Professional Documents
Culture Documents
NN
BMHTTT
C th xem xt theo
H iu hnh v ng dng C s d liu Mng
NN
BMHTTT
Nhng yu cu v an ton
Confidentiality (s tin cy) Integrity (tnh ton vn) Authentication (chng thc) Non-repudiation (khng th t chi) Availability (sn dng) Access control (iu khin truy cp) Combined
User authentication used for access control Non-repudiation combined with authentication
NN
BMHTTT
BMHTTT
Attack
NN
BMHTTT
Risk
Customers
Employees
(remote workers, mobile workers)
Competitors
Business Partners
Cy be r- c ri m e
Hackers
Employees
BMHTTT
Sensitive Data
6
NN
BMHTTT
Nguyn nhn
T pha ngi s dng: xm nhp bt hp php, n cp ti sn c gi tr. Trong quan trng nht l nhng ngi dng ni b Kin trc h thng thng tin: t chc h thng k thut khng c cu trc hoc khng mnh bo v thng tin. Chnh sch bo mt an ton thng tin: khng chp hnh cc chun an ton, khng xc nh r cc quyn trong vn hnh h thng.
NN
BMHTTT
M t s v d
Tin tc, t pha bn ti phm, dng cc k thut v cc cng c: phn mm gin ip, b kha, cc phn mm tn cng, khai thc thng tin, l hng bo mt, theo di qua vai Hng sn xut ci sn cc loi 'rp' in t theo nh trc Nhng chng trnh ng dng cha ng nhng nguy hi tim n: ca sau, gin ip
NN
BMHTTT
Internet Scanner
Notebook
Notebook Notebook
Access Port
iPaq
NN
BMHTTT
10
Tn cng d liu
NN
BMHTTT
11
I.1.3 Phn loi tn cng mng Tn cng gi mo: l mt thc th tn cng gi danh mt thc th khc. Tn cng gi mo thng c kt hp vi cc dng tn cng khc nh tn cng chuyn tip v tn cng sa i thng bo. Tn cng chuyn tip: xy ra khi mt thng bo, hoc mt phn thng bo c gi nhiu ln, gy ra cc tc ng tiu cc. Tn cng sa i thng bo: xy ra khi ni dung ca mt thng bo b sa i nhng khng b pht hin.
NN
BMHTTT
12
Phn loi tn cng mng (tt) Tn cng t chi dch v: xy ra khi mt thc th khng thc hin chc nng ca mnh, gy cn tr cho cc thc th khc thc hin chc nng ca chng. Tn cng t bn trong h thng: xy ra khi ngi dng hp php c tnh hoc v can thip h thng tri php.
NN
BMHTTT
13
BMHTTT
14
Security Attacks
Passive threats
Traffic analysis
NN
BMHTTT
15
Passive Attacks
NN
BMHTTT
16
Passive Attacks
NN
BMHTTT
17
Active Attacks
Active threats
Replay
Denial of service
NN
BMHTTT
18
Active Attacks
NN
BMHTTT
19
Active Attacks
NN
BMHTTT
20
NN
BMHTTT
21
Bo v tn cng Bo v tn cng nhm mc ch An ton thng tin, cch thc chng li tn cng vo h thng thng tin hoc pht hin ra chng. Cn tp trung chng mt s kiu tn cng: th ng v ch ng.
NN
BMHTTT
22
Cc c ch an ton Cc c ch an ninh khc nhau c thit k pht hin, bo v hoc khi phc do tn cng ph hoi. Khng c c ch n l no p ng c mi chc nng yu cu ca cng tc an ninh. Tuy nhin c mt thnh phn c bit nm trong mi c ch an ton l: k thut m ho.
