQR`a$gd6U:ܴdgd{ d-DM `gdy d-DM gdY ڴܴ޴h^C-jh^C-Uhp+sh4\ hy\hp+shY\ 21h:pe. A!"Q#S$% $$If"!vh#vG#v!:V l4  t0%,5G5!a"pyte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l  t0%5G5!a"pyte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#vG#v!:V l t0%5G5!a"yte$$If"!vh#v,#v":V l4  t0%,5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pyte$$If"!vh#v,#v":V l  t0%5,5"` a"pytes8>>>>>>>>666666666vvvvvvvvv666666>66666666666666666666666666686666666668666666666666h8666666666666666666666666666666666666666666666666666666666666666660628&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv8XV~ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@PJ_HmHnHsHtHV`V {1KG=K9$d`a$CJ_HaJmH"sH"tH pp 00 03>;>2>: 1$d@&`a$*5CJ KH OJPJQJ\aJ mHsHtH 00603>;>2>: 2,Title Header2,Clause_No&Name,Section-Title$ & Fd<@&(56CJOJPJQJ\]aJmH sH  00B03>;>2>: 3,Section Header3,ClauseSub_No&Name,Sub-Clause Paragraph$ & Fd<@&"5CJOJPJQJ\aJmH sH  00903>;>2>: 4,Sub-Clause Sub-paragraph,ClauseSubSub_No&Name$ & Fd<@&5CJPJ\aJmH sH jj 00 03>;>2>: 5 & Fd<@& 56CJPJ\]aJmH sH dd 00 03>;>2>: 6 & Fd<@&5CJPJ\aJmH sH VV 00 03>;>2>: 7 & Fd<@& PJmH sH \\ 00 03>;>2>: 8 & Fd<@&6PJ]mH sH l l 00 03>;>2>: 9 & Fd<@&"56CJOJPJQJaJmH sH BA B A=>2=>9 H@8DB 0170F0Xi@X 01KG=0O B01;8F04 l4a .k . 0 5B A?8A:0 b/b 0003>;>2>: 1 =0:*5CJ KH OJPJQJ\aJ mHsHtH/ 00J03>;>2>: 2 =0:,Title Header2 =0:,Clause_No&Name =0:,Section-Title =0:,56CJOJPJQJ\]aJmH sH tH / 00V03>;>2>: 3 =0:,Section Header3 =0:,ClauseSub_No&Name =0:,Sub-Clause Paragraph =0:&5CJOJPJQJ\aJmH sH tH /! 00H03>;>2>: 4 =0:,Sub-Clause Sub-paragraph =0:,ClauseSubSub_No&Name =0:5CJPJ\aJmH sH tH \/1\ 0003>;>2>: 5 =0:$56CJPJ\]aJmH sH tH V/AV 0003>;>2>: 6 =0:5CJPJ\aJmH sH tH P/QP 0003>;>2>: 7 =0:CJPJaJmH sH tH V/aV 0003>;>2>: 8 =0:6CJPJ]aJmH sH tH Z/qZ 0003>;>2>: 9 =0:"56CJOJPJQJmH sH tH 0/0 00 5B A?8A:01hh 00 "5:AB 2K=>A:8d`a$$CJOJPJQJ^JaJmHsHtH`/` 00"5:AB 2K=>A:8 =0:$CJOJPJQJ^JaJmHsHtH:U : 00 8?5@AAK;:0 >*B*ph2/2 00 5B A?8A:011 00 !5B:0 B01;8FK7:V0d`a$CJPJaJtH"e 00!B0=40@B=K9 HTMLDd2( Px 4 #\'*.25@9`a$$CJOJPJQJ^JaJmHsHtHf/f 00!B0=40@B=K9 HTML =0:$CJOJPJQJ^JaJmHsHtHB !0XA=>2=>9 B5:AB,DNV-Body,A=>2=>9 B5:AB =0:1,A=>2=>9 B5:AB =0: =0:,DNV-Body =0: =0: dx7$8$`CJOJPJQJaJmH sH / 0qA=>2=>9 B5:AB =0:,DNV-Body =0:,A=>2=>9 B5:AB =0:1 =0:,A=>2=>9 B5:AB =0: =0: =0:,DNV-Body =0: =0: =0:CJOJPJQJaJmH sH b^"b 00 1KG=K9 (251)"ddd[$\$`a$PJmHsHtHf 2f $0086=89 :>;>=B8BC;#dE$`a$PJmHsHtHT/AT #0086=89 :>;>=B8BC; =0:PJmHsHtH8) Q8 00><5@ AB@0=8FK^Jbbb 00>@<0;L=89 B5:AB&dx`7CJOJPJQJaJtHhrh (005@E=89 :>;>=B8BC;'d%`a$PJmHsHtHV/V '005@E=89 :>;>=B8BC; =0:PJmHsHtH./. 00 postbody1CJJ/J00 540:FVO1*CJPJ_HaJmHsHtHPZP ,00"5:AB+d`a$CJOJ PJQJ aJmHsHH/H +00 "5:AB =0:CJOJ PJQJ aJmHsH 00,=0: =0: =0: =0: =0: =0: =0: =0: =0:-d`a$ CJOJ PJQJ ^J aJmH sH tCt /00A=>2=>9 B5:AB A >BABC?><.dx^`a$PJmHsHtHd/d .00A=>2=>9 B5:AB A >BABC?>< =0:PJmHsHtH>' > 00=0: ?@8<5G0=8OCJ^Jbb 200"5:AB ?@8<5G0=8O1d`a$CJPJaJmHsHtHZ/!Z 100"5:AB ?@8<5G0=8O =0:CJPJaJmHsHtH@j@ 400"5<0 ?@8<5G0=8O35\^/A^ 300"5<0 ?@8<5G0=8O =0:5CJPJ\aJmHsHtHZRZ 600 "5:AB A=>A:85d`a$CJPJaJmHsHtHR/aR 500"5:AB A=>A:8 =0:CJPJaJmHsHtH6& q6 00 =0: A=>A:8H*^JZJZ 900 >4703>;>2>:8d`a$5CJ,PJaJmH sH R/R 800>4703>;>2>: =0:5CJ,PJaJmH sH S ;00A=>2=>9 B5:AB A >BABC?>< 3:dx^`a$CJPJaJmHsHtHp/p :00 A=>2=>9 B5:AB A >BABC?>< 3 =0:CJPJaJmHsHtHl+l =00"5:AB :>=F52>9 A=>A:8<d`a$OJPJQJaJmH sH d/d <00"5:AB :>=F52>9 A=>A:8 =0:OJPJQJaJmH sH R/R 00Heading>1$#5CJOJPJQJ_HmHsHtH^P^ @00A=>2=>9 B5:AB 2?dx`a$PJmHsHtHR/R ?00A=>2=>9 B5:AB 2 =0:PJmHsHtHjQj B00A=>2=>9 B5:AB 3Adx`a$CJOJ PJQJ aJmH sH ^/!^ A00A=>2=>9 B5:AB 3 =0:CJOJ PJQJ aJmH sH >/2> 00CPJ_HmHsHtH xRBx E00A=>2=>9 B5:AB A >BABC?>< 2Ddx^`a$PJmHsHtHh/Qh D00 A=>2=>9 B5:AB A >BABC?>< 2 =0:PJmHsHtHtYbt G00!E5<0 4>:C<5=B0FdM `a$ CJOJPJQJaJmHsHtHn/qn F00!E5<0 4>:C<5=B0 =0:-CJOJPJQJaJmHq sHtHZV Z 00@>A<>B@5==0O 38?5@AAK;:0>*B* ^Jph/ 00!5B:0 B01;8FK1N:VI044 laIPJ_HmHsHtHJ/J00 5F5=78O1JCJPJ_HaJmHsHtHLL 002Kd`a$ CJOJ PJQJ ^J aJmH sH  00=0: =0: =0: =0: =0: =0:Ld`a$ CJOJ PJQJ ^J aJmH sH L/L00 5F5=78O11MCJPJ_HaJmHsHtHLL 001Nd`a$ CJOJ PJQJ ^J aJmH sH  00=0: =0: =0: =0: =0: =0:2Od`a$ CJOJ PJQJ ^J aJmH sH 4/4 00TSVB* CJOJQJphR>R R00 03>;>2>:Qd`a$5PJ\mHsHtHJ/!J