CHNG I

TNG QUAN V BO MT H Thng Thng Tin

NN

BMHTTT

I.1 Gii thiu chung

I.1.1 M u v bo mt h thng thng tin
Gm ba hng chnh
Bo m an ton thng tin ti my ch Bo m an ton cho pha my trm Bo mt thng tin trn ng truyn

C th xem xt theo
H iu hnh v ng dng C s d liu Mng

NN

BMHTTT

Nhng yu cu v an ton
Confidentiality (s tin cy) Integrity (tnh ton vn) Authentication (chng thc) Non-repudiation (khng th t chi) Availability (sn dng) Access control (iu khin truy cp) Combined
User authentication used for access control Non-repudiation combined with authentication

NN

BMHTTT

Cc yu an ton thng tin

Nhiu yu cu mi lin quan ti bo mt h thng thng tin trn mng Ngoi phng php vt l cn cn cc k thut bo mt, chnh sch bo mt v cc gii php bo mt Phi c cc cng c h tr bo m an ton thng tin. Cc yu cu mi: Bo mt Outsourcing, bo mt h thng phn b, bo mt trong Datamining, c s d liu thng k, giao dch thng mi in t, tnh ring t, ti phm v bn quyn s
NN

BMHTTT

Attack

NN

BMHTTT

Risk

Customers

Employees
(remote workers, mobile workers)

Competitors

Business Partners

(suppliers, outsourcers, consultants) consultants

s es sin Bu tal igi D

Cy be r- c ri m e

Hackers

Employees
BMHTTT

Sensitive Data
6

Contractors Temporaries Visitors

NN

I.1.2 Nguy c v him ha

Him ha v tnh: khi ngi dng khi ng li h thng ch c quyn, h c th ty chnh sa h thng. Nhng sau khi hon thnh cng vic h khng chuyn h thng sang ch thng thng, v tnh k xu li dng. Him ha c : nh c tnh truy nhp h thng tri php. Him ha th ng: l him ha nhng cha hoc khng tc ng trc tip ln h thng, nh nghe trm cc gi tin trn ng truyn. Him ha ch ng: l vic sa i thng tin, thay i tnh trng hoc hot ng ca h thng
NN

BMHTTT

Nguyn nhn
T pha ngi s dng: xm nhp bt hp php, n cp ti sn c gi tr. Trong quan trng nht l nhng ngi dng ni b Kin trc h thng thng tin: t chc h thng k thut khng c cu trc hoc khng mnh bo v thng tin. Chnh sch bo mt an ton thng tin: khng chp hnh cc chun an ton, khng xc nh r cc quyn trong vn hnh h thng.

NN

BMHTTT

M t s v d
Tin tc, t pha bn ti phm, dng cc k thut v cc cng c: phn mm gin ip, b kha, cc phn mm tn cng, khai thc thng tin, l hng bo mt, theo di qua vai Hng sn xut ci sn cc loi 'rp' in t theo nh trc Nhng chng trnh ng dng cha ng nhng nguy hi tim n: ca sau, gin ip

NN

BMHTTT

Internet Scanner

Notebook

Notebook Notebook

Access Port
iPaq

Switch Firewall Access Port

1. Finds the Holes 2. Finds Rogue Access Points or Devices

Main Corporate Backbone

NN

BMHTTT

10

Tn cng d liu

NN

BMHTTT

11

I.1.3 Phn loi tn cng mng Tn cng gi mo: l mt thc th tn cng gi danh mt thc th khc. Tn cng gi mo thng c kt hp vi cc dng tn cng khc nh tn cng chuyn tip v tn cng sa i thng bo. Tn cng chuyn tip: xy ra khi mt thng bo, hoc mt phn thng bo c gi nhiu ln, gy ra cc tc ng tiu cc. Tn cng sa i thng bo: xy ra khi ni dung ca mt thng bo b sa i nhng khng b pht hin.
NN

BMHTTT

12

Phn loi tn cng mng (tt) Tn cng t chi dch v: xy ra khi mt thc th khng thc hin chc nng ca mnh, gy cn tr cho cc thc th khc thc hin chc nng ca chng. Tn cng t bn trong h thng: xy ra khi ngi dng hp php c tnh hoc v can thip h thng tri php.

