You are on page 1of 172

BAN C YU CHNH PH HC VIN K THUT MT M

TS. Trn Duy Lai, ThS. Hong Vn Thc

GIO TRNH

an ton th tn IN T

H Ni, 2006

ii

Mc lc Danh sch Cc ch vit tt..................................................viii Danh mc cc hnh v.............................................................x Li ni u..............................................................................xi Nhm tc gi.........................................................................xiii Chng 1...................................................................................1 h thng th tn in t v cc vn an ton....................1 1.1. H thng th tn in t...................................................1 1.1.1. Lch s pht trin.......................................................1 1.1.2. H thng th tn in t.............................................1 1.2. Cc him ho i vi th tn in t.................................4 1.2.1. Him ho b c ln..................................................4 1.2.1.1. Chnh ph nc ngoi.............................................4 1.2.1.2. Chnh ph trong nc.............................................4 1.2.1.3. Cnh tranh thng mi ........................................5 1.2.1.4. Ti phm................................................................5 1.2.1.5. Bn b ngi thn...................................................6 1.2.2. Vn thu thp.....................................................6 1.2.3. Phn tch ng truyn..........................................7 1.2.4. Gi mo....................................................................9 1.2.5. Bom th...................................................................11 Cu hi n tp chng 1.....................................................13 Chng 2.................................................................................13 Cc giao thc s dng cho th tn...........................................13 2.1. Cc ch hot ng trm - ch trong th tn...............13 2.2. M rng th tn Internet a mc tiu (MIME)..................15 2.3. Cc chun truyn th.......................................................16 2.3.1. Gii thiu...................................................................16 2.3.2. Giao thc truyn th n gin (SMTP)......................17 2.3.2.1. M hnh hot ng ca SMTP...........................18 2.3.2.2. Cc th tc truyn SMTP...................................20 2.3.2.3. Cc lnh SMTP c bn........................................27 2.3.3. Cc m rng ca giao thc truyn th n gin......29 2.4. Cc chun Client nhn th................................................31 2.4.1. Gii thiu...................................................................32 2.4.2. Giao thc nhn th POP3............................................32 iii

2.4.2.1. Nguyn tt hot ng v cc lnh ca giao thc POP3.................................................................................33 2.4.2.2. Cc lnh trong giao thc POP3...........................34 2.4.2.3. V d v cc lnh s dng trong giao thc POP3 .........................................................................................39 2.4.3. Giao thc truy nhp thng bo Internet (IMAP)........40 2.4.3.1. Hot ng ca IMAP...........................................41 2.4.3.2. Cc lnh IMAP.....................................................43 2.4.4. So snh IMAP v POP.................................................49 Cu hi n tp chng II:....................................................51 Chng 3.................................................................................52 An ton ng dng my ch Tn v ni dung th.....................52 3.1. An ton ng dng my ch th tn...................................52 3.1.1. Ci t my ch th tn an ton..............................52 3.1.2. Cu hnh an ton ng dng my ch th tn............53 3.2. Bo v th tn in t khi m ph hoi..........................57 3.2.1. Qut Virus.................................................................58 3.2.2. Lc ni dung..............................................................66 3.2.3. Cc vn lin quan n lc ni dung..................68 3.3. Ngn nga vic gi th hng lot......................................70 3.4. Chuyn tip th c xc nhn............................................71 3.5. Truy nhp an ton...........................................................72 3.6. Truy nhp th thng qua Web..........................................74 3.7. Bng lit k cc danh mc..............................................74 Cu hi n tp chng III....................................................77 Chng 4.................................................................................78 an ton th trn my trm........................................................78 4.1. Ci t, thit lp cu hnh, s dng cc ng dng trm an ton...................................................................................78 4.1.1. Lp l hng v cp nht phn mm trm..............78 4.1.2. Trm th an ton.........................................................79 4.1.3. Xc thc v truy nhp...............................................81 4.1.4. An ton i vi h thng x l ca my trm...........82 4.2. An ton cho cc thnh phn cu thnh ni dung th.......84 4.3. Truy nhp cc h thng th tn in t da trn Web. . .85 4.4. Bng lit k danh mc....................................................87 iv

Cu hi n tp chng IV:...................................................89 Chng 5.................................................................................91 qun tr an ton mt my ch th..........................................91 5.1. Hoch nh qun tr an ton cc my ch th................91 5.1.1. Hoch nh vic ci t v trin khai my ch th 91 5.1.2. Cc i tng qun tr c ch an ton......................94 5.1.3. Thc hnh qun tr...................................................97 5.1.4. Hoch nh an ton h thng ...............................99 5.1.5. Vn con ngi trong vic an ton cho my ch th ..........................................................................................101 5.1.6. Cc nguyn tc c bn cho an ton h thng thng tin......................................................................................102 5.2. Qun tr an ton mt my ch th.................................104 5.2.1. Nht k....................................................................104 5.2.1.1. Thit lp cu hnh ghi nht k........................105 5.2.1.2. Tng kt v duy tr nht k...........................106 5.2.1.3. Cc cng c phn tch t ng tp nht k. .108 5.2.2. Cc th tc sao chp d phng my ch th ..........109 5.2.3. Kim tra c ch an ton ca cc my ch th........112 5.2.3.1. Qut l hng....................................................113 5.2.3.2. Tn cng th.....................................................115 5.2.4. Qun tr t xa mt my ch th...............................116 5.2.5. Bng lit k cc danh mc qun tr an ton my ch th.......................................................................................117 Cu hi n tp chng V:..................................................120 Chng 6...............................................................................121 an ton th tn s dng mt m............................................121 6.1. Gii thiu cc lc an ton th ....................................121 6.2. Pretty Good Privacy.......................................................123 6.3. S/MIME...........................................................................126 6.4. La chn m php tng ng..........................................129 6.5. Qun l kha.................................................................130 6.6. S la chn gia PGP v S/MIME..................................131 Cu hi n tp chng VI:.................................................132 kt lun................................................................................134 Ti liu tham kho...............................................................136 Ph lc 1 ..............................................................................137 v

s an ton ca h th tn in t .......................................137 microsoft exchange..............................................................137 1.1. Ci t Exchange Server ...........................................137 1.1.1. To ti khon cc dch v Exchange trn Windows 137 1.1.2. To nhm qun tr Exchange trn Windows...........138 1.1.3. Ci t phn mm Exchange. .............................138 1.2. Cc quyn qun tr.......................................................139 1.2.1. Cc ti khon qun tr Exchange...........................140 1.2.2. Hiu v cc vai tr qun tr Exchange..................140 1.2.3. Hiu v quyn tha k..........................................141 1.3. S qun tr thnh phn li ca Exchange....................141 1.3.1. Kho danh mc (Directory Store).............................142 1.3.2. Kho thng tin...........................................................143 1.3.3. MTA.........................................................................145 1.4. Thit lp cu hnh an ton cho dch v th in t Internet ca Exchange ........................................................146 1.5. Thit lp cu hnh an ton POP3................................147 1.6. Thit lp cu hnh an ton cho IMAP..........................148 1.7. Thit lp cu hnh an ton cho LDAP..........................149 1.8. Thit lp cu hnh chuyn tip th c xc thc...........150 1.9. Thit lp cu hnh an ton truy nhp Web.................151 1.9.1. Thay i cc thit lp mc nh ca h iu hnh..................................................................................151 1.9.2. Xc thc..................................................................151 1.9.3. Truy nhp nc danh...............................................152 Ph lc 2...............................................................................153 cc ng dng v cng c cho s an ton ............................153 th tn in t......................................................................153 2.1. Cc cng c lc ni dung th..........................................153 2.2. Cng c kim tra tnh ton vn tp............................153 2.3. Cc cng c phn tch tp ghi nht k.......................154 2.4. Cc cng c phn tch mng.......................................155 2.5. Cng c lit k v qut.................................................156 2.6. Cc phn mm qut virus............................................157

vi

2.7. Cc cng c qut l hng............................................158 2.8. Cc cng c lp l hng my ch.................................158

vii

Danh sch Cc ch vit tt


API Application Programming Interface (giao din lp trnh ng dng) AES Advanced Encryption Standard (chun m ho tin tin) ARPA Advanced Research Projects Agency (c quan qun l cc d n nghin cu cao cp) ARPANET Advanced Research Projects Agency Network (l mt mng chuyn mch gi tin c ARPA ti tr pht trin vo u thp nin 1970) AVAPI Anti-Virus Application Programming Interface (giao din lp trnh ng dng chng virus) CA Certificate Authority (U quyn chng thc) CIO Chief Information Officer (ngi qun l cng ngh thng tin cao cp) DES Data Encryption Standard (chun m ho d liu ca M) DNS Domain Name Services (dch v tn min) DoS Denied of Services (kiu tn cng t chi dch v) DSA Digital Signature Algorithm (thut ton ch k in t) DSS Digital Signature Standard (chun ch k s) ESMTP Extended SMTP (giao thc truyn th n gin m rng) FTP File Transfer Protocol (giao thc truyn tp) HTML HyperText Markup Language (ngn ng nh du siu vn bn)

IDS Intrusion Detection System (h thng pht hin xm nhp)


IE Internet Explorer (trnh duyt Internet) IIS Internet Information Services (cc dch v thng tin Internet) IMAP Intenet Message Access Protocol (giao thc truy nhp thng ip Internet) IMS Internet Mail Service (dch v th Internet) IPCE Interprocess Communication Environment (mi trng truyn thng lin tin trnh) ISSM Information Systems Security Program Manager (i tng qun l chng trnh an ninh h thng thng tin) viii

ISSO JS JSE Java) LDA LDAP

Information System Security Officer (ngi c trch nhim i vi s an ton ca h thng thng tin) JavaScript (kch bn vit bi Java) JavaScript Encoded File (tp m kch bn vit bi

Local Delivery Agent (i l phn phi th cc b) Lightweigth Directory Access Protocol (giao thc truy nhp danh mc nh) MAPI Messaging Application Programming Interface (giao din lp trnh ng dng cho cc thng ip) MD5 Message-Digest algorithm 5 (thut ton bm thng ip) MIME Multipurpose Internet Mail Extension (m rng th tn Internet a mc tiu) MMF Make Money Fast (bom th kiu khuyn khch mi ngi kim tin nhanh) MOSS MIME Object Security Services (cc dch v an ton i tng m rng th tn a mc tiu) MTA Mail Transport Agent (dch v vn chuyn th) MUA Mail User Agent (dch v ngi s dng th) NFS Network File System (h thng tp trn mng) NIST National Institute Standard Technology (vin tiu chun cng ngh quc gia M) NSA National Security Agence (c quan an ninh quc gia M) ORBs Open Relay Blacklists (Danh sch en, danh sch gm cc my ch th thng c s dng gi cc th in t kiu spam, c cc nh qun tr lp ra) PEM Privacy Enhanced Mail (th in t c tng cng tnh an ton) PGP Prety Good Privacy (mt cng c an ton th in t s dng mt m) PKCS Public Key Cryptography Standard (chun mt m kho cng khai) PID Process-Identity (s nh danh tin trnh) POP3 Post Office Protocol version 3 (giao thc nhn th phin bn 3) RSA Tn mt thut ton mt m kho cng khai SHA-1 Secure Hash Algorithm (thut ton bm d liu an ton)

ix

SHS ton) S/MIME

Secure Hash Standard (chun hm bm d liu an

Secure Multipurpose Internet Mail Extension (m rng th tn Internet a mc tiu an ton) SMTP Simple Mail Transfer Protocol (giao thc truyn th n gin) SSLv3 Secure Socket Layer version 3 (giao thc bo mt tng socket phin bn 3) TLS Transport Layer Security (giao thc bo mt tng vn ti) UCE Unsolicited Commercial Email (kiu bom th thng mi khng mong mun) UBE Unsolicited Bulk Email (bom th in t gi hng lot) VBS Visual Basic Script (kch bn vit bi Visual Basic) VBE VBScript Encoded File (tp m kch bn Visual Basic) WSC Windows Script Component (thnh phn gm cc tp lnh theo mt kch bn trn Windows) WS Windows Script (kch bn trn Windows) WSF Windows Script File (tp kch bn trn Windows)

Danh mc cc hnh v
Hnh 1.1 H thng th tn in t..........................................3 Hnh 2.2 S hot ng ca POP3..................................33 Hnh 2.3 V d phin lm vic cc lnh POP3......................40 Hnh 2.4 V d phin lm vic POP3....................................40 Hnh 3.1 M hnh qut virus trn Firewall...........................60 Hnh 3.2 M hnh qut virus trn chnh my ch th...........61 Hnh 3.3 Qut vi rt c thc hin trn cc trm ca ngi s dng.......................................................................................64

Li ni u
C th ni th tn in t l mt h thng c s dng ph bin nht cho vic trao i thng tin trn Internet (hoc trong bt k mt mng my tnh no khc). mc khi nim c bn, h thng th tn in t c th c chia thnh hai thnh phn chnh

Cc my ch th tn: thc hin chc nng chuyn pht, phn phi v lu tr th Cc ng dng pha client: ng vai tr giao tip vi ngi s dng trong vic son tho, c, gi v lu tr.
Cng vi s pht trin mnh m ca th in t, cc thng tin c trao i qua dch v ny cng tr nn a dng v phong ph (t nhng thng tin trao i thng thng cho n cc thng tin lin quan n s thnh bi ca mt cng ty, t chc hay thm ch l ca c mt t nc). Khi gi tr thng tin c trao i qua th in t tng ln ko theo s ra i ca nhiu phng php tn cng vo cc h thng th tn nhm ph hoi h thng, n cp thng tin, ... Do vy vic m bo an ton cho nhng thng tin c trao i qua ng th in t cng l mt vn , ang c quan tm v u t nhiu khng ch i vi nhng nh xy dng phn mm th in t m ngay c vi cc t chc, cng ty, hay c nhn s dng dch v th tn in t. Tp gio trnh ny s cung cp cc khi nim chung nht v h thng th tn in t nh cc thnh phn, cc chun c s dng trong th tn in t, ... Bn cnh , chng ti cng mun gii thiu cc vn lin quan n s an ton cho c hai thnh phn chnh ca h thng th tn in t l cc my ch v cc my trm trn cc mng ring cng nh cc mng cng cng. C th ni dung ca gio trnh gm cc phn chnh di y: Chng I: H thng th in t v cc vn an ton Ni dung ca chng ny gii thiu lch s ra i ca th in t, khi nim chung nht v mt h thng th tn in t (cc thnh phn v chc

xi

nng ca chng). Cung cp mt ci nhn tng quan v cc him ho i vi th in t: him ho c ln, phn tch ng truyn, mo danh, ... Chng II: Cc chun s dng cho th tn Trong chng ny chng ti gii thiu v chun nh dng cho ni dung th (MIME), cc giao thc chun s dng cho vic truyn, nhn th nh SMTP, POP3, IMAP. Chng III: An ton ng dng my ch th tn v ni dung th Chng ny trnh by cc qui tc cn thc hin khi thc hin vic ci t v cu hnh cho mt my ch th tn ni chung. Bn cnh , ni dung ca chng ny cng a ra mt s gii php cho vic bo v mt my ch th tn nh: chng tn cng bng m ph hoi, chuyn tip th c xc nhn, truy nhp an ton, ... Chng IV: An ton th trn my trm Ni dung ca chng ny a ra mt s yu cu cn thit khi cn ci t thit lp cu hnh cho mt my trm th in t ni chung. Chng V: Qun tr an ton mt my ch th tn Trnh by cc bc chnh trong vic qun tr c ch an ton mt my ch th tn6. T vic lp k hoch n vic thc thi vic qun tr (ghi nht k, lp l hng, tn cng th, ...) Chng VI: Cc chun an ton th tn s dng mt m Trong chng ny trnh by chung v lc mt m c s dng cho th tn. Hai chun chnh s dng lc mt m trn l PGP v S/MIME, a ra s so snh u nhc im ca hai chun ny nhm gip ngi s dng c la chn thch hp cho mnh. Ph lc I: S an ton ca h th tn in t Microsoft Exchange Cung cp cc tnh nng an ton c h tr bi Microsoft Exchange v phng php thit lp cu hnh v qun tr cc chc nng ny. Ph lc II: Cc ng dng v cng c cho s an ton th tn in t Lit k tn, chc nng, nh cung cp cc cng c tr gip vic thit lp mt h thng th tn in t an ton.

xii

T cc ti liu c cng b cng vi mt cht hiu bit ca mnh v lnh vc ny, chng ti hy vng s a n cho c gi mt ci nhn chung nht v cc vn an ton ca mt ng dng cng ngh thng tin ang c s dng ph bin nht hin nay, l h thng th tn in t. Tuy nhin, qu trnh su tm ti liu v vit gio trnh chc chn khng trnh khi nhng sai st, chng ti rt mong nhn c s ghp chn tnh ca cc ng nghip v c gi.

H ni, thng 12 nm 2006 Nhm tc gi

xiii

Chng 1 h thng th tn in t v cc vn an ton


1.1. H thng th tn in t 1.1.1. Lch s pht trin Theo thng k n thng mt nm 2000, c khong 242 triu ngi s dng Internet. Trong hu ht s ngi s dng Internet u c ti khon th tn in t trn mt hoc nhiu h thng th tn khc nhau. Khi ngun ca bc pht trin nhy vt trn xut pht t nm 1971 khi Ray Tomlinson thc hin gi thnh cng mt thng bo th tn in t ARPANET u tin. ARPANET l mt d n ca ARPA Hoa K nhm pht trin cc giao thc truyn thng lin kt cc ngun ti nguyn trn cc vng a l khc nhau. Cc ng dng x l thng bo cng c thit k trong cc h thng ca ARPANET, tuy nhin chng ch c s dng trong vic gi cc thng bo ti ngi dng trong ni b ca mt h thng. Tomlinson sa i h thng x l thng bo ngi s dng c th gi cc thng bo cho cc i tng nhn khng ch trong mt h thng m trn cc h thng ARPANET khc. Tip theo s ci tin Tomlinson, nhiu cng trnh nghin cu khc c tin hnh v th tn in t nhanh chng tr thnh mt ng dng c s dng nhiu nht trn ARPANET trc y v Internet ngy nay. 1.1.2. H thng th tn in t Vy trong cc h thng th tn, th in t c son tho, phn phi v lu tr nh th no tin li cho vic thit lp c ch an ton. i vi hu ht ngi s dng th in t u nm na hiu rng gi mt thng ip th in t ban u l vic son tho ni dung sau ni dung thng ip in t s c gi t h thng ca ngi dng n hp th ca 1

i tng nhn. Nghe th c v n gin nhng cc thao tc chuyn mt th in t cng khng km phn phc tp so vi khi chuyn mt th thng thng, n cng c x l qua rt nhiu cng on trung gian trc khi n c vi i tng nhn. Qui trnh x l bt u vi vic son tho ni dung th. Hu ht cc ng dng th my ngi s dng u yu cu ngi dng nhp mt s trng chnh nh: ch , ni dung, i tng nhn, ... Khi vic nhp cc trng ny hon tt, ngi s dng thc hin thao tc gi th, th cn gi s c chuyn i sang mt nh dng chun xc nh bi RFC 822 (Standard for the Format of ARP Internet Text Messages). V cn bn thng bo sau khi chuyn i gm hai phn: phn tiu (header) v phn thn (body). Phn tiu gm mt s thng tin nh: thi gian gi, i tng gi, i tng nhn, ch , thng tin v nh dng, ...Phn thn chnh l ni dung ca th. Khi mt th in t c chuyn i sang nh dng RFC 822 th n c th c truyn i. S dng kt ni mng, cc trnh th in t trn cc my trm (gi l cc MUA - Mail User Agent) c kt ni n MTA (Mail Transport Agent) hot ng trn my ch th tn. Sau khi kt thc qu trnh kt ni, MUA cung cp nh danh ca i tng gi cho my ch th tn. Tip theo MUA thng bo cho my ch th tn bit cc i tng nhn. Tt c cc thao tc trn c thc hin thng qua vic s dng cc lnh. Sau khi nhn xong nh danh cc i tng nhn th, t y vic phn phi th s do my ch qun l v thc hin. Khi my ch x l th, mt lot cc thao tc c thc hin: nh danh i tng nhn, thit lp kt ni, truyn th. S dng DNS my ch th tn thc hin chc nng gi xc nh i tng nhn. Qu trnh mt my ch th tn thit lp mt 2

kt ni v truyn th ti mt hoc nhiu my ch khc c thc thi nh i vi mt my trm th thng thng. Ti thi im ny c th sy ra mt trong hai trng hp. Nu hp th ca i tng nhn v i tng gi trn cng mt my ch th tn, th s c phn phi s dng dch v phn phi cc b LDA. Nu hp th ca i tng nhn v i tng gi c t trn cc my ch th tn khc nhau, qu trnh thc hin gi c lp t MTA ny n MTA khc cho n lc n c hp th ca i tng nhn. Khi mt LDA qun l th th mt s tc v c thc hin. Ph thuc vo qu trnh thit lp cu hnh, LDA c th phn phi hoc x l th da trn ch lc th c nh ngha trc khi phn phi hay khng (ch lc th thng c thit lp da trn cc thuc tnh ca th). Mt khi th c phn phi, n s c a vo hp th ca i tng nhn lu v ch i tng nhn thc thi cc tc v trn n (nh c, xo, ...). M hnh di y m t ng i ca mt th in t qua cc thnh phn cp n trn. y l qui trnh thc thi vic gi th chung nht trong mt h thng th tn in t.

Hnh 1.1 H thng th tn in t

1.2. Cc him ho i vi th tn in t 1.2.1. Him ho b c ln Cng nh i vi cc ng dng khc trn mng (cc phin ng nhp t xa, ti thng tin s dng ftp, hi thoi trc tuyn, ...), th tn in t cng c th b c ln. Nhng ai l i tng mun c ln ni dung th ca bn? Cu tr li ph thuc vo bn l ai, bn ang lm g, v ai quan tm n vic bn ang lm. Di y l mt vi i tng c th c ln th ca bn. 1.2.1.1. Chnh ph nc ngoi Cc t chc tnh bo qun s nc ngoi l cc i tng nghe trm vi nhng thit b tinh vi hin i nht. c trm ni dung th c nhn l ngh ca h. Khi bt u thi k chin tranh lnh, mi nm h u t nhiu t la cho vic thu thp, bin dch v phn tch d liu ca i phng gi qua mng. Hin ti khi thi k chin tranh lnh kt thc, nhng khng c g c th khng nh h khng thc hin nhng g h tng lm. Mi quan h gia qun i M v cc t chc tnh bo l mt mt quan h m m, c rt nhiu ng dng c xy dng bi qun i M hin ang c s dng trong lnh vc thng mi. mt s nc, mc tiu thu thp tin tc ca h l nhm vo cc cng ty nc ngoi, thng tin thu thp c s c s dng lm cng c cnh tranh cho cc cng ty thuc nc bn a. Nht Bn v Php l hai nc ni ting nht trong vic phm ti theo kiu ny, tt nhin cc nc pht trin khc cng hon ton c th lm c iu . V d NSA tng b buc ti l c hnh vi chn cc cuc in thoi gia hai nc Chu u n cp thng tin v bn cho cc i tng cnh tranh khc. 1.2.1.2. Chnh ph trong nc 4

Vic s dng gin ip cng ngh i vi cng dn nc mnh nhiu nht c bit n l cc nc nh Trung Quc, Bc Triu Tin, Cuba. i vi Php, chnh ph ch cho php m ho thng tin trao i gia cc cng dn vi nhau khi thut ton m v kho c cp bi c quan c thm quyn. Cn i vi i Loan v Hn Quc th h yu cu cc cng ty loi b vic s dng m ho thng tin trong cc cuc kt ni thoi, d liu, v FAX. Trong bn thn nc M, nhiu t chc thuc Chnh ph cng quan tm n vic c trm cc thng tin c nhn c trao i qua th in t. Chng hn i vi FBI, cc t chc dnh dng n chnh tr, ... 1.2.1.3. Cnh tranh thng mi Vic kinh doanh c th b do thm bi cc cng ty cnh tranh. Cc thng tin i th cn quan tm y c th l danh sch khch hng, ni dung d n, k hoch trin khai, tim lc ti chnh, ... V d Coca-Cola c th tr hu hnh cho ai bit c k hoch qung co mi ca Pepsi, hng Ford cng c th lm nh vy trong vic bit c thng tin v mu xe mi ca mt hng sn xut xe hi khc. 1.2.1.4. Ti phm Cc i tng phm ti c th thu thp nhng thng tin c gi tr t th in t, c bit l loi ti phm kinh t. Cnh st nhiu nc pht hin ra vic b in t c gn bt hp php trn cc knh in thoi nhm gim st v nghe trm thng tin v s th tn dng c truyn qua ng in thoi. Khng c l do no c th ni rng chng khng lm tng t i vi th tn in t khi cc thng ip c truyn trn mng. Nhiu cng ty m giao dch in t mua bn qua mng Internet, v c nhiu mt hng c mua bn qua 5

mng thng qua th tn dng. S l rt d dng xy dng v thit lp mt ng dng chy t ng qut cc thng ip trn my tnh ngi s dng nhm tm kim cc thng tin v s th tn dng trong cc phin giao dch in t ni trn. 1.2.1.5. Bn b ngi thn Cui cng, chnh bn b, ngi thn ca bn cng c th l "gin ip". S dng thut ng "gin ip" trong trng hp ny c th l cha c chnh xc, nhng nhng i tng trn cng cn c quan tm khi th tn in t c s dng trao i cc thng tin ring t. Mt v d n gin, trong mi trng lm vic mt vn phng, ng nghip hon ton c th quan tm n nhng thng tin c nhn c trao i qua th tn in t ca chng ta m khng ch dng li mc ch t m. 1.2.2. Vn thu thp Vn ln nht khi mun c mt thng ip c gi qua ng th tn in t ca mt ai l vic tm n gia mt bin cc thng ip th tn in t khc trn mng. Cng vic ny c ngi ta v nh vic "m kim y bin". Tuy l mt cng vic kh khn nhng hin vn c cc c quan hoc t chc c sinh ra lm cng vic . Chng hn, mt trong cc cng vic chnh ca NSA, NSA gim st cc lung d liu my tnh vo, ra nc M v gia cc nc khc vi nhau. Nhim v thu thp thng tin t cc thng ip th tn in t c v nh nhim v ca mt chng Herculean. Nm 1994, theo thng k d liu my tnh vo ra nc M t con s nhiu gigabytes, vi hng t thng ip c trao i trong mt thng. Trong gm th tn in t, thng tin ng nhp t xa, dch v truyn tp, d liu "chat" thi

gian thc, ... lu tr c lng d liu trn l mt cng vic ln ch cha ni g n vic c v phn tch chng. Tuy nhin i vi cc thng tin cn quan tm, cc my tnh c th thc hin vic sng lc t dng d liu trong thi gian thc. NSA hon ton c th thc hin vic a lung d liu vo ra nc M vo mt h thng my tnh mnh, h thng my tnh ny s thc hin vic tm kim d liu m NSA quan tm. H thng my tnh ny c th tm kim d liu theo t kho, gi s cc thng ip th tn in t c cha t kho "nuclear" (nguyn t), "cryptography" (mt m), hay "assassination" (cuc m st), s c lu gi li phc v cho mc ch phn tch sau. Ngoi ra cn rt nhiu cng ngh khc c h thng my tnh ca NSA s dng. H c th tm kim d liu t mt c nhn hoc mt t chc c th. H cng c th tm kim d liu theo mt cu trc cho trc. Tm li NSA c u t rt nhiu tin cho vn ny, h v ang thc hin cng vic trn trong mt thi gian di. iu quan trng nht l h thc hin cng vic trn trong thi gian thc, v khng nhiu lm d liu c lu. H hy vng rng d liu m h thu thp trong ngy no s c phn tch lun trong ngy . Vic thu thp d liu s tr thnh v gi tr nu d liu khng c phn tch, bi vy vn khn chnh l vic phn tch d liu. NSA c th kt hp rt nhiu cng ngh nhm phn tch d liu m h quan tm, nh mi quan h gia t kho ni ln d liu cn tm, i tng gi nhn thng tin, ... 1.2.3. Phn tch ng truyn Trong trng hp ni dung th c m ho, i tng c trm (NSA chng hn) khng th c ni dung th in t,

h c th thu thp c mt lng thng tin khng nh thng qua vic phn tch ng truyn. Vic phn tch ng truyn da vo mt trong cc yu t nh: bn gi th in t cho ai, bn nhn th in t t ai, di ca cc thng ip th in t, hoc khi no th in t c gi. C rt nhiu thng tin n cha trong cc yu t kiu nh vy nu h bit cch khai thc. Trc ht chng ta hy th tm hiu lnh vc cung cp dch v in thoi. Hu ht cc quc gia chu u khng ghi chit khon mc trong cc ho n in thoi nh i vi cc cng ty ca M. Cc ho n in thoi chu u ch lit k s lng cuc m thoi s dng qua mt thu bao c th, nhng khng ghi li thi im cng nh a im ca cc cuc m thoi . i vi cc ho n thanh ton in thoi ca M, trong lit k chi tit tt c cc cuc m thoi i vi mt s thu bao: thi im thc hin, s c gi n, v thi lng cuc gi. T nhng thng tin cc cuc m thoi, cc c quan c chc nng ca M c th phn loi cc i tng cn theo di hoc a vo danh sch cc i tng cn phng. Tng t nh vy i vi cc thng ip th tn in t. Thm ch khi cc thng ip th tn in t c m ho, phn u ca thng ip th tn in t bao gi cng th hin r i tng gi, i tng nhn, thi im gi, v di ca thng ip. Trn thc t c nhng dch v th tn in t n danh, nhm che du i nhng thng tin chng ta va lit k trn. Tuy nhin theo cc nh phn tch v lnh vc ny trn th gii cho rng iu chng c ngha l g i vi cc i tng nghe trm c NSA. Mt v d c th hn, gi s Eve nghi ng Alice l ngi ng h ch ngha khng b. Trong khi tt c th tn in 8