Q0003>;>2>: =0:5PJ\mHsHtHj2j 0  170F A?8A:0Sd1$7$8$H$^`a$CJPJaJmHsHtH/A 00N03>;>2>: 2 =0:1,Title Header2 =0:1,Clause_No&Name =0:1,Section-Title =0:15B*CJOJQJphOtH /Q 00Z03>;>2>: 3 =0:1,Section Header3 =0:1,ClauseSub_No&Name =0:1,Sub-Clause Paragraph =0:15B*CJOJQJphOtH /a 00K03>;>2>: 4 =0:1,Sub-Clause Sub-paragraph =0:1,ClauseSubSub_No&Name =0:156B*CJOJQJphOtH  /q  00vA=>2=>9 B5:AB =0:2,DNV-Body =0:1,A=>2=>9 B5:AB =0:1 =0:1,A=>2=>9 B5:AB =0: =0: =0:1,DNV-Body =0: =0: =0:1CJtH Z Z b00 57 8=B5@20;0X$CJOJPJQJ_HaJmH"sH"tH R/R 00FR1Yd1$G$`OJPJQJ_HmH"sH"tH./. 00ktl2 q L/L00 5F5=78O12[CJPJ_HaJmHsHtH 00=0: =0: =0: =0: =0: =0:1\d`a$ CJOJ PJQJ ^J aJmH sH / 00hps,/, 00 short_textZZ 0Style3_d1$7$8$H$`a$OJPJQJmHsHtH@/@ 00 Font Style136CJOJ QJ \/\ 00a$d1$`a$B*PJ_HmH phsH tHP/!P X0057 8=B5@20;0 =0:CJOJPJQJaJ2X 12 00 K45;5=856^JrBr 00=0: =0: =0: =0:1dd`a$ CJOJ PJQJ ^J aJmH sH B/QB 0apple-converted-spaceb 00O=0: =0: =0: =0: =0: =0: =0: =0: =0: =0: =0: =0: =0: =0: =0: =0:fd`a$ CJOJ PJQJ ^J aJmH sH X/rX 0Standardg*$1$7$8$9DKHPJ_HmHnHsHtHDqD 00Text body indent hx^@q@ 00 Text bodyi1$7$ CJmH"sH">/> 00 Internet link >*B*ph,/,0WW8Num6k F,/,0WW8Num7l F,/,0WW8Num9m F,/,0WW8Num8n F,/,0WW8Num4o FH H00 5F5=78OpCJPJ_HaJmHsHtHF/F 00 Font Style121CJOJQJ^JaJT"T 00Style34rd1$7$8$H$`OJPJQJ^JtH"R2R 0 170F A?8A:01sd^`a$m$PJtH"./A. 0 mw-headlineD/QD 0 Font Style15CJ"OJQJ^JaJ"&/a& 00rvts0^JZ/rZ 0Default w7$8$H$%B*CJPJ_HaJmH"phsH"tH"hh 0font5xddd[$\$`a$%B*CJOJPJQJ^JaJphtH"nn 0font6yddd[$\$`a$+5B*CJOJPJQJ\^JaJphtH"\\ 0xl69zddd[$\$`a$CJOJ PJQJ ^J aJtH"HH 0xl70{ddd[$\$`a$PJtH"tt 0xl71B|ddd9DOPQ[$\$`a$CJPJaJtH" 0xl72M}ddd9DNOPQ[$\$`a$CJPJaJtH"LL 0xl73!~ddd9D[$\$`a$PJtH" 0xl74Mddd9DNOPQ[$\$`a$5CJPJ\aJtH"zz 0xl75Bddd9DNOP[$\$`a$5CJPJ\aJtH" 0xl76Mddd9DNOPQ[$\$`a$CJPJaJtH"" 0xl77Mddd9DNOPQ[$\$`a$CJPJaJtH"2 0xl78Mddd9DNOPQ[$\$`a$CJPJaJtH"B 0xl79Mddd9DNOPQ[$\$`a$5CJPJ\aJtH"pRp 0xl80>dddNOQ[$\$`a$CJPJaJtH"tbt 0xl81Bddd9DNOQ[$\$`a$CJPJaJtH"trt 0xl82Bddd9DOPQ[$\$`a$CJPJaJtH"pp 0xl83>dddNOQ[$\$`a$CJPJaJtH"zz 0xl84Bddd9DNOQ[$\$`a$5CJPJ\aJtH"tt 0xl85Bddd9DNOQ[$\$`a$CJPJaJtH"TT 