tai lieu-an toan thong tin so

An ton thng tin s

Trung Tm Tin Hc - HKHTN Trang 1

CHNG 1

G H NG Q AN AN N NH MNG

Khi h thng mng c ra i, nhu cu cn trao i ti nguyn c t ra v nhng ngi s dng h thng mng c trao i ti nguyn vi nhau. Sau mt khong thi gian s dng, h thng mng ngy cng c m rng v s lng ngi tham gia vo mng ngy cng gia tng, do vic thc hin cc chnh sch bo mt, thit lp cc chnh sch trong vic truy xut ti nguyn mng c t ra. Thut ng AAA ra i.

AAA c vit tt t: Access Control, Authentication v Auditing

AAA l mt qui trnh c dng bo v d liu, thit b v bo m tnh b mt ca thng tin.

AAA l khi nim c bn ca an ninh my tnh v an ninh mng. Nhng khi nim ny c dng bo m cc tnh nng bo mt thng tin, ton vn d liu v tnh sn sng ca h thng.

I. KH N R Y CP

L mt chnh sch, phn mm hay phn cng c dng cho php hay t chi truy cp n ti nguyn.

Qui nh mc truy xut n ti nguyn.

C 3 m hnh c s dng gii thch cho m hnh iu khin truy cp:

MAC (Mandatory Access Control)

DAC (Discretionary Access Control)

RBAC (Role-based access control)

MAC (Mandatory Access Control)

M hnh MAC lm mt m hnh tnh c s dng nh ngha trc nhng quyn hn truy cp files trn h thng. Ngi qun tr h thng thit lp cc quyn hn ny v kt hp chng vi ti khon, tp tin, ti nguyn. M hnh MAC rt hn ch. Trong m hnh MAC ny, ngi qun tr l ngi thit lp quyn truy cp, ngi qun tr cng ch l

An ton thng tin s


ngi c th thay i quyn truy cp. Ngi dng khng th t thay i quyn chia s ti nguyn ca mnh khi mi quan h tnh (quyn hn c xy dng tnh) ny vn cn tn ti.

V d:

Quyn tp tin, th mc trn windows 2000 (Full control, Write, Read, List folder content)

DAC (Discretionary Access Control)

L tp cc quyn hn truy cp trn mt i tng m mt ngi dng hay mt ng dng nh ngha. M hnh DAC cho php ngi dng chia s tp tin v s dng tp tin do ngi khc chia s. M hnh DAC thit lp mt ACL (Access Control List) dng nhn ra ngi dng no c quyn truy cp n ti nguyn no. iu ny cho php ngi dng gn hay loi b quyn truy cp n mi c nhn hay nhm da trn tng trng hp c th.

Ngi s hu c th cung cp quyn iu khin cho ngi khc.

RBAC (Role-based access control)

Quyn hn da trn cng vic v phn nhm ngi dng

Kh nng cho php cu hnh phc tp

II. XC HC

Qu trnh dng xc nhn mt my tnh hay mt ngi dng c gng truy cp n ti nguyn.

Ngoi ra qu trnh ny cn c th s dng cc cng ngh tin tin nh th thng minh, thit b sinh hc, hay cc phn cng iu khin truy cp mng nh Routers, remote access...

Username/Password

y l phng php xc nhn c in v c s dng rt ph bin (do tnh nng n gin v d qun l)

Mi ngi dng s c xc nhn bng mt tn truy cp v mt khu.

Mt khu thng thng c lu di dng m ha

Mt khu d dng b on bng cc phng php vt cn

Chnh sch mt khu:

Mc khng an ton: t hn 6 k t

An ton thng tin s


Mc an ton trung bnh: 8 n 13 k t

Mc an ton cao: 14 k t

Ngoi ra mt khu cn tun theo mt s yu cu sau:

Kt hp gia cc k t hoa v thng

S dng s, k t c bit, khng s dng cc t c trong t in

Khng s dng cc thng tin c nhn t mt khu (ngy sinh, s in thoi, tn ngi thn)

Kerberos

Kerberos l mt dch v xc nhn bo m cc tnh nng an ton, xc nhn mt ln, xc nhn ln nhau, v da vo thnh phn tin cy th 3.

An ton: s dng ticket, dng thng ip m ha c thi gian, chng minh s hp l ca ngi dng. V th mt khu ca ngi dng c th c bo v tt do khng cn gi qua mng hay lu trn b nh my tnh cc b.

Xc nhn truy cp 1 ln: ngi dng ch cn ng nhp 1 ln v c th truy cp n tt c cc ti nguyn trn mt h thng hay my ch khc h tr nghi thc Kerberos.

Thnh phn tin cy th 3: lm vic thng qua mt my ch xc nhn trung tm m tt c cc th thng trong mng tin cy.

Xc nhn ln nhau: khng ch xc nhn ngi dng i vi h thng m cn xc nhn s hp l ca h thng i vi ngi dng.

An ton thng tin s


CHAP

y l nghi thc xc nhn truy cp t xa m khng cn gi mt khu qua mng.

Chap thng c dng bo v cc thng tin xc nhn v kim tra kt ni n ti nguyn hp l

S dng mt dy cc thch thc v tr li c m ha

Chap c s dng xc nh s hp l bng cch s dng c ch bt tay 3-way. C ch ny c s dng khi kt ni c khi to v c s dng nhiu ln duy tr kt ni.

Ni cn xc nhn s gi mt thng ip challenge

Bn nhn s s dng mt hm bm 1 chiu tnh ra kt qu v tr li cho bn cn xc nhn

Bn cn xc nhn s tnh ton hm bm tng ng v i chiu vi gi tr tr v. Nu gi tr l ng th vic xc nhn hp l, ngc li kt ni s kt thc.

An ton thng tin s


Vo mt thi im ngu nhin, bn cn xc nhn s gi mt challenge mi kim tra s hp l ca kt ni.

Thng tin b mt c chia s gia 2 bn c th c lu di dng k t r nn rt d b pht hin v tn cng.

Chng ch (Certificates)

Chng ch in t l mt dng d liu s cha cc thng tin xc nh mt thc th (thc th c th l mt c nhn, mt server, mt thit b hay phn mm)

Trong cuc sng chng ta s dng CMND hay h chiu. Trong my tnh chng ta s dng chng ch s.

An ton thng tin s


Mutual authentication

Mi thnh phn trong mt giao tip in t c th xc nhn thnh phn kia

Khng ch xc nhn ngi dng vi h thng m cn xc nhn tnh hp l ca h thng i vi ngi dng.

Biosmetrics

Cc thit b sinh hc c th cung cp mt c ch xc nhn an ton rt cao bng cch s dng cc c tnh v vt l v hnh vi ca mi c nhn chng thc.

c s dng cc khu vc cn s an ton cao

Chi ph cao

Cch thc hot ng ca Biometric:

Ghi nhn c im nhn dng sinh hc

Cc c im nhn dng ca i tng c qut v kim tra

An ton thng tin s


Cc thng tin v sinh hc c phn tch v lu li thnh cc mu

Kim tra

i tng cn c kim tra s c qut

My tnh s phn tnh d liu qut vo v i chiu vi d liu mu

Nu d liu i chiu ph hp th ngi dng c xc nh hp l v c quyn truy xut vo h thng.

Mt s dng:

Cc c im vt l (physical cha..)

Du vn tay

Hand geometry

Qut khun mt

Qut vng mc mt

Qut trng en mt

Cc c tnh v hnh vi:

Ch k tay

Ging ni

An ton thng tin s


Multi-factor

Khi mt h thng s dng 2 hay nhiu phng php chng thc khc nhau kim tra vic user ng nhp hp l hay khng th c gi l multi-factor. Mt h thng va s dng smart card va s dng phng php chng thc bng username v password th c gi l mt h thng chng thc two-factor.

An ton thng tin s


Ch danh ca mt c nhn c xc nh s dng t nht 2 trong cc factors xc nhn sau:

Bn bit g (mt mt khu hay s PIN)

Bn c g (smart card hay token)

Bn l ai (du vn tay, vng mc)

Bn lm g (ging ni hay ch k)

III. K M ON (Auditing)

Ghi nhn cc s kin, cc li v qu trnh xc nhn ca ngi dng..

Dng kim tra, theo di, lu vt cc hat ng ca ngi dng i vi h thng

Auditing system

Thit lp mt h thng lu vt nhm lu tr cc s kin cho php chng ta truy hi li cc vic truy xut, c hp l v khng hp l.

Logging: T chc vin lu tr cc thng tin: cha u, dng format no, backup ra sao

System scanning: c dng kim tra v sa cha cc im yu ca h thng. Qu trnh ny bao gm vic s dng cc cng c nh gi nhng tim nng im yu ca h thng:

Kim tra vic s dng mt khu

nh gi kh nng truy cp mng t mt h thng bn ngoi

An ton thng tin s


Theo di, nm bt cc thng tin im yu c h iu hnh v thit b phn cng

Kim tra kh nng phn ng ca thit b bng cch thit lp cc cuc tn cng gi.