t ca Alice c c y m ho, bi vy Eve khng th c c ni dung ca cc thng ip th tn in t c gi nhn bi Alice. Tuy nhin, Eve c th thu thp tt c cc thng tin trn ng truyn ca Alice. Eve bit tt c cc a ch th in t ca nhng ngi m Alice thng lin lc. Alice thng gi cc thng ip th tn in t di cho mt ngi c tn l Bob, ngi thng phc p ngay sau vi mt thng ip rt ngn. C th c y gi Bob cc mnh lnh v anh ta phc p li vic nhn c cc lnh . Mt ngy no bng dng c mt bc nhy vt trong vic trao i th in t gia Alice v Bob. C th h ang lp mt k hoch g . V sau l s im lng, khng c mt thng ip th in t no c trao i qua li gia h. Ngy tip theo to nh chnh ph b nh bom. iu ny lm bng chng bt gi h cha cn tu thuc vo nhiu bng chng khc, nhng t nht chng em li cho cc c quan quan tm n lnh vc ny khng t thng tin qu gi. Khng b khng phi l i tng duy nht b theo di thng qua vic phn tch ng truyn. Vic phn tch ng truyn trao i thng ip th tn in t cng l mt cng c FBI cn c trong vic iu tra ti phm bun bn ma tu. Trong lnh vc kinh t x hi, mt cng ty s ngh sao khi mt thnh vin trong cng ty thng xuyn lin lc th in t vi mt i th cnh tranh. iu g s xy ra nu mt ngi hay ghen nhn thy v hoc chng mnh thng xuyn lin h vi i th tim nng thng qua th in t. Tm li vic phn tch ng truyn th in t l mt cng c thng minh trong vic n cp thng tin c nhn. 1.2.4. Gi mo Gi mo l mt vn an ton khc trn mng my tnh ni chung. Khi nim ngn nht v gi mo l vic ngi ny 9

gi danh l mt ngi khc. Vic gi mo c th xut pht t mc ch tru a, lm mt danh d, bi nh ngi khc hoc l cng c la gt. Hng ngy c rt nhiu thng ip th tn c gi mt cch t ng n hp th ca ngi s dng trn mng Internet, vi ch kiu nh ti l ngi thch lm phin ngi khc v ti t ho v iu hoc vi ch nh mt khu hiu trong vic phn bit chng tc, phn bit gii tnh. Ni dung ca cc thng ip th tn in t ny hon ton khng c ngha g. Sau mt thi gian li c mt th khc cng xut pht t cng mt ti khon vi li xin li v vic gi th in t th nht. Ni chung khng nn tin vo bt k iu g trong cc thng ip th tn kiu nh vy, y ch l mt tr tru a trn mng. Mt v d khc, Eve mun bi nh Alice. C ta vit mt th in t buc ti mt ai , vit tn ca Alice cui th, gi mo thng tin c nhn ca Alice trn phn tiu ca th (iu ny c thc hin mt cch d dng i vi cc tin tc), sau c ta gi mt bn copy ti mt tp ch no , nh The New York Times chng hn. Mt kiu gi mo khc chng ta c th ly v d nh kiu tn cng ca k th ba trong mt m. V d, Bob v Alice hp tc vi nhau trong mt d n no , v h thng xuyn trao i thng tin vi nhau qua th in t. Eve gi danh l Bob gi th in t cho Alice v ni rng ti khon th in t trc y b hu b. Tng t nh vy i vi Bob v nu c Bob v Alice u tin vo ni dung th in t nhn c th mi lin h gia Alice v Bob c thc hin thng qua ngi th ba l Eve. Khi Eve s bit mi thng tin v d n m Bob v Alice ang hp tc. Eve s l ngi nh cp thng tin trao i gi Bob v Alice chng no Bob v Alice cha trao i trc tip hoc thng qua in thoi.

10

Him ho mo danh c th c khc phc thng qua vic s dng ch k in t. Vi ch k in t Alice (trong v d trn) hon ton c th kim tra c nhng thng ip th tn in t no l tht s ca Bob. V cng khng ai c th mo danh Alice gi cc thng ip in t cho ngi khc. 1.2.5. Bom th Nu bn ang s dng th in t, bn c th tng nhn c mt s thng ip th in t c gi mt cch t nguyn t mt a ch no ti m cha c s cho php ca bn, nhng thng ip th in t c gi l spam. Spam l mt kiu th rc trn Internet, spam c s dng cho rt nhiu mc ch: qung co, quy ri, ... Nu l mt ngi mi s dng Internet c th bn ch nhn c mt s t thng ip in t khng mong mun nh trn. Nhng khi bn s dng Internet c mt vi nm bn c th cm thy rt kh chu khi nhn c hng lot th in t m mnh khng h mong mun. Di y l mt s kiu th in t thng xuyn xut hin trong hp th ca bn: Cc thng ip in t c gi t cc cng ty thng mi no m bn cha h c mi quan h trc y. Th in t c mc ch qung co cho cc sn phm hoc dch v bt hp php, m m hoc thm ch l c mc ch nh la ngi nhn. Cc th in t c gi t mt a ch khng r rng. Cc th khng h c a ch ngi nhn c th phc p

11

Nu bn tng nhn c mt mu bom th no , c th bn c cm gic bi ri, v t mnh t ra nhng cu hi nh: thng ip ny l g vy? N c gi t u n v bng cch no nhng ngi gi th c c a ch hp th ca mnh? Khi nhng bn khon ca mnh va qua i th bn nhn c lin tip cc th rc tip theo, v nh vy chng gy nn s bc mnh cho bn. C th, bn s vit th than phin vi ngi gi th rc, nhng s bc mnh ca bn s tng ln khi bit th in t than phin ca mnh s khng n c i tng mnh cn gi, v k gi th rc thng ngu trang hoc dng gi mt hp th no khi gi cho bn. Mt s loi bom th: Th in t thng mi t nguyn (UCE - Unsolicited Commercial Email): l cc thng ip th in t m ngi s dng nhn c ngoi mun, vi ni dung nhm qung co cho mt sn phm hay mt dch v no . Loi bom th ny cn c gi l "Junk mail". Th in t gi hng lot (UBE - Unsolicited Bulk Email): c bit n nh cc thng ip in t c gi vi s lng ln cho hng nghn thm ch hng triu ngi nhn. UBE c th c s dng cho mc ch thng mi, trong trng hp n cng l UCE. Nhng n cng c th c s dng cho nhiu mc tiu khc, nh vn ng bu c trong lnh vc chnh tr, hay ch n gin l gy ri h thng th in t. Cc thng ip th in t kim tin nhanh (MMF Make Money Fast): thng cc thng ip ny l mt chui cc th cng mt mu. Ni dung ca cc thng ip th in t kiu ny gi ngi nhn rng h c th tr nn giu c nu thc hin theo cc bc nh: 12

Hy gi tin cho ngi c tn u tin trong danh sch (danh sch c gi km theo th) Loi b tn ca ngi , b sung tn ca mnh vo cui danh sch v chuyn thng ip cho ngi khc. Cc thng ip th in t MMF c xem l tr s s bt hp php nc M. Cc tn cng s ni ting: l cc thng ip th in t m ngi s dng cho l n c gi t mt ngi hoc mt t chc c th, nhng thc t n li c gi t mt a ch no khc. Mc ch ca cc thng ip in t kiu ny khng phi nhm qung cao cho sn phm hay dch v, m nhm mc ch lm cho ngi nhn gin ngi gi xut hin trong th. Cu hi n tp chng 1 1. Hy trnh by khi qut v h thng th in t: cc thnh phn chnh, chc nng ca n trong qu trnh gi nhn mt th in t. 2. Him ho c ln, cc i tng c th c ln th ca ngi s dng? 3.Trnh by cc him ha i vi th in t: vn thu thp, phn tch ng truyn, mo danh, bom th.

Chng 2 Cc giao thc s dng cho th tn


2.1. Cc ch hot ng trm - ch trong th tn 13

Trong mc ny chng ta tm hiu mt s khi nim c bn v cc m hnh trm ch c s dng trong th tn in t. dng l: M hnh Offline: Trong m hnh ny, mt ng dng th client kt ni nh k ti my ch th tn. N ti tt c cc thng bo ti my client v xo cc thng bo ny khi my ch th tn. Sau , qu trnh x l mail c din ra cc b trn my client . M hnh Online: M hnh ny thng c s dng vi cc giao thc h thng tp trn mng (NFS). Trong ch ny, mt ng dng client thao tc vi d liu mailbox trn my ch th tn. Mt kt ni ti my ch th tn c duy tr trong sut phin lm vic. Khng c d liu mailbox no c gi trn my client; client ly d liu t my ch th tn khi cn. M hnh Disconnected: y l mt m hnh bin th ca m hnh Offline v m hnh Online, c s dng bi giao thc PCMAIL. Trong m hnh ny, mt client ti mt vi thng bo t my ch th tn, thao tc vi chng trong m hnh offline, ri sau chuyn cc thay i n my ch th tn. Vn ng b c qun l (khi c nhiu client) thng qua phng php nhn danh duy nht cho mi thng bo. Mi mt m hnh c u v nhc im, ta c th so snh c im ca cc m hnh ny trong bng di y: c im C th s dng nhiu client Thi gian kt ni ti my C 14 Khng C Offline Khng Online C Disconne cted C C 3 m hnh c s

ch th tn l ti thiu S dng ngun ti nguyn ca my ch th tn t nht S dng a ca client t nht Nhiu mailbox xa Khi ng nhanh X l mail khi khng kt ni online 2.2. M rng th tn Internet a mc tiu (MIME) RFC 822 cung cp chun cho vic truyn cc thng ip th tn in t cha cc ni dung dng vn bn. Tuy nhin, chun ny khng tr gip cc thng ip th tn in t c cc thnh phn nh km (nh thng ip th tn in t c nh km cc ti liu word hoc cc tp hnh nh). thay th cho cc nh ngha trong RFC 822, "m rng phn th tn Internet a mc tiu (MIME)" c pht trin. i vi phn tiu (header) ca cc thng ip vn tun theo chun RFC 822, vic sa i v pht trin cho phn m rng MIME c thc hin i vi ni dung ca thng ip. MIME s dng mt s quy c th hin nhng ni dung ring trong mt thng ip th tn in t. V d minh ho cho cc kiu ni dung nh sau: m thanh- dng truyn cc m thanh hoc d liu bng m thanh. ng dng- s dng truyn ng dng hoc d liu nh phn. Hnh nh- dng truyn d liu hnh nh. Thng ip- dng ng gi thng ip th tn khc 15 Khng Khng C C C Khng C Khng C Khng C Khng C Khng Khng

a phn- c s dng lin kt nhiu phn thn ca thng ip, c th l cc kiu khc nhau ca d liu thnh mt thng ip c th. Vn bn- c s dng biu din nhng thng tin di dng vn bn theo mt b k t nht nh no . Video- dng truyn video hoc d liu hnh nh ng, c th c m thanh nh mt phn ca phn nh dng d liu video tng hp. Hin ti c 5 ti liu m t MIME l: RFCs 2045, 2046,2047,2048 v 2049. Trong m t nh dng cho phn thn thng ip, cc kiu truyn thng, m nh dng khng thuc chun ca M, . Ngoi nhng tnh nng c b sung lit k, cc tnh nng quan trng khc ca th tn nh phn nh km thng ip, nhng trc tip phn d liu di nh dng ngn ng siu vn bn (HTML) cng c a ra trong cc ti liu trn. Lu rng, mc d cc phn m rng MIME cho php s dng ni dung thng ip dng nh phn, nhng ni dung di dng nh phn phi c biu din di nh dng Base64 ph hp vi chun qui nh trong RFC 822. 2.3. Cc chun truyn th 2.3.1. Gii thiu Nhm m bo tin cy v kh nng tng tc gia cc ng dng th tn khc nhau, cc tiu chun truyn th tn c thit lp. Trong trng hp n gin nht, vic truyn ti th l qu trnh mt thng ip th tn c gi t ngi s dng cc b ny ti ngi s dng cc b khc, khi LDA chu trch nhim xc nh v chuyn thng ip th tn in t n hp th thch hp. Trong trng hp phc tp hn, khi i tng nhn bn ngoi nhm cc b, cn phi c mt

16

MTA gi thng ip t my ch th tn cc b ti my ch th tn t xa. Tu vo kiu v phm vi ca h thng hin c, m mt hoc nhiu MTA khc nhau c s dng, v bn thn mi cp MTA c th s dng cc giao thc truyn th khc nhau. Giao thc chuyn giao MTA ph bin nht hin nay l giao thc truyn th n gin (SMTP). SMTP l chun cho vic truyn cc thng ip in t trn Internet (chi tit v giao thc ny chng ti s trnh by trong phn tip theo). Bi vy hu ht cc h thng th tn in t trn Internet u h tr giao thc SMTP cho vic truyn th. 2.3.2. Giao thc truyn th n gin (SMTP) Jon Postel thuc Trng i hc Nam California pht trin SMTP vo thng 8 nm 1982. SMTP l mt giao thc truyn th tn in t mt cch tin cy v hiu qu. SMTP c lp i vi cc h thng truyn ti c bit v ch yu cu knh truyn d liu tin cy (cng 25/TCP). Mt dch v truyn ti (TCP, X.25, ) cung cp mt mi trng truyn thng lin tin trnh (IPCE, Interprocess Communication Environment). Mt IPCE c th bao gm mt mng, nhiu mng, hoc tp con ca mt mng. Nh vy, iu quan trng y l cc h thng (hoc cc IPCE) khng phi l cc mng one-to-one. Mt tin trnh c th truyn thng trc tip vi tin trnh khc thng qua IPCE c bit. Mail l mt ng dng hoc l s s dng truyn thng gia cc tin trnh. Mail c th c truyn thng gia cc tin trnh trong cc IPCE lu chuyn thng qua mt tin trnh kt ni vi 2 hoc nhiu IPCE. c bit hn na, mail c th c lu chuyn gia cc my trn cc h thng truyn ti khc nhau bng mt my gm c c 2 h thng

17

truyn ti . Di y chng ta s i tm hiu m hnh c th ca SMTP. 2.3.2.1. M hnh hot ng ca SMTP Thit k SMTP c da trn m hnh truyn thng sau: tng t nh mt yu cu th ca ngi s dng, Sender-SMTP thit lp mt knh truyn ti 2 chiu ti mt Receiver-SMTP. Receiver-SMTP hoc l ch hoc l im tm thi. Cc lnh SMTP c sinh ra bi Sender-SMTP v gi ti ReceiverSMTP. p li SMTP c gi t Receiver-SMTP cc lnh ti Sender-SMTP. Mi khi knh truyn thng c thit lp, th SenderSMTP gi mt lnh MAIL ch r ngi gi th. Nu ReceiverSMTP c th chp nhn th th n p li OK. Sau Sender-SMTP gi lnh RCPT nh danh ngi nhn th. Nu Receiver-SMTP c th chp nhn th cho ngi nhn th n p li OK; ngc li, nu Receiver-SMTP khng chp nhn th n loi b th . Sender-SMTP v Receiver-SMTP c th tho thun vi nhau l s c nhiu ngi nhn. Sau khi tho thun xong nhng ngi nhn th th Sender-SMTP gi d liu th, v a km chui c bit <CRLF> kt thc. Nu Receiver-SMTP x l d liu mail thnh cng th n p li OK (l li thoi mi khi hon thnh mt bc gia SenderSMTP v Receiver-SMTP). M hnh s dng SMTP c th hin nh sau:
SMTP commands/repl ies

User H thng file

Mail

Sender -SMTP

Receiver -SMTP

H thng file

Hnh 2.1 M hnh s dng SMTP 18

SMTP cung cp cc k thut truyn ti th in t, trc tip t my ca ngi gi ti my ca ngi nhn khi 2 my c kt ni cng mt dch v truyn ti (ch yu s dng TCP), hoc gi qua mt hoc nhiu Server-SMTP lu chuyn khi cc my ngun v ch khng c kt ni cng dch v truyn ti. c th cung cp cc kh nng lu chuyn th ServerSMTP phi c cung cp tn my ch cui cng (tn mailbox ch). Tham s ca lnh MAIL l reverse-path (tuyn ngc) ch ra th c chuyn t ngi no. Tham s ca lnh RCPT l forward-path (tuyn thun) ch ra th c chuyn ti ngi no. forward-path l mt tuyn ch trong khi reversepath l tuyn tr v (c th c s dng tr v mt thng ip ti ngi gi khi xut hin nhng li trn thng ip lu chuyn). Khi cng mt thng ip c gi ti nhiu ngi nhn th SMTP gip s truyn ti ch c mt bn sao ca d liu cho tt c ngi nhn trn cng mt my ch. Cc lnh hi p khi gi th c c php cht ch. Ring phc p cng c th l mt m dng s. Nhng v d v gi th v cc lnh khi gi v p li s c chng ti trnh bi phn sau. Cc k t ca lnh hi p c th tu : c th l ch hoa, ch thng, hoc c hai. iu ny khng ng i vi tn ngi dng trn mailbox. i vi mt s trng hp khc tn ngi s dng d b nh hng, v cc ci t SMTP qun l trong trng hp tn ngi s dng khi chng xut hin trn cc tham s mailbox. Tn my cng khng b nh hng vn ny. Cc lnh hi p nm trong tp k t ASCII. Khi dch v truyn ti cung cp mt knh truyn ti 8-bit (octet), th cc k t 7-bit cng c truyn ti nh l mt octet nhng bit cao s ly gi tr 0. 19

2.3.2.2. Cc th tc truyn SMTP Trong mc ny chng ti s trnh by cc th tc s dng trong SMTP. Trc tin th tc th c bn truyn ti th tn. Tip theo l m t v cc th tc gi th, kim tra cc tn trong mailbox v m rng danh sch th, gi ti cc terminal hoc kt hp vi cc mailbox, m v ng phin giao dch, lu chuyn th. Trong ti liu ny khng cp n vn phn vng th v thay i vai tr chng trnh khi truyn thng qua knh truyn ti, thm thng tin bn c th tham kho trong RFC 821. Th tc truyn ti Th tc truyn ti SMTP c 3 bc: Bc 1: S dng lnh MAIL nh danh ngi gi. Bc 2: Mt hoc nhiu lnh RCPT nh danh thng tin ngi nhn. Bc 3: S dng lnh DATA xc nh d liu th. Cc lnh trn c c php nh sau: MAIL <SP> FROM:<reverse-path> <CRLF> RCPT <SP> TO:<forward-path> <CRLF> DATA <CRLF> V d ngi gi tiendq gi th ti my vdc ti ngi dng thaith, toannq v khoanc trn my vol nh sau: S: MAIL FROM:<tiendq@vdc.vn> R: 250 OK S: RCPT TO:<thaith@vol.vn> R: 250 OK S: RCPT TO:<khoanc@vol.vn> 20

R: 550 No such user here S: RCPT TO:<toannq@vol.vn> R: 250 OK S: DATA R: 354 Start mail input; end with <CRLF>.<CRLF> S: Blah blah blah... S: ...etc. etc. etc. S: <CRLF>.<CRLF> R: 250 OK Trong S ca bn gi v R ca bn nhn (quy c ny s c s dng cho tt c cc v d). V d trn ch chp nhn mail ca thaith v toannq, cn khoannc khng c chp nhn bi khng c mailbox trn my vol. Th tc gi mail Trong mt s trng hp th thng tin ch trong <forward-path> b sai, Receiver-SMTP s nhn bit ch ng khi <forward-path> ng. Khi s xy ra mt trong 2 lnh p li di y c s dng cho php ngi gi lin lc vi ch c cho l ng. 251 User not local; will forward to <forwardpath> hoc 551 User not local; please try <forward-path>

Lnh p li 251 ch ra rng Receiver-SMTP nhn ra mailbox ca ngi s dng trn mt my khc v xc nh ng forward-path s c s dng v sau (lu chuyn qua nhiu SMTP). Lnh 551 ch ra rng Receiver-SMTP nhn ra mailbox ca ngi s dng trn mt my khc v xc nh ng forward-path s dng ngay lc . V d: 21

S: RCPT TO:<Postel@USC-ISI.ARPA> R: 251 User not local; will forward to <Postel@USCISIF.ARPA> hoc S: RCPT TO:<Paul@USC-ISIB.ARPA> R: 551 User not local; please try <Paul@USC-ISIF.ARPA> Kim tra v m rng danh sch th SMTP cung cp thm mt s c tnh nh: kim tra tn ngi s dng bng lnh VRFY, v m rng danh sch mail bng lnh EXPN. Cc lnh ny c c php nh sau: VRFY <SP> <string> <CRLF> EXPN <SP> <string> <CRLF> Trong lnh VRFY s kim tra v thng tin ca tn ngi s dng <string> ch ra, lnh EXPN nh danh <string> cho mt danh sch th (c th gi th cho tt c ngi nhn c cng nh danh). V d v kim tra tn ngi s dng nh sau: S: VRFY Smith R: 250 Fred Smith <Smith@USC-ISIF.ARPA> hoc S: VRFY Smith R: 251 User not local; will forward to <Smith@USCISIQ.ARPA> hoc S: VRFY Jones R: 550 String does not match anything.

22

hoc S: VRFY Jones R: 551 User not local; please try <Jones@USCISIQ.ARPA> hoc S: VRFY Gourzenkyinplatz R: 553 User ambiguous. V d v m rng danh sch mail nh sau: S: EXPN Example-People R: 250-Jon Postel <Postel@USC-ISIF.ARPA> R: 250-Fred Fonebone <Fonebone@USC-ISIQ.ARPA> R: 250-Sam Q. Smith <SQSmith@USC-ISIQ.ARPA> R: 250-Quincy Smith <@USC-ISIF.ARPA:Q-Smith@ISIVAXA.ARPA> R: 250-<joe@foo-unix.ARPA> R: 250 <xyz@bar-unix.ARPA> hoc S: EXPN Executive-Washroom-List R: 550 Access Denied to You. Phn phi ti mailbox v terminal Mc ch chnh ca SMTP l phn phi cc thng ip ti mailbox ca ngi s dng. Mt s t dch v phn phi thng ip ti cc terminal ca ngi s dng (ngi s dng c kch hot). Vic phn phi thng ip ti cc mailbox ca ngi s dng c gi l "mailing", cn phn phi thng ip ti cc terminal ca ngi s dng c gi l "sending" (ngi

23

dng gi thng ip thng qua terminal). Di y l 3 lnh c nh ngha h tr "sending". SEND <SP> FROM:<reverse-path> <CRLF> SOML <SP> FROM:<reverse-path> <CRLF> SAML <SP> FROM:<reverse-path> <CRLF> Lnh SEND yu cu d liu th c phn phi ti terminal ca ngi s dng. Nu ngi s dng khng t ch kch hot (hoc khng chp nhn thng ip ti terminal) th s tr v m 450 bng lnh RCPT. Lnh SOML (send or mail) yu cu d liu mail c phn phi ti terminal ca ngi s dng nu ngi dng t ch kch hot. Nu ngi dng khng c kch hot (khng chp nhn thng ip ti terminal) th d liu mail s c chuyn vo mailbox ca ngi s dng. Lnh SAML (send and mail) yu cu d liu mail c phn phi ti terminal ca ngi s dng nu ngi dng t ch kch hot (v chp nhn thng ip ti terminal). Trong mt s trng hp khc d liu mail mi c a vo mailbox ca ngi s dng. ng v m phin giao dch Ti thi im knh truyn ti c m th c s trao i thng tin chc chn rng cc my ang truyn thng vi nhau. Hai lnh sau y c s dng ng m phin giao dch cho knh truyn ti. HELO <SP> <domain> <CRLF> QUIT <CRLF> Trong lnh HELO my s gi lnh t nh danh cho n, tng t nh mt li cho "Cho cc bn, ti l <domain>". V d m kt ni nh sau: R: 220 BBN-UNIX.ARPA Simple Mail Transfer Service Ready 24

S: HELO USC-ISIF.ARPA R: 250 BBN-UNIX.ARPA Lnh QUIT thc hin ng knh truyn ti thng tin, v d: S: QUIT R: 221 BBN-UNIX.ARPA Service closing transmission channel Lu chuyn mail T kho forward-path c th l mt tuyn ngun c dng "@ONE, @TWO: JOE@THREE", trong ONE, TWO, v THREE l cc my. Dng ny c s dng lm ni bt s khc nhau gia mt a ch v mt tuyn. Mailbox l mt a ch tuyt i, v tuyn l thng tin v cch thc nhn mail. Theo khi nim th cc phn t ca forward-path c chuyn thnh reverse-path khi thng ip c lu chuyn t mt Server-SMTP ti Server-SMTP khc (reverse-path coi l mt tuyn ngun ngc). Khi mt Server-SMTP xo nh danh ca n khi forward-path v thay nh danh ca ServerSMTP vo reverse-path, th n phi s dng nh danh phi c bit bi i tng n s gi ti. Nu khi thng ip n ti mt Server-SMTP phn t u tin ca forward-path khng phi l b nh danh ca Server-SMTP th phn t khng b xo khi forward-path m c dng xc nh Server-SMTP tip theo cn tip tc gi thng ip ti. Trong mt s trng hp khc th Server-SMTP thm b nh danh ca n vo reverse-path. S dng ngun nh tuyn Receiver-SMTP nhn mail c lu chuyn t Server-SMTP khc. Khi Receiver-SMTP c th chp nhn hoc hu b tc v lu chuyn mail theo ng cch m n chp nhn hoc hu b mail ca mt ngi dng cc b. Receiver-SMTP truyn ti cc tham s lnh bng 25

cch chuyn b nh danh ca n t forward-path thnh nh danh ca reverse-path. Sau Receiver-SMTP s tr thnh Sender-SMTP, thit lp mt knh truyn ti cho SMTP tip theo trong forward-path, v tip tc gi mail. My u tin trong reverse-path s l my gi cc lnh SMTP, v my u tin trong forward-path s l my nhn cc lnh SMTP. Ch : forward-path v reverse-path xut hin trong cc lnh gi v p li ca SMTP, nhng khng cn thit trong cc thng ip. iu c ngha l khng cn thit cc ng dn ny cho thng ip v c bit c php ny ch xut hin trong cc trng tiu ca thng ip nh:"To:", "From:", "CC:",... Nu Server-SMTP chp nhn tc v lu chuyn th v sau tm ng forward-path hoc th khng c phn phi vi mt l do no , th thng ip thng bo "undeliverable mail" khng th phn phi mail v gi n v ni xut pht. Thng bo ny phi bt u t Server-SMTP ca my . Tt nhin, cc Server-SMTP khng gi thng ip thng bo li cng thng ip . Mt cch phng chng li lp l ch ra mt reverse-path c gi tr null trong lnh MAIL ca mt thng ip thng bo li nh sau: MAIL FROM:<> V d chng ta c mt h thng lu chuyn nh sau: Thng bo trong lnh tr li t JOE ti my HOSTW v gi thng qua my HOSTX ti HOSTY vi nhng hng dn lu chuyn trn my HOSTZ. S giao dch gia my HOSTY v HOSTX ngay bc u tin tr v thng ip thng bo li khng phn phi th nh sau: S: MAIL FROM:<> R: 250 ok S: RCPT TO:<@HOSTX.ARPA:JOE@HOSTW.ARPA> 26

R: 250 ok S: DATA R: 354 send the mail data, end with . S: Date: 23 Oct 81 11:22:33 S: From: SMTP@HOSTY.ARPA S: To: JOE@HOSTW.ARPA S: Subject: Mail System Problem S: Sorry JOE, your message to SAM@HOSTZ.ARPA lost. S: HOSTZ.ARPA said this: S: S: . R: 250 ok 2.3.2.3. Cc lnh SMTP c bn kt thc mc ny chng ti a ra bng cc lnh c bn ca SMTP cc bn tin tham kho. STT 1 Ln h
HELO HELO <SP> domain> <CRLF>

"550 No Such User"

C php nh SMTP

S dng danh Sendervi

Receiver-SMTP, tham s <domain> thng l tn my.


2 MAIL MAIL <SP> FROM:<reverse- Khi path> CRLF>

to phin giao mail ti mt

dch

hoc nhiu mailbox v ng thi nh danh ngi gi bng tham s reverse-path

27

RCPT

RCPT <SP> TO:<forwardpath> <CRLF>

nh danh mt ngi nhn d liu nu mail nhiu s dng thng qua tham s forward, ngi dng lnh. nhn th

nhiu

4 5

DATA RSET

DATA <CRLF> RSET <CRLF>

Cc dng sau lnh ny s l d liu th. Ch ra phin giao dch th hin ti s b loi b.