NN

BMHTTT

13

Tn cng b ng/ch ng Tn cng b ng: do thm, theo di ng truyn :

Nhn c ni dung bn tin hoc Theo di lung truyn tin

Tn cng ch ng: thay i lung d liu :

Gi mo mt ngi no . Lp li bn tin trc Thay i bn tin khi truyn T chi dch v.
NN

BMHTTT

14

Security Attacks
Passive threats

Release of message contents

Traffic analysis

eavesdropping (nghe ln), monitoring transmissions

NN

BMHTTT

15

Passive Attacks

NN

BMHTTT

16

Passive Attacks

NN

BMHTTT

17

Active Attacks
Active threats

Masquerade (la di)

Replay

Modification of message contents

Denial of service

some modification of the data stream

NN

BMHTTT

18

Active Attacks

NN

BMHTTT

19

Active Attacks

NN

BMHTTT

20

I.2 Ba kha cnh ca an ton thng tin

Bo v tn cng C ch an ton Dch v an ton Gii php an ton

NN

BMHTTT

21

Bo v tn cng Bo v tn cng nhm mc ch An ton thng tin, cch thc chng li tn cng vo h thng thng tin hoc pht hin ra chng. Cn tp trung chng mt s kiu tn cng: th ng v ch ng.

NN

BMHTTT

22

Cc c ch an ton Cc c ch an ninh khc nhau c thit k pht hin, bo v hoc khi phc do tn cng ph hoi. Khng c c ch n l no p ng c mi chc nng yu cu ca cng tc an ninh. Tuy nhin c mt thnh phn c bit nm trong mi c ch an ton l: k thut m ho.

NN

BMHTTT

23

Cc dch v an ton C th dng mt hay nhiu c ch an ton cung cp dch v. Ngi ta thng dng cc bin php tng t nh trong th gii thc: ch k, cng chng, bn quyn

NN

BMHTTT

24

Mt s lu v bo mt Nhng e da thng do m rng knh thng tin Xem xt h thng trong mi quan h vi mi trng K thut bo mt phi chng t c kh nng bo v tt h thng (logic authentication)

NN

BMHTTT

25

Mi e do trong thng tin client-server

replayer

DoOperation o (wait) o (continue)

Request messages Replay messages Eaves dropping

GetRequest execute request SendReplay

Client imposter

GetRequest execute request SendReplay

BMHTTT

DoOperation o (wait) o (continue)

server imposter

NN

26

Nhng i hi v thng tin client-server

Knh thng tin phi an ton trnh vic chen vo mng. Server phi nhn dng c client Client phi nhn dng c server Phi xc nh c ngi l ch tht s ca message v message khng khng h c s thay i (c th nh vo t chc th ba)
NN

BMHTTT

27

I.3 M hnh an ton mng

Kin trc an ton ca h thng truyn thng m OSI B phn chun ha tiu chun ca t chc truyn thng quc t (International Telecommunication Union) ra Kin trc an ninh X800 dnh cho h thng trao i thng tin m OSI X800 l dch v cung cp nhm m bo an ton thng tin thit yu v vic truyn d liu ca h thng RFC 2828 nu nh ngha c th hn: dch v an ton l dch v trao i v x l, cung cp cho h thng nhng bo v c bit cho cc thng tin ngun
BMHTTT 28

NN

nh ngha dch v theo X800 Xc thc: tin tng l thc th trao i ng l thc th tuyn b. Ngi ang trao i vi mnh ng nh tn ca anh ta, khng cho php ngi khc mo danh. Quyn truy cp: ngn cm vic s dng ngun thng tin khng khng c php. Mi i tng trong h thng c cung cp cc quyn nht nh v ch c hnh ng trong khun kh cc quyn c cp. Bo mt d liu: bo m d liu khng b khm ph bi ngi khng c quyn.
NN