An ton thng tin s


Chng 2

CC HNH HC

N CNG MNG PH B N An ninh mng lun pht trin bi vn bo mt d liu lc no

cng l nhu cu thit yu v cc k thut tn cng ngy cng a dng v phong ph. Tuy c rt nhiu phng thc tn cng nhng c th tm xp chng vo nhng nhm nh sau :

Theo mc tiu tn cng : ng dng, Mng hay c hai

Theo cch thc tn cng : ch ng (active) hay th ng (passive)

Theo phng php tn cng : c nhiu loi v d nh b kha, khai thc li phn mm hay h thng, m nguy him ...

Tuy nhin ranh gii gia cc nhm ny dn kh nhn ra v nhng cch tn cng ngy nay ngy cng phc tp, tng hp.

I. Minh ha khi qut mt kch bn tn cng

Ty thuc vo mc tiu tn cng m Hacker s c nhng kch bn tn cng khc nhau. y chng ta ch minh ha mt dng kch bn tng qut tn cng vo h thng.

An ton thng tin s


Bc 1: Tin hnh thm d v nh gi h thng

Bc 2: Thc hin bc thm nhp vo h thng. Sau c th quay li bc 1 tip tc thm d, tm thm cc im yu ca h thng.

Bc 3: Tm mi cch gia tng quyn hn. Sau c th quay li bc 1 tip tc thm d, tm thm cc im yu ca h thng hoc sang bc 4 hay buc 5.

Bc 4: Duy tr truy cp, theo di hot ng ca h thng

Bc 5: Thc hin cc cuc tn cng (v d t chi dch v,)

II. n cng ch ng

L nhng dng tn cng m k tn cng trc tip gy nguy hi ti h thng, mng v ng dng (khng ch my ch, tt cc dch v) ch khng ch nghe ln, hay thu thp thng tin.

Nhng dng tn cng ph bin nh DoS, DDoS, Buffer overflow, IP spoofing ...

Dos

Tn cng t chi dch v, vit tt l DoS (Denial of Service), l thut ng gi chung cho nhng cch tn cng khc nhau v c bn lm cho h thng no b qu ti khng th cung cp dch v, hoc phi ngng hot ng. Kiu tn cng ny ch lm gin on hot ng ch rt t kh nng nh cp thng tin hay d liu.

Thng thng mc tiu ca tn cng t chi dch v l my ch (FTP, Web, Mail) tuy nhin cng c th l router, switch.

Tn cng t chi dch v khng ch l tn cng qua mng m cn c th l tn cng my cc b, hay trong mng cc b cn gi l local DoS against hosts (da vo NetBIOS, fork() bomb).

Ban u tn cng t chi dch v xut hin khai thc s yu km ca giao thc TCP l DoS, sau pht trin thnh tn cng t chi dch v phn tn DDoS (Distributed DoS) v mi xut hin l phng php tn cng t chi dch v phn tn phn x DRDoS (Distributed Reflection DoS).

Chng ta cng c th phn nh tn cng t chi dch v ra thnh cch dng Broadcast storm, SYN, Finger, Ping, Flooding ...

Hai vn ca tn cng t chi dch v l :

An ton thng tin s


Vic s dng ti nguyn (resource consumption attacks) ca s lng ln yu cu lm h thng qu ti. Cc ti nguyn l mc tiu ca tn cng t chi dch v bao gm: Bandwidth (thng b tn cng nht), Hard disk (mc tiu ca bomb mail), RAM, CPU ...

C li trong vic x l i vi cc string, input, packet c bit c attacker xy dng (malformed packet attack). Thng thng dng tn cng ny s c p dng vi router hay switch. Khi nhn nhng packet hay string dng ny, do phn mm hay h thng b li dn n router hay switch b crash

Tn cng t chi dch v khng em li cho attacker quyn kim sot h thng nhng n l mt dng tn cng v cng nguy him c bit l vi nhng giao dch in t hay thng mi in t. Nhng thit hai v tin v danh d, uy tn l kh c th tnh c. Nguy him tip theo l rt kh phng dng tn cng ny. Thng thng chng ta ch bit khi b tn cng.

i vi nhng h thng bo mt tt tn cng t chi dch v c coi l phng php cui cng c attacker p dng trit h h thng.

DDoS

Tn cng t chi dch v phn tn thc hin vi s tham gia ca nhiu my tnh. So vi DoS mc nguy him ca DDoS cao hn rt nhiu. Tn cng DDoS bao gm hai thnh phn :

Thnh phn th nht l cc my tnh gi l zombie(thng thng trn Internet) b hacker ci vo mt phn mm dng thc hin tn cng di nhiu dng nh UDP flood, hay SYN flood ... Attacker c th s dng kt hp vi spoofing tng mc nguy him. Phn mm tn cng thng di dng cc daemon.

Thnh phn th hai l cc my tnh khc c ci chng trnh client. Cc my tnh ny cng nh cc zombie tuy nhin attacker nm quyn kim sot cao hn. Chng trnh client cho php attacker gi cc ch th n daemon trn cc zombie.

Khi tn cng attacker s dng chng trnh client trn master gi tn hiu tn cng ng lot ti cc zombie. Daemon process trn zombie s thc hin tn cng ti mc tiu xc nh. C th attacker khng trc tip thc hin hnh ng trn master m t mt my khc v sau khi pht ng tn cng s ct kt ni vi cc master phng b pht hin.

An ton thng tin s


Thng thng mc tiu ca DDoS l chim dng bandwidth gy nghn mng.

Cc cng c thc hin c th tm thy nh Tri00 (WinTrinoo), Tribe Flood Network (TFN hay TFN2k), Shaft ...

Hin nay cn pht trin cc dng virus, worm c kh nng thc hin DDoS.

Buffer Overflows

y l mt dng tn cng lm trn b m ca my victim. Buffer Overflows xut hin khi mt ng dng nhn nhiu d liu hn chng trnh chp nhn. Trong trng hp ny, ng dng c th b ngt. Khi chng trnh b ngt c th cho php h thng gi d liu vi quyn truy cp tm thi n nhng mc c c quyn cao hn vo h thng b tn cng. Nguyn nhn ca vic b trn b m ny l do li chng trnh.

SYN Attacks

L mt trong nhng dng tn cng kinh in nht. Li dng im yu ca bt tay ba bc TCP. Vic bt tay ba bc nh sau :

Bc 1 : client gi packet cha c SYN

Bc 2 : server gi tr client packet chc SYN/ACK thng bo sn sng chp nhn kt ni ng thi chun b ti nguyn phc v kt ni, ghi nhn li cc thng tin v client.

An ton thng tin s


Bc 3 : client gi tr server ACK v hon thnh th tc kt ni.

Khai thc li ca c ch bt tay 3 bc ca TCP/IP. Vn y l client khng gi tr cho server packet cha ACK vic ny gi l half-open connection (client ch m kt ni mt na). V vi nhiu packet nh th server s qu ti do ti nguyn c hn. Khi c th cc yu cu hp l s khng c p ng. Vic ny tng t vic my tnh b treo do m qu nhiu chng trnh cng mt lc.

My tnh khi to kt ni s gi mt thng ip Syn

My nhn c s tr li li SYN v mt ACK

My tnh khi to khng tr li thng ip cui dng ACK ca hon qui trnh to kt ni

Do vy my nhn c s i mt khong thi gian di trc khi xa kt ni

Khi s lng to kt ni SYN ny qu nhiu s lm cho hng i to kt ni b y v khng th phc v cc yu cu kt ni khc

An ton thng tin s


nhn bit tn cng SYN c th dng lnh netstat -n -p tcp.

Chng ta s ch trng thi SYN_RECEIVED ca cc connection. Tuy nhin tn cng SYN thng i chung vi IP spoofing. Cch attacker thng s dng l random source IP, khi server thng khng nhn c ACK t cc my c IP khng tht, ng thi server c khi cn phi gi li SYN/ACK v ngh rng client khng nhn c SYN/ACK. L do tip theo l trnh b pht hin source IP, khi nhn vin qun tr s block source IP ny.

Gii php:

Gim thi gian ch i khi to kt ni. Vic ny c th sinh ra li t chi dch v i vi my t xa c bng thng thp truy xut n.

Tng s lng cc c gng kt ni

S dng tng la gi gi ACK cho my nhn chuyn kt ni ang thc hin sang dng kt ni thnh cng.

Spoofing

Truy cp vo h thng bng cch gi danh (s dng ch danh nh cp ca ngi khc, gi a ch MAC, IP)

L phng php tn cng m attacker cung cp thng tin chng thc hoc gi dng mt user hp l truy cp bt hp l vo h thng. Tuy nhin trong vi trng hp vic cu hnh h thng sai cng c th gy hu qu tng t. V d cu hnh h thng c li cho user c quyn cao hn quyn c php m user ny khng h c gi mo.

C nhiu loi tn cng bng spoofing. Trong c "blind spoofing" attacker ch gi thng tin gi mo i v on kt qu tr v. V d IP spoofing sau khi gi packet gi mo a i attacker khng nhn c tr li. Dng th hai cn quan tm l "informed spoofing" attacker kim sot truyn thng c hai hng.

An ton thng tin s


Vic n cp thng tin chng thc (user, password) v sau s dng li thc cht khng phi l spoofing tuy nhin c cng kt qu tng t.

Tn cng bng cch gi mo thng c nhc n nht l IP spoofing v ARP spoofing hay cn gi l ARP poisoning.