SEND

SEND <SP> FROM:<reversepath> CRLF>

Khi to phin giao dch d liu th phn phi ti mt hoc nhiu terminal. Tham s reverse-path nh danh ngi gi.

SOML SOML <SP> FROM:<reversepath> <CRLF>

Khi to phin giao dch phn d liu ti mail mt phi

hoc nhiu terminal hoc nhiu mailbox. Tham s reverse-path nh danh ngi gi.
8 SAML SAML <SP> FROM:<reverse- Khi path> <CRLF>

to phin giao d liu ti mail mt phi

dch phn v

hoc nhiu terminal nhiu mailbox. Tham s reverse-path 28

nh danh ngi gi.


9 VRFY VRFY <SP> <string> <CRLF> 10 EXPN EXPN <SP> <string> <CRLF>

Yu cu ngi nhn mail xc nhn mt ngi s dng. Yu cu xc nhn tham s nh danh mt danh sch th.

11

HELP

HELP [<SP> <string>] <CRLF>

Ngi nhn gi thng tin tr gip ti ngi gi. Nhn c lnh ny t pha ngi gi, tc l khng thc hin g khc, th ngi nhn tr li OK.

12

NOO P

NOOP <CRLF>

13

QUIT

QUIT <CRLF>

Lnh ny yu cu ngi nhn gi tn hiu tr li OK, sau ng dch. phin giao

14

TURN

TURN <CRLF>

Lnh ny yu cu ngi nhn hoc l phi gi tn hiu OK v sau ng vai tr l Sender-SMTP, hoc l phi gi tn hiu t chi v tr v ng vai tr Receiver-SMTP.

2.3.3. Cc m rng ca giao thc truyn th n gin 29

Cng vi s lng ngi s dng th in t ngy cng tng, cc phn mm th client v cc SMTP server ngy c b sung thm nhiu tnh nng mi. i vi cc my ch SMTP ngi ta m rng thm chc nng cho giao thc truyn th n gin SMTP. Nm 1993, RFC 1455 gii thiu chung v phn m rng cho giao thc truyn th n gin SMTP. Cc ti liu tip theo c ra i nhm c th ho cho RFC 1425 l RFC 1651 vo nm 1994 v RFC 1869 vo nm 1995. Cc RFC ny b sung thm ba phn chnh cho SMTP nguyn thu, bao gm: Cc lnh SMTP mi (RFC 1425) ng k cc m rng dch v SMTP (RFC 1651) Cc tham s b sung cho cc lnh SMTP MAIL FROM v RCPT TO (RFC 1869). tng thch vi cc my ch SMTP th h c, cn phi c mt phng thc nhm cho php ng dng th client xc nh xem my ch c h tr cc phn m rng hay khng. Cng vic ny c thc hin qua lnh enhanced hello (EHLO). Khi kt ni vi mt my ch, ngi s dng th tn c th dng lnh EHLO. Nu my ch h tr cc phn m rng SMTP, my ch s phc p kt qu thc hin lnh thnh cng v lit k phn m rng hin my ch h tr. Nu my ch khng h tr phn m rng SMTP, s c thng bo kt qu thc hin lnh khng thnh cng, khi MUA phi thc hin lnh HELO chun. Cc my ch h tr cc giao thc truyn th n gin m rng c xem nh cng c xem nh cc my ch Extended SMTP (ESMTP). Di y l mt v d v phn giao dch vi my ch s dng cu lnh m rng EHLO.
telnet mail.dcs.vn 25 Connected to mail.dcs.vn

30

Escape character is '^]' 220 test.mail.vn ESMTP Service (Sample Mail Server String) EHLO test.mail.vn 250 test.mail.vn says hello 250-HELP 250-EXPN 250 SIZE 20971520 ...

Trong v d trn, my ch ch h tr mt phn m rngSIZE. Tuy nhin, trn thc t mt server c th h tr nhiu phn m rng khc nhau. Bng di y s lit k mt s m rng cho SMTP c cng b trong cc RFC tng ng. V d, RFC 2554 ch ra lnh v giao thc mi cho vic nh danh v xc thc ngi s dng. SMTP Extensions M rng dch v SMTP cho vic khai bo ln ca thng ip th in t M rng dch v SMTP cho ng dn lnh M rng dch v SMTP cho vic truyn cc thng ip th in t MIME di dng nh phn vi dung lng ln M rng dch v SMTP cho vic xc thc M rng dch v SMTP cho vic bo mt SMTP thng qua giao thc TLS M rng dch v SMTP cho vic tr m li m rng M rng dch v SMTP cho vic bt u mt hng i thng ip t xa M rng dch v SMTP cho vic thng bo trng thi phn phi th 2.4. Cc chun Client nhn th 31 1891 1985 2034 2554 2487 2920 3030 RFC 1870

2.4.1. Gii thiu Khi mt thng ip c LDA phn phi, ngi s dng cn phi truy nhp ti my ch th nhn thng ip. Cc phn mm mail client (MUA) c s dng truy nhp n cc my ch th v nhn cc thng ip th tn. Hin ti c nhiu phng php cho php ngi s dng c th truy cp n hp th ca mnh, mt trong cc phng php n gin nht l truy cp trc tip bng cch s dng cc lnh. Mt h thng th in t n gin l mt h thng th tn cho php tt c ngi s dng c th truy nhp trc tip ti hp th ca h. i vi mi ti khon ngi dng trong h thng s tng ng c mt th mc trong th mc home. Khi cc thng ip th tn c nhn, ngi s dng c th dng dng lnh da trn cc chng trnh th nh cc lnh mail hoc pine truy cp trc tip ti hp th. i vi ngi s dng, c bit l ngi s dng bn ngoi, vic truy nhp n my ch th thng qua thao tc dng lnh l mt yu t lm mt an ton cho ti khon th ca h. gim bt ri ro, cc giao thc truy nhp hp th c sa i. Hai giao thc truy cp hp th hin c s dng ph bin nht l POP3 v IMAP. Di y chng ta s tm hiu chi tit v hai giao thc hin ang c s dng ph bin trn. 2.4.2. Giao thc nhn th POP3 Giao thc POP3 c s dng truy nhp v ly cc thng ip th in t t mailbox trn my ch th tn. POP3 c thit k h tr x l mail trong ch Offline. Theo ch ny, cc thng bo mail c chuyn ti my ch th tn v mt chng trnh th client trn mt my trm kt ni ti my ch th tn v ti tt c cc thng bo mail ti my trm . V sau , tt c qu trnh x l mail c din ra trn chnh my trm ny. 32

2.4.2.1. Nguyn tt hot ng v cc lnh ca giao thc POP3 Hot ng ca giao thc POP3 c th hin hnh di y:
POP3 Client
TCP connection AUTHORIZATION state TRANSACTION state UPDATE state

POP3 Server

Hnh 2.2 S hot ng ca POP3 Mt POP3 Server c thit lp ch i cng 110. Khi POP3 client mun s dng dch v POP3, n thit lp mt kt ni TCP ti my server cng 110. Khi kt ni TCP c thit lp, POP3 server s gi mt li cho ti client. Phin lm vic gia client v server c thit lp. Sau client gi cc lnh ti server v server p li (response) cc lnh ti tn khi ng kt ni hoc kt ni b hu b. Mt phin POP3 c 3 trng thi l: AUTHORIZATION, TRANSACTION v UPDATE. Trng thi AUTHORIZATION: Mt khi kt ni TCP c m v POP3 server gi li cho (greeting) ti client th phin vo trng thi AUTHORIZATION, trong trng thi ny server s xc thc client. Khi server xc thc client thnh cng th phin vo trng thi TRANSACTION. Trng thi TRANSACTION: Tip theo trng thi AUTHORIZATION l trng thi TRANSACTION. Trong trng thi ny, client c th truy nhp ti mailbox ca mnh trn server kim tra, nhn th... 33

Trng thi UPDATE: Khi client gi lnh QUIT ti server t trng thi TRANSACTION, th phin vo trng thi UPDATE, trong trng thi ny server gi goodbye ti client v ng kt ni TCP, kt thc phin lm vic. Nu client gi lnh QUIT t trng thi AUTHORIZATION, th phin PO3 s kt thc m khng vo trng thi UPDATE. 2.4.2.2. Cc lnh trong giao thc POP3 Cc lnh trong POP3 c th c mt hoc nhiu i s. Kt thc ca lnh bi mt cp CRLF. Cc t kho v i s trong lnh l cc k t trong ASCII. Mt li p li (response) t POP3 server gm mt m trng thi v theo sau l cc thng tin. C hai m trng thi hin hnh l: thnh cng (+OK) v li (-ERR). C ch xc thc v cc lnh trong trng thi AUTHORIZATION. Khi phin POP3 vo trng thi AUTHORIZATION, client phi nhn danh v xc thc chnh n vi POP3 server. Trong ti liu ny trnh by hai c ch xc thc: C ch th nht s dng kt hp hai lnh USER v PASS; c ch xc thc th hai s dng lnh APOP. Ngoi ra cn c cc c ch xc thc khc c m t trong RFC 1734. Xc thc s dng kt hp hai lnh USER v PASS: xc thc s dng kt hp lnh USER v PASS, trc ht client phi gi lnh USER vi tham s l tn ngi dng n server, sau khi server p li vi m trng thi l thnh cng (+OK) th tip theo client gi lnh PASS km tham s mt khu ca ngi dng hon thnh c ch xc thc cho user ny. Nu POP3 server p li vi m trng thi l +OK th qu trnh xc thc cho user ny thnh cng, cn ngc li (m trng 34

thi l -ERR) th xc thc khng thnh cng v client phi s dng li lnh PASS xc thc li. Lnh USER C php: USER name i s: name l tn ngi dng. M t: c s dng trong trng thi AUTHORIZATION gi tn ca user ti POP3 server. Server s p li thnh cng (+OK) nu nhp tn user l ng v ngc li s tr li m li (ERR). Ch : trong cc v d k t y, k hiu C: c gi t Client v S: l response ca Server. V d:
C: USER mrose S: +OK mrose is a real hoopy frood ... C: USER frated S: -ERR sorry, no mailbox for frated here

Lnh PASS C php: PASS password i s: password l mt khu ca user truy nhp ti mailbox. M t: Lnh ny ch c s dng trong trng thi AUTHORIZATION gi mt khu ca ngi dng ti POP3 server. Lnh ny phi c thc hin sau lnh USER v mt khi server p li lnh USER l thnh cng. V d:
C: USER mrose S: +OK mrose is a real hoopy frood C: PASS secret

35

S: +OK mrose's maildrop has 2 messages (320 octets) ... C: USER mrose S: +OK mrose is a real hoopy frood C: PASS secret S: -ERR maildrop already locked

C ch xc thc s dng lnh APOP C php: APOP name disgest i s: name: tn ca user disgest: mt chui MD5 disgest M t: Vic xc thc trong phin s dng kt hp lnh USER/PASS c nhc im l mt khu c truyn r trn mng. khc phc nhc im ny th c ch xc thc s dng lnh APOP c s dng trong giao thc POP3. Phng php xc thc ny cho php c xc thc v bo v replay bng cch khng gi mt khu dng r trn mng. Mt server ci t lnh APOP s gi km mt timestamp vo trong li cho (greeting) ti client (greeting c gi khi kt ni TCP c thit lp gia POP3 client v PO3 server). Dng ca timestamp c m t trong RFC 822 v chng phi khc nhau mi ln POP3 server gi li cho ti client. V d, trn ng dng UNIX, mi tin trnh ring bit c s dng cho timestamp ca mt POP3 server, c php ca timestamp c th l: <process-ID.clock@hostname> Trong 'process-ID' l s hiu tin trnh (PID), clock l clock ca h thng v hostname l tn min y . POP3 client s ly timestamp ny (bao gm c du ngoc nhn) cng vi b mt dng chung m ch client v server c

36

bit (mt khu truy nhp mailbox ca ngi dng) tnh ton tham s disgest s dng gii thut MD5. Sau gi lnh APOP vi cc tham s i km ti server. Khi POP3 server nhn lnh APOP, n kim tra disgest . Nu disgest ng, th POP3 server s p li ti client thnh cng (+OK) v phin PO3 vo trng thi TRANSACTION. Tri li, server s thng bo li ti client v phin POP3 vn trng thi AUTHORIZATION. V d: S: +OK POP3 server ready 1896.697170952@dbc.mtview.ca.us> C: APOP mrose c4c9334bac560ecc979e58001b3e22fb S: +OK maildrop has 1 message (369 octets) Trong v d ny b mt dng chung l chui 'tanstaaf'. Do u u vo ra ca gii c thut MD5 gi ny tr l chui l <1896.697170952@dbc.mtview.ca.us>tanstaaf c4c9334bac560ecc979e58001b3e22fb Cc lnh trong trng thi TRANSACTION Cc lnh trong trng thi TRANSACTION l: STAT, LIST, TOP, NOOP, RETR, DELE, UIDL, QUIT v RSET ST T 1 Tn lnh STAT STAT Lnh STAT c s dng nhn s tng thng bo v tng s byte ca cc thng bo trong mailbox. 2 LIST LIST [msg] l s nhn danh thng bo 37 C php M t

[msg]

Lnh LIST c s dng c hoc khng tham s. Nu khng c tham s, LIST s tr li s nhn danh v kch c ca mi thng bo trong mailbox.

RETR

RETR msg

msg: l s nhn danh ca thng bo Server s gi ton b thng bo tng ng vi s nhn danh thng bo ti client

DELE

DELE msg

msg: l s nhn danh ca thng bo Lnh DELE nh du mt thng bo xo. Khi phin lm vic kt thc th tt c cc thng bo b nh du l xo mi b xo hn.

RSET

RSET msg

msg: l s nhn danh ca thng bo Lnh ny th ngc vi lnh DELE, tc l n c s dng b nh du xo thng bo c thc hin bi lnh DELE.

NOOP

NOOP

Lnh ny n gin ch l kim tra kt ni n Server. Server s p li vi m trng thi +OK

TOP

TOP msg msg: l s nhn danh thng bo. [n] n: l s dng Nu khng c i s [n] th lnh 38

TOP s ly header ca thng bo c ch ra t server. Nu c i [n] th TOP s ly herder ca thng bo cng vi n dng ca thng bo. 8 UIDL UIDL [msg] msg: l s nhn danh thng bo. Nu khng c i s [msg] th lnh UIDL s tr li cc nhn danh duy nht ca mi thng bo (unique-id). Nu c i s [msg] th UIDL s tr li nhn danh duy nht cho thng bo . Nhn danh duy nht ca mt thng bo l mt chui gm 1 n 70 k t trong khong 0x21 n 0x7E, nhn danh ny l duy nht cho mi thng bo, n c duy tr trong phin lm vic thm ch phin kt thc m khng vo trng thi UPDATE. 9 QUIT QUIT Vo trng thi UPDATE, kt phin POP3. 2.4.2.3. V d v cc lnh s dng trong giao thc POP3 Trong cc v d di y c thc hin bi s dng chng trnh Telnet thao tc vi mailbox trn POP3 mail server. My trm c ci t h iu hnh Win98 v POP3 server ci MDEAMON. chy bt u <tn_pop_server> 110 t Start/Run g lnh telnet thc

V d1: Mt phin lm vic PO3 s dng cc lnh USER, PASS, STAT, LIST, NOOP, RETR, QUIT

39

Hnh 2.3 V d phin lm vic cc lnh POP3 V d 2: Mt phin lm vic PO3 s dng cc lnh USER, PASS, STAT, LIST, UIDL, DELE, RSET, TOP, QUIT

Hnh 2.4 V d phin lm vic POP3 2.4.3. Giao thc truy nhp thng bo Internet (IMAP) IMAP l mt giao thc cho php client truy nhp email trn mt server, khng ch ti thng ip th in t v my ca ngi s dng (POP) m c th thc hin cc cng vic nh: to, sa, xo, i tn mailbox, kim tra thng ip mi, thit lp v xo c trng thi,... 40

IMAP c thit k trong mi trng ngi dng c th ng nhp vo server (cng 143/tcp) t cc my trm khc nhau. N rt hu ch khi vic ti th ca ngi dng khng v mt my c nh, bi khng phi lc no cng ch s dng mt my tnh. Trong khi POP khng cho php ngi s dng tc ng ln cc thng ip trn server. n gin POP ch c php ti th in t ca ngi dng ang c qun l trn server, trong inbox ca ngi s dng . Nh vy, POP ch cung cp quyn truy nhp ti inbox ca ngi s dng m khng h tr quyn truy nhp ti pulbic folder (IMAP). S dng IMAP vi cc mc ch sau: Tng thch y vi cc chun thng ip Internet (v d MIME). Cho php truy nhp v qun l thng ip t nhiu my tnh khc nhau. H tr c 3 ch truy nhp: online, offline, v disconnected. H tr truy nhp ng thi ti cc mailbox dng chung. Phn mm bn client khng cn thit phi bit kiu lu tr file ca server. 2.4.3.1. Hot ng ca IMAP Kt ni IMAP bao gm: kt ni mng cho client/server, khi to trn server hay gi l "hello message", v nhng tng tc client/server tip theo. Nhng tng tc ny bao gm: lnh t client, d liu trn server, v tr li trn server. Tng tc gia IMAP client v IMAP server thc hin da vo cc giao thc gi/nhn ca client/server. C th s tng tc c th hin nh sau.

41

Giao thc gi ca client v nhn ca server Khi hot ng, bn client gi mt lnh, mi lnh c mt nh danh (sp xp theo alphabel, v d: A00001, A00002) c gi l mt th. Mi th ny c sinh t pha client cho tng lnh khc nhau. C 2 trng hp dng lnh gi t pha client khng c coi l mt lnh: Th nht, tham s lnh c trch dn trong du ngoc. Th hai, tham s lnh yu cu thng tin phn hi t pha server (xem lnh AUTHENTICATE mc sau). Trong tng trng hp th server gi mt thng tin tr li (cho lnh tip theo bn pha client) nu n c cc octet v phn lnh cn li tng ng. Ch rng t trc thng tin tr li l mt du "+". Nu server nhn ra mt li dng lnh, th n gi thng tin tr li l BAD hu b lnh v chng vic gi thm lnh t pha client. Server c th gi mt thng tin tr li cho nhiu lnh khc nhau cng mt thi im (trong trng hp gi nhiu lnh), hoc d liu khng gn th. Trong trng hp khc khi yu cu tip tc gi lnh ang ch, th client thc hin theo thng tin tr li lnh t pha server v c thng tin tr li khc t server n. Trong tt c cc trng hp, th client phi gi cc thng tin hon thnh lnh trc khi khi to lnh mi. Giao thc nhn bn server c dng lnh t pha client gi sang, phn tch lnh v cc tham s, sau truyn ti d liu trn server v thng tin hon thnh lnh sang client. Giao thc gi ca server v nhn ca client D liu truyn ti sang client v tt nhin gm c thng tin trng thi thng bo cha kt thc lnh (t trc l du "*", c gi l khng gn th). D liu trn server c th c gi theo lnh t pha client, hoc c th c gi t pha 42

server m khng cn theo lnh t pha client. Tt nhin khng c s khc nhau v c php gia 2 cch gi ny. Thng tin hon thnh p li t pha server ch ra rng cng vic thc hin hon thnh hoc b li. N c gn th tng t th lnh s dng cho cc lnh bn pha client. Do vy, nu c nhiu hn mt lnh th th s dng trong thng tin hon thnh lnh t pha server cn nhm dng xc nhn s tng ng vi lnh m n cn thng bo. Thng tin hon thnh lnh t pha server s dng mt trong 3 chui sau: OK thng bo lnh thc hin thnh cng, NO thng bo lnh thc hin li, v BAD thng bo b li khi s dng giao thc (lnh khng c cng nhn, hoc c php lnh sai). Giao thc nhn ca client c thng bo t pha server gi sang, sau n thc hin theo thng bo da theo du hiu (+, hoc *) trn thng bo. Ch rng, mt client phi chp nhn bt k thng bo no t pha server mi thi im, bao gm c d liu ca server m n yu cu. D liu ca server c ghi li, do client c th tham chiu ti bn sao m khng cn gi lnh yu cu d liu ti server. Nhng iu ny ch thc hin c khi d liu ca server c ghi li. 2.4.3.2. Cc lnh IMAP Trong mc ny chng ti a ra danh sch lnh IMAP, cc lnh ny c t chc theo trng thi m lnh c php thc thi. Cc lnh c php vi nhiu trng thi, nhng y chng ti ch a ra ti thiu trng thi m lnh c php. xem chi tit v c php chun ca cc lnh IMAP bn tham kho RFC 2062, 2060. Di y chng ti ch a ra cc tham s, thng tin bo lnh, thng bo hon thnh lnh, v mc ch s dng ca cc lnh ny. 43

STT 1 CAPABILITY Cc tham s: none

M t lnh

Phc p: *: CAPABILITY Kt qu tr v: OK hoc BAD Chc nng: Yu cu a ra danh sch cc kh nng m server h tr. 2 NOOP Cc tham s: none Phc p: khng Kt qu tr v: OK hoc BAD Chc nng: khi to chu k ly hoc cp nht trng thi thng ip hoc khi to b thi gian t logout trn server. 3 LOGOUT Cc tham s: none Phc p: *: BYE Kt qu tr v: OK hoc BAD Chc nng: thng bo ngt kt ni. 4 AUTHENTICATE Cc tham s: tn k thut xc thc Phc p: d liu yu cu Kt qu tr v: OK hoc NO hoc BAD Chc nng: Ch ra mt k thut xc thc server (tham kho RFC 1731). Nu server h tr k thut ny, th n thc hin trao i giao thc xc thc xc thc v nh danh client. Nu k thut ny khng c h tr bi server, th server hu b 44

lnh ny bng cch gi li thng bo NO. 5 LOGIN Cc tham s: mt khu, ngi dng Phc p: none Kt qu tr v: OK hoc NO hoc BAD Chc nng: nh danh client i vi server v a mt khu dng text xc thc ngi dng. 6 SELECT Cc tham s: tn mailbox Phc p: *: FLAGS, EXITS, RECENT hoc OK *: UNSEEN, PERMANENTFLAGS. Kt qu tr v: OK hoc NO hoc BAD Chc nng: Chn mailbox ch ra truy nhp. 7 EXAMINE Cc tham s: tn mailbox Phc p: *: FLAGS, EXITS, RECENT hoc OK *: UNSEEN, PERMANENTFLAGS. Kt qu tr v: OK hoc NO hoc BAD Chc nng: Tng t lnh SELECT nhng mailbox chn l read-only, khng th thay i thuc tnh PERMANENT ca mailbox. 8 CREATE Cc tham s: tn mailbox Phc p: none Kt qu tr v: OK hoc NO hoc BAD Chc nng: To mailbox vi tn ch ra. 9 DELETE

45

Cc tham s: tn mailbox Phc p: none Kt qu tr v: OK hoc NO hoc BAD Chc nng: Xo mailbox ch ra. 10 RENAME Cc tham s: tn mailbox c, tn mailbox mi Phc p: none Kt qu tr v: OK hoc NO hoc BAD Chc nng: i tn mailbox tn ti thnh tn mailbox mi. 11 SUBSCRIBE Cc tham s: tn mailbox Phc p: none Kt qu tr v: OK hoc NO hoc BAD Chc nng: Thm mailbox vo tp cc mailbox c trng thi "active" hoc "subscribed" ca server. 12 UNSUBSCRIBE Cc tham s: tn mailbox Phc p: none Kt qu tr v: OK hoc NO hoc BAD Chc nng: Xo mailbox ch ra trong tp cc mailbox c trng thi "active" hoc "subscribed" ca server. 13 LIST Cc tham s: tn tham chiu, tn mailbox Phc p: *: LIST Kt qu tr v: OK hoc NO hoc BAD 46

Chc nng: Tr v tp cc tn client c hiu lc. 14 LSUB Cc tham s: tn tham chiu, tn mailbox Phc p: *: LSUB Kt qu tr v: OK hoc NO hoc BAD Chc nng: Tr v tp cc tn ngi dng c khai bo trng thi "active" hoc "subscribed". 15 STATUS Cc tham s: tn mailbox, tn trng thi d liu Phc p: *: STATUS Kt qu tr v: OK hoc NO hoc BAD Chc nng: Yu cu cc trng thi d liu cho mailbox ch ra. 16 APPEND Cc tham s: tn mailbox, [cc c], [ngy/thng], thng ip Phc p: none Kt qu : OK hoc NO hoc BAD Chc nng: Ni thm thng ip vo cui mailbox ch ch ra. 17 CHECK Cc tham s: none Phc p: none Kt qu tr v: OK hoc BAD Chc nng: Yu cu im kim sot mailbox chn (v d, trng thi vng nh ca mailbox trn server). 18 CLOSE 47

Cc tham s: none Phc p: Kt qu tr v: OK hoc NO hoc BAD Chc nng: Xo vnh vin tt c cc thng ip c thit lp c \Delete ca mailbox chn, v tr v trng thi xc thc. 19 EXPUNGE Cc tham s: none Phc p: *: EXPUNGE Kt qu tr v: OK hoc NO hoc BAD Chc nng: Xo vnh vin tt c cc thng ip c thit lp c \Delete ca mailbox chn, v tr thng bo OK ti client. 20 SEARCH Cc tham s: OPTIONAL [CHARSET], tiu chun tm kim Phc p: *: SEARCH Kt qu tr v: OK hoc NO hoc BAD Chc nng: Tm kim cc mailbox c tiu chun tm a ra. 21 FETCH Cc tham s: tp thng ip, danh mc d liu Phc p: *: FETCH Kt qu tr v: OK hoc NO hoc BAD Chc nng: Ly d liu nh km thng ip trong mailbox. kim

48

22

STORE Cc tham s: tp thng ip, danh mc d liu, gi tr ca danh mc d liu Phc p: *: FETCH Kt qu tr v: OK hoc NO hoc BAD Chc nng: Thay i d liu nh km thng ip trong mailbox.

23

COPY Cc tham s: tp thng ip, tn mailbox Phc p: none Kt qu tr v: OK hoc NO hoc BAD Chc nng: Lnh ny sao lu cc thng ip ch ra vo mailbox ch xc nh.

24

UID Cc tham s: tn lnh, cc tham s lnh Phc p: *: FETCH, SEARCH Kt qu tr v: OK hoc NO hoc BAD Chc nng: Lnh ny th hin 2 dng: Dng th nht, n s dng lnh COPY, FETCH, hoc STORE v cc tham s ca cc lnh tng ng. Dng th 2, n s dng lnh SEARCH v cc tham s ca lnh ny.

2.4.4. So snh IMAP v POP Nh trnh by cc mc trn th im khc bit gia 2 giao thc nhn mail l: POP c thit k x l mail ch "offline"; cn IMAP h tr c 3 ch "offline", "online", v "disconnected". Trong mc ny chng ti s so snh mt cch ngn gn v cc cng ngh POP v IMAP. c im chung v cc cng ngh POP v IMAP 49

H tr ch offline. Mail c phn phi ti mt Mail server chia s (lun c kch hot). Mail n c th nhn t mt my client c nhiu kiu platform khc nhau. Mail n c th nhn t bt c ni no trong mng. Cc giao thc rt r rng v chun theo cc RFC c cng trn mng. S dng hiu qu trn nhiu phn mm min ph (c c source). Cho cc client trn my PC, Mac, v Unix. S dng hiu qu trn nhiu phn mm thng mi. nh hng mng Internet; khng yu cu s dng SMTP mail gateway. Cc giao thc ch gii quyt vn truy nhp; c 2 u c kh nng nhn cc mail c gi da trn giao thc SMTP. H tr cc ID thng ip c nh (cho hot ng "disconnected"). u im ca POP Giao thc n gin hn v d thc hin hn. C nhiu phn mm client s dng hn. u im ca IMAP C th thao tc cc c trng thi thng ip trn server. 50 b

C th lu tr cc thng ip tng t nh khi ly chng. C th truy nhp v qun l nhiu mailbox. H tr cp nht v truy nhp ng thi ti cc mailbox chia s. C th truy nhp d liu khng phi l mail: NetNews, documents,... Cng c th s dng lc offline ti thiu thi gian kt ni v khng gian a. C c phn giao thc qun l cu hnh ngi s dng. Xy dng ti u kh nng "online", c bit cho cc kt ni tc thp. Cu hi n tp chng II: 1. Trnh by cc ch hot ng trm - ch trong th tn in t. So snh u nhc im ca cc ch . 2. Giao thc c s dng gi th in t SMTP, khi mun bit my ch th c phi l ESMTP thi ta c th s dng lnh no? 3. C my giao thc nhn th in t c s dng ph bin hin nay? Mi lin h gia cc giao thc vi cc ch hot ng ca trm - ch trong th tn in t.