BMHTTT

29

nh ngha dch v theo X800

Ton vn d liu: d liu c gi t ngi c quyn. Nu c thay i nh lm tr hon v mt thi gian hay sa i thng tin, th xc thc s cho cch kim tra nhn bit l c cc hin tng xy ra. Khng t chi: chng li vic ph nhn ca tng thnh vin tham gia trao i. Ngi gi khng th chi b l mnh gi thng tin vi ni dung nh vy v ngi nhn cng khng th ni di l ti cha nhn c thng tin .
NN

BMHTTT

30

C ch an ton theo X800 C ch an ton chuyn dng c ci t trong mt giao thc ca mt tng chuyn vn: m ho, ch k in t, quyn truy cp, ton vn d liu, trao i c php, m truyn, kim sot nh hng, cng chng. C ch an ton thng dng khng ch r vic s dng cho giao thc trn tng no hoc dch v an ninh c th no: chc nng tin cy, nhn an ton, pht hin s kin, ln vt vt an ton, khi phc an ton.
NN

BMHTTT

31

M hnh truy cp mng an ton

NN

BMHTTT

32

I.4 Bo mt thng tin trong h c s d liu

Cc h c s d liu (CSDL) ngy nay nh Oracle, SQL Server, DB2 u c sn cc cng c bo v tiu chun nh h thng nh danh v kim sot truy xut. Tuy nhin, cc bin php bo v ny hu nh khng c tc dng trc cc tn cng t bn trong.

NN

BMHTTT

33

The Landscape
Transaction Data

Data Security and Compliance

Data In Motion
Employees (Honest & Rogue)

Direct Database Access Access via Applications Web applications Web services

Outgoing communications Internal communications Databases and documents Monitoring and enforcement

Data At Rest
Data classification Device control Content control Application control

Tr Ap ans pli act ca ion t io ns

Co mm Ch uni an ca ne tio ls n
Accidental, Intentional and Malicious Leaks

Da t ( a

Da tab as es
Employees (Honest & Rogue)

S En erve d p rs oin , ts
BMHTTT

SA S N a to nd ra NA ge S)

Customers & Criminals

Employees (Honest & Rogue)

NN

34

Bo mt da vo tng CSDL trung gian Mt CSDL trung gian c xy dng gia ng dng v CSDL gc. CSDL trung gian ny c vai tr m ha d liu trc khi cp nht vo CSDL gc, ng thi gii m d liu trc khi cung cp cho ng dng. CSDL trung gian ng thi cung cp thm cc chc nng qun l kha, xc thc ngi dng v cp php truy cp. Gii php ny cho php to thm nhiu chc nng v bo mt cho CSDL. Tuy nhin, m hnh CSDL trung gian i hi xy dng mt ng dng CSDL ti to tt c cc chc nng ca CSDL gc.
NN

BMHTTT

35

Bo mt da vo tng CSDL trung gian

NN

BMHTTT

36

M hnh bng o
Ngoi cc quyn c bn do CSDL cung cp, hai quyn truy cp:
Ngi s dng ch c quyn c d liu dng m ha. Quyn ny ph hp vi nhng i tng cn qun l CSDL m khng cn c ni dung d liu. Ngi s dng c quyn c d liu dng gii m.

NN

BMHTTT

37

Kin trc mt h bo mt CSDL

NN

BMHTTT

38

H bo mt CSDL
Trigger: c s dng ly d liu n t cc cu lnh INSERT, UPDATE ( m ha). View: cc view c s dng ly d liu n t cc cu lnh SELECT ( gii m). Extended Stored Procedures: c gi t cc Trigger hoc View dng kch hot cc dch v c cung cp bi Modulo DBPEM t trong mi trng ca h qun tri CSDL. DBPEM (Database Policy Enforcing Modulo): cung cp cc dch v m ha/gii m d liu gi n t cc Extended Stored Procedures v thc hin vic kim tra quyn truy xut ca ngi dng (da trn cc chnh sch bo mt c lu tr trong CSDL v quyn bo mt).
BMHTTT 39