Vic gi mo IP xy ra do im yu ca giao thc TCP/IP. Giao thc TCP/IP khng h c tnh nng chng thc a ch packet nhn c c phi l a ch ng hay l a ch gi mo. Mt IP address c coi nh l mt my tnh (thit b) duy nht kt ni vo mng. V do cch my tnh c th giao tip vi nhau m khng cn kim tra. Tuy nhin chng ta c th khc phc bng cch s dng firewall, router, cc giao thc v thut ton chng thc ... Vic thc hin gi mo IP c th bng cch s dng Raw IP.

ARP poisoning cch tn cng nhm thay i ARP entries trong ARP table nh c th thay i c ni nhn thng ip. Cc tn cng ny p dng vi LAN switch.

Man in the Middle Attacks

K tn cng s ng gia knh truyn thng ca 2 my tnh xem trm thng tin v thm ch c th thay i ni dung trao i gia 2 my tnh.

Trong khi c 2 my tnh u ngh rng mnh ang kt ni trc tip vi my tnh kia

Cch tn cng Man in the Middle

Tn cng ARP

ICMP Redirect

An ton thng tin s


Chnh thng tin trong DNS

Relay Attacks

S dng cng c ghi nhn tt c thng tin trao i khi mt my tnh no truy xut n Server.

Sau s dng cc thng tin bt c trn mng kt ni li n Server .

L k thut m attacker khi nm c mt s lng packet s s dng li nhng packet ny sau . V d attacker c c packet cha password ca mt user. Password ny c m ha v attacker khng bit c. Tuy nhin h thng chng thc khng c chc nng kim tra session time hay h thng c TCP Sequence number km. Attacker s thc hin bypass authenticate bng cch gi packet mt ln na hay cn gi l replay.

Dumpster diving

Dumpster diving l thut ng m t vic tn cng bng cch thu lm thng tin t nhng th tng nh khng cn gi tr. V d attacker c th c c nhiu thng tin t "Recycle bin", t giy t chng b i ...

Social Engineering

S dng cch tn cng bng cch lng gc ngi khc thay v s dng cc cng c my tnh.

Khai khc s tin cy hay nh d ca con ngi tm ra cc thng tin quan trng

Gii php: o to, hng dn ngi dng nn cnh gic

III. n cng th ng

D tm l hng(Vulnerability Scanning)

K thut dng cc cng c qut tm ra im yu tn cng

S dng cc cng c qut cng thm d v pht hin cc thng tin ca h thng nh h iu hnh, phin bn, cc ng dng trin khai

Attacker s kim tra hy vng tm ra mt ca no khng kha hoc d dng ph m khng b pht hin.

An ton thng tin s


Gii thiu mt s cng c d tm l hng:

Nmap

NMAP l vit tt ca Network MAPper. Ban u NMAP c thit k ch yu dnh cho system admin nhm scan nhng mng c nhiu my tnh bit my no ang hot ng, cc service n ang chy v h iu hnh ang s dng.

NMAP h tr nhiu k thut scan bao gm UDP, TCP, TCP SYN (half open), FTP proxy (bounce attack), ICMP (ping sweep), FIN, ACK sweep, Xmas tree, SYN sweep, IP protocol ... C th dng xc nh cc thng tin ca my xa v d nh OS qua TCP/IP fingerprinting.

Cng c NMAP c th d dng tm trn Internet v c ci t mc nh trong cc h iu hnh Unix.

Mt s chng trnh c giao din ho nhng y ch ch vo vic s dng dng command line.

C php chun nh sau :

nmap [Scan Type(s)] [Options]

Scan type bao gm :

-sS : TCP SYN

-sT : TCP connect()

-sU : UDP scans

-sO :IP protocol

-sF -sX -sN : stealth FIN, Xmas tree, Null scan

-sP : ping scanning

-sV : version detection

Cc option chnh nh sau :

-PA [portlist] s dng TCP ACK ping xem danh sch cch host ang hot ng

-PS [portlist] tng t -PA nhng dng SYN (connection request)

-PU [portlist] dng UDP

-p port/range of ports

An ton thng tin s


Xc nh mc tiu : c th l IP, danh sch IP, domain name, a ch mng ... hoc nhp vo t file vi option -i

nmap 172.29.8.1, nmap 172.29.8.1 -255, nmap 172.29.8.1/24

nmap www.microsoft.com/24

Ping scaning v port scaning : mc nh NMAP dng cch qut ICMP (ICM sweep) v TCP port 80 ACK sweep. Dng loi scan l -sP cho ping scaning. b ping sweep dng -PO, dng ICMP ping sweep dng option -PI. Thng thng nu dng ICMP ping sweep s b chn bi firewall v th chng ta s phi dng ACK sweep kim tra host c hot ng hay khng vi thng s -PT. xc nh port c th v d -PT32453.

Vi port scaning c th dng vi v d nh sau :

nmap -sS -p 22, 53, 80, 110, 143 192.168.*.1 -127 dng scan port

OS scaning : dng kim tra h iu hnh.

nmap -sS -O www.microsoft.com/24 dng kim tra OS

DumpACL/DumpSec

L mt chng trnh Windows NT ca Somarsoft cho php xem cc quyn v thng tin cu hnh ca file system, registry, printers nh c th pht hin cc l hng bo mt.

V d dump policies nh sau :

An ton thng tin s


Essnetial NetTools

L mt b cng c bao gm netstat, nslookup, tracert, ping ...

Cch s dng tng i d, hng dn y .

Gii php:

Loi b nhng dch v khng cn thit

S dng tng la hay IPSec lc khng tin khng cn thit

S dng IDS pht hin cc thm d v thng bo cc truy cp kh nghi

Nghe ln(Sniffing)

K nghe ln phi nm trong cng ng mng hoc c t cc v tr cng truy cp c cc thng tin c truyn trn mng

An ton thng tin s


S dng phn mm n bt cc thng tin quan trng (v d tn truy cp, mt khu, cookie) truyn trn mng m khng c m ha hoc ch s dng nhng c ch m ha n gin.

Cc qun tr mng c th s dng cc cng c sniff xem xt v nh gi lu thng mng (**)

Mt s cng c ph bin :

Gii thiu cng c Ethereal

L mt trong nhng cng c "phn tch giao thc" protocol analyzer mi nht hin nay, pht trin nm 1998. Ethereal c c phin bn cho Unix/Linux v Windows. Mt khi thc hin bt gi tin, packet s c c gi trong buffer v sau c hin th ln mn hnh. Mt tnh nng ca Ethereal l live decodes kh khc vi cc chng trnh khc. Hu ht cc chng trnh bt gi tin khng th decode ngay packet cho n khi dng vic bt gi tin. Chng ta c th thy iu ny qua Network monitor ca Windows s trnh by sau. Tuy nhin y cng l tnh nng khng tt lm nu lu lng mng kh nhiu 10000 packet chng hn m khng thc hin bin php lc gi no. Khi chng ta khng th no theo di kp cc thng tin trnh by.

An ton thng tin s


Gii thiu cng c Network monitor ca Windows

Ci t Start/Setting/Control panel/AddRemove program/AddRemove Windows components/Managenent and Monitoring tools.

Chy chng trnh :

Sau khi chn Network interface nhn start capture bt gi tin. Nhn biu tng Stop and View capture xem cc gi tin bt c. Ngay sau khi bt c chng ta ang panel u l panel lit k tm tt.

An ton thng tin s


B chn Zoom panel (thanh toolbar hnh knh lp) xem c 3 panel ca cc gi tin b capture nh sau :

Panel th hai l thng tin chi tit v panel cui cng biu din di dng hex. Dng Edit/Diplay filter (thanh toolbar hnh ci phu) lc cc gi tin.

An ton thng tin s


Gii thiu cng c TCPDump

L cng c phn tch mng ph bin trong mi trng Unix hay Linux. TCPDump h tr cc giao thc TCP, UDP, IPv ICMP. Ngoi ra cn h tr cc dng d liu ca cc ng dng ph bin. Hu ht chng trnh TCPDump phi chy vi quyn root hay c setuid l root.

C php TCPDump nh sau :

Tcpdump [-adeflnNOpqRStuvxX] [-c count] [-C file_size] [-F file] [-i interface] [-m module] [-r file] [-s snaplen] [-T type] [-U user] [-w file] [ -E algo:secret ] [ expression ]

Cc lu :

-c s dng khi bt s gi tin.

-C trc khi save raw packet vo file s kim tra file hin ti c kch thc ln hn file_size hay khng. Nu c th m mt file mi vi tn ch nh l -w cng vi kch thc pha sau. n v ca file_size l 1000000 bytes.

Xem thm hng dn s dng.

Password Attacks

L phng php tn cng nhm on ra password cn gi l pasword guessing. Chng ta c th ngh ngay n vic on password t nhng thng tin lin quan n user s dng n : ngy sinh, tn ....

C hai cch tn cng chnh l brute-force attack v dictionary-based attack.

Brute Force Attacks

S dng cc cng c on mt khu bng cc vt cn

Kh nng tm ra mt khu s rt cao nu mt khu n gin

Dictionary-Based Attacks

Cc mt khu c trong cc t trong t in rt d b ph mt khu

Cch ph mt khu s dng mt danh sch cc t nm trong t in c tnh gi tr bm trc.