51

Chng 3 An ton ng dng my ch Tn v ni dung th


3.1. An ton ng dng my ch th tn 3.1.1. Ci t my ch th tn an ton Vic ci t v thit lp cu hnh an ton ng dng my ch th i vi h iu hnh s c bn lun chi tit hn trong chng 5. Do vy v tng quan chng ta c th ch cn quan tm n vic ci t v thit lp cu hnh cho mt s cc dch v c yu cu i vi mt my ch th, v tm b qua nhng ri ro c th xut hin do cha thc hin vic lp l hng v cp nht h thng. Trong qu trnh ci t thit lp cu hnh cho my ch th nu thy bt k ng dng, dch v hay script no khng cn thit nn loi b ngay trc khi kt thc quy trnh ci t. Trong qu trnh ci t my ch th, nhng bc sau cn c thc hin: Ci t phn mm my ch th trn my ch chuyn dng, Ci t mc ti thiu cc dch v Internet cn c. p dng cc cng ngh lp l hng v nng cp h thng chng cc him ho bit trc. To ra cc phn vng a (logic hoc vt l) s dng cho vic ci t ng dng th. Loi b hoc disable tt c dch v c ci t bi ng dng ch th khng cn thit (v d: th da trn Web, FTP, tin ch qun l t xa, ...)

52

Loi b tt c nhng tin ch khng r ngun gc khi my ch th. Loi b tt c tin ch c s dng lm v d hoc cc cng c c s dng test khi my ch th. p dng cc c ch an ton c sn i vi mt server Thit lp li cu hnh cho cc giao thc SMTP, POP, v IMAP. Loi b cc lnh khng cn thit hoc c th gy nguy him cho my ch th (V d, VRFI v EXPN) 3.1.2. Cu hnh an ton ng dng my ch th tn Hu ht cc h iu hnh trn cc my ch th cung cp kh nng phn quyn cho vic truy nhp n h thng cc file, cc thit b, v ngun ti nguyn trn my ch . Bt c ngun ti nguyn no trn my ch m mail server c th truy nhp n u l tim nng c th chia s cho tt c ngi s dng trong h thng th tn. Phn mm mail server h tr b sung vic truy nhp n cc tp tin, cc thit b, v ngun ti nguyn nhm qun l v vn hnh cc hot ng ca n. Quan trng nht l vic lm sao c th ng nht cc quyn c thit lp bi h iu hnh v chnh bn thn phn mm mail server. Bn cnh phi m bo c rng cc i tng s dng mail khng c trao qu nhiu hoc qu t quyn. Nh vy ngi qun tr my ch th cn tm ra phng php lm th no thit lp cu hnh tt nht vic qun l truy nhp bo v thng tin c lu tr trn my ch th cng khai trong hai mi quan h di y: Hn ch s truy nhp ca ng dng mail server ti cc ngun ti nguyn ph ca my tnh.

53

Hn ch s truy cp ca ngi s dng n h thng thng qua cc quyn b sung c h tr bi my ch th, ni m nhng mc iu khin truy nhp c thit lp chi tit hn. Vic thit lp cu hnh qun l truy nhp c th ngn cm cc thng tin nhy cm, ring t khi nhng him ho khi mt my ch th c cng khai ho. Hn na, qun l truy nhp c th c s dng nhm gii hn vic s dng ngun ti nguyn trong trng hp my ch th b tn cng t chi dch v (DoS). Nhng i tng in hnh trn my ch th cn c qun l truy nhp bao gm: Cc tin ch phn mm v cc tp cu hnh ca phn mm mail server. Cc h thng file trc tip lin quan n c ch bo mt: Cc tp lu gi tr bm ca mt khu v cc tp c s dng cho vic xc thc. Cc tp cha thng tin u quyn c s dng trong vic qun l truy nhp Cc thng tin v kho m phc v cho vic m bo tnh b mt, ton vn v chng chi b. Cc tp cha thng tin kim ton v nht k ca server Cc phn mm h thng khc v tp cu hnh ca chng m bo rng ng dng mail server ch hot ng nh mt i tng (nhm hoc mt thc th n l) vi cc quyn truy nhp c qun l mt cch cht ch. Bi vy, vic nh danh mi ngi dng, nhm ngi dng c thc hin bi phn mm my ch th cng cn c qun l bi h thng. Vic to 54

mi ngi dng, nhm ngi dng cn c lp v duy nht i vi ngi dng hoc nhm ngi dng khc. y l iu kin quyt nh nhm thc thi vic qun l truy nhp s c m t trong nhng bc tip theo. Mc d ban u my ch c th c khi to vi quyn cao nht (quyn root i vi h thng Unix, hay quyn qun tr i vi cc h thng Windows NT/2000/XP), tuy nhin khng nn cho php server tip tc chy vi mc qun l truy nhp trn. Bn cnh cn s dng chnh h iu hnh ca my ch th hn ch vic truy nhp n h thng tp bi cc tin trnh hay cc dch v th. Cc tin trnh trn chi c php truy nhp vi quyn read-only n cc tp cn thit trong vic thc thi cc dch v mail, v khng c quyn truy nhp n cc tp khc, chng hn nh cc tp nht k ca server. S dng h iu hnh trn my ch th qun l: Nhng tp tm (temporary files) c to ra bi ng dng my ch th b gii hn trong cc th mc ph tng ng. Vic truy nhp n cc tp tm c thit lp bi ng dng my ch th cng b gii hn i cc tin trnh khc ca mail server. Cng cn thit phi m bo rng mail server khng th lu cc tp ngoi cc cu trc tp c xc nh bi mail server. iu ny c th c cu hnh trn chnh mail server hoc cu hnh h iu hnh trong vic qun l tt c cc tin trnh chy trn my ch. Phi m bo c rng cc th mc v cc tp (bn ngoi cy th mc c xc nh) khng th b truy nhp, ngay c khi ngi dng bit c ng dn ca chng.

55

Trn cc my ch Unix v Linux, nn s dng "chroot jail" cho ng dng mail server. S dng chroot thay i view ca mail server trn h thng file ca my ch, c th l th mc root c hin th s khng phi l th mc root thc s ca h thng m n ch l mt phn con ca th mc root h thng. Bi vy, nu mail server nh sp, k tn cng ch c th truy nhp trong gii hn phn con ca h thng file trn my ch. y l mt hnh thc nng cao an ton rt hiu qu. Nhm gim nh hng ca cc loi tn cng DoS, nn thit lp cu hnh my ch th nhm hn ch s lng ngun ti nguyn h thng m trong qu trnh vn hnh c th gy tn hi. Di y l mt vi v d: Ci t hp th ca ngi s dng trn cc cng hoc cc phn vng logic khc nhau hn l trn chnh h iu hnh hay ng dng my ch th. Gii hn cho php dung lng nh km. Bo m cc tp nht k s c lu tr v tr vi dung lng ph hp. Nhng thao tc trn nhm chng li cc tn cng lm trn h thng tp trong qu trnh vn hnh my ch th dn n my ch th b nh sp. Ngoi ra, phng php trn cn c th chng li cc tn cng kiu chim dng kh nng truy nhp ngu nhin n b nh s dng cc tin trnh khng mong mun lm cho tc x l ca h thng chm li hoc thm ch b ph hu, v nh vy lm cho mail server mt i tnh sn sng. Cc thng tin nht k c sinh bi h 56

thng trn ci t mail server s gip ngi qun tr c th nhn ra cc kiu tn cng dng ny. 3.2. Bo v th tn in t khi m ph hoi Th in t v ang c s dng nh mt cng c cho vic gi cc tp d liu dng nh phn di hnh thc cc tp nh km. Ban u, chng khng gy ra cc ri ro cho s an ton bi v cc tp nh km thng ch l cc ti liu hoc cc tp hnh nh dung lng nh. Ngy cng c nhiu t chc, c nhn s dng th in t cho cho vic giao dch hng ngy, dung lng v kiu nh dng ca cc tp nh km t m cng ngy mt gia tng. Ngy nay, rt nhiu th in t c gi vi cc tp nh km l cc chng trnh chy, tranh nh, nhc v m thanh. Vn t ra y l loi tp nh km no c php, hay mt tp vi nh dng bt k no cng c th c trao i qua th in t di dng tp nh km. Quyt nh khi no th cho php nh km c th l mt quyt nh khng phi d. Khng cho php gi theo cc tp nh km trong th in t s lm n gin ho mt h thng v lm cho h thng an ton hn; Tuy nhin, s lm gim s hu dng vn c ca h thng th tn in t. Ni chung vic cho php nh km l mt nhu cu thc t ca ngi s dng. Tuy nhin, ngi qun tr h thng th cn xc nh trc cc kiu nh dng d liu s c cho php nh km. Cch tip cn n gin nht l cho php nh km tt c cc loi tp. Nu nh vy, cn ci t cc b qut virus trn ng truyn th in t nhm lc b cc m ph hoi, thm ch c th phi s dng cc tin ch pha client nhm cm cc hot ng xut pht t cc nh km dng chng trnh chy. 57

Mt cch tip cn tt hn l lc cc kiu nh km l tim nng c th gy nguy him cho h thng (cc tp nh km c phn m rng vbs, ws, wsc chng hn) ngay mail server hoc trn mail gateway, kt hp vi vic qut virus i vi cc tp cho php nh km. Vi-rt c th c truyn qua cc th in t theo dng virt th hoc l vi-rt nh km. Nu mt my ch th khng c ci t phn mm chng vi-rt, hoc c ci t nhng phn mm chng virus hot ng khng hiu qu, kh nng e do s an ton cho ngi s dng u cui s tng ln. Mt s phn mm th in t my trm ph bin hin nay c nguy c cao trong vic ly nhim v truyn cc vi rt sinh ra t th in t. Cc loi virut trn l c trng cho kt qu h tr cc ni dung tch cc ca cc trm th in t, chng hn cc thng ip HTML. Vic ngn cm hoc cho php cc ni dung c tnh hot ng nh trn cn c thc hin bi cc nh xy dng cc ng dng th in t. Nhiu loi ni dung c th c xem l ni dung hot ng. in hnh l cc ni dung di dng cc script hoc cc control object. Cc kiu ni dung hot ng ph bit nht c bit n hin nay l ActiveX, Java, JavaScrip, v Visual Basic Script. Cc vi rt di dng ni dung hot ng v m ph hoi c th nh hng n MUA. khc phc iu , ngi qun tr nn cu hnh nhm qun l cht chng v a ra nhng thng bo cho ngi s dng u cui. 3.2.1. Qut Virus Chng s ph hoi xut pht t ni dung hot ng ch l bc u tin nhm bo v ngi s dng u cui. Bc tip theo l bo v vic sinh virus t nhng tp nh km. bo v khi virut v cc m nguy him khc, nht thit phi 58

thc thi vic qut virus ti mt hay nhiu khu trong qu trnh phn phi th in t. Vic qut virut c th c thc hin trn bc tng la ni d liu th in t bt u vo mng ca mt c quan hay t chc no , ngay trn my ch th in t hay trn cc my trm ca ngi s dng u cui. Mi la chn c im mnh v im yu ring. Nu ngun ti nguyn cho php, vic s dng nhiu hn mt s la chn trn s em li s an ton cao hn. Vic qut virut ti bc tng la hay ti cc khu truyn th trung gian l mt la chn ph bin. Trong trng hp ny, bc tng la hay cc khu trung gian s chn cc thng ip th in t trc khi chng n c my ch th in t ca mt t chc hoc mt cng ty no . Chng trnh qut virus trn bc tng la s thc hin qut cc thng ip trn, nu khng pht hin ra c virus thng ip th in t s c chuyn n my ch th ca t chc hay cng ty phn pht. Bc tng la nghe trn cng TCP 25 cho kt ni SMTP, nhn cc thng ip, qut virut ri chuyn chng n my ch th in t c cu hnh nghe trn cng no ch khng nht thit l cng 25 nh thng thng. Mt bt li ca phng n ny l vic qut lin tc dng d liu SMTP c th gim hiu sut lm vic ca bc tng la. khc phc iu ny l chuyn chc nng qut virut sang mt my ch chuyn dng khc.

59

Hnh 3.1 M hnh qut virus trn Firewall Di y l mt s li ch qut virut cho th in t ti bc tng la: Th in t c th c qut virut theo c hai hng (trong v ngoi mng ca mt t chc hoc cng ty no ) Virut c th b chn li trc khi xm nhp mng. C th qut virut cc th vo mng m khng cn thay i ln cu hnh my ch th in t hin ti. C th qun l tp trung vic qut virut m bo s tun th chnh sch an ton ca t chc Cc bc tng la thng h tr nhiu giao thc khc nhau, v vy chng ta c th s dng chng trnh qut virus cho cc giao thc khc (v d nh HTTP, FTP). Nhc im ca vic ci t trnh qut virut trn bc tng la: Yu cu sa i ln cu hnh my ch th in t hin ti khi qut virut cho th in t theo hng ra ngoi mng. Khng th qut virut cc th in t m ho 60

Khng bo v c ngi s dng ni b khi xut hin virus mng trong ca cng ty hay t chc tr khi mng c cu hnh tt c dng d liu truyn qua giao thc SMTP c nh tuyn qua mt b qut chuyn dng trc khi n my ch th in t ca cng ty hay t chc . Yu cu my ch c cu hnh cao chu ti. La chn th hai l ci t trnh qut virut cho th in t trn chnh my ch th in t. La chn ny rt hu ch cho vic bo v th in t khi cc virut c ngi s dng trong mng ni b gi cho ngi s dng mt mng khc v cc thng ip thng khng c bc tng la qut virus. Bt li ch yu ca qut virut trn my ch th in t l tc ng tiu cc n hiu sut lm vic ca my ch th in t do yu cu phi qut tt c cc thng ip. Mt bt li na l vic qut virut trn my ch th in t thng yu cu bin i ln v cu hnh my ch th in t hin ti.

Hnh 3.2 M hnh qut virus trn chnh my ch th Di y l mt s u nhc im ca phng n ny. u im:

61

Th in t c th c qut virut theo c hai hng (trong v ngoi) C th thc hin vic qun l trung tm m bo tun th chnh sch bo mt ca t chc. C th bo v ngi s dng ni b khi c mt virut trong mng ni b ca t chc hay cng ty Nhc im: Qut virut yu cu bin i ln v cu hnh my ch th hin ti. Khng th qut virut c cc th in t c m ho. Yu cu my ch th phi c cu hnh cao khi s dng cho cng ty hay t chc c nhiu ngi s dng. Cc phn mm th in t server nh Microsoft Exchange v cc phin bn mi ca Sendmail h tr vic tch hp qut virut ti my ch th in t. Bt u t Exchange phin bn 5.5, Service Pack 3, v Microsoft Exchange 2000, Microsoft to ra mt giao din lp trnh ng dng chng virut (AVAPI) c thit k plug-in cc trnh qut virut. Microsoft Exchange c th c m rng to cc chc nng nh: qut virut trong cc tp nh km, qut ton b hp th, pht hin v loi b virus, .... Nhiu chng trnh qut virut plug-in cho Microsoft Exchange c kh nng chn cc loi tp nh km da trn cc tn file hay m rng ca file. V d, gii hn kh nng ly nhim cc virut macro, mt t chc c th chn tt c cc loi file Microsoft Office thng thng nh .doc, .dot, v .xls. Sendmail phin bn 8.10 hoc cao hn cung cp cc API qun l cho php tch hp cc trnh qut virut v phn mm lc ni dung trong MTA. Ch rng, vi bt k mt phn mm 62 in t

qut virus no th cc cc nh qun tr my ch th in t cng cn phi cp nht danh sch virus mi nht. D la chn phng n qut virus trn bc tng la hay trn chnh cc my ch th in t, chng ta cn: Pht hin v qut tt c cc virut bit v cc loi m nguy him khc. H tr qut thng minh (tr gip mt s bin php bo v khi cc virut mi hoc cha c bit) Tr gip vic lc ni dung Kt hp vi c ch ngn nga kh nng ph v h thng bi cc nguy c khc D dng trong vic qun l H tr vic cp nht t ng Cp nht thng xuyn (yu t bt buc) C th nh danh v p dng quy tc cho cc loi ni dung khc nhau Mt la chn na l ci t trnh qut virut trn cc my trm, tc trn chnh cc my ca ngi s dng u cui. Th in t c qut khi ngi s dng m. u im ln ca phng n ny l vic qut virut c phn tn trn nhiu my, do s c nh hng rt t n hiu sut lm vic ca mi h thng ring.

63

Hnh 3.3 Qut vi rt c thc hin trn cc trm ca ngi s dng. Thch thc ln nht trong vic thc hin qut vi rt trn cc trm ca ngi s dng l rt kh qun l cc trnh qut virut, c bit l trong vic qun l tp trung v vic cp nht. Tuy nhin, hin ti c cc gii php h tr vic qun l tp trung cc b qut vi rt trn cc my khc nhau. Mt im yu khc l ngi s dng s l ngi kim sot b qut vi rt; nh vy h c th t mnh v hiu ho mt s hoc tt c chc nng ca n (c th do ngu nhin hay v tnh). Li ch ca vic qut virus trn cc my khch: Khng yu cu bt k sa i no trn mail server C th qut cc th in t c m ho khi ngi s dng gii m chng Vic qut virus c phn tn trn nhiu my v do hn ch ti a nh hng ca vic qut i vi my ch. Cung cp kh nng bo v cho nhng ngi s dng bn trong thm ch khi ngun gc ca virus xut pht t mt ngi s dng bn trong. 64

Cc bt li khi qut vi rt my khch nh sau: Kh qun l tp trung Nhng ngi s dng c th cp nht chm cc b qut vi rt, dn n vic nh hng n c mt tp th Ngi s dng c th loi b cc chc nng ca trnh qut virus Ch qut cc thng ip vo Khng x l c virus trn bc tng la hoc trn my ch th in t trung tm. S l hiu qu nu thc hin t nht hai phng n qut vi rt m chng ta bit n trn. La chn an ton nht l thc hin mt b qut vi rt trung tm ho (hoc ti bc tng la, hoc trn my ch th) kt hp vi phng n qut virus trn cc my ca ngi s dng u cui. Nh vy chng ta s c nhiu tng bo v v kt hp c cc u im ca cc phng n trn C l quan trng nht l vic khuyn co ngi s dng v s nguy him ca cc vi rt nhim th in t, m ph hoi, h: Khng bao gi m cc tp nh km c gi t nhng a ch khng r rng. Khng bao gi m cc tp nh km khi nghi ng chng c virus (v d cc tp nh km c tn: attachment.txt.vbs, attachment.exe). Nghi ng cc th in t t nhng ngi gi quen bit m dng tiu hoc ni dung khng ph hp vi mi quan h hin ti ( v d: mt bc th in t vi tiu : " Anh yu em" t mt ng nghip bnh thng) hoc cc ch chung chung( v d: "hy bm vo y") 65

Qut tt c cc tp nh km bng mt b qut vi rt trc khi m, bng cch cu hnh b qut vi rt n c th thc hin mt cch t ng nhim v ny. Cp nht c s d liu virus ca mt b qut vi rt hng ngy, hng tun hoc khi xut hin virus mi. Mt s quan tm khc lin quan n cc tp nh km l dung lng vn c ca n. Do cc yu cu trong vic x l v lu tr i vi cc thng ip c dung lng ln, cc my ch x l th s a ra dung lng ti a c chp nhn i vi mt thng ip th tn in t. Khi mt tp nh phn (nh tp nh) c nh km vo thng ip th in t, n s khng c gi nh nh dng ban u m n s c m ho di nh dng mi. Nh cp trong chng 1, cc tp nh km di dng nh phn c chuyn thnh dng Base64. Khi chuyn sang nh dng ny s lm tng 33% dung lng ca thng ip th in t. Nh vy mt thng ip ch gm phn tiu c bn v tp nh km 1MB s tr thnh mt thng ip vi dung lng xp x 1.33MB. Thc hin gii hn dung lng s em li li ch cho my ch th nh: Gim tr trong vic phn phi th in t Gim yu cu lu tr Gim yu cu i vi cu hnh ca my ch. 3.2.2. Lc ni dung Trn thc t, vic lc ni dung lm vic theo nguyn l tng t thc hin qut vi rt trn bc tng la hoc my ch th. V bn cht, y l qu trnh thc hin vic tm mt c tnh no c xut hin trong ni dung th hay khng. Khi thc thi vic qut virus hoc ngn cm mt loi tp no (cn c vo phn m, tn tp hay nh dng tp) th 66

ch m bo c mt mc an ton no . Thc t chng minh kh nng gy tn hi cho h thng xut pht t cc ni dung th v cc tp nh km cn ln hn nhiu so vi virus hay cc loi m ph hoi khc. Chnh v th, mt s bin php lc ni dung cn c trin khai i vi mt h thng th in t. Ni chung, cc quy tc c nh ngha nhm cch ly, lm sch, ngn chn hoc xo bt k d liu no i qua my ch cn cn c vo kt qu ca qu trnh qut. Di y l mt s thnh phn tiu biu c th b chn v x l bi cc b lc: Th in t cha ni dung ng ng (V d: Active X, JavaScript), chng s c g b phn m gy nn s nghi ng trc khi chuyn n ngi s dng. Th dng bom th c th b xo Cc tp c dung lng ln c th b dng phn pht ti cc gi khng cao im (ti thi im lng d liu giao dch nhiu). Mt c im chnh na ca cc gi lc ni dung l cho php vic qut d liu c gi ra bn ngoi mng. Vic phn tch t vng c th c thc hin, nh vy s qut c cc thng ip cha t v cm t c xem l tng ng vi chc nng s dng th in t ca mt t chc hay cng ty no . Vic phn tch t vng cng c th c s dng nhm lu li cc thng tin trao i qua th in t c ni dung chng li cng ty, hoc cc th c mc ch tn cng theo kiu bom th xut pht t t chc hay cng ty . Mt khc, vic phn tch t vng cn c th c s dng qun l cc thng tin nhy cm ca mt cng ty hay t chc, khi chng c nguy c b r r theo ng th in t. 67

Trc khi thc hin gii php lc, cn phi xc nh c tnh trng hot ng hin ti ca mng v cc ng dng trn mng. Cng vic ny c th c thc hin nh cc cng c phn tch mng (Sniffer); phn tch router, bc tng la v cc tp nht k ca my ch. Ngoi ra thng tin v tnh trng hot ng ca mng c th nhn c t chnh nhng ngi qun l mng . Bn cnh cng cn phn tch chnh sch an ton hin ti c thit lp h thng (hoc mt chnh sch an ton c phc tho trc nhng cha c thc thi). Vic xc nh mt cch r rng cc chnh sch an ton l mt yu t rt quan trng trong vic chuyn cc mc tiu an ton ca mt t chc hay cng ty thnh cc quy tc lc. Mt vn cng cn c quan tm v vic thit lp cc thuc tnh lc phi c thc hin mt cch chnh xc, nu khng s dn n tnh trng cc ni dung cn lc li khng c lc, trong khi cc thng tin hon ton hp l li b chn bi cc b lc. Hin ti c nhiu ng dng lc ni dung khc nhau c th h tr cho hu ht cc h thng truyn thng ip th in t. Mt b lc ni dung c xem l hiu qu nht l b lc c th lc c tt c cc th i v n mt mng ca mt cng ty hay t chc no . Nhiu sn phm mi kt hp c cc chc nng nh lc ni dung, qut vi rt v hn ch kiu tp c php gi qua th in t. Vic kt hp cc tnh nng trn trong cng mt sn phm s gip gim nh vic qun tr c ch an ton ca mt mng. 3.2.3. Cc vn lin quan n lc ni dung Mc d vic lc ni dung th in t rt quan trng i vi c ch an ton mng ca cc t chc, tuy nhin cc qui tc php l cn c a ra trc khi thc hin cc qui tc lc. Bn cnh vic thc hin lc ni dung trn mng thc t cn c nhng vn bn php l i km xc nh r rng c ch an 68

ton cho t chc. Chnh sch s dng an ton th in t nn c in thnh vn bn mt cch r rng, th in t s b theo di, qun l v s c nhng ch ti tng ng i vi nhng th in t c th lm phng hi n li ch ca t chc. Vn bn qui nh cc chnh sch an ton trn cn c ngi thc thi hiu v thc hin theo. Mc d chnh sch an ton chung c th c thc hin nhng vn bo m cho nhng thng tin c nhn ca mi i tng trong t chc cng cn c quan tm. V d, trong mt s trng hp mi c nhn c quyn gi b mt v thng tin trong cc th in t ring ca mnh. Vy c ch an ton chung ca cng ty phi chu trch nhim v vic c th r r cc thng tin trn. Nu khng c chnh sch c th cho vn ny, rt d dn n s tranh chp rt kh gii quyt. Tng t nh vy, trong mt s tnh hung, cc thng ip th in t c xem nh c gi tr php l tng ng nh cc chng t vn bn vit tay khi chng c k ch k s. iu ny c ngha l cc thng ip th in t (bao hm c th in t c nhn) cn c lu tr v bo qun theo ng qui tc qun l cc vn bn php l khc. Nh vy, mi i tng thuc t chc, cng ty cn c nhn thc r rng v chnh sch an ton. C th hn chnh sch an ton phi c chuyn ti tn tay i tng ngi s dng trong cng ty. Hn na, n cn c xem nh mt yu cu trong hp ng lao ng hoc mt iu kin lm vic c quy nh trong hp ng i vi ngi s dng. Cc vn c lin quan nh c s php l, quyn c nhn, quyn ca ngi qun tr, ... cn c xem xt mt cch k lng trc khi xy dng chnh sch an ton. chc chn mt iu rng chnh sch an ton c cc chuyn gia xem xt k nhm m bo tnh chnh xc v mt php l v khng vi phm quyn ca ngi lao ng. Bn cnh , 69

cng cn c s phn hoch r rng cc i tng v chc nng ca h trong cng ty c th t ra cc an ton cho ph hp. Vic hn ch s dng ngun ti nguyn trn Internet s gip cho vic thc hin chnh sch an ton mt cch trit , tuy nhin vi xu th hin ny yu cu trn l khng hp l. y l ni cc cng c lc ni dung th c th pht huy vai tr ca mnh. 3.3. Ngn nga vic gi th hng lot Ngy nay lun c cc i tng mun khai thc cc phng tin truyn thng cng khai ho cc tng hoc sn phm ca h. Trong , th in t khng phi l trng hp ngoi l. Thut ng chung nht dng cho cc thng ip kiu ny l th in t thng mi t nguyn (UCE Unsolicited Comercial Email) hoc Spam. Hu ht ngi s dng th in t u t nht mt ln nhn c cc th in t khng mong mun trn. khc phc hin tng trn cc nh qun tr c th buc phi qun l lu lng th i qua server. Li ch trong vic thc hin kim sot UCE l gim dung lng hp th t gim cc yu cu v khng gian lu tr trn cc my ch th. kim sot cc thng ip UCE, cc nh qun tr cn phi gii quyt hai vn chnh: m bo rng cc UCE khng c gi t cc my ch th m h qun l. Thc hin vic kim sot cc thng ip th in t n, y cng chnh ni dung chnh ca mc ny. V Internet khng c c quan no c thm quyn kim sot chung, nn cc nh qun tr cc my ch th thit lp ra cc danh sch gm cc my ch th thng c s dng gi cc th in t kiu spam. Cc danh sch ny c cc nh qun tr xem l cc danh sch en mang tnh m 70

(ORBs - Open Relay Blacklists). Nhiu ng dng my ch th ph bin hin nay c tnh nng t chi khng nhn cc thng ip xut pht t cc ORBs no . Cc danh sch trn c cp nht thng xuyn; do , my ch c thit lp cu hnh t chi khng nhn th in t xut pht t cc my ch c trong danh sch en s lm gim i s phin toi m spam c th gy ra cho ngi s dng. Di y l trch dn phn ni dung ca tp cu hnh Sendmail nhm qun l cc ORB. ..... Feature ('dnsbl', relays.mailabuse.org') Feature ('dnsbl','input.orbs.org' ..... Bn cnh , phn ln cc my ch th c th c cu hnh t chi vic nhn cc thng ip in t c gi n t mt tp tn min xc nh no . Di y l phn trch dn t mt tp cu hnh truy nhp ca sendmail c chc nng kim sot UCE thng qua vic cho php hoc t chi cc thng ip th in t c chuyn tip t mt tp tn min no . local.com Relay # cho php r le t local.com Spammers.net Reject # ngn cc th t spammers.net (127.0.0.1) OK# bo v th t my ch ring ny 10. Reject # ngn cc th t min IP ny 3.4. Chuyn tip th c xc nhn Nh c cp n trong phn trc, vic thit lp cu hnh xc thc cc th chuyn tip s lm gim kh nng gi th hng lot qua mt my ch th. Mt li ch na trong vic 71

xc thc cc th chuyn tip l lm tng kh nng an ton v tnh kh dng ca h thng. Hin c hai phng php c h tr vic qun l cc th chuyn tip. Phng php th nht l kim sot cc mng con hoc tn min m t cc thng ip th in t c gi i. Phng php ny rt hiu qu trong trng hp h thng th in t c thit lp trong mt di a ch cho trc. Tuy nhin, nu trong h thng c nhng ngi dng t xa vi cc di a ch khc nhau th vic p dng phng php ny s khng mang li hiu qu. gii quyt vn ngi s dng t xa, cn c mt cu hnh mnh hn. Phng php th hai l yu cu ngi s dng t xc nhn h trc khi h mun mt thng ip no . Phng php ny c gi l chuyn tip th c xc nhn hoc SMTP AUTH, l mt m rng ca giao thc SMTP nhm h tr vic xc thc ngi s dng. Nhng rt tic rng, cu hnh mc nh ca hu ht cc my ch th l khng thc thi vic xc nhn chuyn tip. Do , ngi qun tr my ch th phi t thit lp cu hnh chc nng ny. Xc nhn chuyn tip l mt trong cc tnh nng c s dng t nht nhng tc dng trong vic nng cao an ton cho cc my ch th l rt ln. 3.5. Truy nhp an ton Trong chng 1 chng ta cp n cc giao thc truyn th v truy nhp hp th khc nhau. Ging nh nhiu giao thc Internet khc, hu ht cc giao thc trn cha c tch hp sn cc chc nng m ho v xc thc. Vic cha c tch hp cc tnh nng bo mt v xc thc c th dn n ba vn ngi s dng c th gp phi. Th nht, i vi ngi s dng gi cc thng ip th in t, ni dung ca chng c th b chn bt v c bt hp php trn ng

72

truyn, thm ch cc ni dung c th b gi mo hoc thay i. Th hai, ngi nhn khng th kim tra xut x cng nh tnh ton vn ca cc thng ip th in t. Th ba, nu khng s dng c ch thng tin xc thc s dng mt ln th khi mt ngi dng truy nhp vo hp th ca mnh mi thng tin c s dng ng nhp c gi di dng r trn mng, nh vy cc i tng tn cng c th nghe ln v s dng li. Hin nay, cu hnh mc nh cho hu ht cc phn mm th in t khch c thit lp ch gi mt khu r to iu kin chn bt cho cc my tnh khc trong bn thn mng cc b ca ngi dng hoc bt k mt my no c chc nng chuyn mt khu n my ch th in t c th. Vn cui cng c th c gii quyt thng qua vic p dng phng php thng c s dng bo v dch v Web - s dng giao thc bo mt tng vn ti (TLS Transport Layer Security). TLS c thit k da trn giao thc bo mt tng socket phin bn 3 (SSLv3 - Secure Socket Layer version 3). Chng ta c th s dng TLS kt hp vi cc giao thc POP, IMAP, v SMTP bo mt cho d liu giao dch gia cc my khch th in t v my ch th in t. Di y l mt v d trong tp cu hnh ca Sendmail, thit lp vic s dng giao thc TLS:

. define ('CERT_DIR','MAIL_SETTING_DIR''certs')dnl define('confCACERT_PATH','CERT_DIR')dnl define('confCACERT','CERT_DIR/CAcert.pem')dnl define('confSERVER_CERT','CERT_DIR/mycert.pem')d nl define('confSERVER_KEY','CERT_DIR/mykey.pem')dnl define('confCLIENT_CERT','CERT_DIR/cert.pem')dnl define('confCLIENT_KEY','CERT_DIR/mykey.pem')dnl 73 .