NN

H bo mt CSDL
Security Database: lu tr cc chnh sch bo mt v cc kha gii m. Xu hng ngy nay thng l lu tr CSDL v bo mt ny trong Active Directory (mt CSDL dng th mc lu tr tt c thng tin v h thng mng). Security Services: ch yu thc hin vic bo v cc kha gii m c lu trong CSDL bo mt. Management Console: dng cp nht thng tin lu trong CSDL bo mt (ch yu l son tho cc chnh sch bo mt) v thc hin thao tc bo v mt trng no trong CSDL m bo ti a tnh bo mt, thng tin c trao i.
NN

BMHTTT

40

Ecommerce Architecture
Internet

Router

Application Firewall

Firewall DMZ Web Front-End Application Server

Firewall

Database Firewall
41

Encryption Appliance

Database Back-End

NN

BMHTTT

Nhng tr ngi cho Database Security

NN

BMHTTT

42

An ton CSDL Authentication

Who is it?

Authorization (s cp quyn)
Who can do it?

Encryption
Who can see it?

Audit (kim tra, kim ton)

Who did it?
NN

BMHTTT

43

DB2

NN

BMHTTT

44

Kim tra sau khi tn cng

You have discovered you have been attacked Now what??? Need to collect as much data about attack as possible When did it occur How did it occur Where did it come from Databases write auditing data in numerous locations Collect all those locations into a single repository Correlate events to get a better picture of what happened

NN

BMHTTT

45

I.5 h thng tin cy

Kim sot truy cp H thng xc nh c nh danh nh ngi s dng, xc nh cc ngun gc no n c th truy cp. M hnh tng qut l ma trn truy cp vi
Ch th - thc th ch ng (ngi s dng, qu trnh) i tng - thc th b ng (file hoc ngun) Quyn truy cp cch m i tng c truy cp

C th c phn tch bi
Cc ct nh danh sch kim sot truy cp Cc hng nh cc th v kh nng
NN

BMHTTT

46

Cu trc iu khin truy cp

NN

BMHTTT

47

Cc h thng tin cy
Phn loi: unclassified (U), confidential (C), secret (S), top secret (TS) H thng an ton a mc
No read up: ch c th c nhng i tng t hay bng vi quyn c truy cp No write down: ch c th vit nhng i tng nhiu hay bng vi quyn c truy cp

Thuc tnh reference monitor (policy):

Phin hp y (Complete mediation) C lp (Isolation) C th kim tra (Verifiability)

H thng an ton phi tha cc tnh cht trn

NN

BMHTTT

48

Reference Monitor

NN

BMHTTT

49

Phng chng Trojan

NN

BMHTTT

50

I.6 Phn mm c hi I.6.1 Virus v cc chng trnh xm hi I.6.2 Antivirus I.6.3 Tn cng t chi dch v

NN

BMHTTT

51

I.6.1 Virus v cc chng trnh xm hi

Thut ng

NN

BMHTTT

52

Virus
4 giai on
Nm im - ch s kin kch hot Lan truyn lp sinh ra chng trnh/a Kch hot - bi s kin thc hin b ti Thc hin b ti

Cu trc
NN

BMHTTT

53

Virus nn

NN

BMHTTT

54

Cc kiu Virus C th phn loi da trn kiu tn cng

Virus c tr b nh Virus sector khi ng Virus Ln lt: n mnh trc cc chng trnh AV Virus nhiu hnh thi (Polymorphic, khng dng signature c): thay i cch nhim Virus bin ho (Metamorphic): Vit li chnh n, gia tng vic kh nhn din, thay i hnh vi v s xut hin

NN

BMHTTT

55

Tm hiu thm v virus

polymorphic virus:
Nhn i nhng c nhng mu bit khc nhau. Hon v cc lnh tha hay cc lnh c lp To ra phn m ha cho phn cn li, kha m ha s thay i ngu nhin khi nghim vo chng trnh khc

virus-creation toolkit

NN

BMHTTT

56

Marco Virus Gia thp nin 90 Nhim MS WORD/Excel v nhng phn mm h tr Macro nhim vo ti liu Macro virus thng pht tn da vo email

NN

BMHTTT

57

Virus email y l loi virus lan truyn khi m file nh km cha marco virus (Melissa).
Virus gi chnh n ti nhng ngi dng trong mail list Thc hin ph hoi cc b