0xl86!ddd9D[$\$`a$CJPJaJtH"ZZ 0xl87!ddd9D[$\$`a$5CJPJ\aJtH"ZZ 0xl88!ddd9D[$\$`a$5CJPJ\aJtH"~~ 0xl89Bddd9DNOQ[$\$`a$B*CJPJaJphtH"jj 0xl907ddd9DNO[$\$`a$CJPJaJtH" 0xl91Mddd9DNOPQ[$\$`a$CJPJaJtH"x x 0xl92Mddd9DNOPQ[$\$`a$PJtH"x" x 0xl93Mddd9DNOPQ[$\$`a$PJtH"x2 x 0xl94Mddd9DNOPQ[$\$`a$PJtH"xB x 0xl95Mddd9DNOPQ[$\$`a$PJtH"xR x 0xl96Mddd9DNOPQ[$\$`a$PJtH"b 0xl97Mddd9DNOPQ[$\$`a$5CJPJ\aJtH"pr p 0xl98>dddNOQ[$\$`a$CJPJaJtH"p p 0xl99>dddNOQ[$\$`a$CJPJaJtH"X X 0xl100ddd[$\$`a$5CJPJ\aJtH"X X 0xl101ddd[$\$`a$5CJPJ\aJtH"r r 0xl102>dddNOQ[$\$`a$CJPJaJtH"| | 0xl103Bddd9DNOQ[$\$`a$5CJPJ\aJtH"V V 0xl104!ddd9D[$\$`a$CJPJaJtH"X X 0xl105ddd[$\$`a$5CJPJ\aJtH"X X 0xl106ddd[$\$`a$5CJPJ\aJtH"\ \ 0xl107!ddd9D[$\$`a$5CJPJ\aJtH"N N 0xl108!ddd9D[$\$`a$PJtH"" 0xl109Mddd9DNOPQ[$\$`a$5CJPJ\aJtH"z2 z 0xl110Mddd9DNOPQ[$\$`a$PJtH"B 0xl111Mddd9DNOPQ[$\$`a$CJPJaJtH"hR h 0xl1123dddNP[$\$`a$CJPJaJtH"pb p 0xl113>dddNOP[$\$`a$5PJ\tH"fr f 0xl1143dddNP[$\$`a$5PJ\tH"p p 0xl115>dddNPQ[$\$`a$5PJ\tH"T T 0xl116!ddd9D[$\$`a$5PJ\tH"N N 0xl117!ddd9D[$\$`a$PJtH"*/ *0WW8Num61*/ *0WW8Num62PK![Content_Types].xmlN0EH-J@%ǎǢ|ș$زULTB l,3;rØJB+$G]7O٭V{+N8aq-*GlLi˽6Lj3~pmGo 1*?f8&,ɴ8N>hR*Պ"(zsy2!#YQ$\h2軧>:HC A84Bq.UJR_O]-4k!ᣄD=zvg?s6re؝GT{<˷/|N:OWB_?>xo'hGIs ;WY ;ɛY CDtv<(Fr Ȃ`3Ax&sA,/fvXb9<'O:*B{Yg2A E@Sc.Ɩ Ĉ6%pn5$CcT< / AȷNQ۪xD½S#\r""`t\ SƘs֫%Ȍ=tD]ϋ1eA ; qc?Pȹ„ ;D~ F z t P-R3PCRg0EbvBGJLNPXk1?G]i Jt %-Z0|00z111t666:8F8d8X:d::;2>Z>j>@(@R@@AATC FFH?@A"BBlDE FFGHJTKKMNOPQ0RBRXXY\ `abPcc4dd^fghjkklllnoqq.sstbuuuv"x0xnxyyy{L|^|}2ȃԃlJԇ*Fr<Ȑd ,J֜6|tԢ`̤8zȥܦHBƬҬx̭HIKMOQRSTUVWYZ[\]^_`abcdefghijlmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./023456789:;<=>@ABCDEFHIJKLMNOPQRSTUVWXYZ[\^_`abcdefghL# @0(  B S  ?9CMTU`af(/ kr ()/078AmuTZgo#$)S^ #(/htCK  l p u y !!&$6$f$t$u${$$$$$$$% %%%B&I&(!("(.(S(\(((**m+u+,,^,g,h,q,O-W-w-~-........////v0{000d3l3m3p3q3w3A4F4G4O455555555555555567777779$9< =====>>H?N?Q?V???6@B@LAQABB"C,C-C5CrCzCCCCDDDEFFFHHIIIIYJ]J^JhJJJRLYLiLrLLLLLLL5M8M9M=M>MBMCMMMMMO OPP,Q3QyS|SSSTTTTZU_UPWXWYW]WXXYYZZwZZZZ[[\\\\^^^_ya~aaaccccc cdddddddde eee e)e_edeeeffffd>k>l>>>>>`?b?i?j?????C@E@L@M@A!A(A)AAAAA B BBB4B6Bl>>>b?j???E@M@!A)A BB6B=BDD EEEEFFHFOFFFGGZHaHIIIIIJQJJJ@ACG (&Tb %  Lb .fm l$x~"lDl$96>7[ F8 vQp:bj;ސXK{=fFR=? XI+yCnՄ&CA73QG8'H8?r^0Jl~Z.",!QiS/YZR~aˈ! >tޖb#w"$Izip|xY#@~'Z~!