3.6. Truy nhp th thng qua Web Ngy cng c nhiu t chc cung cp trnh duyt web c th truy nhp vo h thng thng ip th tn in t. Kh nng truy nhp th in t thng qua giao din Web cho php chng ta thc hin c ch an ton cho c pha client v pha my ch. Lnh vc bo m an ton cho cc trang Web nm ngoi phm vi ca gio trnh ny. Tuy nhin khi s dng giao din Web truy nhp n h thng th tn in t, chng ta cn ch : Khng nn ci t c phn mm Web server v phn mm mail server trn cng mt my ch. Cn thit lp c ch bo mt giao dch Web s dng giao thc SSL/TLS. 3.7. Bng lit k cc danh mc thc hin ng dng my ch th tn Ci t phn mm mail server trn my ch Ci t ti thiu cc dch v Internet cn thit p dng cc bin php lp l hng v cp nht h thng nhm chng li cc im yu Loi b hoc lm mt tc dng tt c cc dch v c ci t nhng khng cn thit Loi b tt c cc ti liu ra khi my ch p dng cc c ch an ton mu trn my ch Thit lp li cu hnh cc dch v SMTP, POP 74 Cng vic

v IMAP (v cc dch v khc nu cn thit) Lm mt tc dng cc lnh mail khng cn thit hoc nguy him (nh VRFY, EXPN) Thit lp cu hnh h thng v iu khin truy nhp mail server Gii hn kh nng truy nhp ca ng dng my ch th n cc ngun ti nguyn khc ca my ch Gii hn kh nng truy nhp t ngi dng thng qua c ch iu khin truy nhp b sung ca my ch th. Thit lp cu hnh ng dng my ch th hot ng nh mt ngi dng hoc mt nhm c nh danh ring v duy nht vi cc iu khin truy nhp nht nh m bo rng phn mm my ch th khng c chy vi vai tr l root hay ngi qun tr Thit lp cu hnh h thng phn mm my ch th c th ghi cc tp nht k nhng khng th c chng Thit lp cu hnh h thng cc tp tm thi c to bi phn mm my ch th c lu trn cc th mc c bo v Thit lp cu hnh h thng ngn cm vic cc tin trnh my ch th truy nhp n cc tp tm. m bo rng phn mm my ch th khng th lu cc tp ngoi th mc c ch ra Thit lp cu hnh phn mm my ch th chy trong ch chroot jail khi s dng mi trng Unix hoc Linux 75

Ci t cc hp th ngi dng trn mt a cng hoc mt phn vng logic ring (khng cng trn phn vng vi h iu hnh v phn mm my ch th) Gii hn dung lng ca cc tp nh km trong mt th in t m bo rng cc tp nht k s c lu trn vng b nh c dung lng ph hp Ni dung v tp nh km gy tn hi Ci t b qut vius trung tm (trn gateway, firewall hoc trn chnh my ch th) Ci t trnh qut virus cho tt c cc my trm th Cp nht c s d liu virus cho cc b qut virus theo nh k hoc khi xut hin virus mi Khuyn co ngi s dng v mc nguy him ca virus v phng php lm gim s nguy him ca chng Thng bo n ngi dng nu h thng c vn Thit lp cu hnh b lc ni dung ngn cc thng ip nghi ng Thit lp cu hnh b lc ni dung ngn cc thng ip UCE Thit lp cu hnh phn tch t vng nu cn thit To chnh sch lc ni dung Thit lp cu hnh my ch t chi cc thng ip chuyn tip t cc a ch trong danh sch en Thit lp cu hnh my ch t chi cc thng 76

ip chuyn tip t tn min c ch ra Thit lp cu hnh xc nhn chuyn tip Thit lp cu hnh s dng xc thc c m ho Thit lp cu hnh my ch th h tr kh nng truy nhp qua Web ch khi s dng SSL/TLS. Cu hi n tp chng III 1. Cc m hnh c p dng cho vic qut virus bo v h thng th in t, vic qut virus hiu qu chng ta cn s dng cc m hnh trn nh th no? 2. u nhc im ca vic ci t trnh qut virus trn bc tng la. 3. u nhc im ca vic ci t trnh qut virus trn chnh my ch th. 4. u nhc im ca vic ci t trnh qut virus trn cc my trm th. 5. Li ch ca vic lc ni dung th, xc nhn chuyn tip th.

77

Chng 4 an ton th trn my trm


Hng ngy c hng trm, nghn mail client truy nhp n cc my ch th. Bi vy d c ch an ton c thit lp cho cc my ch th c cao n u th vic m bo an ton bn pha client cng l mt vn rt quan trng i vi s an ton chung ca h thng. Trn nhiu kha cnh, ri ro i vi pha client l ln hn i vi my ch th. Nhiu xut c a ra nhm xem xt v gii quyt cc mc an ton c th cho cc phn mm th my trm. Vic xc nh r c ch an ton cho cc phn mm th my trm c th khng c cp y, m chng ta ch gii thiu nhng g chung nht c th p dng cho hu ht cc phn mm th my trm. 4.1. Ci t, thit lp cu hnh, s dng cc ng dng trm an ton 4.1.1. Lp l hng v cp nht phn mm trm Bc quan trng nht trong vic thit lp c ch an ton cc phn mm th in t my trm l m bo rng tt c ngi s dng ang c s dng phin bn mi nht, c an ton cao nht ca phn mm th my trm vi vic p dng tt c cng ngh lp l hng cn thit. nh danh cc im yu ca phn mm th my trm c th no chng ta c th tham kho t trang Web http://icat.nist.gov, ca vin tiu chun cng ngh (NIST) quc gia M. Di y l danh sch cc trang Web cung cp cc cng c lp l hng cho tng loi phn mm th my trm: Edura: http://www.edura.com/ Lotus Notes: http://www.lotus.com/home.nsf/welcome/downloads 78

Microsoft Outlook:http://www.microsoft.com/office/outlook/default .htm Microsoft Express:http://windowsupdate.microsoft.com/ Netscape:http://home.netscape.com/smartupdate/ Vic cp nht cho Outlook l kh phc tp hn bi v y l mt phn mm th in t my trm hot ng trong s lin kt vi trnh duyt Microsoft Internet Explorer. Cc cu hnh c thit lp v im yu ca Internet Explorer c th c s nh hng ti s an ton ca Outlook; do vy, bn cnh vic cp nht cho Outlook chng ta cng cn thc hin vic cp nht cho c Internet Explorer. Nu vic chy mt phin bn an ton ca mt phn mm th in t my trm khng thnh cng s gim tnh hiu qu ca cc bin php thit lp c ch an ton s c bn trong cc mc tip theo. 4.1.2. Trm th an ton Ni chung cc cng ty khi xy dng phn mm th in t cho my trm thng tch hp sn cc tnh nng an ton, v cc tnh nng ny c kh nng thc thi cao trn thc t. Nhng nu ch dng li mc s dng cu hnh mc nh ca cc phn mm th in t my trm ngi s dng s cha li dng ht c cc c ch an ton vn c ca chng. Ni chung vi mi phn mm th in t my trm chng ta cn thc hin cu hnh mt s tnh nng sau: V hiu ho kh nng m th t ng V hiu ha vic m t ng th tip theo V hiu ho vic x l th c ni dung tch cc. iu ny s xut hin nhng rc ri i vi cc phn mm th 79 Outlook

in t hot ng trong mi lin h vi trnh duyt, v khi v hiu ho tnh nng ny s nh hng n chc nng ca trnh duyt trong vic hin th cc trang Web. Trong nhng trng hp nh vy, vic la chn chc nng no s b v hiu ho, chc nng no khng phi c thc hin mt cch ht sc cn thn. Mt cng vic khc l cn xc nh nhng vng an ton ring bit cho phn mm th in t v trnh duyt. Nh vy s cho php trnh duyt b c t chc nng b cm hn so vi cc phn mm th my trm. Thit lp " vng an ton" cho Outlook: V hiu ho kh nng ti cc ActiveX khng c k V hiu ho cc quyn Java V hiu ho cc script tch cc V hiu ho cc script ca Java Applet Lu rng vic thit lp trn l dnh cho Outlook trnh duyt Internet Explorer 5.5. Nhng phin bn khc ca ng dng trn cng c cc bc thit lp cu hnh tng t. Ngoi ra, vic thc hin cc thao tc cu hnh trn s c tc dng i vi c Outlook v trnh duyt Internet Explorer. Thit lp cu hnh cho Eudora: V hiu ho vic "Cho php thc thi trong ni dung HTML" V hiu ho Microsoft viewer V hiu ho MAPI. Thit lp cu hnh Netscape: Khng la chn "Enable Java"

80

Khng la chn "Enable JavaScript for Mail and News" Khng la chn "Send email address as anonymous FTP Password" Loi b "Microsoft ActiveX Portability Container for Netscape" nh cc plug-in h tr ActiveX khc. 4.1.3. Xc thc v truy nhp Trc y mi ng dng th in t my trm khng yu cu xc thc ngi s dng bi v quyn truy nhp n cc hp th c da trn quyn ca h iu hnh trong vic qun l h thng tp v quyn ca ngi s dng i vi tp mailbox. Vi pht trin sau ny cc MUAs c cung cp chc nng truy cp nhng hp th t xa thng qua cc giao thc POP v IMAP, vic xc thc ngi s dng tr thnh mt yu cu khng th thiu. Vic xc thc ngi s dng c thc hin thng qua vic h nhp cc thng tin v tn ngi s dng v mt khu truy nhp n hp th. to kh nng thn thin hn vi ngi dng cc thng tin c s dng truy nhp n my ch th c lu trong mt tp cu hnh. Bn cnh tnh tin dng m gii php ny em li cho ngi s dng, th y cng l mt im yu i vi phn mm th in t my trm. Cc thng tin trn tp cu hnh c th b nh cp bi cc i tng xm phm nhm truy nhp n hp th ca ngi s dng khai thc thng tin mt cch bt hp php. tng kh nng an ton ca cc tin ch th in t my trm, chng ta cn v hiu ho chc nng t ng nhp thng tin truy nhp ca ngi s dng thng qua tp cu hnh. Nu khng th v hiu ho chc nng ny th tp cu hnh phi c lu mt cch an ton (chn ni lu v c cc 81

bin php bo v). Nhiu h iu hnh cung cp mt s mc an ton trong vic phn quyn v qun l truy nhp c th s dng bo v tp cu hnh. ng tic l mt s h iu hnh ph thng nh Window95/98/ME li khng h tr kh nng ny. i vi cc h iu hnh h tr kh nng trn cn m bo rng tp cu hnh phi c thit lp thuc tnh ch c truy nhp bi ch th to nn n. Ngoi ra cng cn m bo rng tp cu hnh phi c t trong th mc c qun l bi ch s hu. Trong trng hp h iu hnh khng h tr kh nng phn quyn v qun l truy nhp i vi cc tp tin, th gii php tt nht l loi b mt khu ra khi tp cu hnh hoc s dng vic m ho bo v tp cu hnh. C nhiu ng dng khc c th c s dng thit lp vic truyn thng my trm v my ch th tn in t. Vi cu hnh mc nh ca cc giao thc SMTP, POP hay IMAP, th chc nng m ho cha c. iu ny s gip cho i tng xm phm bt hp php c th ngn chn, khai thc hay bin i cc thng tin nh mt khu, tn ngi s dng thm ch c ni dung ca th. Gii php khc phc im yu trn l s dng cc giao thc bo mt nh TLS/SSL m ho d liu trong qu trnh truyn thng gia my ch v my trm th. Hin nay nhiu phn mm th in t my trm h tr kh nng s dng cc giao thc trn. 4.1.4. An ton i vi h thng x l ca my trm Nhiu h iu hnh hin nay h tr kh nng thit lp cu hnh v cc bin php nhm nng cao an ton cho my trm th mt cch trc tip hoc gin tip. H iu hnh l mt thnh phn quan trng trong s an ton chung ca ca mt my trm th. H iu hnh trn cc my trm th cn c:

82

Cp nht cc gii php lp l hng c an ton cao nht. Thit lp cu hnh cho php truy nhp n cc thng ip c lu tr ni b v cc tp cu hnh ca my trm th i vi mt hoc mt s ngi dng nht nh no . Thit lp cu hnh (ch i vi nhng my dng h iu hnh Windows) Windows Script Host (WSH): Loi b WSH hoc ch cho php ngi qun tr truy nhp. Thay i vic thc thi mc nh ca cc tp c phn m rng c lit k di y trong qu trnh thc hin son tho WSC (Windows Script Component) WSH (Windows Script Host Settings File) WS (Windows Script) WSF (Windows Script File) VBS (Visual Basic Script) VBE (VBScript Encoded File) JS (JavaScript) JSE (JavaScript Encoded File) Trn cc my trm th s dng h iu hnh Windows, cn m bo rng chng c thit lp cu hnh hin th y phn m rng ca cc tp (nh vy s m bo cho ngi s dng c th phn bit c mt cch r rng hn cc tp c gi nh km, v d nh iloveyou.txt.vbs hay iloveyou.txt)

83

Ci t trnh qut virus v thit lp cu hnh tin ch ny c th qut mt cch t ng tt c nhng thng ip th in t n v cc tp nh km khi chng c m ra. m bo rng h iu hnh ch cho php cc ng dng khc chy trn n cc c quyn mc ti thiu nht, bi v tt c cc m ph hoi u chy trn nn an ton c thit lp ca mi trng m n chy trn . m bo rng cc thnh phn quan trng ca h iu hnh c bo v khi cc loi m ph hoi. S dng ng dng m ho tp bo v th c lu tr trn a cng ca ngi s dng (iu ny c bit quan trng cho nhng my tnh xch tay, d liu rt d b nh cp). Thit lp cu hnh h iu hnh t ng kho my sau mt thi gian khng hot ng no . 4.2. An ton cho cc thnh phn cu thnh ni dung th Cng ging nh Internet, th tn ang ngy cng c s dng nhiu cho cc lnh vc thng mi cng nh trong vic trao i cc thng tin nhy cm khc. Vic m ho s c s dng gi thng ip th in t mt cch an ton. Hai phng php c bn p dng cho vic m ho th tn l S/MIME v PGP. C hai phng php ny u a ra cc mc bo v tng t nhau, nhng cu trc ca chng l khc nhau. Hu ht cc phn mm th in t my trm u h tr S/MIME, trong khi PGP c ng dng di dng cc thnh phn plug-in. Vic la chn phng php no trong hai phng php trn cn cn c vo vic p ng cc yu cu ca t chc hay cng ty mun p dng c ch an ton ny. Ni chung, th in t

84

nu khng c m ho s c coi nh l mt ci bu thip - bt c ai cng c th c v sa i. i vi mt phn mm th in t my trm khi c thit lp cu hnh gi v nhn nhng thng ip c m ho, tt c nhng thng ip nhn s c lu tr di dng c m ho. Mt phn mm th in t my khch th tn cng c th c thit lp cu hnh gi, nhn cc thng ip th in t khng c m ho, p dng cho nhng ni ch quan tm n tnh ton vn l ch yu. Cn c vo tnh nhy cm ca ni dung thng ip th in t m ngi s dng c th thit lp cu hnh mi ln c th in t ngi c cn nhp mt khu. 4.3. Truy nhp cc h thng th tn in t da trn Web Theo quan im ca ngi s dng, vic truy nhp n my ch th in t thng qua vic s dng mt my ch Web s em n s hiu qu v giao din s dng thn thin hn. Tuy nhin, vn an ton cho h thng th cn c xem xt mt cch cn thn trc khi a ra quyt nh s dng giao din Web thc hin giao dch th in t. Hu ht cc vn lin quan n c ch an ton trong trng hp ny cng tng t nh i vi cc phn mm th in t thng thng. V d, vic truy nhp th in t da trn Web vi cu hnh mc nh vic gi mt khu v d liu khc cng dng r nh khi s dng POP v IMAP. i vi ni c yu cu an ton cao, ngi qun tr cn thit lp cu hnh my ch th ch chp nhn cc kt ni Web thng qua cc giao thc bo mt SSL/TLS h tr thut ton m ho 128-bit. Vi vic s dng cc giao thc trn mi d liu (thng tin ng nhp, ni dung th in t) s c m ho trong cc giao dch gia my ch Web (s dng cho th) v cc my trm ngi s

85

dng chy trnh duyt. Ch rng d liu ch c bo mt trong giao dch, cn d liu th in t lu trn cc my ch v my trm l khng c bo mt. Trong trng hp ny, chng ta c th s dng cc phng php m ho th in t nh S/MINE hoc PGP. Tuy nhin cc h thng truyn th da trn Web khng h tr trc tip vic s dng phng php trn. Mt gii php c th thc hin c l m ho d liu mt cch offline sau dn n vo trong trnh duyt truyn (phng php ny c th d dng thc hin vi PGP). Kh nng truy nhp da trn giao din Web thng c p dng cho cc h thng c yu cu bo mt thp. Do khi mun s dng giao dch Web cho mt h thng th no cc nh hoch nh cn nhn thc y v nhng ri ro cho h thng Ri ro ln ca cc h thng th in t da trn Web l chng c th c truy nhp t cc my tnh cng cng (c th l t cc my tnh trong phng th nghim, trong th vin, hoc ngay trong cc qun caffe Internet). Trong cc tnh hung ny, trnh duyt c th c thit lp cu hnh nh tn ngi s dng v mt khu. Nu ngi s dng khng ch n cu hnh trn, ngi s dng khng c cp quyn cng c th s dng chnh my tnh truy nhp vo h thng th in t ca mt cng ty hay t chc no . Mt nguy him khc, i vi cc my tnh cng cng c th b ghi nht k bn phm, thao tc g bn phm ca ngi dng khi lm vic mt h thng th s c ghi li, trong c c thng tin v tn ngi s dng v mt khu ng nhp. D liu ny c th s c khai thc nhm tn cng h thng th hoc n cp thng tin ca ngi dng. Cc trnh duyt Web cng lu li mt s thng tin trong qu trnh ngi s dng thao tc dng cc tp tm, cc thng tin ny ch tn ti mt giai on nht nh. Nhng sau mi phin lm 86

vic nu ngi s dng khng xo chng i trc khi ng trnh duyt, th k xu c th s dng chnh cc thng tin ng nhp vo h thng th vi vai tr ca ngi s dng. Vic dng cc giao thc SSL/TLS ni chung c th khc phc c cc mi nguy him trn. S an ton ca cc h thng th in t da trn Web b nh hng rt ln t yu t con ngi trong qu trnh s dng. Do , mi ngi s dng trong h thng cn c o to mt cch cn thn, v h phi hiu r vai tr ca mnh i vi s an ton chung, trc khi c trao quyn truy nhp h thng. 4.4. Bng lit k danh mc thc hin Lp l hng v cp nht cc phn mm th my trm Nng cp phn mm th in t vi phin bn c an ton cao nht p dng cc bin php lp l hng cn thit cho cc phn mm th my trm p dng cc bin php lp l hng cn thit cho trnh duyt Web (trong trng hp phn mm th c tnh hp trong trnh duyt) An ton my trm V hiu ho vic t ng hin th ni dung th V hiu ho vic t ng m th tip theo V hiu ho vic x l cc ni dung th tch cc Thit lp an ton cho vic xc thc v truy 87 Thao tc cn thc hin

nhp V hiu ho lu li tn ngi s dng v mt khu ca cc my trm Thit lp cu hnh s dng phng php m ho (SMIME hoc PGP) Thit lp cu hnh my trm ch nhn v lu th c m ho Ch thit lp v ci t cc plug-in cn thit v c ngun gc r rng Thit lp cu hnh truy nhp h thng th da trn Web thng qua giao thc bo mt SS/TLS o to ngi s dng h nhn thc c nhng im yu khi s dng giao din Web truy nhp th Cc cu hnh cho Microsoft Outlook V hiu ho vic ti cc ActiveX c k V hiu ho vic ti cc ActiveX khng c k V hiu ho vic phn quyn ca Java V hiu ho cc Script tch cc V hiu ho cc Script ca Java Applet Cu hnh cho Eudora V hiu ho Allow executables in HTML content V hiu ho Microsoft viewer V hiu ho MAPI Cu hnh Netscape Khng chn mc Enable Java Khng chn mc Enable JavaScript for Mail and News Khng chn Send email address as 88

anonymous FTP Password Loi b Microsoft ActiveX Portability Container for Netscape An ton h iu hnh my trm Bo m rng h iu hnh c cp nht hu ht cc phng php lp l hng Thit lp cu hnh h iu hnh cho php mt hoc mt s cc user c th no c th truy nhp n cc thng ip v cc tp cu hnh. Loi b Windows Script Host (WSH) Cu hnh h iu hnh hin th y phn m rng ca cc tp m bo rng cc thnh phn quan trng khc ca h iu hnh c bo v trc cc m ph hoi S dng phng php m ho bo v th in t lu trn cng ca my tnh ngi s dng Thit lp cu hnh my trm t ng kho sau mt thi gian khng hot ng Cu hi n tp chng IV: 1. a ch cung cp cc im yu v cng c lp l hng cho mt s phn mm th in t my trm thng dng? Hy trnh by cc tnh nng cn c thit lp cu hnh cho mt phn mm th in t my trm ni chung. 2. Cc tnh nng cn c thit lp cu hnh cho cc phn mm th my trm: Outlook, Eudora, Netscape. 3. Ti sao li phi thc hin vic xc thc truy nhp, xc thc truy nhp mt cch t ng (thng qua tp cu hnh) c nhng im yu no? Phng n khc phc. 89

4. h thng th tn in t an ton, h iu hnh trn cc my trm cn c lm g?

90

Chng 5 qun tr an ton mt my ch th


5.1. Hoch nh qun tr an ton cc my ch th Cng vic quan trng nht khi trin khai mt my ch th in t an ton l vic lp k hoch mt cch cn thn trc khi i vo qui trnh ci t, thit lp cu hnh v trin khai my ch th . Mt k hoch c lp cn thn s m bo cho my ch th t c mc an ton cao nht v n c th hot ng trong mi lin h vi cc chnh sch an ton chung. Trn thc t xut hin nhiu vn lin quan n s an ton v qu trnh thc thi thc t ca mt my ch th do thiu s hoch nh cho cc thao tc qun tr. 5.1.1. Hoch nh vic ci t v trin khai my ch th S an ton cn c xem xt ngay t giai on lp k hoch cho vic xy dng v pht trin cc h thng nhm mc ch nng cao an ton ng thi gim gi thnh n mc c th trong vic trin khai thc hin. S rt kh khn v phi tr gi t nu ch t vn an ton khi bt tay vo vic trin khai v ci t tht. Cc t chc thng a ra nhng quyt nh v vic thit lp cu hnh cho cc my khi c k hoch trin khai, s dng, v pht trin c thit k hon chnh, chi tit. Khi c mt hoch nh tt s gip cho cc t chc a ra quyt nh cn i gia cc yu t nh tnh tin dng, kh nng thc thi, v cc ri ro c th phi chp nhn. Trong cc giai on lp k hoch i vi mt my ch th cc yu t di y cn c xem xt: Xc nh cc mc ch ca my ch th tn

91

Loi thng tin no s c x l hoc truyn qua my ch th. Yu cu v mc an ton cho thng tin trn. Cc dch v no khc s c my ch th h tr (ni chung nn s dng my ch cho mt mc ch lm my ch th l bo m nht) Cc yu cu v an ton cho cc dch v b sung trn. V tr ca my ch trong m hnh chung ca mng nh danh cc dch v mng s c my ch h tr, cung cp qua cc giao thc sau y: SMTP POP IMAP nh danh tt c cc phn mm dch v (c th l cc phn mm dng client hoc dng server) c ci t trn my ch th hoc cc my ch h tr cho my ch th. nh danh ngi s dng hay phn loi ngi s dng s phi c trn my ch th v bt k my ch h tr no khc. Xc nh cc quyn cho mi loi ngi s dng s phi c trn my ch th v cc my ch h tr. Quyt nh phng php xc thc ngi s dng v phng php bo v cc thng tin s dng xc thc Xc nh cch thc truy nhp thch hp cho cc ngun ti nguyn thng tin cho php

92

Xc nh ng dng th in t my ch no s p ng cc yu cu cn xy dng h thng. Nn n cc phn mm my ch th mc d t c bit n, v c th khng phong ph v cc chc nng nhng li c th cung cp mc an ton cao hn. Ni chung la chn mt phn mm th my ch, di y l mt s vn cn xem xt: Gi c Kh nng tng thch vi h tng c s hin ti Kin thc hin ti ca ngi s dng Quan h vi phn mm hin ang s dng (nu c) Cc l hng trong qu kh Cc chc nng c h tr Hp tc cht ch vi nh phn phi phn mm trong giai k hoch S la chn phn mm my ch th s xc nh s la chn h iu hnh. Tuy nhin, trong kh nng c th, nhng ngi qun tr mail server phi chn mt h iu hnh h tr cc tnh nng di y: Tip xc ti thiu vi cc mi trng c th gy tn thng Kh nng cm vic thc thi cc tc v mc qun tr (hay root) i vi cc user c u quyn Kh nng t chi vic truy nhp thng tin trn my ch Kh nng v hiu ho cc dch v mng khng cn thit c sn trong h iu hnh hoc cc phn mm server 93 on lp

Kh nng ghi nht k cc hot ng my ch thch hp cho vic d tm s xm nhp bt hp php Ngoi ra, cc t chc phi xem xt kh nng sn c ca nhn vin giu kinh nghim c o to qun tr my ch v cc ng dng khc trn my ch. Nhiu t chc rt ra c nhng bi hc kinh nghim qu gi t vic nh gi sai kh nng qun tr h thng ca nhn vin, mt nhn vin c th l chuyn gia qun tr trn mt mi trng h iu hnh ny, nhng li rt t kin thc i vi mi trng h iu hnh khc. Nh mt yu cu t nhin, v tr vt l ca my ch th l mt vn rt quan trng cho vic nng cao an ton cho h thng. Khi xc nh v tr t my ch th trong mt mi trng mng chung, cn xem xt nhng vn c lin quan di y: V tr t my ch th c to c ch bo v an ton vt l thch hp khng? V d: Cc kho Truy nhp b c th Cng bo v Cc h thng pht hin xm nhp vt l (v d, cm bin chuyn ng, my quay phim) V tr t my ch th c iu kin mi trng ph hp hay khng? c th duy tr m v nhit cn thit cn thit khng?. C ngun d tr khng? 5.1.2. Cc i tng qun tr c ch an ton V s an ton ca my ch th gn cht vi c im an ninh h thng thng tin chung ca t chc, do vy cc 94

nhn vin cng ngh thng tin v an ton h thng cn quan tm n vic lp k hoch, thc thi v qun tr my ch th. Phn ny s gii thiu vai tr v trch nhim ca h i vi s an ton ca my ch th. Tt nhin y ch l cc vai tr v trch nhim chung, c th t chc, cng ty ny c th p dng nhng mt t chc hay cng ty khc th khng. Cc nh qun l thng tin cao cp Cc nh qun l IT cao cp/CIO phi lun nm c tnh trng an ton h thng chung. Cc nh qun l IT cao cp phi ch o v t vn vic bo v h thng thng tin cho cc i tng khc trong ton b t chc. Cc nh qun l IT cao cp/CIO chu cc trch nhim di y khi trong vic qun l my ch th: Kt hp s pht trin v duy tr cc chnh sch an ton thng tin, cc tiu chun thng tin, ... ca t chc Kt hp s pht trin v duy tr vic thay i quy trnh qun l v qun tr trong t chc. m bo vic nht qun trong chnh sch an ton chung ca t chc. Phi hp vi cc i tng mc cao hn nhm a ra cc qui nh chung trong vic s dng th in t. Cc nh qun l chng trnh an ton h thng thng tin Cc i tng qun l chng trnh an ninh h thng thng tin (ISSM) gim st vic thc hin, tun th, cc tiu chun, ni quy, quy nh trong chnh sch an ton ca t chc. Cc ISSM cn thc thi cc trch nhim di y (lin quan n my ch th):

95

Tip tc pht trin v thc thi cc tiu chun (chnh sch an ninh) Tun th cc chnh sch, cc tiu chun v cc yu cu an ton Phi nh danh c cc h thng chng i, d on c cc s c bt ng, c k hoch khi phc h thng nu c ri ro xy ra. Cc nh chc trch an ton cc h thng thng tin Cc nh chc trch an ton h thng thng tin (ISSO Information System Security Officer) chu trch nhim gim st tt c cc lnh vc an ton thng tin i vi cc thc th ca mt t chc. H m bo rng thc tin an ton thng tin ca t chc tun theo cc th tc, cc chun v cc chnh sch ra. Cc ISSO chu cc trch nhim di y i vi mt my ch th: Pht trin cc tiu chun v th tc an ton ni b cho cc my ch th v h tr h tng mng. Phi hp trong vic pht trin v ci t cc cng c, lc , v cng ngh an ton. Tip tc duy tr h s cu hnh chun ca cc my ch th v h tr h tng mng c kim sot bi t chc bao gm h iu hnh, bc tng la, cc b nh tuyn v cc ng dng my ch th. Tip tc duy tr hot ng ca cc h thng thng qua vic tin hnh kim tra s an ton theo nh k. Cc nh qun tr my ch th v qun tr mng. Cc nh qun tr mail server l cc kin trc s h thng chu trch nhim ton b thit k tng th, trin khai v

96

duy tr my ch th. Cc nh qun tr mng chu trch nhim thit k tng th, trin khai v duy tr mt mng. Hng ngy, cc nh qun tr my ch th v qun tr mng phi gii quyt cc yu cu an ton ca h thng (hay cc h thng) c th m h chu trch nhim. Cc vn an ton ny sinh v cc gii php khc phc c th xut pht t bn ngoi (v d, c nh v lp l hng theo yu cu ca cc nhm x l s c my tnh) hay ngay trong t chc (v d, theo yu cu ca phng ph trch an ninh). Cc nh qun tr ny chu cc trch nhim di y i vi my ch th: Ci t v thit lp cu hnh cc h thng ph hp vi chnh sch an ton chung ca t chc v cc cu hnh mng chun. Duy tr cc h thng trong s an ton cao, thng qua vic sao lu theo theo nh k Theo di tnh nguyn vn ca h thng, cc mc bo v v cc s kin lin quan khc c lin quan n s an ton Tip tc d li bo mt trong mi i vi cc ngun ti nguyn ca h thng thng tin. Thc hin cc th nghim an ton theo yu cu. 5.1.3. Thc hnh qun tr Thc hnh vic qun tr mt cch thch hp l yu t quan trng nht cho vic hot ng v duy tr my ch th an ton. S thc hnh an ton s b sung cho vic xy dng cc chnh sch, tiu chun, th tc v ti liu hng dn nhm m bo tnh b mt, tnh ton vn v tnh sn sng ca cc ngun ti nguyn h thng thng tin.