Cui 1999 nhng virus ny c th hot ng khi ngi dng ch cn m email

NN

BMHTTT

58

Cc chng trnh xm hi C 2 loi

Da vo cc chng trnh khc: Virus, logic bomb v backdoor Chng trnh c lp: Worm and zombie

Tin trnh
Hot ng da vo trigger To bn copy

NN

BMHTTT

59

Ca sau (Backdoor) im vo chng trnh b mt, cho php nhng ngi bit truy cp m khng cn cc th tc thng thng. Nhng ngi pht trin thng dng pht trin v kim tra chng trnh Backdoor xut pht t tng ca nhng ngi pht trin game Rt kh ngn chn trong h iu hnh, i hi s pht trin v cp nht phn mm tt.
NN

BMHTTT

60

Bom logic y l mt trong nhng phn mm c hi kiu c, code c nhng trong chng trnh hp php. N c kch hot khi gp iu kin xc nh
C mt hoc vng mt mt s file Ngy thng/thi gian c th Ngi s dng no

Khi c kch hot thng thng n lm hng h thng

Bin i/xo file/a, lm dng my,
BMHTTT 61
NN

Nga thnh T roa (Trojan horse) L chng trnh c th hon thnh nhng hot ng gin tip m nhng ngi khng c quyn khng th thc hin trc tip C th gi dng cc chng trnh tin ch, cc chng trnh ng dng, n c th thay i hoc ph hy d liu C th mt trnh bin dch insert thm m vo ng dng login cho php ngi vit c th login vo h thng vi 1 PWD c bit
NN

BMHTTT

62

Zombie
y l chng trnh b mt iu khin my tnh khc trn mng S dng cc my tnh b nhim m khng b nghi ng tin hnh cc tn cng. Rt kh nhn ra ngi to ra Zombie Thng thng s dng khi ng tn cng t chi cc dch v phn tn (Ddos). N c th s dng hng trm my tnh b nhim lm trn ngp vic di chuyn thng tin trn Internet (traffic)

NN

BMHTTT

63

Su (Worm)
Tng t nh virus email nhng n t ng lan truyn Khi trong h thng n hot ng nh virus N c th lan truyn bng
Email Thc thi t xa Login t xa

N c cc giai on nh virus, trong giai on lan truyn c thc hin

Tm nhim cc h thng khc da vo host table hay remote system address Thit lp connect Copy ti h thng t xa v kch hot bn copy
64

NN

BMHTTT

Su Morrris
Su Morris l su c to bi Robert Morris vo 1988, nhm ti cc h thng Unix. i vi mi host c khm ph n thc hin
Crack file PWD Pht hin PWD v ID bng chng trnh crack m c th
Tn ngi dng v han v n gin Danh sch pwd c sn (432) Tt c nhng t trong th muc h thng cc b

Khm ph li ca giao thc m cho bit ni ca ngi dng t xa Khm ph ca sau trong chn la debug ca qu trnh remote m nhn v gi mail
NN

BMHTTT

65

Su Morrris Nu mt trong nhng cch trn thnh cng

N t c vic truyn thng vi b phin dch ln h iu hnh Gi mt chng trnh t pht trin ngn (boostrap) Thc thi chng trnh Log off Chng trnh boostrap gi chng trnh cha v download phn cn li ca worm

NN

BMHTTT

66

Tn cng ca su ng thi
Code Red 7-2001 Da vo l hng trong Microsoft Internet Information Server (IIS) Disable system file checker Thm d random IP address vn ti nhng host khc Tn cng denial-of-service N tm hon v hot ng theo mt khong thi gian Trong ln sng tn cng th 2, n nhim 360.000 server trong 14 gi Code Red II Bin th tn cng IIS, ci t Backdoor
NN

BMHTTT

67

Nimda Cui 2001 K thut

client to client qua e-mail client to client qua network share Web server to client qua duyt Web client to Web server qua duyt th mc Microsoft IIS 4.0 / 5.0 client to Web server qua backdoor