^`OJQJ-8^8`^J.^`^J.^`^J.p^p`^J. ^ `^J.@ ^@ `^J. ^ `^J.^`^J.P^`P^J@@^@`^J.0^`0^J..``^``^J... ^`^J .... ^`^J ..... ^`^J ...... `^``^J....... 00^0`^J........z^`z^J.#0^#`0^J..Z0^Z`0^J... ^ `^J.... L^L`^J ..... y`^y``^J ...... >`^>``^J....... k^k`^J........ 0^0`^J......... ^`OJQJo( 0^`0OJQJo(- p^p`OJ QJ o( @ ^@ `OJQJo( ^`OJQJo(o ^`OJ QJ o( ^`OJQJo( ^`OJQJo(o P^P`OJ QJ o( ^`OJQJo(-^`OJQJ^Jo(o p^p`OJ QJ o( @ ^@ `OJQJo(^`OJQJ^Jo(o ^`OJ QJ o( ^`OJQJo(^`OJQJ^Jo(o P^P`OJ QJ o( ^`OJQJo(-^`OJQJ^Jo(o p^p`OJ QJ o( @ ^@ `OJQJo(^`OJQJ^Jo(o ^`OJ QJ o( ^`OJQJo(^`OJQJ^Jo(o P^P`OJ QJ o(h^h`5CJaJo(.^`.pL^p`L.@ ^@ `.^`.L^`L.^`.^`.PL^P`L. ^`OJQJo( 0^`0OJQJo(- p^p`OJ QJ o( @ ^@ `OJQJo( ^`OJQJo(o ^`OJ QJ o( ^`OJQJo( ^`OJQJo(o P^P`OJ QJ o( ^`OJQJo(-^`OJQJ^Jo(o p^p`OJ QJ o( @ ^@ `OJQJo(^`OJQJ^Jo(o ^`OJ QJ o( ^`OJQJo(^`OJQJ^Jo(o P^P`OJ QJ o( ^`OJQJo( 0^`0OJQJo(- p^p`OJ QJ o( @ ^@ `OJQJo( ^`OJQJo(o ^`OJ QJ o( ^`OJQJo( ^`OJQJo(o P^P`OJ QJ o( ^`OJQJo( 0^`0OJQJo(- p^p`OJ QJ o( @ ^@ `OJQJo( ^`OJQJo(o ^`OJ QJ o( ^`OJQJo( ^`OJQJo(o P^P`OJ QJ o( ^`OJQJo( 0^`0OJQJo(- p^p`OJ QJ o( @ ^@ `OJQJo( ^`OJQJo(o ^`OJ QJ o( ^`OJQJo( ^`OJQJo(o P^P`OJ QJ o( ^`OJQJo( 0^`0OJQJo(- p^p`OJ QJ o( @ ^@ `OJQJo( ^`OJQJo(o ^`OJ QJ o( ^`OJQJo( ^`OJQJo(o P^P`OJ QJ o(h^h`B*CJ^Jph.P^`P^J..^`B*CJ^Jph...x^`xB*CJ^Jph.... ^`B*CJ^Jph .....  X^ `XB*CJ^Jph ......  ^ `B*CJ^Jph....... 8^`8B*CJ^Jph........ `^``B*CJ^Jph......... ^`OJQJo( 0^`0OJQJo(- p^p`OJ QJ o( @ ^@ `OJQJo( ^`OJQJo(o ^`OJ QJ o( ^`OJQJo( ^`OJQJo(o P^P`OJ QJ o( ^`OJQJo(-^`OJQJ^Jo(o p^p`OJ QJ o( @ ^@ `OJQJo(^`OJQJ^Jo(o ^`OJ QJ o( ^`OJQJo(^`OJQJ^Jo(o P^P`OJ QJ o( ^`OJQJo(-^`OJQJ^Jo(o p^p`OJ QJ o( @ ^@ `OJQJo(^`OJQJ^Jo(o ^`OJ QJ o( ^`OJQJo(^`OJQJ^Jo(o P^P`OJ QJ o( ^`OJQJo( 0^`0OJQJo(- p^p`OJ QJ o( @ ^@ `OJQJo( ^`OJQJo(o ^`OJ QJ o( ^`OJQJo( ^`OJQJo(o P^P`OJ QJ o( ^`OJQJo(-^`OJQJ^Jo(o p^p`OJ QJ o( @ ^@ `OJQJo(^`OJQJ^Jo(o ^`OJ QJ o( ^`OJQJo(^`OJQJ^Jo(o P^P`OJ QJ o(^`5CJKH^JaJ.8^8`^J.