97

bo m s an ton cho mt my ch th v c s h tng mng, cc thao tc thc hnh di y cn c thc hin: Chnh sch an ton thng tin c t chc: Chnh sch an ton s ch ra trch nhim i vi cc lnh vc c th cho tng i tng thuc t chc trong s an ton chung ca h thng (V d: i tng no chu trch nhim ci t, kim ton, ... v tng kt). Chnh an ton s quy nh nhng g thuc v chnh sch an ton h thng thng tin c bn v mc ch thc t ca chng. Ni chung, trong mt cng ty hay t chc th CIO v cc cp cao hn l nhng ngi s chu trch nhim phc tho ra chnh sch an ton cho t chc, cng ty . Qun l v kim sot vic thay i, v thit lp cu hnh: qun l vic thay i l mt qu trnh kim sot vic sa i v thit k chung, v phn cng, phn mm ca mt h thng. Kim sot vic thit lp cu hnh l qu trnh gim st vic thit lp cu hnh theo ch dn ca chnh sch an ton chung. Qun l v nh gi ri ro: nh gi ri ro l mt qu trnh phn tch v gii thch ri ro. Qu trnh ny bao gm xc nh phm vi, nh gi, thu thp, phn tch d liu lin quan n ri ro v gii thch cc kt qu phn tch ri ro. Qun l ri ro l qu trnh la chn v thc thi vic kim sot gim ri ro n mc ti thiu c th chp nhn. Cc cu hnh tiu chun ho: Cc t chc nn pht trin rng ri cc cu hnh an ton c tiu chun ho cho cc h thng v cc ng dng. y l ti liu chnh hng dn cho cc nh qun tr my ch th v 98

mng qui trnh thit lp cu hnh an ton cho h thng ca h theo chnh sch an ton chung ra. Nhn thc v s an ton v vn o to: Mt chng trnh o to v s an ton cho nhn vin l yu cu i vi bt k t chc hay cng ty no mun c mt h thng thng tin an ton. Mc ch ca kho o to l lm cho ngi s dng v c ngi qun tr nhn thc v trch nhim ca h i vi s an ton chung, hng dn h thay i nhng thi quen c th gy hi n s an ton chung. D on s c, duy tr tnh hot ng lin tc v k hoch khi phc s c: d on s c, duy tr tnh hot ng lin tc v lp k hoch khi phc s c l cc k hoch c lp trc nhm m bo cho h thng vn hot ng trong trng hp xu nht l b tn cng nh sp. 5.1.4. Hoch nh an ton h thng Mc tiu ca vic hoch nh an ton my tnh ni chung l bo v ti sn thng tin ( thng tin v cc ngun ti nguyn thng tin). Cc k hoch bo v ti sn thng tin phi lm cho cc nh qun l v ch s hu thng tin tin tng rng thng tin ca h khng b mt mt, sai lch, truy nhp khng c u quyn hoc b sa i. K hoch an ton h thng cung cp mc tng quan v c bn nht v s an ton v tnh ring t cho cc ch th, trn c s k hoch an ton ring ca tng cng ty, t chc c xy dng. Mc ch ca k hoch an ton h thng l nhm (NIST 98):

99

Cung cp ton cnh cc yu cu an ton ca h thng v m t vic thc thi p ng nhng yu cu Phc ho trch nhim v nhng ch ti c lin quan cho cc c nhn truy cp h thng. Ch s hu h thng thng c trch nhim trong vic chun b k hoch an ton, trin khai k hoch v theo di s hiu qu ca n trong qu trnh hot ng. Cc k hoch an ton cn m t chi tit trch nhim ca cc i tng (ngi s dng u cui, ch s hu thng tin, qun tr h thng, v qun tr an ton h thng) i vi h thng. Ni chung, mt k hoch an ton h thng hiu qu phi bao gm nhng ni dung di y (NIST98): S nh danh h thng: Phn u tin ca k hoch an ninh h thng cung cp thng tin nh danh c bn v h thng. Bao gm thng tin m t chung, nhng ai chu trch nhim cho h thng, mc tiu ca h thng v mc nhy cm ca h thng. iu khin qun l: Phn ny m t tiu chun nh gi s iu hnh qun l c nh hng nhm p ng cc yu cu bo v mt h thng thng tin. Qun l vn hnh: Phn ny ch ra nhng phng php an ton, tp trung ch yu vo cc lc lm c s cho vic trin khai v thc thi ca con ngi. Vic qun l trn phi c t ng ni nhm tng cng an ton cho mt h thng c th (hoc mt nhm h thng). thc hin c chng cn yu cu nhng ngi c chuyn mn k thut hoc chuyn gia. Qun l k thut: qun l k thut tp trung vo nhng qun l an ton cho h thng my tnh hot ng. Vic qun l k thut c th cung cp s bo v mt cch t 100

ng cc tn cng nh truy nhp bt hp php, truy nhp sai, to s thun tin cho vic d tm nguyn nhn mt an ton, ngoi ra n cng h tr cc yu cu an ton cho s ng dng v d liu. 5.1.5. Vn con ngi trong vic an ton cho my ch th Thch thc vi chi ph ln nht trong vic duy tr s an ton v pht trin mt my ch th l phi c mt ngun nhn lc cn thit nhm thc hin cc chc nng c yu cu. Nhiu t chc khng lng trc c mt cch y v chi ph v k nng cn thit c th duy tr c mt my ch th an ton. S khng lng trc c mt cch y trn thng dn n vic cc nhn vin phi lm vic qu sc v h thng mt an ton. Ngay t giai on ln k hoch, t chc cn xc nh c cc yu cu v ngun nhn lc. Ngun nhn lc thch hp v hiu qu l yu t quan trng nht ca mt my ch th an ton. Khi xem xt ngun nhn lc trong vic trin khai v pht trin mt my ch th, cc t chc cn cn nhc mt s vn di y: Yu cu v nhn s: Cn c nhn s trong nhng lnh vc no? V d nhn s cho vic qun tr h thng, nhn s cho vic qun l my ch th, nhn s qun tr mng, cc ISSOs, ... Cc k nng cn thit: k nng no l cn thit cho cc cng vic nh lp k hoch, pht trin, duy tr mt my ch th an ton? V d k nng trong vic qun tr h thng, k nng trong vic qun tr mng, chuyn gia trong lnh vc x l cc ni dung tch cc, k nng lp trnh, .

101

Ngun nhn lc c sn: Cn xc nh ngun nhn lc c sn ca t chc? K nng hin ti ca h mnh trong lnh vc no, liu c th s dng hiu qu cho vic pht trin duy tr my ch th hay khng? Nu trng hp ngun nhn lc v k nng hin ti ca h khng p ng c nhng yu cu t ra, t chc cn cn nhc cc gii php sau: Thu thm ngun nhn lc o to ngun nhn lc hin c Khi d n hon thnh v my ch th i vo hot ng, cn d tr c s lng cng nh k nng cn c ca ngun nhn lc cn thit trong vic duy tr, qun tr h thng. Mc e do v cc im yu ca cc h thng cng ngh thng tin ni chung v cc my ch th ni ring l lin tc c s thay i theo s pht trin ca cng ngh. Ngun nhn lc (s lng, k nng) ph hp trong thi im hin ti s khng cn ph hp trong tng lai, thm ch l mt tng lai ngn, do ngun nhn lc s dng cho vic qun tr v duy tr cc my ch th cn c b sung v o to theo nh k. 5.1.6. Cc nguyn tc c bn cho an ton h thng thng tin Khi a ra cc vn an ton cho cc my ch th chng ta khng th b qua cc nguyn tc c bn cho s an ton thng tin ni chung: S n gin: Cc lc an ton cng n gin, cng d thc hin cng tt.

102

D phng m bo an ton: Nu c s c sy ra, h thng phi c t trong trng thi mt an ton (khi c th mt s chc nng ca h thng s b cm hot ng). Chng ta c th mt mt s chc nng ca h thng nhng khng h thng mt an ton. S iu chnh: Thay v cho php truy nhp trc tip n cc ngun ti nguyn thng tin, cc b iu khin chnh sch truy nhp c trin khai. V d, c th s dng cc quyn i vi h thng file, u quyn, bc tng la, mail gateway. Thit k mang tnh m: H thng an ton khng nn ph thuc vo s b mt ca trong ci t hoc ph thuc ca n. Tch c quyn: Cng phn nh c cc chc nng cng tt. Thut ng phn tch chc nng c th c p dng cho c cc h thng v cho c cc i tng s dng u cui. i vi cc h thng, cc chc nng nh c, ghi, sa, v thc thi cn c tch ring. Tng t nh vy, i vi ngi s dng u cui cc vai tr ca h cng cn c tch ring n mc c th. c quyn ti thiu: Vic thc hin mt chc nng khng c gin tip hay trc tip nh hng n chc nng khc. T nguyn: Ngi s dng nn hiu s cn thit ca vn an ton. t c iu c th thng qua vic o to v gio dc ngi s dng. Bn cnh , cc lc an ton cn c xy dng trn c s gp ca ngi dng. V d, nu ngi s dng nhn thy cc lc vo chnh cc thnh phn

103

an ton l qu cng knh, phc tp trong cc thao tc thc hin, h c th cho nhng li khuyn, nh vy tnh thc t ca cc lc an ton s cao hn. C ch chung ti thiu: Khi cung cp kh nng truy nhp cho tin trnh my ch th truy nhp n mt c s d liu th khng nn cp quyn truy nhp n c s d liu cho bt k mt ng dng no khc trn h thng. Phng b c chiu su: cn hiu rng mt lc an ton n s khng mang li hiu qu cao. Do , khi thit k cc lc an ton cn to ra cc tng. Ghi li cc tn cng: Vic ghi li nht k cn c duy tr, nh vy khi c s c chng ta s c cc bng chng tn cng gy nn s c . 5.2. Qun tr an ton mt my ch th 5.2.1. Nht k Ghi nht k l mt yu t quan trng trong lnh vc an ton ni chung. Vic ghi nht k chnh xc v theo di thng tin c ghi trong nht k l rt cn thit. Cc tp nht k thng ch ghi li cc s kin ng ng. Cn thit lp cc c ch ghi li cc thng tin trn v s dng cc thng tin to c s cho vic pht hin s xm nhp tri php. Nht k mng v h thng c th cnh bo ngi qun tr my ch th khi c mt s kin nghi ng xut hin. Kt hp vi vic phn tch cc thng tin b sung t nht k ca chnh phn mm th trn my ch, chng ta c th suy on c nguyn nhn, mc ch ca s kin trn. Mt s chc nng ca nht k phn mm th my ch: Cnh bo cho cc hot ng b nghi ng cn c iu tra thm. 104

Ghi li du vt cc hot ng ca i tng xm nhp H tr vic phc hi h thng H tr vic iu tra cc s kin xut hin tip theo Cung cp cc thng tin cho vic x l tranh chp Vic la chn v trin khai phn mm my ch th truyn th c th s quyt nh vic thit lp cu hnh ghi nht k cho cc nh qun tr. Cc phn tip theo di y s a ra mt s hng dn chung nht c th p dng cho hu ht cc phn mm my ch th ph thng hin nay. 5.2.1.1. Thit lp cu hnh ghi nht k Kh nng ghi nht k ca cc sn phm th my ch l rt khc nhau, di y ch cp n cc cu hnh chung nht. Nn thit lp ch ghi nht k cho phn mm th my ch mc chi tit nht (maximum , detailed, ). Khi cc s kin di y s c ghi li: Nht k ca my cc b. Cc li thit lp IP. Cc vn lin quan n cu hnh khc (DNS, Windows Internet Naming Service) Cc li cu hnh phn mm th (khng tng thch vi DNS: li cu hnh cc b, li b danh). C s d liu b danh qu hn. Thiu ngun ti nguyn h thng (dung lng a trng, b nh, CPU) Xy dng li c s d liu b danh Nht k lin quan n cc kt ni ng nhp (thnh cng hoc khng thnh cng) 105

Cc vn an ton Li giao din Mt kt ni (cc vn v mng) Giao thc c vn Thi gian ch kt ni T chi kt ni S dng cc cu lnh VRFI v EXPN ng nhp lin quan n thng ip Gi thay (send on behalf of) Gi nh (send as) Cc a ch khng ng nh dng Thng k th To cc thng bo li Khng thc hin c vic phn pht th Th cha gi c Phn mm my ch truyn th cung cp kh nng cho php hoc v hiu ho vic cc iu khin truy nhp xc nh trong trong qu trnh khi ng. Mc iu khin ny c ch cho vic b qua s thay i v tnh cc tp nht k do cc li trong vic qun l truy nhp tp. 5.2.1.2. Tng kt v duy tr nht k Tng kt cc tp nht k l mt yu cu thc t v n c th i hi mt nhiu thi gian. Cc tp nht k phn nh mc an ton ca h thng, v chc nng ca chng l ghi li cc s kin sy ra. Ngoi ra, cc tp ny thng rt c ch trong vic cung cp cc thng tin khc nh vic s dng

106

CPU, lu lng mng bt thng. Khi cc tp nht k c s dng chng thc cc bng chng khc, vic tng kt li nht k s tun theo th t. V d, nu IDS ghi li thng tin c mt kt ni vo my ch th lc 8:17 pht sng c gng s dng cu lnh VRFI, th mt bn tng kt nht k tng ng s c to ngay trc thi im 8:17. Tn s vic tng kt nht k ph thuc vo cc yu t sau y: Lu lng my ch nhn c Mc e do chung. Cc mi e do xc nh. Cc l hng ca my ch th Gi tr d liu v cc dch v c my ch truyn th h tr Cc bn tng kt ny s c thc hin hng ngy, hng tun hay khi mt hnh ng ng ng xut hin. Cng vic ny c th tr thnh gnh nng cho ngi qun tr. gim gnh nng ny cho cc nh qun tr, cc cng c phn tch t ng cc tp nht k c pht trin. Tuy nhin, vic phn tch cc tp nht k cn c thc hin chi tit hn. Bi v mt tn cng tiu biu c th bao gm hng trm yu cu c gi ti my ch th, trong khi k tn cng c th c gng che du s tn cng ca mnh bng cch tng khong cch gia hai ln gi yu cu. Trong trng hp ny vic tng kt nht k theo tng ngy ring hoc tng tun c th khng nhn ra s tn cng. Khi tng thi gian tng kt nht k k theo thng hoc theo qu, nhiu tn cng xut pht t cng mt my hoc cng mt lp mng s d dng b nhn ra. Cc tp nht k cn c bo v m bo rng nu k tn cng thc hin ph hoi mt my ch th, cc tp nht 107

k s khng b thay i nhm che du cuc tn cng . Mc d phng php m ho bo v cc tp nht k, nhng gii php tt nht l lu tr cc tp nht k l nn ghi chng ln mt my ring (khng cng vi my ch th). My ny thng c gi l cc my nht k hay cc my nht k h thng. Cc tp nht k nn c lu d phng mt cch thng xuyn. Vic lu d phng cc tp nht k theo tng giai on thi gian c th rt quan trng bi nhiu l do: lm bng chng php l, cc vn xy ra i vi ch th, ... Vic chia khong thi gian lu d phng cc tp nht k ph thuc vo cc yu t:: Cc yu cu php l Cc yu cu ca t chc Dung lng nht k Gi tr ca cc dch v v d liu Mc e do 5.2.1.3. Cc cng c phn tch t ng tp nht k Lu lng d liu truyn qua my ch th l rt ln, dung lng cc tp nht k v th cng s tng ln rt nhanh. Bi vy cn ci t cc cng c phn tch cc tp nht k t ng trn cc my ch th nhm lm gim gnh nng cho cc nh qun tr. Cc dng c ny phn tch cc tp nht k trn my ch th v xc nh cc s kin ng ng v bt thng. Hin nay c rt nhiu cng c (c cng c l cc sn phm thng mi, cng c nhng cng c c cung cp min ph) h tr vic phn tch mt cch chnh qui. Mt s t chc mun s dng hai hoc nhiu hn cc b phn tch t ng tp nht k nhm gim nguy c b qua him ho hoc cc s kin quan trng khc c ghi li trong cc tp nht k. 108

5.2.2. Cc th tc sao chp d phng my ch th Vic duy tr tnh ton vn ca d liu trn my ch th l mt trong cc chc nng quan trng nht ca ngi qun tr. y l mt chc nng cc k quan trng bi v cc my ch th thng l khu d b gy hi nht trong mng chung ca mt t chc hay cng ty. Bn cnh , trong qu trnh hot ng phn cng hoc phn mm cu thnh cc my ch th rt c th s b h hng hoc khng hot ng. My ch th cn c ngi qun tr sao lu d phng mt cch thng xuyn v mt s l do: Mt my ch th c th khng hot ng c do b tn cng hoc do nguyn nhn phn cng hoc phn mm c vn . Thng thng vic gii quyt tranh chp trong mt s trng hp ngi ta cn c vo d liu c sao lu d phng ch khng cn c vo d liu hin ti trn my ch th. thc hin vic sao lu d liu trn cc my ch th, cc t chc cn thit lp chnh sch cho vn ny. Ni dung ca chnh sch chu nh hng ca ba yu t: Cc yu cu php l. Cc lut v qui nh hin hnh(p dng cho cc ch th l Chnh ph, nh nc v cc t chc quc t). Cc yu cu kin tng, tranh chp Cc yu cu v nhim v Bng hp ng Thc hnh chung nh gi d liu cho t chc Cc chnh sch v hng dn c t chc

109

Mc d chnh sch d phng my ch th ca tng t chc l khc nhau, nhng cc chnh sch cn phi gii quyt c mt s vn sau: Mc ch ca chnh sch d phng my ch th Ai s chu nh hng bi chnh sch d phng my ch th My ch th no c cn thc hin chnh sch d phng nh ngha cc thut ng chnh, c bit l cc thut ng v k thut v php lut M t mt cch chi tit cc yu cu theo ngn ng php lut, thng mi, .... Phc tho tn s d phng Phc tho cc th tc nhm bo m d liu s hon ton c bo v v lu tr. Phc tho cc th tc nhm bo m d liu khi khng c yu cu lu thm s b hu hon ton (khng c kh nng khi phc li). C vn bn r rng v vic x l kin tng tranh chp. Lit k cc trch nhim cho vic duy tr, bo v v hu d liu. To bng phn loi thng tin v giai on sao lu tng ng ca n. C vn bn v qui nh trch nhim cho cc trung tm, phng ban chu trch nhim sao lu d liu nu chng tn ti C ba kiu sao lu d phng chnh hin ang tn ti: Sao lu y : l sao lu d phng hon chnh mt my ch th bao gm h iu hnh, cc ng dng v d liu lu tr trn my ch th . 110

Thun li ca vic sao lu d phng ton b l chng ta c mt bn sao d phng y (cc tham s cu hnh, d liu, ...), nh vy s rt d cho vic khi phc trang thi khi gp s c. Bt li ca vic sao lu d phng ton b l vn thi gian v ngun ti nguyn thc hin. Sao lu d phng tng: ch thc hin sao lu i vi d liu c s thay i so vi ln sao lu trc (c th l sao lu y ). Sao lu d phng sai khc: thc hin sao lu d phng c d liu cng nh cc tham s cu hnh b thay i so vi ln sao lu d phng y cui cng. Trong ba kiu sao lu d phng trn, vic sao lu d phng ton b c thc hin vi chu k di thi gian hn (thng l theo hng tun, hng thng hoc khi xut hin ra s thay i quan trng), cn sao lu d phng tng v sao lu d phng sai khc c thc hin thng xuyn hn (thng l theo ngy hoc theo tng tun). Tn s ca vic sao lu d phng c quyt nh bi cc yu t di y: S thay i thng tin v cc tham s cu hnh trn cc my ch th Lng d liu s c sao lu d phng Kh nng h tr ca cc thit b d phng Thi gian c th cho vic thc hin sao lu d phng Tnh quan trng ca d liu Mc e do m my ch th gp phi

111

Kh nng khi phc li d liu m khng cn n d liu c sao lu d phng. Cc cng c sao lu d phng khc Khi thc hin vic sao lu d phng, cn tho mn mt s tiu ch di y: Ch thc hin c mt ln. Phi c kh nng lu tr v kim tra tnh ng n ca d liu c sao lu d phng. Phi c kh nng sp xp v gn nhn thi gian cho thng tin c sao lu d phng. H tr kh nng khai thc, tm kim, thng k d dng i vi thng tin c sao lu d phng. Duy tr t nht hai bn copy hai a im a l khc nhau. 5.2.3. Kim tra c ch an ton ca cc my ch th Giai on kim tra c ch an ton ca cc my ch th cng khai l rt cn thit. Nu khng c giai on kim tra, s khng khng nh c rng cc bin php an ton hin ti c th hot ng, cc bin php lp l hng c ngi qun tr p dng c thc hin ng cc chc nng nh qung co hay khng? Hin ti c rt nhiu cng ngh kim tra s an ton, nhng phng php qut l hng c bit n nh mt phng php ph thng nht. Vic thc hin qut l hng gip ngi qun tr xc nh cc l hng v kim tra xem cc bin php an ton hin ang c p dng c hiu qu hay khng. Vic kim tra s thm nhp tri php cng c s dng nhng khng thng xuyn v thng ch l mt phn trong vic tng kim tra thm nhp tri php cho mng chung ca c t chc. 112

5.2.3.1. Qut l hng Qut l hng l cc cng c hot ng t ng, c s dng xc nh cc l hng v cu hnh sai ca my ch. Trong c nhiu sn phm qut l hng c c chc nng cung cp thng tin v vic lm gim nh thit hi do cc l hng c pht hin gy nn. Cc cng c qut l hng c gng xc nh cc l hng trn cc my c qut. Cc l hng c th l: cc phin bn phn mm qu hn, li lp l hng, li nng cp h thng, cho cc my ch. hon thnh c cc chc nng trn, cc cng c qut l hng trc ht thng xc nh c th h iu hnh, cc ng dng phn mm chnh hin c trn my ch sau kim tra cc l hng c pht hin trc y i vi chng. Vic kim tra trn c thc hin trn mt c s d liu ln lu cc l hng c pht hin trn cc h iu hnh v cc ng dng ph thng, hay c s dng hin nay. Tuy nhin, cc cng c qut l hng cng c mt s im yu. Nhn chung, cc cng c ny ch nh danh c l hng m khng nh gi ri ro chung cho my ch c qut. Mc d qu trnh qut c t ng ho, nhng cc cng c qut l hng cng thng c t l li kh cao (v d mt li thng gp trong cc cng c qut l hng l a ra cc bo co i vi cc l hng khng tn ti). iu ny c ngha l c mt kt qu chnh xc cc chuyn gia, ngi qun tr cn c mt bc phn tch thm. Hn na, cc cng c qut l hng khng c kh nng nh danh cho cc l hng cho cc chng trnh, cc ng dng do ngi dng xy dng. Cc cng c qut l hng ph thuc vo giai on cp nht c s d liu cc l hng nhn bit cc l hng mi