Danh sch cc t v gi tr bm c th tm thy trn Internet

Malicious code attack

Virus

An ton thng tin s


Virus, Worm v Trojan horse c gi chung l nhng on m nguy him. N c th chim dng ti nguyn lm chm h thng, hoc lm h h thng.

Virus l nhng chng trnh c thit k ph hoi h thng c mc h iu hnh v ng dng

Trojan Horses

Trojan horse l mt loi chng trnh c v an ton v hu ch nhng thc s bn trong ca n li c nhng nhng on m nguy him.

Logic Bombs

Nhng on m c tch hp vo cc ng dng v c th c thc hin tn cng khi tha mn mt s iu kin no (v d cc Script hay ActiveX c tnh hp trong cc trang Web).

L mt loi malware thng c attacker li trong h thng c tnh nng tng t "bom hn gi". Logic bomb khi gp nhng iu kin nht nh s pht huy tnh nng ph hoi ca n. Mt trong nhng logic bomb ni ting l Chernobyl pht huy tnh nng ph hoi ca n vo ngy 26/4. Mt cch dng ca logic bomb m attacker hay dng l hy cc chng c ca t tn cng khi admin h thng bt u pht hin t nhp

Worms

Worm cng l mt dng virus nhng n c kh nng to ra cc bn sao pht tn, ly lan qua mng.

Mt chng trnh c lp c th t nhn bn, ly lan qua mng bng nhiu cch nhng thng thng nht vn l e-mail v chat. Worm cng c th thc hin cc ph hoi nguy him

Back door

Mt chng trnh, mt on m hay nhng cu hnh c bit trn h thng m chng ta khng bit cho php attacker c th truy cp m khng cn chng thc hay logon.

An ton thng tin s


Chng 3 K H KHA HC

WEBSITE

I. BO M WEB

Bo mt trn WEB Server

I.1.1 iu khin truy cp (Access Control)

Khi ngi dng bt k (anonymous) truy cp vo Web Server, Web Server s s dng mt ti khon IUSER_ truy xut ti nguyn.

Cc ngi dng truy cp vo Web Server vi ti khon ring th c quyn hn tng ng vi quyn hn ca ti khon c cp trn Web Server.

V th vic qun l iu khin truy cp rt quan trng v cn c c bit quan tm. Thng thng ta ch nn cp nhng quyn hn thp nht c th c truy xut n ti nguyn trn Web Server.

I.1.2 Qun l an ton d liu Web

Cu trc th mc v d liu web rt quan trng trong vic bo v mt Web Server.

Thng thng ta c th s dng mt th mc o hay nh x cha d liu Web trn mt my khc. Vic s dng th mc o hay nh x a trn mt my khc c th to iu kin cho ngi thm nhp tn cng vo cc phn khc ca h thng khi h tn cng c Web Server.

Trong trng hp ngi dng phi truy cp cc ti nguyn trn mt h thng khc t Web, chng hn mt c s d liu, th tt nht l nn c mt bn sao mt my ch CSDL v c t trong vng DMZ.

An ton thng tin s


I.1.3 Loi b cc on m c th gy nguy him

Cn bo m rng cc kch bn v cc ng dng Web c trin khai trn web server khng l cc Trojans, cc chng trnh ca sau, hoc cc on m khng ng tin cy.

I.1.4 Lu vt truy cp Web (Logging)

Vic lu tr, theo di v gim st cc hot ng ca Web Server v cng quan trng pht hin kp thi cc tn cng vo Web Server.

Lu li cc d liu:

Thi hnh cc kch bn

Ghi thng tin vo cc tp tin

Truy cp d liu khng nm trong th mc, d liu c cung cp bi Web

Tuy nhin vn kh khn y l vic theo di v gim st hot ng ny rt mt thi gian. V th ta c th s dng h thng pht hin thm nhp t ng IDS pht hin v thng bo kp thi khi c s c xy ra.

I.1.5 Backup d liu Web v bo m tnh nht qun ca thng tin

Mc tiu ca dch d Web l cung cp thng tin, v vy d liu Web cn c bo v trnh vic b ph hng, sao chp, hay thay i ni dung.

D liu Web cn c backup thng xuyn (c online v offline) bo m kh nng phc hi nhanh chng khi c s c xy ra vi my ch Web.

Ngoi ra cn bo m s ton vn v khng b thay i bt hp php ca thng tin Web.

Kim tra cc hnh vi ghi d liu ln Web server.

nh k kim tra v ghi nhn khi c s thay i thng tin.

Qun l, phn quyn cc truy xut (t mng cc b, t internet, dng ng dng, ngi dng)

Thng xuyn cp nht cc bn v li.

I.1.6 Pht hin v tt cc dch v Web khng mong mun

An ton thng tin s


i khi mt my tnh c ci t tnh nng phc v web m ngi dng khng bit (c th do c ch ci t mc nh ca h iu hnh). y s l l hng rt ln cho php k tn cng thm nhp vo, khai thc v s dng tn cng vo cc h thng khc.

C nhiu cch pht hin:

Ti bt k mt my ny, vo trnh duyt v bm: http://localhost, hay http://127.0.0.1. Sau xem thng tin xut hin trn trnh duyt.

Trn Windows ta cng c th tm xem c tin trnh Inetinfo.exe trong cng c Task Manager hay khong? Nu c l Web server ang tn ti v hot ng.

Tm trong phn Service

Thi hnh netstat na v kim tra xem c chng trnh no lng nghe trn cng 80.

Bo mt trn WEB Client

Client truy cp cc trang web bng cc cng c Browser. Mt s Browser ph bin: Internet explorer, Netscape, Opera, Mozilla,

Phn mm browser c th truy xut thng tin ca ngi dng v my tnh ngi dng s dng gi cho Web server. Vic gi thng tin ny c th do ngi dng t thc hin hoc bng cc on m t Web Server (client khng h hay bit).

Cc browser thng lu cc cookies (thng tin dng text c m ha cha cc thng tin ngi dng truy cp n Server, Client s dng cookie truy xut ) do Server gi

Ngoi ra cc trang web gi mo cc web site c uy tn m ngi dng thng s dng an cp c thng tin cc nhn m ngi dng khai bo khi truy cp. V d trang web http://www.bank.vn l trang web chnh, v http://www.banks.vn l trang web m hacker to ra la ngi dng (khi ngi dng khng nh r tn trang web hay khng ch v tn ca 2 trang web c khc bit rt nh).

Cch gi mo khc s dng k t @, bng cch gi cc email vi kt ni:

http://www.bank.com@%77%77%77.%61%7A.%72%75/%70%70%64

lin kt ny trong c v kt ni n www.bank.com nhng th ra l ni ni n a ch IP: V th qun tr mng nn thng

An ton thng tin s


bo vi ngi dng nn cn thn khi nhn c cc email cha lin kt Web m URL c cha k t @.

Mt cc khc l dng cc chng trnh Trojan theo di khi ngi s dng web truy cp vo nhng a ch ngn hng, thng mi trc tuyn hp l ri b mt ghi li qu trnh giao dch n cp thng tin

Giao thc SSL v HTTPS

SSL c thit k bi cng ty Netscape v hin nay tr thnh chun truyn thng an ton ca IETF.

Mc tiu ca SSL dng thit lp mt knh truyn thng d liu an ton, b mt v ng tin cy gia Client v Server.

SSL rt thnh cng trong vic bo v thng tin trang Web. Nghi thc SSL c s dng bo v cc trang web truyn qua mng cn c gi l nghi thc HTTPS (hot ng trn cng TCP 443)

SSL cho php cc nh pht trin ng p dng c ch bo mt cho cc dch v khc nh mail, Telnet, FTP

I.1.7 Nghi thc SSL

Nghi thc SSL hot ng trn h tng kha cng khai PKI. V th SSL i hi my ch c s dng dch v SSL cn ci t chng ch xc nhn client c th xc nhn s hp l ca Server.

Nghi thc SSL l mt nghi thc cp ng dng v nm tng trn cng ca m hnh lp TCP/IP.

SSL c lp vi nghi thc ng dng m n bo v, v th bt k nghi thc cp cao hn SSL c th c t trn nghi thc SSL. V th cc ng dng, nghi thc khc nhau c th s dng cc tnh nng h tr bo mt ca SSL.

SSL gm 2 phn: nghi thc bt tay SSL v nghi thc SSL Record

An ton thng tin s


I.1.8 SSL Record

Phn mnh thng ip ti ni gi v sp xp li ti ni nhn

Kim tra v kim chng s ton vn ca thng ip

Cho php (chn la) nn hay khng nn thng ip ni gi v gii nn thng ip ni nhn

M ha bn gi v gii m bn nhn

Hnh trn m t hot ng ca SSL:

D liu t tng ng dng a xung s c chia nh thnh nhng khi d liu nh.

Sau khi d liu nh s c nn li gim kch thc.

An ton thng tin s


Tip theo khi d liu nn s c m ha. ng thi khi d liu n s c bm to ra mt gi tr MAC dnh xc nh tnh ton vn ca thng tin.

Sau khi liu c m ha v MAC c gi xung tng dui ng gi thnh cc gi TCP.

Khi bn nhn s lm thao tc ngc li xc nh tnh ton vn ca thng tin v nhn c ni dung thng tin.