^`^J.^`^J.p^p`^J. ^ `^J.@ ^@ `^J. ^ `^J.^`^J. ^`OJQJo(-^`OJQJ^Jo(o p^p`OJ QJ o( @ ^@ `OJQJo(^`OJQJ^Jo(o ^`OJ QJ o( ^`OJQJo(^`OJQJ^Jo(o P^P`OJ QJ o( z^z`OJQJo(-J^J`OJQJ^Jo(o  ^ `OJ QJ o(  ^ `OJQJo(^`OJQJ^Jo(o ^`OJ QJ o( Z^Z`OJQJo(*^*`OJQJ^Jo(o ^`OJ QJ o( ^`OJQJo(- ^`OJQJo(- p^p`OJ QJ o( @ ^@ `OJQJo(^`OJQJ^Jo(o ^`OJ QJ o( ^`OJQJo(^`OJQJ^Jo(o P^P`OJ QJ o( ^`OJQJo(-^`OJQJ^Jo(o p^p`OJ QJ o( @ ^@ `OJQJo(^`OJQJ^Jo(o ^`OJ QJ o( ^`OJQJo(^`OJQJ^Jo(o P^P`OJ QJ o( h^h`OJQJ^J.^`OJQJ- ^`OJQJ^J... x^`xOJQJ^J.... ^`OJQJ^J .....  X^ `XOJQJ^J ......  ^ `OJQJ^J.......  8^`8OJQJ^J........  `^``OJQJ^J......... ^`OJQJo(-^`OJQJ^Jo(o p^p`OJ QJ o( @ ^@ `OJQJo(^`OJQJ^Jo(o ^`OJ QJ o( ^`OJQJo(^`OJQJ^Jo(o P^P`OJ QJ o( ^`OJQJo(-^`OJQJ^Jo(o p^p`OJ QJ o( @ ^@ `OJQJo(^`OJQJ^Jo(o ^`OJ QJ o( ^`OJQJo(^`OJQJ^Jo(o P^P`OJ QJ o( ^`OJQJo( 0^`0OJQJo(- p^p`OJ QJ o( @ ^@ `OJQJo( ^`OJQJo(o ^`OJ QJ o( ^`OJQJo( ^`OJQJo(o P^P`OJ QJ o( ^`OJQJo(-^`OJQJ^Jo(o p^p`OJ QJ o( @ ^@ `OJQJo(^`OJQJ^Jo(o ^`OJ QJ o( ^`OJQJo(^`OJQJ^Jo(o P^P`OJ QJ o( ^`OJQJo( 0^`0OJQJo(- p^p`OJ QJ o( @ ^@ `OJQJo( ^`OJQJo(o ^`OJ QJ o( ^`OJQJo( ^`OJQJo(o P^P`OJ QJ o(Tb r^0J >t XK{=Lb "8'H~aY#@~I+yC",!Q&C#w$Izlm96/YR=? F873QG.fQp:'Z~>7l$p|j;S V       VVz"""""""" V       V V        V        V        V        V       VV V       VVVVVVVV V       V V       ]flN'V:dp+j s{CXF\w8:@BF0UnknownG.[x Times New Roman5Symbol3. .Cx ArialC PMingLiUe0}fԚ7.*{$ Calibri7@Cambria5. .[`)Tahoma?= .Cx Courier NewO"AntiquaCourier New9=  Consolas7. [ @VerdanaA. Trebuchet MS;. .Cx Arial CYR;WingdingsA$BCambria Math"1 X3GMLwG2Vq DVq D!S0 JqHP  $P02!xxK˧K ;CE5=L:0 :A0=0 5>=V4V2=03=0B>2 235= >;>48<8@>28Gk l      m     n    o     Oh+'0   @ L X dpx Normal 17Microsoft Office Word@#@>i`6@rƶ@h Vq ՜.+,0 hp|  D     !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijlmnopqrstuvwxyz{|}~     %&)Root Entry F $(@Data kd1Table7WordDocument 4SummaryInformation(DocumentSummaryInformation8MsoDataStore  5X4N5FKKZVO2J==2  Item  2PropertiesUCompObj r   F Microsoft Word 97-2003 MSWordDocWord.Document.89q