113

nht. Trc khi chy cng c qut, ngi qun tr nn ci t s cp nht mi nht cho cc c s d liu l hng. Tn s ca vic cp nht c s d liu l hng ph thuc vo tng cng c qut. Cc cng c qut l hng thng hiu qu trong vic pht hin ra cc l hng c bit n nhiu hn l cc l hng t xut hin v khng th c mt sn phm no li c th nh danh c tt c cc l hng bit trong mt khong thi gian nht nh. Hn na, cc nh xy dng cng c qut thng mun cng c ca mnh c th chy vi tc chm qut chung). Cc cng c qut l hng c th cung cp cc kh nng sau: nh danh cc my ang hot ng trn mng nh danh cc dch v (cng) hin ang c kch hot trn cc my. nh danh cc ng dng. nh danh cc h iu hnh. nh danh cc l hng tng ng vi h iu hnh v cc ng dng pht hin. Kim tra vic tun th chnh sch an ton ca cc ng dng my ch. Vic qut l hng cn s tr gip t sc lao ng vi trnh cao ca con ngi trong vic gii thch kt qu ca 114 trn nhanh tin (mun trnh pht hin nhiu l hng th cn nhiu php th, nh vy s lm

qu trnh qut. N cng c th gy tn hi n hot ng ca mng do qu trnh qut s lm tng bng thng v gim thi gian p ng trn mng. Tuy nhin, vic qut l hng l rt quan trng cho vic lm gim bt cc l hng, trc khi chng b pht hin v c khai thc bi cc mc ch bt hp php. Vic qut l hng nn c thc hin theo nh k hng tun, hng thng, hoc khi no c s d liu l hng mi c pht hnh. Ni chung, trn thc t nn s dng nhiu hn mt cng c qut l hng, bi nh cp trn, khng c mt cng c no c th pht hin c tt c cc l hng c bit. Theo cc chuyn gia trong lnh vc ny, nn s dng hai cng c qut l hng, mt thuc lp cc sn phm thng mi, mt thuc lp cc sn phm min ph. Cc kt qu ca qu trnh qut cn c ng thnh ti liu phc v cho vic phn tch, nh gi. Cn ch rng i vi cc cng c qut khng phi l cc sn phm thng mi, th kt qu ca qu trnh qut nht nh phi c chnh xc ho thng qua s phn tch ca cc chuyn gia. 5.2.3.2. Tn cng th Tn cng th l mt php kim tra s an ton, trong cc nh nh gi an ton c gng tn cng cc tnh nng an ton ca h thng trn c s nhng hiu bit ca h v thit k v qui trnh trin khai h thng . Mc ch ca vic tn cng th nhm nh gi sc chu ca cc bin php bo v h thng, thng qua vic s dng cc cng c v k thut chung c cc hacker pht trin. Tn cng th l mt yu cu khng th thiu trong cc h thng mng quan trng v phc tp. Vic tn cng th c th khng c my ngha i vi chng trnh an ton thng tin ca cc t chc. Tuy nhin, n 115

l cng vic yu cu trnh cao ( mc chuyn gia) nhm ti thiu ho ri ro cho cc h thng c s dng lm mc tiu tn cng th. Qu trnh tn cng th c th lm cho mng hot ng chm, thm ch c b th ph hu. Tn cng th s em li cho chng ta cc li ch sau y: Kim tra mng s dng cc phng php v cng c m cc hacker thng s dng tn cng. Kim tra s tn ti ca cc l hng. Khng ch dng li vic xc nh l hng m cn gii thch cho vic c th khai thc cc l hng ny tn cng. Chng minh cc l hng khng ch tn ti n thun trn l thuyt. H tr v mt phng php lun cho vic gii quyt cc vn an ton. 5.2.4. Qun tr t xa mt my ch th Mt khuyn co rt quan trng t cc chuyn gia l khng nn cho php vic qun tr cc my ch th t xa khi cha nh gi ht cc kh nng ri ro c th. Cu hnh an ton nht l khng cho bt k mt s qun tr no t xa (tt nhin, iu ny khng th p dng cho tt c cc t chc s dng th in t trn thc t). Ri ro ca vic qun tr t xa ph thuc vo v tr ca my ch th trong mng chung. i vi mt my ch th c t sau bc tng la, vic qun tr t xa hoc cp nht ni dung c th c thc hin t cc my mng bn trong m khng lm pht sinh thm ri ro. Ni chung trong mi trng hp khng nn cho php vic qun tr my ch th t mt v tr nm ngoi mng c bo v. Nu mt t chc hay cng ty no c nhu cu qun tr hoc cp nht thng tin t xa trn mt my ch th, cn 116

m bo rng cc bc di y c thc hin trong iu kin an ton c th: S dng lc xc thc an ton cao (nh s dng mt m kho cng khai, xc thc hai yu t) Hn ch cc my c th c s dng qun tr t xa hoc cp nht ni dung trn my ch th. Hn ch thng qua cc user c u quyn Hn ch thng qua a ch IP Hn ch ngay c vi cc my thuc mng trong S dng cc giao thc an ton hn (nh secure shell, HTTPS,) v khng s dng cc giao thc c an ton thp (nh Telnet, FTP, HTTP). Cp quyn ti thiu cho vic qun tr t xa hay cp nht ni dung Khng cho php vic qun tr t xa trn Internet xuyn qua bc tng la tr khi c thc hin thng qua mt c ch bo mt mnh, v d nh ng hm mng ring o. Thay i cc ti khon v mt khu mc nh ca cc ng dng hay tin ch qun tr t xa. Khng mount bt k mt tp no mng trong t my ch th. 5.2.5. Bng lit k cc danh mc qun tr an ton my ch th thc hin Thao tc cn thc hin

117

Nht k Nht k v li thit lp IP Nht k v vn cu hnh Nht k v cc li cu hnh my ch th (khng tng thch vi DNS, li cu hnh cc b, c s d liu b danh qu hn) Nht k v s kin c s d liu b danh ht hn Nht k v vic thiu cc ngun ti nguyn h thng (dung lng a trng, b nh, CPU) Nht k v vic xy dng li c s d liu b danh Nht k v vic ng nhp Nht k v cc vn an ton (v d bom th) Nht k v vic mt cc kt ni Nht k v li giao thc Nht k v thi gian ch kt ni Nht k v cc t chi kt ni Nht k v vic s dng cc lnh VRFY v EXPN Nht k gi thay Nht k gi th Nht k a ch khng ng nh dng Nht k v vic thu thp thng ip Nht k v vic to cc thng ip li Nht k v vic khng phn phi c th Lu cc tp nht k trn cc my ring Sao lu nht k theo yu cu Tng hp nht k tng ngy

118

Tng hp nht k theo tun S dng cc cng c phn tch cc tp nht k Sao lu d phng my ch th To chnh sch sao lu d phng Sao lu d phng tng hoc sai khc theo nh k t mt ngy n mt tun Sao lu d phng y theo nh k mt t tun n mt thng t giai on cho vic bt u li sao lu d phng Kim tra s an ton Chia giai on qut l hng trn my ch th v mng cung cp dch v mng Cp nht cho cng c qut l hng trc khi thc hin qut Chnh xc ho kt qu qut Thc hin tn cng th my ch th trn mng Khc phc cc im yu pht hin khi tn cng th Qun tr my ch th t xa S dng lc xc thc mnh Hn ch cc my c th s dng cho vic qun tr t xa S dng cc giao thc bo mt Cp quyn ti thiu cho vic qun tr t xa Thay i ti khon v mt khu ca cc ng dng hay tin ch qun tr t xa Khng cho php vic quan tr t xa t Internet 119

tr khi s dng c ch an ton cao nh mng ring o Cu hi n tp chng V: 1. Cc yu t no cn c xem xt khi thc hin vic lp k hoch cho mt my ch th? 2. Cc vn cn cn nhc khi mt t chc hay mt cng ty xem xt ngun nhn lc cho vic trin khai v pht trin mt my ch th? 3. Cc nguyn tc c bn cho an ton h thng thng tin ni chung? 4. Cc chc nng ca nht k trn my ch th? 5. Khi c thit lp mc chi tit nht, nhng s kin no s c ghi nht k? 6. Tn s vic tng hp nht k ph thuc vo nhng yu t no? 7. S cn thit phi thc hin vic sao lu d phng my ch th? 8. C my kiu sao lu d phng, nguyn l ca cc kiu sao lu d phng ? 9. Vai tr ca vic qut l hng v tn cng th?

120

Chng 6 an ton th tn s dng mt m


6.1. Gii thiu cc lc an ton th Hai lc u tin cho vic bo mt ni dung th u cui l Prety Good Privacy (PGP) v Secure Multipurpose Internet Mail Extension (S/MIME). C hai u da trn cng mt yu t l mt m kho cng khai, trong mi ngi s dng c mt cp kho: mt kho cng khai m ai cng c th c v mt kho b mt m ch ngi s dng l ch hu cp kho mi c. Kho cng khai ca i tng nhn c s dng m ho d liu cn gi, v d liu c m ho ny ch c gii m khi s dng kho b mt tng ng. Kho b mt ca ngi gi s c s dng to ch k in t trn d liu c gi i, vic xc nhn ch k in t trn s c kim tra bi bt k ai c kho cng khai tng ng. Cng ngh ch k in t c s dng n vic to mt bn tm lc d liu cn k thng qua vic s dng cc hm bm (hm hash), vi vic s dng hm bm d liu s c k mt cch hiu qu hn ( hiu r hn cn c nhiu kin thc hn trong lnh vc mt m). Xut pht t nhiu l do, trong l do quan trng nht l khi s dng mt m kho cng khai s phi tr gi v thi gian tnh ton. lm gim thi gian x l, mt m kho i xng cng c s dng trong vic bo mt ni dung th in t. Mt m kho i xng yu cu c mt kho n c chia s trc gia cc i tng cn trao i thng tin, i vi th in t l cc i tng nhn v cc i tng gi. Nh vy, khc phc c nhc im ca mt m kho cng khai l thi gian x l, th mt m kho i xng li vng phi nhc im l cn phn phi kho trc. Mt lc tiu biu kt hp gia hai h mt trn ra i s dng cho th in t, lc ny c th c tm tt nh sau: Bn i tng gi Sinh ra mt kho ngu nhin 121

M ho thng ip cn gi s dng mt thut ton m ho kho i xng (kho sinh ngu nhin trn). M ho kho i xng s dng kho cng khai ca i tng nhn vi thut ton m ho kho cng khai tng ng. Gi c thng ip c m v kho i xng c m cho i tng nhn. Bn pha i tng nhn S dng kho b mt gii m kho i xng c m (vi thut ton m ho kho cng khai tng ng) Dng kho i xng gii m thng ip c m ho (vi thut ton tng ng nh bn gi) u im ca lc ny l: Thut ton m ho kho cng khai ch c s dng m kho i xng Kho dng cho thut ton m ho i xng khng phi phn phi trc. Mc d S/MIME v PGP l hai lc m ho th in t c dng ph bin hin nay, nhng cng c nhiu lc khc c xut k t khi pht minh ra th in t. Hai trong s chng ta c th k n l lc PEM (u tin c pht trin nm 1987) v MIME Object Security Services (MOSS). Tuy nhin trong phm vi tp bi ging ny chng ta s khng cp su hn n chng. Mc d m ho th in t nng cao an ton, nhng khi s dng dch v ny cn ch : Vic qut virus v lc ni dung th ti bc tng la v ngay trn my ch th s gp rc ri vi ni dung th c m ho. Nu trn bc tng la v my ch th khng c phng php gii m th in t th chng khng th thc hin vic qut virus v lc ni dung.

122

Cc thao tc m, gii m s cn thi gian x l. Cc t chc c h thng my tnh lc hu s khng mun s dng tnh nng m ho, tr khi h c kh nng nng cp h thng my tnh. Cc th in t c m ho s c dung lng ln hn v bi vy yu cu thm v bng thng mng. Thc t dung lng tng ln bao nhiu ph thuc vo rt nhiu yu t: thut ton m ho, c kho, dung lng th cn m,... s dng tnh nng m ho s ko theo mt s tc v khc nh: phn phi kho, khi phc kho, v hu b cc kho m 6.2. Pretty Good Privacy PGP ra i ln u tin vo nm 1991. Khi u PGP l mt phn mm min ph, nhng sau n c pht trin thnh hai phin bn: phin bn thng mi v phin bn min ph. Vic ti phin bn min ph, hoc ng k mua phin bn thng mi c th c thc hin thng qua rt nhiu a ch Web, bng di y lit k mt s trang Web chnh m ngi s dng c th ti PGP. OpenPGP hin ti c nh ngha bi IETF (Internet Engineering Task Force). Danh sch cc Web sai cung cp PGP T chc International PGP Site MIT PGP Distribution mi) OpenPGP site http://www.openpgp.org Phin bn hin ti (nm 2002) ca PGP l phin bn 7.0, c xy dng bi cng ty PGP. Phin bn ny h tr mt s thut ton mt m c xut bi NIST, bao gm: 123 URL http://www.pgpi.org gp.html

Freeware http://web.mit.edu/network/p

PGP site (Phin bn thng http://www.pgp.com

Chun m ho d liu (DES - Data Encryption Standard), 3 DES, cho vic m ho d liu. Chun m ho tin tin (AES - Advanced Encryption Standard) cho vic m ho d liu. Thut ton ch k in t (DSA - Digital Signature Algorithm) cho cc ch k s. RSA cho cc ch k s Thut Ch : bit thm chi tit v chun m ho d liu DES v 3DES c th truy nhp vo trang: http://csrc.ncsl.nist.gov/cryptval bit thm chi tit v thut ton AES c th truy nhp vo trang: http://csrc.nist.gov/encryption/aes bit thm chi tit v DSA v DSS c th truy nhp vo trang: http://www.itl.nist.gov/fipspub/fip186.html bit thm chi tit v SHA v SHS c th truy nhp vo trang: http://csrc.nist.gov/cryptval/shs.html Cc phin bn khc ca PGP c th h tr cc lc m ho khc. Cc t chc thuc lin bang M c yu cu s dng cc thut ton m chnh ph lin bang M chp nhn, cc t chc khc cng thng s dng cc thut ton trn v chng kim tra v kim nh tnh an ton. Thc t c rt nhiu thut ton m ho khng c chp nhn b ph, y cng c th xem l mt trong cc l hng cho th in t khi chng c s dng. Nu mt t chc hay cng ty no la chn PGP, h cn p dng cc hng dn c lit k trong bng di y: ton bm an ton (SHA-1 - Secure Hash Algorithm) cho vic bm d liu.

124

B cc thut ton mt m An ton mc cao nht M ho: S dng AES vi 256 bt kho. Ch k s v hm bm: Chun ch k s DSS vi di kho l 1024 bt hoc ln hn, thut ton bm SHA-1 An ton v thc thi M ho: S dng AES vi 128 bt kho Ch k s v hm bm: DSS vi kho c di 1024 bt hoc ln hn, SHA-1 An ton v tng thch M ho: 3DES, kho Ch k s v hm bm: DSS vi kho c di 1024 bt hoc ln hn, SHA-1 Xc thc v pht hin Ch k s v hm bm: DSS vi gi mo kho c di 1024 bt hoc ln hn, SHA-1 Mc d PGP s dng mt m kho cng khai, nhng ch trong vic k cc bn tm lc ca thng ip, cn vic m ho nhiu thnh phn thc s ca thng ip c thc hin bi thut ton m ho kho i xng nh cp phn trc. Di y l cc m t vn tt v qui trnh k v m ho th in t s dng PGP (cc bc c th xut hin theo th t khc nhau): PGP to mt kho phin ngu nhin (trong mt vi ci t ca PGP, ngun sinh ngu nhin c ly t s di chuyn chut trn mn hnh ca ngi s dng) 125 168/112 bt

Thng ip th in t c m ho bng kho phin sinh ngu nhin v mt thut ton m ho kho i xng (3DES, AES). Kho phin c m ho bng kho cng khai ca i tng nhn. S dng hm bm SHA-1 sinh bn tm lc ca thng ip in t, v gi tr tm lc ny s c thc hin k in t s dng kho b mt ca i tng gi. Kho phin m ho c nh km theo thng ip th in t. Thng ip th in t c gi cho i tng nhn. i tng nhn thc hin ngc li qui trnh trn nhn c kho phin v gii m v kim tra ch k thng ip th in t. Cc phn mm th in t my trm ph thng nh Netscape Messenger, Eudora, Micrsoft Outook yu cu vic ci t plug-in thit lp kh nng gi nhn cc thng ip th in t c m ho bi PGP. Cc a ch Web cung cp PGP cng h h tr cc hng dn v vic s dng PGP vi cc ng dng th my trm khc nhau. 6.3. S/MIME S/MIME ln u tin c gii thiu vo nm 1995 bi RSA Data Security. S/MIME da trn chun mt m kho cng khai tng ng PKCS#7 (Public Key Cryptography Standard #7) s dng cho nh dng d liu cc thng ip th in t c m ho, v chun X.509 phin bn 3 cho cc chng ch in t. Cc thng tin v cc chun RSA PKCS c th tra cu t trang ch ca PKCS: http;//www.rsasecurity.com/rsalabs/pkcs/index.html S/MIME phin bn 2 c chp nhn mt cch rng ri t nn cng nghip th in t trn Internet. Mc d n khng

126

xem l mt chun (theo IETF), nhng n c xc nh trn cc RFCs di y: RFC 2311: S/MIME Version 2 Message Specification RFC 2312: S/MIME Version 2 Certificate Handling RFC 2313: PKCS#1- RSA Encryption Version 1.5 RFC 2314: PKCS#10 - Certification Request Syntax Version 1.5 RFC 2315: PKCS#7 - Cryptographic Message Syntax Version 1.5 RFC 2268: M t thut ton m ho RC2 S/MIME phin bn 3 c pht trin bi IETF S/MIME Working Group v c chp nhn l chun ca IETF vo thng 7 nm 1999. S/MIME phin bn 3 c xc nh bi cc RFC: RFC 2630: Cryptographic Message Syntax RFC 2633: S/MIME Version 3 Message Specification RFC 2632: S/MIME Version 3 Certificate Handling RFC 2631: Diffie-Hellman Key Agreement Method RFC 2634: Enhanced Security Services for S/MIME Trang ch ca S/MIME Working Group c a ch: http://www.ietf.org/html.chaters/smime-charter.html. Bi v phin bn u tin ca S/MIME c pht trin vo nm 1995, nn chun S/MIME phi tun theo c ch qun l xut khu mt m hin ca nc M. iu ny c ngha l cc ci t S/MIME b p t h tr thut ton m ho khng c an ton cao l RC2 vi 40 bt kho. Vic qun l c ch xut khu mt m by gi m hn rt nhiu. Tuy nhin, do tng b yu cu ch h tr thut ton RC2 40-bt, nn S/MIME thng c xem nh l mt sn phm h tr mt m yu, hin nay iu ny ch ng nu nh mt thut ton 127

yu c chn, S/MIME c tch hp nhiu thut ton m ho, cho php h tr phng php m ho c bo mt cao. c tnh c gi tr nht ca S/MIME l n c xy dng ngay bn trong cc phn mm th my trm v gn nh trong sut vi ngi s dng. Bi tnh ng gi ca cc ngnh cng nghip phn mm ngy nay rt cao (c bit l sn phm ca cc hng ln nh Microsoft, Netscape, ...), nn S/MIME tn ti mt cch mc nh trong cc b ci t ca cc phn mm th my trm ph thng hin nay nh Netscape Messager v Outlook, Outlook Express. Tng t nh PGP, khng c mt sai lm thc s no c pht hin trong giao thc S/MIME. Tuy nhin, nh trn cc URL m t, S/MIME s dng thut ton RC2 40-bt b ph trn cc my Windows (c th tham kho thng tin ny trang: http://www.counterpane.com/smime.html) S/MIME phin bn 3 h tr hai thut ton m ho d liu c gii thiu bi NIST l DES v 3DES, v mt thut ton do IETF b sung l AES. lm tng thch c vi cc phin bn thp hn, b hn ch bi vic qun l c ch xut khu mt m, S/MIME cng h tr cc thut ton RC2 40-bt v RC2 64bt. Ni chung, cc t chc khng nn s dng thut ton RC2 40 bt ( an ton thp nht) hoc DES ( an ton thp) cho cc th tn in t hay cc cuc trao i d liu khc c tnh cht nhy cm. C hai thut ton trn c cho l rt yu trong mi trng hin nay v ch nn dng n khi khng cn cch no khc (v d trong trng hp bt buc, hoc phi lm vic vi cc phin bn c ca S/MIME). RC2 64 bt c an ton cao hn RC2 40 bt v DES v tc ca n cng cao hn DES v 3DES. Tuy nhin, RC2 64 bt c an ton thp hn 3DES, nn ch nn gii hn vic dng n trong trng hp tng thch l yu cu s mt. Vic thc thi cc thut ton 128

dng nh ch l mt cng b ca S/MIME t khi cc thao tc m ho v gii m c thc hin trn cc my trm. Khi an ton l yu cu s mt, 3DES l thut ton c an ton cao nht hin c h tr bi S/MIME, v hy vng trong tng lai AES s nhanh chng c tch hp cho cc phn mm th my trm hin ang c s dng ph thng. 6.4. La chn m php tng ng S la chn thut ton m ho thch hp ph thuc v rt nhiu yu t v c s thay i i vi tng t chc hay cng ty. Mc d chng ta thng ngh nn dng cc thut ton c an ton cao nht trong s cc thut ton c tch hp sn, nhng khng phi iu lc no cng ng. Mc an ton ca cc thut ton m ho cng cao th tng ng yu cu v ti nguyn trn cc my trm v tc truyn thng cng cng cao (qu trnh m ho c th lm tng dung lng ca cc thng ip th in t). Ngoi ra, mt s quc gia trn th gii vn duy tr vic hn ch xut, nhp khu, v vic dng cc phng php m ho. Tng t nh vy, h c th da vo vic cp cc bng sng ch v cc bn quyn c th tc ng n vic cc lc m ho c c s dng mt nc c th no hay khng. Cui cng, vic la chn chun m ho cho th in t (PGP, S/MIME, ...) l gii hn ca vic c th la chn cc thut ton m ho. Nhn chung, cc yu t chung nht c th gip cho vic la chn mt thut ton m ho bao gm: an ton c yu cu Gi tr ca d liu ca cc t chc hay cng ty s dng th in t. Gi tr ca d liu cng cao th yu cu v an ton cho thut ton m ho cng cao.

129

Gi tr thi gian ca d liu. Nu d liu ch c gi tr trong mt khong thi gian ngn (chng hn ch c tnh trong s t ngy) th cc thut ton m ho yu cng c th c s dng. V d i vi cc mt khu yu cu phi thng xuyn i hng ngy bi v phng php m ho mt khu ch c giai on tn ti l 24 gi. Mi e do i vi d liu. Mc e do cng cao th yu cu phng php m ho c an ton cng cao. Cc cng c bo v khc c th s lm gim yu cu v mc an ton ca cc thut ton m ho. Mt v d c s dng nh cc phng php bo v truyn thng l thit lp mt knh ring thay cho vic s dng Internet. Yu cu v tnh thc thi, cc yu cu v tnh thc thi cng cao ni chung thng phi gn vi cc thut ton m ho yu hn. iu ny bnh thng khng cn xem xt i vi th in t. Ngun ti nguyn ca h thng. Ngun ti nguyn t, nh tc CPU thp, b nh nh thng s dng cc thut ton m ho yu hn. Nhng y khng phi l mt yu t tiu biu i vi th in t. Cc hn ch trong xut, nhp khu v s dng Cc lc m ho c h tr bi cc phn mm th in t my trm hoc ca chnh cc h iu hnh. 6.5. Qun l kha S khc nhau ln nht gia PGP v S/MIME l m hnh qun l kho. M hnh mc nh truyn thng m PGP s dng cho vic qun tr kho c bit n vi thut ng 130

"vng trn ca s tin cy", m hnh ny khng c trung tm pht hnh kho cng nh s ph duyt ca cc i tng c thm quyn. Vng trn tin cy da trn ngi s dng cho vic kim sot v qun l. M hnh ny ph hp vi cc ngi dng ring r v cc t chc c qui m rt nh, i vi cc h thng ln m hnh ny khng c kh nng hot ng. Ngc li, S/MIME v mt s cc phin bn mi hn ca PGP m hnh c thit k theo kiu phn tng. Tiu biu thng c mt trung tm ng k v ph chun thm quyn, c bit n vi tn l CA (Certificate Authority) cng vi cc trung tm c thm quyn ng k mc thp hn. Di y l mt s t chc CA c bit n nh cc t chc th ba h tr cho S/MIME: Tn CA Baltimore Entrust Verisign URL http://www.baltimore.com http://www.entrust.com http://www.verisign.com

Mc nh S/MIME c thit lp kh nng cc phn mm my trm th ph thuc vo s tin cy ca cc CA trung gian trong cc phin giao dch S/MIME. Cc c quan c thm quyn c th l cc t chc th ba nh lit k bng trn, nhng cng c th l mt CA c qun l bi chnh cc t chc s dng th in t. 6.6. S la chn gia PGP v S/MIME Vic la chn gia PGP v S/MIME ph thuc vo mt s yu t. Cc phin bn thng mi mi nht ca PGP c b sung cc tnh nng nhm hon thin sn phm nh S/MIME, to nn s khc bit rt t gia chng. Khi trin khai c hai chun trn cng cung cp cc tnh nng b sung nh m ho a hoc m ho tp, nh vy c th s dng bo v cc thng tin ngoi th in t trn cc my. 131

Cc u im ca PGP gm Tng thch vi cc nhm ngi s dng nh An ton hn vi s tr gip ca thut ton m ho d liu AES, trong khi S/MIME cha tch hp thut ton ny cho cc phn mm th in t ph thng. C phin bn min ph. Khng yu cu (c h tr nu yu cu) mt c s h tng kho cng khai bn ngoi (PKI - Public Key Infrastructure), trong khi S/MIME yu cu cc t chc phi tr mt khon kinh ph c c cc chng ch in t hoc t h phi s hu mt trung tm cp pht v qun l chng ch. C th dng vi bt k mt phn mm th in t my trm no. Cc u im ca S/MIME Thch hp vi cc nhm ngi s dng ln nh cc t chc hoc cc cng ty. L chun m ho th in t c s dng rng ri nht. H tr sn trong hu ht cc ng dng th in t my trm. Trong sut hn i vi ngi s dng u cui.

Cu hi n tp chng VI: 1. Trnh by khi qut v lc kt hp gia mt m kho cng khai v mt m kho i xng trong bo mt th in t.

132

2. Mt s vn cn ch khi s dng cc lc bo mt cho th in t. 3. Cc thut ton mt m tiu biu c tr gip bi PGP v S/MIME, ti sao cc phin bn hin hnh ca S/MIME vn h tr cc thut ton m ho yu nh RC2 40-bt. 4. Cc u, nhc im ca PGP v S/MIME.

133

kt lun
Gio trnh An ton th tn in t c chng ti xy dng da trn c s hai ti liu chnh l Guidelines on Electronic Mail Securrity ca cc tc gi Miles Tracy, Wayne Jansen, Scott Bisker (xut bn nm 2002) v Email Security: How to keep your electronic messages private ca Bruce Schneier (xut bn nm 1995), vi cc ni dung chnh c th tm tt nh sau: Nhng kin thc chung v mt h thng th tn c trnh by trong chng 1 v chng 2. Cc vn lin quan n s an ton ni chung ca cc my ch v my trm th tn in t c trnh by trong chng 3, 4 v 5. S dng mt m nh mt cng nhm m bo an ton cho ni dung th c trnh by trong chng 6. T nhng kin thc chung trnh by trn, hai ph lc km theo chng ti mun gii thiu vic qun tr mt h thng th tn in t c th hin ang c s dng ph bin hin nay l h thng th tn in t Microsoft Exchange Server. Cng cc cng c phc v cho vic thit lp mt h thng th tn in t an ton. Hy vng vi nhng kin thc su tm c t nhng ti liu chun trn v kinh nghim thc t m chng ti c tip xc, tm hiu v lnh vc ny, hy vng gio trnh s cung cp cho c gi mt ci nhn chung nht v mt h thng th tn in t v cc vn lin quan n s an ton ca mt h thng th tn in t. Cui cng chng ti xin by t lng cm n chn thnh n bn b, ng nghip gip chng ti hon thnh cun gio trnh. 134

135

Ti liu tham kho


[1] Miles Tracy, Wayne Jansen, Scott Bisker. Guidelines on Electronic Mail Securrity. U.S Government Printing Office Washington (nm 2002). [2] Bruce Schneier. E-mail Security: How to keep your electronic messages private. Printed in United States of American (nm 1995). [3] Dr John A. Linn. E-Mail Security. Computing Centre Edward Wright Building University of Aberdeen AB9 2TY. [4] Mike Daugherty. Monitoring and Managing Microsoft Exchange 2000 Server. Digital Press, (nm 2000) [5] Paul Robichaux. Managing Microsoft Exchange Server. O'Reilly & Associates (nm 1999) [6] Thomat Rizzo. Programming Microsoft Outlook and Microsoft Exchange. Microsoft Press (nm 1999) [7] Kevin Johnson. Internet Email Protocol: A Developer's Guide. Addision-Wesley Publication Corporation (nm 2000) [8] Geoff Mulligan. Removing the Spam: Email Processing and Filtering. Addision-Wesley Public Corporation (nm 1999). [9] Craig Hunt. Linux Sendmail Administration. Sybex (nm 2001).