NN
BMHTTT
23
Cc dch v an ton C th dng mt hay nhiu c ch an ton cung cp dch v. Ngi ta thng dng cc bin php tng t nh trong th gii thc: ch k, cng chng, bn quyn
NN
BMHTTT
24
Mt s lu v bo mt Nhng e da thng do m rng knh thng tin Xem xt h thng trong mi quan h vi mi trng K thut bo mt phi chng t c kh nng bo v tt h thng (logic authentication)
NN
BMHTTT
25
Client imposter
BMHTTT
server imposter
NN
26
Knh thng tin phi an ton trnh vic chen vo mng. Server phi nhn dng c client Client phi nhn dng c server Phi xc nh c ngi l ch tht s ca message v message khng khng h c s thay i (c th nh vo t chc th ba)
NN
BMHTTT
27
NN
nh ngha dch v theo X800 Xc thc: tin tng l thc th trao i ng l thc th tuyn b. Ngi ang trao i vi mnh ng nh tn ca anh ta, khng cho php ngi khc mo danh. Quyn truy cp: ngn cm vic s dng ngun thng tin khng khng c php. Mi i tng trong h thng c cung cp cc quyn nht nh v ch c hnh ng trong khun kh cc quyn c cp. Bo mt d liu: bo m d liu khng b khm ph bi ngi khng c quyn.
NN
BMHTTT
29
BMHTTT
30
C ch an ton theo X800 C ch an ton chuyn dng c ci t trong mt giao thc ca mt tng chuyn vn: m ho, ch k in t, quyn truy cp, ton vn d liu, trao i c php, m truyn, kim sot nh hng, cng chng. C ch an ton thng dng khng ch r vic s dng cho giao thc trn tng no hoc dch v an ninh c th no: chc nng tin cy, nhn an ton, pht hin s kin, ln vt vt an ton, khi phc an ton.
NN
BMHTTT
31
NN
BMHTTT
32
Cc h c s d liu (CSDL) ngy nay nh Oracle, SQL Server, DB2 u c sn cc cng c bo v tiu chun nh h thng nh danh v kim sot truy xut. Tuy nhin, cc bin php bo v ny hu nh khng c tc dng trc cc tn cng t bn trong.
NN
BMHTTT
33
The Landscape
Transaction Data
Data In Motion
Employees (Honest & Rogue)
Direct Database Access Access via Applications Web applications Web services
Outgoing communications Internal communications Databases and documents Monitoring and enforcement
Data At Rest
Data classification Device control Content control Application control
Co mm Ch uni an ca ne tio ls n
Accidental, Intentional and Malicious Leaks
Da t ( a
Da tab as es
Employees (Honest & Rogue)
S En erve d p rs oin , ts
BMHTTT
SA S N a to nd ra NA ge S)
NN
34
Bo mt da vo tng CSDL trung gian Mt CSDL trung gian c xy dng gia ng dng v CSDL gc. CSDL trung gian ny c vai tr m ha d liu trc khi cp nht vo CSDL gc, ng thi gii m d liu trc khi cung cp cho ng dng. CSDL trung gian ng thi cung cp thm cc chc nng qun l kha, xc thc ngi dng v cp php truy cp. Gii php ny cho php to thm nhiu chc nng v bo mt cho CSDL. Tuy nhin, m hnh CSDL trung gian i hi xy dng mt ng dng CSDL ti to tt c cc chc nng ca CSDL gc.
NN
BMHTTT
35
NN
BMHTTT
36
M hnh bng o
Ngoi cc quyn c bn do CSDL cung cp, hai quyn truy cp:
Ngi s dng ch c quyn c d liu dng m ha. Quyn ny ph hp vi nhng i tng cn qun l CSDL m khng cn c ni dung d liu. Ngi s dng c quyn c d liu dng gii m.
NN
BMHTTT
37
NN
BMHTTT
38
H bo mt CSDL
Trigger: c s dng ly d liu n t cc cu lnh INSERT, UPDATE ( m ha). View: cc view c s dng ly d liu n t cc cu lnh SELECT ( gii m). Extended Stored Procedures: c gi t cc Trigger hoc View dng kch hot cc dch v c cung cp bi Modulo DBPEM t trong mi trng ca h qun tri CSDL. DBPEM (Database Policy Enforcing Modulo): cung cp cc dch v m ha/gii m d liu gi n t cc Extended Stored Procedures v thc hin vic kim tra quyn truy xut ca ngi dng (da trn cc chnh sch bo mt c lu tr trong CSDL v quyn bo mt).