I.1.9 Nghi thc bt tay SSL

Mc tiu ca nghi thc bt tay:

Xc nhn s hp l ca cc thnh phn tham gia vo knh an ton SSL.

m phn thut ton m ha v nghi thc xc nhn tnh ton vn ca thng tin ,

Khi to v ng kha trung gian m ha knh an ton

C 2 nghi thc bt tay xc nhn chnh:

Xc nhn mt chiu: Client xc nhn s hp l ca Server

Xc nhn ln nhau: c client v Sever cn xc nhn ln nhau

Ty theo nhu cu ca ng dng m chng ta s c cch chn la nghi thc xc nhn ph hp.

Hnh di y s m t qui trnh ca nghi thc bt tay xc nhn ln nhau:

An ton thng tin s


Client gi yu cu kt ni n Server

Server nhn yu cu v gi thng ip tr li cho Client. Bn cnh Server s gi chng ch ca mnh cho Client, ng thi yu cu client cung cp chng ch ca Client.

Khi nhn c thng tin phn hi t Server, client s kim tra xem chng ch ca Server c hp l hay khng. Nu hp l client s:

Trch kha cng khai ca Server ly trong chng ch Server gi n

Gi chng ch ca mnh cho Server.

Tip theo Client s gi km cc thng tin cn thit v kha trung gian s dng m ha, thut ton m ha, cch thc chng nhn thng tin (cc thng tin ny s c m ha bng kha cng khai ca Server)

Server nhn c thng ip Client gi, Server s kim tra chng ch ca client c hp l hay khng. Nu hp l Server s :

Trch kha cng khai ca Client trong chng ch

S dng kha b mt ca mnh gii m thng tin Client gi bit c kha trung gian truyn thng v cc thng tin khc v thut ton m ha, cch thc chng nhn thng tin m Client yu cu

An ton thng tin s


Nu Server ng s gi tr v thng ip trn v m ha bng kha cng khai ly t trong chng ch ca Client.

Sau tt c cc thng tin trao i gia Client v Server c m ha v bo m tnh bo mt v ton vn thng tin.

I.1.10 Ci t v cu hnh SSL trn S 6.0

Bc 1: Ci t v cu hnh CA Server trn mt h thng my tnh, ng k Web Browser Certificate. (xem chng 4)

Bc 2: Thit lp Certifiate trn website.

Kch hot Web Server:

Start Programs Administrative Tools Internet Information Services Manager. Nhp phi chut ti mc Default Web Site chn Properties.

Ti hp thoi Properties, chn mc Tab Directory Security Server Certificate.

An ton thng tin s


Chn Next tip tc.

Ti ca s Server Certificate, chn mc Create a new certificate.

An ton thng tin s


Ti ca s Delayed or Immediate Request, chn mc Prepare the request now, but send it later.

Ti ca s Name and Security Settings, nhp vo tn cho chng ch mi, chn chiu di bit dng m ha ca chng ch. Nhp Next tip tc.

An ton thng tin s


Ti ca s Organization Information, nhp vo tn t chc v n v ca t chc, nhp Next tip tc.

Ti ca s Your Sites Common Name, nhp vo tn Website cn thit lp SSL, nu server c tn ti trn Internet, chng ta s nhp vo mt tn DNS hp l.

An ton thng tin s


Ti ca s Geographical Information, nhp vo nhng thng tin v quc gia, thnh ph,

Ti ca s Certificate Request File Name, nhp vo v tr v tn tp tin c s dng lu tr nhng thng tin v vic yu cu chng ch. Tp tin ny s c chuyn ln cho CA Server v Import vo thc hin vic cp chng ch dng offline. Nhp Next tip tc.

An ton thng tin s


Ca s Request File Summary tm tt li nhng thao tc thc hin. Chng ta c th quay tr li sa i hoc nhp Next thc hin vic ng k.

Chn Finish kt thc qu trnh ng k.

Bc 3: Import Website Certificate vo CA Server

Start Programs Adminitrative Tools Certificate Authority. Nhp phi chut trn Certificate Server All Tasks Submit new request.

An ton thng tin s


Chn tp tin c to ra ti bc 2 Open.

Khi chng ch c Import vo, chng ch s c lu ti mc Pending. kch hot chng ch, chng ta nhp phi chut trn chng ch All Task Issue.

Bc 4: Export chng ch cp pht t CA Server v ci t chng ch ti Website cn thit lp SSL.

Export chng ch:

Chn CA Server Issued Certificates. Nhp phi chut ti chng ch c cp All Tasks Export Binary Data.

An ton thng tin s


Lu chng ch theo dng Binary.

Chn ng dn lu tp tin c Export chn Save.

Khi chng ch c Export, Import chng ch vo Website cn thit lp SSL, chng ta thc hin cc bc sau:

Start Programs Administrative Tools Internet Information Services. Nhp phi chut ti Website cn thit lp SSL Properties Chn tab Directory Security Server Certificate.

An ton thng tin s


Nhp Next tip tc.

Ti ca s Pending Certificate Request, chn mc Process the pending request and install the certificate.

An ton thng tin s


Ti ca s Process a Pending Request, chn tp tin c Export t CA Server. Nhp Next tip tc.

Chn cng dch v SSL, mc nh l 443. Nhp Next tip tc.

An ton thng tin s


Ca s Certificate Summary tm tt li nhng thao tc thc hin. Nhp Next tip tc hon tt qu trnh ci t chng ch.

Chn Finish kt thc qu trnh ng k chng ch.

Bc 5: Thit lp SSL v kim tra.

Start Programs Administrative Tools Internet Information Services. Nhp phi chut trn Website cn thit lp SSL Properties Chn Tab Directory Security Edit.

An ton thng tin s


Ti hp thoi Secure Communication, chn mc Require secure channel (SSL).

Kim tra:

Truy cp website theo a ch qui nh (https://172.29.14.153). Hp thoi Security Alert s cnh bo mi thng tin khi trao i gia Web Client v Web Server s khng b nhn thy. Chn OK tip tc.

Hp thoi Security Alert tip tc cnh bo v chng ch c ng k cn hp l v cn thi gian s dng. Nhp Yes tip tc.

An ton thng tin s


Trang web c hin th trn Browser thng qua vic truyn thng SSL.

Cc l hng bo mt lin quan n WEB v cch phng chng

I.1.11 JavaScript

Ngn ng c pht trin bi Netscape cho php thi hnh cc on m thi hnh c nhng trong trang web.

Cc chng trnh c th thi hnh cc chc nng ngoi kh nng kim sot ca ngi dng

Theo di duyt trang web

c mt khu v cc tp tin h thng

c cc tham s ca browser

I.1.12 ActiveX

Cng ngh c Microsoft pht trin thay th cng ngh OLE (Object Linking and Embedding) v COM (Component Object Model).

An ton thng tin s


Cung cp kh nng lin kt cc ng dng trn my tnh vi ni dung ca trang web

Cho php thi hnh cc on m Visual Basic c tch hp trong trang web thi hnh trn my cc b

ActiveX khng thi hnh trong mt khng gian gii hn (Sandbox) nh Java applet, v vy ActiveX a ra nhiu nguy c cho ng dng.

Gim bt nguy c nh hng ca ActiveX

I.1.13 CGI

M t cc lut cho php Web Server giao tip vi cc phn mm khc trn my ch v ngc li

Thng c dng cho php Web Server truy xut v trnh by thng tin trong CSDL ln trang web hay cho php ngi dng nhp thng tin t trang web v lu vo CSDL.

I.1.14 Cookies

c thit k m rng kh nng truy cp web ca Browser- cung cp trng thi cho web

Thng ip m Web Servers cung cp cho Web Browsers:

Browser lu tr thng ip trong mt tp tin dng Text

Thng ip ny c gi li cho Server mi ln browser yu cu 1 trang t server

Web server xc nh mt phin lm vic ca ngi dng

Cc im yu ca cookie:

Cookies c th d dng b li dng cung cp cc thng tin v ngi dng m khng c s ng .

Attacker convinces user to follow malicious hyperlink to targeted server to obtain the cookie through error handling process on the server

User must be logged on during time of attack

Cookies c th c dng tm hiu cc thi quen duyt web, ly i thng tin ti khon

An ton thng tin s


Chng 4 CC K H KHA HC

L H NG MNG KHNG Y

I. BO M RN H HNG MNG KHNG Y

Gii thiu

Mng khng dy da trn mi trng sng truyn d liu nn cc tin tc rt d nghe ln v tn cng, do vn bo mt trong mng khng dy l quan trng. u tin mng khng dy ni b theo chun IEEE 802.11 bo mt dng thng s cu hnh SSID (Service Set ID). SSID c th hiu l tn ca mng khng dy, k thut ny hot ng theo hai ch . Ch khng bo mt th theo chu k thi gian Access Point gi broadcast SSID ca mnh n cc my trm khng dy, my trm nhn cc tn hiu ny t quyt nh chn Access Point kt ni thng qua SSID. Ch th hai l ch bo mt th Access Point khng gi thng tin SSID ca mnh, m my trm mun kt ni vo mng phi c cng gi tr SSID vi Access Point.