136

Ph lc 1 s an ton ca h th tn in t microsoft exchange


Phu lc ny h tr nhng kin thc c bn nht cho vic cu hnh, trin khai h thng th tn in t Microsoft Exchange an ton. Hu ht cc thng tin c cp n y u da trn thng tin ly t trang Web http://www.microsoft.com/exchange v ti liu "Guide to the Security Configuration and Administration of Microsoft Exchange" ca NSA. S an ton ca Exchange gn cht vi s an ton ca h iu hnh Windows. V d, ng nhp vo Exchange gn vi vic ng nhp vo h iu hnh Windows bi vy ngi s dng khng phi ng nhp ring vo h thng Exchange. Cc quyn i vi tp, cc thit lp c ng k, s dng mt khu, quyn ngi dng, ... u lin h mt thit vi s an ton ca Windows. Bi vy, c mt h thng th tn in t Exchange an ton cn thit phi c cc thao tc thit lp cu hnh an ton cho h iu hnh Windows. c thm thng tin v s an ton ca h iu hnh, c th xem cc ngun ti liu di y: Windows NT - NSA Guide to Securing Microsoft Windows NT Networks (http://nsal.www.conxion.com/winnt/guide/wnt-1.pdf) Windows 2000 - NSA Guide to Securing Microsoft Windows 2000 (http://nsal.www.conxion.com/win2k/index.html) 1.1. Ci t Exchange Server 1.1.1. To ti Windows khon cc dch v Exchange trn

ng dng th in t server Exchange yu cu mt ti khon trn my tnh chy h iu hnh Windows. Ti khon ny c bit n nh ""Exchange Services Account". Cc 137

quyn truy nhp ca Exchange Server c xc nh bi ti khon ny (s dng lc kim sot truy nhp ca Windows). V d, nu tn ca ti khon c to cho dch v Exchange l "Exchange_Primary", Exchange server ch c kh nng truy nhp n cc tp v th mc c trao quyn cho ti khon trn. Di y l mt s ch khi thc hin vic thit lp ti khon ny: To duy nht mt ti khon s dng cho cc dch v Exchange. Thit lp mt mt khu mnh v phc tp cho ti khon ny S dng tn khng th on trc cho ti khon ny. Khng cung cp thng tin m t ti khon Vic to ti khon ny trc khi thc hin ci t l rt cn thit, bi v trong qu trnh ci t s c yu cu ngi thc hin ci t nhp tn ti khon cc dch v Exchange v mt khu. 1.1.2. To nhm qun tr Exchange trn Windows n gin cho vic thit lp cc quyn qun tr cho Exchange server, cn to mt nhm qun tr Exchange trn mi trng Windows. Khng nn s dng chnh nhm qun tr ca h iu hnh Windows cho mc ch ny, v c rt nhiu quyn ca nhm qun tr ca h iu hnh khng cn thit cho cc chc nng ca nhm qun tr cc dch v Exchange. 1.1.3. Ci t phn mm Exchange. Khi ci t Exchange server, mt s ni dung di y cn c lu : Khng ci Exchange Server trn cng phn vng vi h iu hnh. Nu buc phi ci t Exchange server trn cng phn vng vi h iu hnh, cn to mt th 138

mc ring cho vic ci t trc khi bt u ci t. Cc tp nht k dch v th mc v lu tr thng tin nn c t trn mt logic khc vi bn thn cc th mc dch v v thng tin lu tr. Nu khng c kh nng t cc tp nht k trn mt logic khc th t nht chng cng phi c t trn mt phn vng khc. Ci t service pack phin bn cao nht. Hin ti Microsoft cng b nhiu cng c lp l hng cho cc phin bn ca Exchange server, ngi qun tr c th ti v ci t t a ch: http://www.microsoft.com/technet/security/current.asp. Di y l mt s thao tc cn thc hin khi ci t xong: Cp quyn truy nhp "Full Control" cho cc ti khon di y i vi tt c cc th mc, th mc con, cc tp trong th mc m Exchange Server c ci t: CREATOR OWNER Cc nhm qun tr (Domain admins) Exchange_Primary SYSTEM Tt c cc nhm qun tr Exchange Khng cp quyn truy nhp cho cc ti khon khc v c bit l nhm "Everyone" Thay i cc quyn lin quan n tp %SystemRoot %/SYSTEM32/mapisvc.inf cho php nhm "Authenticated Users" thay i truy nhp. 1.2. Cc quyn qun tr Ngoi cc quyn i vi th mc v tp c thit lp mc h iu hnh, Exchange cn h tr cc quyn mc 139

ng dng. Cc quyn lin quan n mt user l s kt hp gia cc quyn c cp mc ng dng v cc quyn c cp mc h iu hnh. V d, mt ngi s dng trn Windows c cc quyn qun tr i vi Windows khng nht thit phi c quyn tng ng i vi Exchange. Cc quyn phi c cp thng qua cng c qun tr ca Exchange. Phn ny chng ta s tho lun mt s khi nim quan trng cn phi nh khi thit lp cc c quyn qun tr. 1.2.1. Cc ti khon qun tr Exchange Nh cp n trn, cch n gin nht thit lp cc quyn qun tr i vi Exchange Server l to mt nhm qun tr Exchange ring trn mi trng Windows. Vic to mt nhm qun tr Exchange ring em li cc li ch di y: C th cm c nh qun tr khng th truy nhp n nhng ni, i tng khng cn thit nh mt ngi qun tr Windows. Cho php mt t chc chia quyn v trch nhim tt hn. C mt nhm qun tr Exchange ring s lm n gin ho vic qun l quyn qun tr, v to mt ngi qun tr mi ch cn lm cho i tng l mt thnh vin ca nhm qun tr Exchange 1.2.2. Hiu v cc vai tr qun tr Exchange Cng c qun tri Exchange cho php p dng nhiu mc khc nhau ca quyn qun tr i vi m hnh nhiu tng ca Exchange. Micrrosoft Exchange gii hn trc nhiu vai tr cho vic thit lp cc c quyn qun tr. Cc vai tr c gii hn trc trn u xut pht t cc khi nim vai tr ca h iu hnh Windows (v d quyn "Read" i vi mt tp l cho php ngi s dng c th c v chy tp ). 140

Cc vai tr c xc nh trc c th xem trong tin ch tr gip ca Exchange server. Trong cc vai tr c xc nh trc c nhng vai tr cha c r rng trong sng lm, ng k nht m chng ta thy l s phn bit gia vai tr "permissions admin" v vai tr "admin". Mt trong cc quyn "admin" l c kh nng thc hin vic qun tr bt c lc no trn Exchange server. H c th to hp th mi v thao tc mt s thit lp cho Exchange. Quyn ca "permission admin" bao gm tt c cc quyn trn ngoi ra cn c kh nng thay i cc quyn i vi cc i tng bn trn cng c qun tr. 1.2.3. Hiu v quyn tha k Cc quyn c th c thit lp trn tt c cc i tng khi s dng cng c qun tr ca Exchange, i vi mt t chc hay cng ty ln vi nhiu ngi s dng, y l mt cng c rt hu ch, c bit l kh nng cho php tha k cc quyn. Tuy nhin, chng ta phi hiu cc quyn c tha k nh th no khi s dng cng c qun tr Exchange m bo tnh ng n ca vic thit lp quyn. Ni chung, cc quyn hiu qu c gn cho mt ngi dng trn mt i tng l tp hp ca hai kiu quyn: Cc quyn m ngi dng c trn i tng Cc quyn c tha k t tng trn. Ch rng ngi dng ch c tha k cc quyn c thit lp trn cng i tng trn. 1.3. S qun tr thnh phn li ca Exchange Hnh di y m t cc thnh phn c bn ca Exchange server 5.0/5.5. Cc thnh phn phi hp x l thng tin t cc gi phn mm client, ng b cc my ch trong mi trng a my ch v thc thi vic qun l Exchange.
Cc thnh phn li Kho thng tin 141 H iu hnh Tc nhn truyn th

Kho danh mc

1.3.1. Kho danh mc (Directory Store) Kho danh mc ca Exchange Server cha tt c cc thng tin v v tr cn thit thc thi vic phn phi d liu, bao gm cc a ch, cc danh sch phn tn, chi tit v cc th mc cng cng cc hp th, v cc thng tin cu hnh ca mi trng Exchange. Kho danh mc cung cp mt phn vng trung tm ni m cc nh qun tr, cc user, v cc ng dng c th tra cu v thit lp cu hnh thng tin v cc i tng nh hp th ca ngi s dng. Danh mc cng sinh cc s a ch lu thng tin v cc user, nh a ch email v cc thng tin c lin quan khc. Kho danh mc cng chu trch nhim v s an ton cho cc i tng th mc nh cc hp th ca ngi dng. Kho danh mc c qun l c hai mc: mc i tng v mc server. Mc i tng LDAP l mt giao thc cho php mt client truy vn th mc Exchange ly cc thng tin lin quan n cc Exchange user. Kho danh mc thit lp mc site cho php iu khin cc thng tin c xut ra cc LDAP client trong ba kch bn: Cc yu cu nc danh Cc yu cu c xc thc Lp inter-site Vic thit lp xut ra LDAP c qun tr mc ngi dng trong cng c qun tr ca Exchange c thc hin: Chn DS Site Configuration di mc Configuration, sau chn File/Properties v chn tab "Attributes". Phi xem xt cn thn cc thuc tnh c sn cho vic xut ra LDAP, c bit l nhng thuc tnh lin quan n cc ngi dng nc danh.

142

Mc Server Vic ghi nht k chn on l mt chc nng cho php ngi qun tr ghi li cc trng thi ca cc s kin gip vic chn on cc vn h thng. Vic qun tr cc mc ghi nht k chn on kho danh mc s dng cng c qun tr ca Exchange c thc hin nh sau: Chn server cn thc hin trong mc "Servers", chn File/Properties sau chn tab "Diagnostic Logging" v chn mc MSExchangeDS. Ch rng cc i tng di y c ghi nht k mc "maximum": Giao din LDAP (LDAP Interface) S an ton (Security) C th s dng tin ch hin th s kin ca Windows (Event Viewer) xem cc s kin c ghi li. 1.3.2. Kho thng tin Kho thng tin chu trch nhim duy tr v truy nhp cc thng ip th in t phc v cho vic phc p cc yu cu ca client. Kho thng tin bao gm hai thnh phn: kho thng tin ring v kho thng tin chung. Kho thng tin ring l c s cho cc hp th ca ngi dng, bao gm cc thng ip th in t c gi t mt ngi dng ny n mt ngi dng khc. Cc hp th c th c truy nhp bi ch s hu ca n v nhng ai c cp quyn. Kho cng cng c s dng cho cc newsgroup v cc i tng khc m quyn truy nhp c xc nh rng hn. Kho thng tin cng c qun l bi b qun tr Exchange hai mc: mc i tng v mc server. Mc i tng mc i tng, ghi du th v to th mc mc cao nht c quan tm.

143

Kh nng ghi du th hng dn Exchange server to tp nht k hng ngy cho tt c cc thng ip in t c qun l bi kho thng tin. Vic ghi nht k c th c s dng theo du cc thng ip th in t truyn qua mi trng Exchange server. Cng vic ny ng mt vai tr quan trong cho s an ton ca h thng. V d, mt ngi s dng v tnh gi mt tp Word c nhim virus, ghi du th s cho php xc nh phm vi ly nhim trong cng ng ngi s dng. Mc server mc server chc nng ng nhp v ghi nht k chn on c quan tm. Khng c mt s thit lp an ton c th no lin h ti chc nng ng nhp, Chc nng ny cung cp mt phng php n gin nhm xc nh ai c ng nhp vo kho thng tin ti mt thi im c th no . xc nh ai c ng nhp vo kho thng tin ring s dng cng c qun tr ca Exchange, thc hin : Chn mc "Private Information Store" trong mc "Servers", sau chn File/Properties v tab "Logons". xc nh ai c ng nhp vo kho thng tin chung s dng cng c qun tr ca Exchange, thc hin : Chn mc "Public Information Store" trong mc "Servers", sau chn File/Properties v tab "Logons". Vic ghi nht k chn on c th c thit lp cho mt s s kin lin quan ti c kho thng tin ring v kho thng tin chung. thit lp vic ghi nht k chn on cho kho thng tin ring thng qua cng c qun tr ca Exchange: Chn mc "Private Information Store" trong mc "Servers", sau chn File/Properties v tab "Diagnostic Logging". Chn mc

144

"MSExchangeIS/Private". Ch rng vic ghi nht k i cc s kin qun tr di y c thit lp mc "maximum": Cc ng nhp iu khin truy nhp Gi thay Gi nh Ti v thit lp vic ghi nht k chn on cho kho thng tin chung thng qua cng c qun tr ca Exchange: Chn mc "Public Information Store" trong mc "Servers", sau chn File/Properties v tab "Diagnostic Logging". Chn mc "MSExchangeIS/Public". Ch rng vic ghi nht k i cc s kin qun tr di y c thit lp mc "maximum": Cc ng nhp iu khin truy nhp Gi thay Gi nh Ti v C th s dng tin ch hin th s kin ca Windows xem cc s kin oc ghi li. 1.3.3. MTA MTA c chc nng nh tuyn cc thng ip th in t gia cc my ch th in t. MTA c s dng ti thi im mt thng ip cn c gi ti mt my ch th khc. MTA c qun l c hai mc: mc i tng v mc server. Mc i tng, ghi du thng ip c thit lp thng qua cng c qun tr Exchange: Chn mc "MTA Site

145

Configuration" trong mc "Configuration", sau chn File/Properties. Ghi du thng ip c thit lp trn tab "General". Cc mc ghi nht k chn on MTA mc server c qun tr thng qua cng c qun tr ca Exchange: Chn mc MTA trong mc server tng ng, sau chn File/Properties v tab "Diagnostic Logging". 1.4. Thit lp cu hnh an ton cho dch v th in t Internet ca Exchange Phn ny s trnh by v vic thit lp cu hnh an ton cho dch v th internet (IMS - Internet Mail Service) ca Exchange. Di y l cc ni dung cn quan tm khi thit lp cu hnh IMS: Gii hn dung lng ca th: qun l dung lng ln nht ca cc thng ip n v i. Ghi du th: vic thit lp kh nng ghi du thng ip hng dn Exchange to tp nht k cho tt c cc thng ip qun l bi IMS. V hiu ho vic tr li t ng: v hiu ho vic tr li cc th c nhn thng qua IMS. Hn ch s truy nhp ngi dng: iu khin nhng user no c th hoc khng th gi ra ngi cc thng ip thng qua IMS. Chp nhn hoc t chi cc kt ni IMS: iu khin cc a ch IP m cc thng ip n t c chp nhn thit lp cu hnh IMS, u tin chn mc "Internet Mail Service" trong mc "Connetions" trong cng c qun tr Exchange, chn File/Properties v thc hin mt s cng vic chnh di y: Chn tab "General" thit lp gii hn dung lng thng ip.

146

Chn tab "Internet Mail" thit lp ghi du thng ip. T tab "Internet Mail", bm vo "Interoperability" (i vi Exchange 5.0) hoc "Advanced Options" (Exchange 5.5). Ch cc chc nng sau phi c v hiu ho Phc p ngoi vn phng (Out-of-office response) T ng tr li (Automatic Replies) Hin th tn (Display names) Chn tab "Delivery Restrictions". Thit lp cc chc nng nhm hn ch ngi dng c th hoc khng th gi th thng qua IMS. Chn tab "Internet Mail", check vo mc "Client support S/MIME signatures" nu S/MIME c s dng. 1.5. Thit lp cu hnh an ton POP3 Exchange server h tr vic s dng POP3, mt trong cc yu t an ton ca giao thc ny l xc thc ngi dng. C bn s la chn: Basic (clear text): Khi chn s la chn ny, cc mt khu s c truyn di dng r. Basic (clear text) with SSL/TLS: la chn ny tng t nh la chn th nht, nhng SSL/TLS c s dng m ho ng truyn gia client v server. Windows NT Challenge/Response: la chn ny s dng mt m m bo cc mt khu khng c truyn di dng r. Tuy nhin ch cho vic xc thc ngi dng cn tt c d liu sau khng c m ho. Windows NT Challenge/Response with SSL/TLS: tng t nh la chn th ba nhng d liu trong c phin lin lc u c m ho.

147

Ch : La chn th t c an ton cao nht cho vic truy nhp n Exchange server s dng POP3, tuy nhin n ch h tr cho cc phn mm th my trm ca hng Microsoft. thit lp vic cho php s dng cc c ch xc thc cho POP3 s dng cng c qun tr ca Exchange: Chn mc "Protocol" trong "Configuration". Chn "POP3 (Mail) Site Default" v File/Properties sau chn tab "Authentication", trn chng ta c th chn c ch xc thc thch hp. Nu s dng la chn "Basic", th phi cp quyn "bypass traverse checking" cho cc to khon dch v Exchange trn my tnh c ci Exchange Server. 1.6. Thit lp cu hnh an ton cho IMAP. Cng ging nh POP3 yu t an ton c bn ca IMAP l vic xc thc ngi dng. V cng c bn s la chn cho yu t ny: Basic (clear text): Khi chn s la chn ny, cc mt khu s c truyn di dng r. Basic (clear text) with SSL/TLS: la chn ny tng t nh la chn th nht, nhng SSL/TLS c s dng m ho ng truyn gia client v server. Windows NT Challenge/Response: la chn ny s dng mt m m bo cc mt khu khng c truyn di dng r. Tuy nhin ch cho vic xc thc ngi dng cn tt c d liu sau khng c m ho. Windows NT Challenge/Response with SSL/TLS: tng t nh la chn th ba nhng d liu trong c phin lin lc u c m ho.

148

Ch : La chn th t c an ton cao nht cho vic truy nhp n Exchange server s dng IMAP, tuy nhin n ch h tr cho cc phn mm th my trm ca hng Microsoft. thit lp vic cho php s dng cc c ch xc thc cho IMAP s dng cng c qun tr ca Exchange: Chn mc "Protocol" trong "Configuration". Chn "IMAP (Mail) Site Default" v File/Properties sau chn tab "Authentication", trn chng ta c th chn c ch xc thc thch hp. Nu s dng la chn "Basic", th phi cp quyn "bypass traverse checking" cho cc to khon dch v Exchange trn my tnh c ci Exchange Server. 1.7. Thit lp cu hnh an ton cho LDAP LDAP c s dng bi cc client truy nhp cc thng tin c lu tr trong mt thnh phn DS ca Microsoft Exchange. N cho php client c, sp xp, xo cc i tng lu trong DS . Cng nh POP3 v IMAP c ch xc thc l yu t quan trng nht ca LDAP, v cng c bn s la chn cho yu t ny: Basic (clear text): Khi chn s la chn ny, cc mt khu s c truyn di dng r. Basic (clear text) with SSL/TLS: la chn ny tng t nh la chn th nht, nhng SSL/TLS c s dng m ho ng truyn gia client v server. Windows NT Challenge/Response: la chn ny s dng mt m m bo cc mt khu khng c truyn di dng r. Tuy nhin ch cho vic xc thc ngi dng cn tt c d liu sau khng c m ho.

149

Windows NT Challenge/Response with SSL/TLS: tng t nh la chn th ba nhng d liu trong c phin lin lc u c m ho. Ch : La chn th t c an ton cao nht cho vic truy nhp n Exchange server s dng POP3, tuy nhin n ch h tr cho cc phn mm th my trm ca hng Microsoft. thit lp vic cho php s dng cc c ch xc thc cho LDAP s dng cng c qun tr ca Exchange: Chn mc "Protocol" trong "Configuration". Chn "LDAP Site Default" v File/Properties sau chn tab "Authentication", trn chng ta c th chn c ch xc thc thch hp. Nu s dng la chn "Basic", th phi cp quyn "bypass traverse checking" cho cc ti khon dch v Exchange trn my tnh c ci Exchange Server. Nu la chn "Basic", hoc "Basic with SSL/TLS", client phi ch ra trong h s ngi dng tn ti khon di cc nh dng di y thit lp mt kt ni thnh cng: dc=[domain name], cn=[account name] hoc cn=[account name], cn=[domain name] iu khin truy nhp nc danh: Chn mc "Protocol" trong "Configuration". Chn "LDAP Site Default" v File/Properties sau chn tab "Anonymous", sau quyt nh cho php hoc v hiu ho truy nhp nc danh. 1.8. Thit lp cu hnh chuyn tip th c xc thc Microsoft Exchange 5.5 Service packs 2 hoc 3 cung cp kh nng chng li bom th tun theo ti liu RFC 2505.

150

Exchange IMS cung cp hai s la chn cu hnh iu khin vic chuyn tip th v bom th: Khng nh tuyn cc th SMTP n nh tuyn th SMTP n Nu ngi s dng chn cu hnh th nht, cc i tng ph hoi khng c xc thc khng th dng Exchange server nh im chuyn tip bom th n cc t chc khc. 1.9. Thit lp cu hnh an ton truy nhp Web Exchange cung cp cho ngi dng kh nng truy nhp n hp th hoc cc th mc chung thng qua vic s dng trnh duyt Web. Truy nhp Web n Exchange c tr gip thng qua mt IIS Active Server Page (ASP). Khi s dng Web truy nhp n h thng th in t, c mt s vn lin quan n s an ton cn cn nhc. 1.9.1. Thay i cc thit lp mc nh ca h iu hnh Cc s thay i di y c yu cu khi s dng Web truy nhp n Exchange: Trn Exchange Server cho php "Authenticated Users Modify" truy nhp n tt c cc tp, th mc m Exchange Server c ci trn . Trn cc my trm, cho php "Authenticated Users Modify" truy nhp n $SystemRoot %/System32/mapisvr.inf. Bo m rng cc user c xc thc c quyn truy nhp cc b n my Exchange server 1.9.2. Xc thc Qu trnh ci t Outlook Web Access s t ng ci ASP v to th mc o tng ng trong IIS. Cu hnh ca IIS khng thuc phm vi ti liu ny, tuy nhin chng ta c th

151

lit k cc c ch xc thc c qun l bi IIS. C ba s la chn cho c ch xc thc: Cho php truy nhp nc danh: cho php ngi dng truy nhp th mc chung v danh sch truy nhp chung thng qua Web m khng cn xc thc. Xc thc c bn: ngi s dng s phi nhp mt khu v tn thc hin ng nhp (cc thng tin ny c gi di dng r). Windows NT Challenge/Response: s dng c ch xc thc ca Windows NT, ch trnh duyt IE tr gip la chn ny. Nu IIS v Exchange Server u c ci trn mt my th c th dng la chn no trn cng c. Ngc li, khng th s dng c ch xc thc Windows NT LAN Manager Challenge/Response. Tuy nhin chng ta c th s dng giao thc SSL/TLS m bo cc thng tin t client n IIS c m ho. 1.9.3. Truy nhp nc danh Truy nhp HTTP c th c qun l i vi tt c cc server mc i tng trong cng c qun tr Exchange. qun l truy nhp HTTP mc i tng, chuyn n mc "Protocols" trong "Configuration", chn "HTTP (Web) Siet Settings" v File/Properties, sau chn tab "General". cho php truy nhp nc danh n th mc chung, chn "Allow anonymous users to access the anonymous public folder" cho php truy nhp nc danh n danh sch a ch chung, chn "Allow anonymous users to browse the global address list"

152

Ph lc 2 cc ng dng v cng c cho s an ton th tn in t


2.1. Cc cng c lc ni dung th
Cng c eSafe Mail M t Kh nng Lc v qut virus C th c s dng lc th vi Microsoft Exhange, Lotus Domino, v cc my ch th da trn SMTP, bao gm c cng c qut virus Lc th http://www.webmarshal Mua Web site http://www.ealaddin.com Linux /Unix Win3 2 Gi Mua

MailMarsh al

M t

C th lm vic da trn vic qut theo cc t, cn t. Chc nng khc l kho bom th. Tng thch vi Exchange v Lotus Notes, khng c cng c qut virus lc ni dung th Lc ni dung v qut virus http://www.impsec.org/pr ocmail-security.html http://www.groupsofware.com Min ph Mua

Procmail M t SecureiQ Suite

Phn mm min ph lc ni dung th. H tr Sendmail

M t

B cng c an ton th in t trn server kim tra ni dung d trn qui tc ca cc nh v vn bn, thun tin v t ng m ho, bo v chng virus lc ni dung http://www.surfcontrol Mua

SuperSco ut M t

H tr Microsoft Exchange, Lotus Domino/Notes v cc my ch th SMTP. Khng km theo cng c chng virus

2.2. Cng c kim tra tnh ton vn tp


Cng c Kh nng Web site Linux /Unix Win3 2 Gi

153

Aide M t LANGuar d M t

Unix/Linu http://www.cs.tut.fi/aide. x html

Min ph

Cng c kim tra tnh ton vn tp cho mt s platform Unix v Linux Window sNT/200 0 L cng c pht hin xm nhp thng qua vic kim tra khi no cc tp b thay i, xo, b sung trn Windows2000/NT http://www.gfi.com/lang uard/ Min ph

Tripwire

Window

http://www.tripwiresecur com

Min ph

s, Unix, ity. M t Theo di s thay i tp, kim tra tnh ton vn,...

2.3. Cc cng c phn tch tp ghi nht k


Cng c Analog Kh nng T ng phn tch tp NK M t MELIA Cng c t ng phn tch tp nht k ca Sendmail Phn tch tp nht k M t T ng phn tch tp nht k cho Microsoft Exchange Server. Sinh hn 30 bo co khc nhau v c th c s dng vi Microsoft Access v SQL
NetTrack er

Web site http://anteater.drzoom.c om

Linux /Unix

Win3 2

Gi Min ph

http://www.pixel.com.au /media/media.html

Mua

Hu ht cc web server, mail server v h iu

http://www.sane.com/pr oducts/NetTracker/

Mua

154

hnh

M t

Cng c t ng phn tch tp nht k my ch Web v my ch th.

2.4. Cc cng c phn tch mng


Cng c Dsniff Kh nng Phn tch Unix M t Etheral B cng c phn tch mng v kim tra thm nhp.
Phn tch Unix/Win vi giao din ho

Web site http://www.monkey.org/ ~dugsong/dsniff

Linux /Unix

Win3 2

Gi Min ph

http://www.etheral.com

Min ph

M t

L phn mm phn tch giao thc mng min ph s dng cho mi trng Unix v Windows. Cho php ngi dng kim tra d liu t mt mng ang hot ng. Cho php hin th d liu c chn bt, hin th chi tit thng tin ca tng gi,.

Sniffit

Phn tch Unix

http://www.rug.ac.be/~c oder/snifit/sniffit.html http://www.symbolic.it/Pr odotti/sniffit.html (Windows)

Min ph

M t Snort

L phn mm phn tch chung min ph cho cc phin bn khacs nhau ca Linux, Windows, Unix Phn tch Linux v IDS http://www.snort.org Min ph

155

M t TCPDum p M t

L cng c phn tch chung v IDS cho cc phin bn khc nhau ca Windows, Linux, Unix. Phn tch Unix L cng c phn tch chung cho nhiu phin bn Unix v Linux. http://www-nrg.ee.lbl.gov Min ph

2.5. Cng c lit k v qut


Cng c DUMSec Kh nng Cng c lit k trn Window s M t Firewalk L chng trnh kim ton an ton cho mi trng Microsoft Windows. nh cc tc lc Filrewall M t L phn mm thc thi cng ngh ghi du nh tuyn nhm phn tch cc gi IP phc p xc nh cc b lc ACL v nh x mng. iu ny cho php Firewalk xc nh cc qui tc lc t trong cc gi nh tuyn. Nmap Qut pht hin h iu hnh M t L cng c kim ton an ton v thm d mng c m ngun m. N c thit k qut cc mng ln. http://www.insecure.org/ Min ph cng v nmap x http://www.packetfactor qui y.net/nmap/ b Min ph com Web site http://www.systemtools. Linux /Unix Win3 2 Gi Min ph

156

Solarwin d M t n

Lit k mng

http://www.solarwind.co m

Mua

L cng c khi phc, qun tr v thu thp mng http://www.foundstone.c om/ Min ph cng, pht hin h iu hnh.

SuperSca Qut

M t

Cng c nh x mng giao din ho. N c thit k cho cc mng ln, nhm xc nh my, dch v, phin bn ca dch v v phin bn ca h iu hnh no ang chy trn mng.

2.6. Cc phn mm qut virus


Cng c F-Secure Anti-Virus M t Interscan M t McAfee Anti-Virus M t Panda Antivirus M t Kh nng Qut virus Cung cp nhiu ng dng qut virus cho bc tng la, my ch th v cc my trm Qut virus http://www.datasystem.com/virus.html Mua Web site http://www.f-secure.com Linux /Unix Win3 2 Gi Mua

Cung cp nhiu ng dng qut virus cho bc tng la, my ch th v cc my trm Qut virus Cung cp nhiu ng dng qut virus cho bc tng la, my ch th v cc my trm Qut virus http://www.pandasofwar e.com Mua http://www.nai.com Mua

Cung cp nhiu ng dng qut virus cho bc tng la, my ch th v cc my trm

157

Sophos Anti-Virus M t Norton Anti-Virus M t

Qut virus

http://www.altcom.com

Mua

Cung cp nhiu ng dng qut virus cho bc tng la, my ch th v cc my trm Qut virus http://www.symatec.co m/product/ Mua

Cung cp nhiu ng dng qut virus cho bc tng la, my ch th v cc my trm

2.7. Cc cng c qut l hng


Cng c CyberCop Scanner M t ISS Internet Scanner M t Nessus M t Retina Antivirus M t SAINT M t SARA M t Cng c qut l hng mng. Qut l hng http://www.nessus.org Min ph Kh nng Qut l hng Web site http://www.pgp.com/pro duct/ Linux /Unix Win3 2 Gi Mua

Cng c qut l hng mng. Qut l hng http://www.iss.net/ Mua

Cng c qut l hng mng min ph. Qut l hng http://www.eeye.com Mua

Cng c qut l hng mng. Qut l hng http://www.wwdsi.com/s aint/ Mua

Cng c qut l hng mng. Qut l hng http://wwwarc.com/sara/ Min ph

Cng c qut l hng mng.

2.8. Cc cng c lp l hng my ch 158

Cng c
Bastille Hardennin g System

Kh nng Lp l hng Linux

Web site http://www.bastillelinux.org/

Linux /Unix

Win3 2

Gi Min ph

M t IIS Lockdow n Tool M t Microsoft Network Security Hotfix Checker M t Windows Update

Gp phn nng cao an ton cho h iu hnh Linux. Hin ti n h tr cc h iu hnh RedHat v Mandrake Lp l hng IIS http://www.micrrosoft.co m/download/ Min ph

Gip ngi qun tr lock down ISS phin bn 4.0 v 5.0 Window sNT/200 0 http://www.micrrosoft.co m/download/ Min ph

Cho php ngi qun tr nh gi tnh trng l hng ca h iu hnh Windows 2000/NT cng nh ca IIS 4.0 v 5.0 Cp nht cc phin bn ca windows http://www.micrrosoft.co m/download/ Min ph

M t

Cho php ngi qun tr qut my ch ca h tm cc cp nht c sn t Microsoft ti thi im

159

You might also like