BMHTTT 39
NN
H bo mt CSDL
Security Database: lu tr cc chnh sch bo mt v cc kha gii m. Xu hng ngy nay thng l lu tr CSDL v bo mt ny trong Active Directory (mt CSDL dng th mc lu tr tt c thng tin v h thng mng). Security Services: ch yu thc hin vic bo v cc kha gii m c lu trong CSDL bo mt. Management Console: dng cp nht thng tin lu trong CSDL bo mt (ch yu l son tho cc chnh sch bo mt) v thc hin thao tc bo v mt trng no trong CSDL m bo ti a tnh bo mt, thng tin c trao i.
NN
BMHTTT
40
Ecommerce Architecture
Internet
Router
Application Firewall
Firewall
Database Firewall
41
Encryption Appliance
Database Back-End
NN
BMHTTT
NN
BMHTTT
42
Authorization (s cp quyn)
Who can do it?
Encryption
Who can see it?
BMHTTT
43
DB2
NN
BMHTTT
44
You have discovered you have been attacked Now what??? Need to collect as much data about attack as possible When did it occur How did it occur Where did it come from Databases write auditing data in numerous locations Collect all those locations into a single repository Correlate events to get a better picture of what happened
NN
BMHTTT
45
C th c phn tch bi
Cc ct nh danh sch kim sot truy cp Cc hng nh cc th v kh nng
NN
BMHTTT
46
NN
BMHTTT
47
Cc h thng tin cy
Phn loi: unclassified (U), confidential (C), secret (S), top secret (TS) H thng an ton a mc
No read up: ch c th c nhng i tng t hay bng vi quyn c truy cp No write down: ch c th vit nhng i tng nhiu hay bng vi quyn c truy cp
BMHTTT
48
Reference Monitor
NN
BMHTTT
49
NN
BMHTTT
50
I.6 Phn mm c hi I.6.1 Virus v cc chng trnh xm hi I.6.2 Antivirus I.6.3 Tn cng t chi dch v
NN
BMHTTT
51
Thut ng
NN
BMHTTT
52
Virus
4 giai on
Nm im - ch s kin kch hot Lan truyn lp sinh ra chng trnh/a Kch hot - bi s kin thc hin b ti Thc hin b ti
Cu trc
NN
BMHTTT
53
Virus nn
NN
BMHTTT
54
NN
BMHTTT
55
virus-creation toolkit
NN
BMHTTT
56
Marco Virus Gia thp nin 90 Nhim MS WORD/Excel v nhng phn mm h tr Macro nhim vo ti liu Macro virus thng pht tn da vo email
NN
BMHTTT
57
Virus email y l loi virus lan truyn khi m file nh km cha marco virus (Melissa).
Virus gi chnh n ti nhng ngi dng trong mail list Thc hin ph hoi cc b
NN
BMHTTT
58
Tin trnh
Hot ng da vo trigger To bn copy
NN
BMHTTT
59
Ca sau (Backdoor) im vo chng trnh b mt, cho php nhng ngi bit truy cp m khng cn cc th tc thng thng. Nhng ngi pht trin thng dng pht trin v kim tra chng trnh Backdoor xut pht t tng ca nhng ngi pht trin game Rt kh ngn chn trong h iu hnh, i hi s pht trin v cp nht phn mm tt.