Thay i file Web v nhng file thc thi

NN

BMHTTT

68

SQL Slammer Su SQL Slammer u nm 2003 Li trn b m ca Microsoft SQL server Su Sobig.f Khai thc open proxy server to ng c spam t nhng my tnh nhim Mydoom 2004 Ci t backdoor, to ra mt lng email khng l
BMHTTT 69

NN

K thut to su Chy trn nhiu platform Khai thc nhiu phng tin: Web servers, browsers, e-mail, file sharing, v nhng ng dng mng Phn b cc nhanh a hnh (Polymorphic) Bin ha (Metamorphic) Transport vehicles Khia thc Zero-day
NN

BMHTTT

70

I.6.2 Antivirus
Cc bc
Pht hin virus nhim trong h thng nh danh loi virus nhim Loi b khi phc h thng v trng thi sch

Th h
First generation: simple scanners Second generation: heuristic scanners Third generation: activity traps Fourth generation: full-featured protection

NN

BMHTTT

71

Cc Th h antivirus
Th h th 1
Qut du hiu (signature) virus di chng trnh

Th h th 2
Heuristic. Kim tra checksum, dng hm hash m ha (ngoi chng trnh)

Th h th 3
Chng trnh thng tr kim tra hot ng

Th h th 4
ng gi cc k thut
iu khin truy cp (khng cho php virus update file)
NN

BMHTTT

72

K thut chng Virus nng cao Gii m ging loi

S dng m phng CPU Quyt ch k virus Module kim tra hot ng

NN

BMHTTT

73

H min dch s (Digital Immune System)

NN

BMHTTT

74

H thng min dch s (IBM) Hot ng

Chng trnh theo di trn mi my, pht hin du hiu th chuyn my qun tr trung tm My qun tr m ha v gi n trung tm phn tch Trung tm phn tch ra cch nhn dng v remove Gi m t tr li my qun tr My qun tr chuyn ti client Update
NN

BMHTTT

75

Phn mm ngn chn hnh vi

Cc phn mm ny c tch hp vi h iu hnh ca my ch. Chng trnh theo di cc hnh vi trong thi gian thc
Chng hn truy cp file, nh dng a, cc ch thc hin, thay i tham s h thng, truy cp mng

C u im so vi qut, nhng code c hi c th chy trc khi pht hin.

NN

BMHTTT

76

I.6.3 Phng chng Tn cng t chi dch v Tn cng t chi dch v Tn cng t chi dch v t xa (DDoS) to thnh e da ng k, lm cho h thng tr nn khng sn sng, lm trn bi s vn chuyn v ch. V d Tn cng ti nguyn ni (tn cng ng b)
Nhiu host giao tip vi mt my ch cn tn cng Gi TCP/IP SYN (synchronize/initialization) vi a ch gi

Tiu th ti nguyn truyn d liu

iu khin nhiu my yu cu ICMP ECHO vi a ch gi Nhn request v gi echo rely
NN

BMHTTT

77

Tn cng t chi dch v

NN

BMHTTT

78

Mt s cch tn cng
Trong nhiu h thng nhng ti nguyn d liu rt hn ch: process identifiers, process table entries, process slots K xm nhp c th vit nhng chng trnh lp to ra nhiu copy tiu th ti nguyn ny K xm nhp c tiu th khng gian a
Message mail To nhng li m c log Ghi nhng file trong vng anonymous ftp hay vng chia s
NN

BMHTTT

79

Cc hnh thc tn cng

NN

BMHTTT

80

Xy dng mng tn cng

Phn mm zoobie phi chy trn mt s ln my, giu s tn ti ca n, thng tin vi my ch, c nhiu trigger thc hin tn cng ti my ch Tn cng mt s ln h thng d xm nhp Chin lc sp t da vo scan
Random Hit-list: danh sch my d b xm nhp Topological: dng thng tin trong my b nhim Local subnet: sau fireware

NN

BMHTTT

81

Phng chng tn cng DOS Ngn nga: chnh sch tiu th ti nguyn, backup ti nguyn, iu chnh h thng v giao thc Pht hin tn cng v lc: da vo mu hnh vi Xc nh v ln vt

NN

BMHTTT

82