Hnh 3.23: Qu trnh trao i SSID

Cc chun bo mt trn h thng mng khng dy

I.1.1 WEP

Chun IEEE 802.11b nh ngha mt protocol bo mt WEP (Wired Equivalent Privacy) cho mng khng dy ni b. WEP c thit k cng tng bo mt vi mng c dy, protocol ny bo mt bng cch m ha

An ton thng tin s


d liu khi truyn t im ny n im khc. WEP lm vic ti hai tng thp nht trong m hnh tham chiu OSI, s ng gi ca WEP bao gm nhng ni dung chnh sau:

- Thut ton m ha: RC4.

- Kha m ha trn mi packet: 24bit IV (Initialization Vector) ni vo kha chia s.

- WEP cho php IV (Initialization Vector) c dng li trn bt k Frame no.

- Tnh nguyn vn d liu c cung cp bi CRC-32.

I.1.2 WPA

Khi trin khai mt h thng mng Wireless, ngi ta a ra nhiu gii php gip bo mt trn h thng mng. Vi k thut bo mt s dng WEP vi nhiu tnh nng khng m bo an ton (d dng b mt key), do Wifi Alliance a ra mt phng thc khc nhm tng tnh nng bo mt trn mng khng dy, l WPA (Wifi Protected Access). WPA a ra mt phng thc m ha mnh m hn gi l TKIP (Temporal Key Integrity Protocol). WPA cng cho php ty chn s dng AES (Advanced Encryption Standard) m ha. WPA c hai ch khc nhau:

- WPA-Enterprise: S dng c ch chng thc 802.1X c thit k cho h thng mng Infrastructure va v ln.

- WPA-Personal: S dng Preshared Key (PSK) chng thc v s dng cho h thng mng Infrastructure nh (SOHO Small Office/Home Office)

An ton thng tin s


Chng 5 CC K H S NG

TROJAN, WORM

I. K thut s dng ro an

I.1 Khi nim ro an

Trojan Horse: y l loi chng trnh cng c tc hi tng t nh virus ch khc l n khng t nhn bn ra. Nh th, cch lan truyn duy nht l thng qua cc th dy chuyn tr loi ny ngi ch my ch vic tm ra tp tin Trojan horse ri xa n i l xong. Tuy nhin, khng c ngha l khng th c hai con Trojan horse trn cng mt h thng. Chnh nhng k to ra cc phn mm ny s s dng k nng lp trnh ca mnh sao lu tht nhiu con trc khi pht tn ln mng. y cng l loi virus cc k nguy him. N c th hy cng, hy d liu.

I.2 M hnh trin khai

M hnh sau:

To Trojan

iu khin Trojan:

Truy xut file hay th mc trn my Victim

Tt Firewall

An ton thng tin s


Qun l cc ng dng, dch v, trn my Victim

Xem mn hnh my Victim

Hng dn thc hin:

To Trojan:

Thc thi Beast Trojan

Chn Build Server

An ton thng tin s


Trong phn Server Setting, thit lp cc thng s trong cc phn Basic, Notification, AV-FW Kill, v chn Save Server:

An ton thng tin s


Nhng Trojan va to vo file:

Ti giao din Beast, ta chn Binder

Trong phn binder, Add Trojan v chng trnh (cn nhng Firefox) vo, sau chn Binder Files

An ton thng tin s


Phn phi Trojan: Chia s cc chng trnh nhng Trojan, ci

chng trnh Firefox lm trn vo my Victim

iu khin Trojan:

S dng Beast, kt ni n Trojan trn my Victim

Truy xut file (hoc th mc trn my Victim)

o Ti phn giao din Beast, chn Managers Files

An ton thng tin s


Qun l cc ng dng, dch v trn my Victim

o Ti phn giao din Beast, chn Managers Apps

(qun l ng dng)

An ton thng tin s


o Ti phn giao din Beast, chn Managers Services

(qun l dch v)

o Ti phn giao din Beast, chn Managers

Processes (qun l tin trnh)

An ton thng tin s


Xem mn hnh my Victim

o Ti phn giao din Beast, chn Managers Screen

An ton thng tin s


II. Cc k thu t d ng orm:

II.1 Khi nim Worm

Su my tnh (worm) l mt chng trnh my tnh c kh nng t nhn bn ging nh virus my tnh.

Trong khi virus my tnh bm vo v tr thnh mt phn ca m my tnh c th thi hnh th su my tnh l mt chng trnh c lp khng nht thit phi l mt phn ca mt chng trnh my tnh khc c th ly nhim. Su my tnh thng c thit k khai thc kh nng truyn thng tin c trn nhng my tnh c cc c im chung - cng h iu hnh hoc cng chy mt phn mm mng - v c ni mng vi nhau.

II.2 C ch Worm ly lan v pht tn

Tt c cc virus khng th pht tn tr khi bn m hoc chy 1 chng trnh ang b nhim virus.

An ton thng tin s


Nhiu virus nguy him nht ch yu pht tn qua cc tp tin nh km vi th in t cc tp tin gi km vi cc tp tin in t.

An ton thng tin s


CHNG 6 CC PHNG PHP

PH NG CHNG

I. G H

CC NGUY C

Theo thng k ca cc hang bo mt mng ln trn th gii th tc hi , hu qu do Virus my tnh gy ra i vi h thng mng l rt ln. Mt s nguy c in hnh:

Lm gim hiu sut lm vic do virus gy ra lm tc nghn bng thng mng (Gi email lin tc lm tc nghn mng, gi cc gi tin broadcast,, chim dng ti nguyn (CPU, RAM,) ca my tnh, lm gim tc my, thm ch c th lm dng hot ng ca c mt h thng mng hoc cc my ch, my trm quan trng. Nguy c ny c nh gi l gy ra mc thit hi ln nht.

Thay i, xa ni dung d liu. Mc thit hi ca nguy c ny ph thuc vo tm quan trng ca d liu b sa, xa.

nh cp d liu, account. Virus my tnh c kh nng ly cp, ghi lai mt khu, username quan trng, d liu quan trng ri gi n a ch ca hacker.

To cc back-door. Vic virus my tnh t ng m cc cng trn h thng khng cn xa l, n c th m cng nhm thc hin cc hnh vi tri php, gy nguy him cho h thng hoc s dng lm cng c tn cng lm hng h thng khc.

LA CHN GII PHP

Mt doanh nghip ln vi nhiu my tnh kt ni internet lun cn mt gii php phng chng virus mt cch hiu qu nht. i vi cc mng doanh nhip ny, vic xy dng mt h thng antivirus duy nht cho c mt h thng my tnh, gip ngi qun tr n gin hn trong vic qun tr h thng, tit kim bng thng, nng cao bo mt cho h thng.

Thng thng, mt doanh nghip c kt ni internet, virus c th thng qua mt s con ng chnh sau ly nhim v tn cng vo h thng: thng qua vic truy cp internet; Email; vic truyn thng trong

An ton thng tin s


mng; cc ng dng trn my ch, my trm; cc thit b lu tr: CD, USB, HDD,

bo v phng chng virus c hiu qu cho h thng mng trong ton b doanh nghip, cn phng chng virus trn tt c cc con ng m virus c th ly nhim, tn cng vo h thng. C th cn phng chng virus cho: ng kt ni internet, Mail Server, lung mail POP3 ti cc my trm, cc my ch,

Phng chng virus cho ng kt ni internet: phng chng virus cho ng kt ni internet, c th cn lm sch virus cho cc lung HTTP, FTP, SMTP, khi kt ni vi mi trng internet, ta c th s dng cc sn phm web security v mail security. V d: phng chng virus trn lung HTTP v FTP c th s dng sn phm Symantec Web Security. chng virus v lc spam mail trn lung SMTP c th s dng sn phm Symantec Mail Security for SMTP.

i cc lung POP3 ti cc my trm: phng chng virus cho lung mail POP3 th cn phi s dng kt hp vi gii php phng chng virus trn cc my trm.

Phng chng virus cho my ch: phng chng virus cho cc my ch th trn my ch s dng cc chng trnh antivirus cho my ch. Hu ht cc sn phm antivirus u c nhng c im sau:

Qun tr theo m hnh tp trung: iu ny cho php ngi qun tr t mt im c th qun l tt c cc my c ci t chng trnh antivirus.

Qun tr t xa theo m hnh a lp: Hu ht cc sn phm loi ny u cho php qun tr t xa thng qua kin trc a lp gm cc thnh phn:

+ Primary Server: c ci trn mt Server vi mc ch qun l tp trung cc Secondary Server. Cc chnh sch v qun l v cp nht definition ca virus s c thit lp trn my Primary Server v sau c phn tn xung cc my trm thng qua cc Secondary Server.

+ Secondary Server: c ci t trn cc server c qun l bi Primary Server. y l thnh phn qun l trc tip cc my cn bo v.