NN
BMHTTT
60
Bom logic y l mt trong nhng phn mm c hi kiu c, code c nhng trong chng trnh hp php. N c kch hot khi gp iu kin xc nh
C mt hoc vng mt mt s file Ngy thng/thi gian c th Ngi s dng no
Nga thnh T roa (Trojan horse) L chng trnh c th hon thnh nhng hot ng gin tip m nhng ngi khng c quyn khng th thc hin trc tip C th gi dng cc chng trnh tin ch, cc chng trnh ng dng, n c th thay i hoc ph hy d liu C th mt trnh bin dch insert thm m vo ng dng login cho php ngi vit c th login vo h thng vi 1 PWD c bit
NN
BMHTTT
62
Zombie
y l chng trnh b mt iu khin my tnh khc trn mng S dng cc my tnh b nhim m khng b nghi ng tin hnh cc tn cng. Rt kh nhn ra ngi to ra Zombie Thng thng s dng khi ng tn cng t chi cc dch v phn tn (Ddos). N c th s dng hng trm my tnh b nhim lm trn ngp vic di chuyn thng tin trn Internet (traffic)
NN
BMHTTT
63
Su (Worm)
Tng t nh virus email nhng n t ng lan truyn Khi trong h thng n hot ng nh virus N c th lan truyn bng
Email Thc thi t xa Login t xa
NN
BMHTTT
Su Morrris
Su Morris l su c to bi Robert Morris vo 1988, nhm ti cc h thng Unix. i vi mi host c khm ph n thc hin
Crack file PWD Pht hin PWD v ID bng chng trnh crack m c th
Tn ngi dng v han v n gin Danh sch pwd c sn (432) Tt c nhng t trong th muc h thng cc b
Khm ph li ca giao thc m cho bit ni ca ngi dng t xa Khm ph ca sau trong chn la debug ca qu trnh remote m nhn v gi mail
NN
BMHTTT
65
NN
BMHTTT
66
Tn cng ca su ng thi
Code Red 7-2001 Da vo l hng trong Microsoft Internet Information Server (IIS) Disable system file checker Thm d random IP address vn ti nhng host khc Tn cng denial-of-service N tm hon v hot ng theo mt khong thi gian Trong ln sng tn cng th 2, n nhim 360.000 server trong 14 gi Code Red II Bin th tn cng IIS, ci t Backdoor
NN
BMHTTT
67
BMHTTT
68
SQL Slammer Su SQL Slammer u nm 2003 Li trn b m ca Microsoft SQL server Su Sobig.f Khai thc open proxy server to ng c spam t nhng my tnh nhim Mydoom 2004 Ci t backdoor, to ra mt lng email khng l
BMHTTT 69
NN
K thut to su Chy trn nhiu platform Khai thc nhiu phng tin: Web servers, browsers, e-mail, file sharing, v nhng ng dng mng Phn b cc nhanh a hnh (Polymorphic) Bin ha (Metamorphic) Transport vehicles Khia thc Zero-day
NN
BMHTTT
70
I.6.2 Antivirus
Cc bc
Pht hin virus nhim trong h thng nh danh loi virus nhim Loi b khi phc h thng v trng thi sch
Th h
First generation: simple scanners Second generation: heuristic scanners Third generation: activity traps Fourth generation: full-featured protection
NN
BMHTTT
71
Cc Th h antivirus
Th h th 1
Qut du hiu (signature) virus di chng trnh
Th h th 2
Heuristic. Kim tra checksum, dng hm hash m ha (ngoi chng trnh)
Th h th 3
Chng trnh thng tr kim tra hot ng
Th h th 4
ng gi cc k thut
iu khin truy cp (khng cho php virus update file)
NN
BMHTTT
72
NN
BMHTTT
73
NN
BMHTTT
74
BMHTTT
75
NN
BMHTTT
76
I.6.3 Phng chng Tn cng t chi dch v Tn cng t chi dch v Tn cng t chi dch v t xa (DDoS) to thnh e da ng k, lm cho h thng tr nn khng sn sng, lm trn bi s vn chuyn v ch. V d Tn cng ti nguyn ni (tn cng ng b)
Nhiu host giao tip vi mt my ch cn tn cng Gi TCP/IP SYN (synchronize/initialization) vi a ch gi
BMHTTT
77
NN
BMHTTT
78
Mt s cch tn cng
Trong nhiu h thng nhng ti nguyn d liu rt hn ch: process identifiers, process table entries, process slots K xm nhp c th vit nhng chng trnh lp to ra nhiu copy tiu th ti nguyn ny K xm nhp c tiu th khng gian a
Message mail To nhng li m c log Ghi nhng file trong vng anonymous ftp hay vng chia s
NN
BMHTTT
79
NN
BMHTTT
80
NN
BMHTTT
81
Phng chng tn cng DOS Ngn nga: chnh sch tiu th ti nguyn, backup ti nguyn, iu chnh h thng v giao thc Pht hin tn cng v lc: da vo mu hnh vi Xc nh v ln vt
NN
BMHTTT
82