+ Protected Machine: y l thnh phn c bo v trong h thng (my tnh ca ngi dng, cc server)

+ Management Console: y l cng c qun tr , ngi qun tr c th kt ni vo Primary Server cu hnh v qun l cc my trong h thng. Cc chc nng qun l t xa c th c: Update cc definition, scan engine, scan virus, thit

An ton thng tin s


lp cu hnh scan virus cho cc my trong h thng, thit lp cnh bo, ghi nht k v bo co,

Phng chng virus cho cc my trm: phng chng virus cho cc my trm trong h thng mng doanh nghip cn s dng gii php antivirus cho cc my trm trn mi trng mng LAN c thit k theo m hnh client/server. Cc sn phm loi ny c nhng c im sau:

Hot ng theo m hinh Client-Server

H tr nhiu phng php trin khai chng trnh antivirus cho cc my trm

T ng cp nht virus definition, scan engine. Cc bn cp nht c ti v my ch, sau cc my trm truy cp vo update, iu ny gip tit kim bng thng internet

Ngi qun tr c th iu khin t xa qut virus, cp nht virus definition cho cc my trm

t lch qut, cp nht t ng

II. V - R N KHA AV RA SMALLB SS NESS S E

M HNH TRIN KHAI

YU CU SERVER

H iu hnh: Windows 2000 Server, Windows Server 2003, Windows Server 2008, Windows Small Business Server, Windows Server 2003 x64 edition

YU CU CLIENT

An ton thng tin s


H iu hnh: Windows XP Professional, Windows XP Professional x64 edition, Windows Vista 32 Bit, Windows Vista 64 Bit, Windows 7

CC BC THC HIN

II.1.1 Ci t Avira SmallBussiness Suite:

Kch hot file ci t Avira SmallBussiness Suite, sau chn Continue

Ti mn hnh Welcome to the InstallShield Wizard for Avira SmallBussiness Suite, chn Next

Ti mn hnh License Agreement, check vo ty chn I accept the terms of the license agreement, sau chn Next

Ti mn hnh Select License Key, chn Browse ch n Key tng ng, sau chn Next

Ti mn hnh Choose Destination Location, chn Next

Ti mn hnh Select Features, chn Next

An ton thng tin s


Ti mn hnh Administrative UserAccount, nhp vo Username v password qun tr

Ti mn hnh Ready to Install, chn Install

Ti mn hnh InstallShield Wizard Complete, chn Finish

II.1.2 Qun tr Avira SmallBusiness Suite:

Vo Start Programs Avira Avira Security Management Center Avira Security Management Center Frontend

An ton thng tin s


To mi mt nhm: Chn Security Environment Click phi chut New Group

Hp thoi Create new group xut hin, nhp vo tn group cn khi to, sau chn OK

An ton thng tin s


Thm mt Computer vo nhm: Click phi chut ln nhm cn thm computer, chn New Computer

Hp thoi Add new computer xut hin, nhp vo Display name v Hostname/IP, sau chn OK

An ton thng tin s


Ci t Avira AntiVir Professional 10 cho computer: Click chut phi vo computer cn ci t Avira AntiVir Professional 10, chn Installation Avira AntiVir Professional 10 (Windows), EN Install

Hp thoi Administrator Account xut hin, nhp vo thng tin chng thc vi computer ny

An ton thng tin s


Ti hp thoi Install, chn cc components ci t, sau chn OK

Khi Avira AntiVir Professional 10 ci xong:

An ton thng tin s


- Trn Avira Security Management Center Frontend:

- Trn my WS-001

Thc hin cc thao tc Start scan, Stop scan, Start update, install/uninstall modules, enable/disable modules

An ton thng tin s


CHNG 7 CCH HC X Y NG

H HNG S PS

I. H thng pht hin xm nhp IDS

c im chc nng v hot ng :

L h thng theo di v pht hin t nhp.

Bng cch theo di cc hot ng din ra trn mng hay trn mt my tnh v so snh vi nhng thng tin bit, IDS c th pht hin cc hnh ng thm nhp hay tn cng, khi s pht tn hiu bo ng v ghi log lm ti liu cho vic khc phc sau ny.

Vic cp nht cc du hiu tn cng l cng vic kh nht trong k thut IDS. Du hiu tn cng c th xy dng t cc c im nh IP option, mt mu (pattern) ca d liu di chuyn trn mng hay tn s lp i lp li mt c im ca phng php tn cng no ...

C hai loi IDS c th dng trong vic tng cng tnh bo mt. System IDS ci t hot ng trn cc server v network IDS (NIDS) hot ng pht hin t nhp trn mng. System IDS thng hiu qu hn NIDS tuy nhin NIDS s hiu qu trong cc trng hp nh tn cng vo nhiu server cng mt lc hay cc t qut port ca attacker m system IDS khng th pht hin.

IDS khng ch l bin php phng th th ng. Mt s h thng IDS c kh nng ng ph nh kt hp vi firewall chn IP no . IDS c th cu hnh b sung cc du hiu tn cng. Mt vi NIDS c th cu hnh ch learning mode, khi NIDS s ngh hoc t ng iu chnh cc cu hnh cho ph hp vi mng qua qu trnh theo di v tng hp lu thng.

An ton thng tin s


System IDS c ci t trn cc server (trn mt my tnh nht

nh) trong khi NIDS ci t sao cho c th theo di ton b mng.

im yu bo mt :

im yu ca NIDS l c th b qu ti. Khi lu lng truyn thng trn mng ln, NIDS khng th no kim tra tng packet mt. Khi kh nng b st packet s xy ra v l iu m attacker mong mun.

Cc im cn khi trin khai NIDS :

m bo NIDS ph hp vi kch thc mng. Nu NIDS khng p ng ni chng ta nn thay NIDS mi hoc chia nh mng c th theo di vi nhiu NIDS.

Khi cu hnh NIDS t xa tt nht nn thc hin t mt my tnh nm khc subnet.

Thc hin ghi log ln mt my tnh khc nm khc subnet vi NIDS tng tnh bo mt.

II. H thng ng n ng a x m nhp PS

Hai kiu IPS c bit trn th trng hin nay l da vo my ch v ni tuyn (da vo mng). Cc h thng da vo my ch l cc phn mm ngn nga xm nhp c vit mc trc tip vo trong cc ng dng hay ci t trc tip trn cc my ch ng dng. Bi vit ny ch tp trung vo bo mt ni tuyn. Bo mt ni tuyn tng t nh trong kin trc tng la di tr kp hay mt cng chng vi rt c t ngc chiu t cc ng dng c bo v v p dng cc

An ton thng tin s


dch v ngn nga xm nhp cho nhiu ng dng xui chiu ca cc IPS.

Theo ng ngha ca khi nim ny, ta c th nh ngha nh sauMt H thng Ngn nga Xm nhp ni tuyn (inline) l bt k mt thit b phn cng hay phn mm no c kh nng pht hin v ngn nga cc cuc tn cng quen bit. Thm ch n gin hn, Ngn nga Xm nhp ch cp n vic pht hin v sau ngn chn nhng cuc tn cng chuyn bit ng dng bit. Thut ng H thng Ngn nga Xm nhp (Intrusion Prevention System) bn thn c s dng hp nht c hai khi nim H thng Pht hin (detection system) v H thng Ngn nga (prevention system) di mt cu trc.

Pht hin v ngn nga

Nhn b ngoi, cc gii php pht hin xm nhp v ngn nga xm nhp xut hin theo kiu cnh tranh nhau. Rt cuc, chng chia s mt danh sch cc chc nng ging nhau nh kim tra gi tin, phn tch c trng thi, rp li cc on, rp li cc TCP-segment, kim tra gi tin su, xc nhn tnh hp l giao thc v thch ng ch k. Mt IPS hot ng ging nh mt ngi bo v gc cng cho mt khu dn c, cho php v t chi truy nhp da trn c s cc u nhim v tp quy tc ni quy no . Mt IDS (h thng pht hin xm nhp) lm vic ging nh mt xe tun tra bn trong khu dn c, gim st cc hot ng v tm ra nhng tnh hung bt bnh thng. D mc an ninh ti cng vo khu dn c mnh n mc no, xe tun tra vn tip tc hot ng trong mt h thng gim st v s cn bng ca chnh n.

Pht hin xm nhp

Mc ch ca pht hin xm nhp l cung cp s gim st, kim tra, tnh php l v bo co v cc hot ng ca mng. N hot ng trn cc gi tin c cho php thng qua mt thit b kim sot truy nhp. Do nhng hn ch v tin cy v nhng e do bn trong, Ngn nga Xm nhp phi cho php mt s vng xm (gray area) tn cng trnh cc trng hp bo ng gi. Mt khc, nhng gii php IDS c nhi tr thng minh c s dng nhiu k thut khc nhau nhn bit nhng cuc xm nhp, nhng khai thc, lm dng bt chnh v cc cuc tn cng tim tng. Mt IDS c th thc hin cc hot ng m khng lm nh hng n cc kin trc tnh ton v kt ni mng.

An ton thng tin s


Bn cht b ng ca IDS nm ch cung cp sc mnh ch o phn tch thng minh cc lu lng gi tin. Nhng v tr IDS ny c th nhn ra :

Cc cuc tn cng quen bit theo ng ch k (signature) v cc quy tc.

Nhng bin thin trong lu lng v phng hng s dng nhng quy tc v phn tch thng k phc tp.

Nhng bin i mu lu lng truyn thng c s dng phn tch lung.

Pht hin hot ng bt bnh thng c s dng phn tch lch ng c s (baseline deviation analysis).

Pht hin hot ng ng nghi nh phn tch lung, cc k thut thng k v pht hin s bt bnh thng.

Ngn nga xm nhp

Nh c cp trc y, cc gii php Ngn nga Xm nhp nhm mc ch bo v ti nguyn, d liu v mng. Chng s lm gim bt nhng mi e do tn cng bng vic loi b nhng lu lng mng c hi hay c c trong khi vn cho php cc hot ng hp php tip tc. Mc ch y l mt h thng hon ho khng c nhng bo ng gi no lm gim nng sut ngi dng cui v khng c nhng t chi sai no to ra ri ro qu mc bn trong mi trng. C l mt vai tr ct yu hn s l cn thit tin tng, thc hin theo cch mong mun di bt k iu kin no. iu ny c ngha cc gii php Ngn nga Xm nhp c t vo ng v tr phc v vi:

Nhng ng dng khng mong mun v nhng cuc tn cng Trojan horse nhm vo cc mng v cc ng dng c nhn, qua vic s dng cc nguyn tc xc nh v cc danh sch iu khin truy nhp (access control lists).

Cc gi tin tn cng ging nh nhng gi tin t LAND v WinNuke qua vic s dng cc b lc gi tc cao.

S lm dng giao thc v nhng hnh ng lng trnh nhng thao tc giao thc mng ging nh Fragroute v nhng kho st ln TCP (TCP overlap exploits) thng qua s rp li thng minh.

Cc tn cng t chi dch v (DOS/DDOS) nh lt cc gi tin SYN v ICMP bi vic s dng cc thut ton lc da trn c s ngng.

An ton thng tin s


S lm dng cc ng dng v nhng thao tc giao thc cc cuc tn cng bit v cha bit chng li HTTP, FTP, DNS, SMTP .v.v. qua vic s dng nhng quy tc giao thc ng dng v ch k.

Nhng cuc tn cng qu ti hay lm dng ng dng bng vic s dng cc hu hn tiu th ti nguyn da trn c s ngng.

Tt c cc cuc tn cng v trng thi d b tn cng cho php chng tnh c xy ra u c chng minh bng ti liu. Ngoi ra, nhng khc thng trong cc giao thc truyn thng t mng qua lp ng dng khng c ch cho bt c loi lu lng hp php no, lm cho cc li tr thnh t chn lc trong ng cnh xc nh.

Tnh trng ca cng ngh IPS

Trng thi ca cng ngh IPS l cha chn mui nu bn xem xt gc sn phm ca tng nh cung cp n l vi tt c cc tnh nng pht hin, gim st, ngn nga, cp nht v bo co trn mi s truyn ti cho truy nhp vo trong v ra ngoi qua mt im nghn (choke-point) mng c bit. Gn y, cc doanh nghip tiu tn hng triu la vo cc sn phm gip h bo v an ton mng ca h. Cc sn phm IPS mi ni ca ngy nay c tp trung ch yu dnh ring cho Port 80 v nh vy chng hin khng thay th cc h thng hin ti.

Thay vo chng lm tng thm gi tr ca nhng h thng ny. Mt gii php IPS a giao thc bao hm tt c s phi c pht trin v chng t trc khi nhng h thng nh vy c coi nh nhng thay th thc t cho cc h thng trin khai.

Cc mc tiu di hn

Trong tng lai, mt gii php cng an ninh ni tuyn (inline) phi t c cc mc tiu ny :

Kh nng pht hin v ngn chn tn cng da trn c s s dng lgic v vt l ca nhiu cng ngh p buc. Rng hn, iu ny cn bao gm c kh nng ngn nga c hai dng tn cng bit v cha bit c s dng cc bin php phng th ng dng (Application Defenses).

Kh nng cng nhau hot ng vi c s h tng an ninh c trin khai cho nhng mc ch h tr tp hp d liu,

An ton thng tin s


bng chng in t, gim st theo di v phc tng iu chnh khi cn.

Kh nng khng ph v nhng hot ng kinh doanh do thiu tnh sn sng, hiu nng km, nhng khng nh sai hay khng c kh nng hot ng cng nhau vi cc c s h tng chng thc quy nh.

Kh nng h tr cc chuyn gia an ninh CNTT trong vic chuyn giao k hoch qun l ri ro ca t chc ca h bao gm chi ph cho thc hin, hot ng v nhng kt qu lm vic t cc cnh bo v bo co t h thng.

Nhng thch thc t c mc ch

Hin thi khng c cc nghin cu ca i tc th ba c th chp nhn c tnh hiu qu ca IPS nh l mt gii php. S qung co thi phng xung quanh Ngn nga Xm nhp ang lm ln ln gia nhng g cng ngh ny c th cung cp v nhng g n ha hn.

Cch tip cn nhiu lp cho an ninh CNTT tip tc c gi tr trong khi cng nghip pht trin. N khng c v l s di tr ra xa khi phng th chiu su phn lp ng nh n c t chc.

Nhiu gii php IPS s i hi nhng yu cu ging IDS iu chnh, gim st v bo co.

An ton thng tin s


Mc Lc CHNG 1 .............................................................................................. 1

G TH TNG QUAN AN NINH MNG .......................................... 1

I. IU KHIN TRUY CP .................................................................................... 1

MAC (MANDATORY ACCESS CONTROL) ..................................................................... 1

DAC (DISCRETIONARY ACCESS CONTROL) .................................................................. 2

RBAC (ROLE-BASED ACCESS CONTROL) ...................................................................... 2

II. XC THC ...................................................................................................... 2

USERNAME/PASSWORD .......................................................................................... 2

KERBEROS ............................................................................................................ 3

CHAP ................................................................................................................. 4

CHNG CH (CERTIFICATES) ..................................................................................... 5

MUTUAL AUTHENTICATION ...................................................................................... 6

BIOSMETRICS ........................................................................................................ 6

MULTI-FACTOR ...................................................................................................... 8

III. KIM TON (AUDITING) .................................................................................. 9

AUDITING SYSTEM .................................................................................................. 9

CHNG 2 ............................................................................................ 11

CC HNH THC ................................................................................... 11

TN CNG MNG PH BIN .............................................................. 11

I. MINH HA KHI QUT MT KCH BN TN CNG .................................................... 11

II. TN CNG CH NG....................................................................................... 12

DOS .................................................................................................................. 12

DDOS ............................................................................................................... 13

BUFFER OVERFLOWS ............................................................................................ 14

SYN ATTACKS ..................................................................................................... 14

SPOOFING .......................................................................................................... 16

MAN IN THE MIDDLE ATTACKS ............................................................................... 17

RELAY ATTACKS ................................................................................................... 18

DUMPSTER DIVING ............................................................................................... 18

SOCIAL ENGINEERING ........................................................................................... 18

III. TN CNG TH NG ...................................................................................... 18

An ton thng tin s


D TM L HNG(VULNERABILITY SCANNING) ........................................................... 18

GII THIU MT S CNG C D TM L HNG: ........................................................ 19

NGHE LN(SNIFFING) ............................................................................................ 21

PASSWORD ATTACKS ............................................................................................ 25

MALICIOUS CODE ATTACK ...................................................................................... 25

CHNG 3 ............................................................................................ 27

TH T HA TH C WEBSITE ....................................................... 27

I. BO MT WEB.............................................................................................. 27

BO MT TRN WEB SERVER................................................................................. 27

BO MT TRN WEB CLIENT ................................................................................. 29

GIAO THC SSL V HTTPS ................................................................................... 30

CC L HNG BO MT LIN QUAN N WEB V CCH PHNG CHNG ......................... 46

CHNG 4 ............................................................................................ 48

C C TH T HA TH C L H NG MNG KHNG DY ........... 48

I. BO MT TRN H THNG MNG KHNG DY ........................................... 48

GII THIU ......................................................................................................... 48

CC CHUN BO MT TRN H THNG MNG KHNG DY ........................................... 48

CHNG 5 ............................................................................................ 50

C C TH T S D NG T O AN O M ..................................... 50

I. K T UT N TROJAN: .............................................................................. 50

I.1 K I NI TROJAN: ................................................................................ 50

I.2 M N T IN AI ............................................................................... 50

II. CC K THU T X Y DNG WORM: ............................................................. 58

II.1 K I NI WORM: ................................................................................. 58

II.2 C W L LAN T T N: ....................................................... 58

CHNG 6 ............................................................................................ 60

C C PHNG PH P ............................................................................ 60

PH NG CH NG .................................................................................... 60

I. GII THIU ................................................................................................... 60

CC NGUY .................................................................................................. 60

An ton thng tin s


LA CHN GII PHP ...................................................................................... 60

II. V D - TRIN KHAI AVIRA SMALLBUSSINESS SUITE .................................... 62

M HNH TRIN KHAI ...................................................................................... 62

YU CU SERVER ............................................................................................. 62

YU CU CLIENT .............................................................................................. 62

CC BC THC HIN .................................................................................... 63

II.1.1 CI T AVIRA SMALLBUSSINESS SUITE: .................................... 63

II.1.2 QUN TR AVIRA SMALLBUSINESS SUITE: .................................... 64

CHNG 7 ............................................................................................ 70

C CH THC D NG ...................................................................... 70

H TH NG DS/ PS ............................................................................... 70

I. H THNG PHT HIN XM NHP IDS ................................................................ 70

II. H T N N N N A N IPS................................................................ 71

PHT HIN N N N A .................................................................................... 72

PHT HIN XM NHP ........................................................................................... 72

N N N A XM NHP ........................................................................................ 73

TNH TRNG CA CNG NGH IPS ........................................................................... 74

CC MC TIU DI HN ......................................................................................... 74

NHNG THCH TH T C M .......................................................... 75

M C L C ............................................................................................... 76

tai lieu-an toan thong tin so

Documents