I HC CNG NGH THNG TIN V TRUYN THNG

ti:
Nghin cu cc l hng bo mt GVHD: Ths Nguyn c Bnh Thnh vin:ng Ngc Hng Ng Vn Khnh

Cc l hng bo mt
Khi Nim L Hng Bo Mt: L hng bo mt l nhng li phn mm-li trong c im k thut v thit k, nhng a s l li trong lp trnh. Bt k gi phn mm ln no cng c hng ngn li. y l nhng l hng nm mnh trong h thng phn mm ca chng ta, i n khi b pht hin. Khi , chng c th c dng tn cng cc h thng.

Cc l hng bo mt
Cc l hng bo mt trn mt h thng l cc im yu c th to nn s ngng tr ca dch v, thm quyn i vi ngi s dng hoc cho php truy cp bt hp php vo h thng.

Cc l hng bo mt c th nm ngay cc dch v cung cp nh web, mail, ftp, Ngoi ra cc chng trnh ng dng hay dng cng cha cc l hng bo mt nh Word, cc h c s d liu,

Phn loi cc loi l hng bo mt:

C nhiu t chc khc nhau phn loi cc l hng c bit. Theo B Quc phng M, cc loi l hng bo mt trn mt h thng gm : 1/- Cc l hng loi A : Rt nguy him. e da tnh ton vn v bo mt ca h thng. Cho php ngi s dng bn ngoi truy cp bt hp php vo h thng. Gy ra vic ph hng ton b h thng. Xut hin cc h thng qun tr yu km hoc khng kim sot c cu hnh mng.

Phn loi cc loi l hng bo mt:

V d :

i vi cc Web Server chy trn h iu hnh Novell. Cc Web server ny c mt scripts l convert.bas. Khi ngi tn cng chy file ny, c th c c ton b ni dung cc file trn h thng.
Nhng l hng loi ny tn ti trn cc phn mm s dng. Cc chng trnh thng hay c s dng nh FTP, Telnet, Gopher, SendMail, nht l cc phin bn c thng cha cc l hng bo mt loi A.

Phn loi cc loi l hng bo mt:

2/- Cc l hng loi B :

- C mc nguy him trung bnh.

- Cho php ngi s dng c thm tc quyn trn h thng m khng cn thc hin bc kim tra tnh hp l. - Thng c trong cc ng dng, dch v trn h thng. - C th dn n vic mt hay r r thng tin yu cu bo mt.

Phn loi cc loi l hng bo mt:

Mt trong nhng l hng loi B thng gp nht l trong ng dng SendMail, mt chng trnh kh ph bin trn h thng Linux thc hin gi th in t cho nhng ngi s dng trong mng ni b.

Phn loi cc loi l hng bo mt:

3/- Cc l hng loi C : - C mc nguy him thp, ch nh hng n cht lng dch v v lm gin on h thng. - Cho php thc hin cc phng thc tn cng t chi dch v (Dinal of Services) gi tt l DoS. - t ph hng d liu hay cho php quyn truy cp bt hp php vo my tnh.

Phn loi cc loi l hng bo mt:

DoS l hnh thc tn cng s dng cc giao thc tng Internet trong b giao thc TCP/IP lm h thng ngng tr dn n tnh trng h thng t chi ngi s dng truy cp vo h thng mt cch hp php. Cch thc thng thng l mt lng ln cc packets s c gi n server trong mt khong thi gian lin tc lm cho h thng qu ti. Khi , h thng server s p ng chm hoc khng th p ng cc yu cu t cc ma khch gi ti. V cng vic ca ngi s dng h thng b tn cng l restart li h thng

Phn loi cc loi l hng bo mt:

V d: Trn mt Web Server c nhng website trong n c cha cc on m Java hay JavaScript. Ngi ta s lm treo h thng ca ngi s dng trnh duyt Web ca Nescape bng nhng bc sau : - Vit on m nhn bit c trnh quyt Web s dng l ca Nescape. - Nu s dng Nescape, s to ra vng lp v hn, sinh ra v s cc ca s lin tc m trong mi ca s ni n cc Web Server khc nhau.

5 nguy c bo mt nghim trng trong nm 2012.

Nguy c th nht: Cc ng dng di ng. Nhn din:Khng c g ngc nhin khi cc smartphone ang tr thnh mc tiu nng v mi m cho cc malware

5 nguy c bo mt nghim trng trong nm 2012.

Gii php bo v. Bn khng th t trn nim tin vo tt c cc ng dng trn Android Market/Apple Store, cng nh khng nn nghi ng rng tt c cc ng dng c th l cc malware min ph. Thay vo , hy m bo rng bn c k cc review (cc bi vit nh gi) trn cc Market/Store v cc trang web nh gi ng dng c uy tn khc nh AppGuide ca PC World.V nn trnh ci t cc ng dng m bn khng r ngun gc xut x

5 nguy c bo mt nghim trng trong nm 2012.

Nguy c th 2:Cc la o trn cc mng x hi Nhn din.

5 nguy c bo mt nghim trng trong nm 2012.

Bin php t bo v bn:

5 nguy c bo mt nghim trng trong nm 2012.

Nguy c th 3: Cc ng dng antivirus gi mo. Nhn din.

5 nguy c bo mt nghim trng trong nm 2012.

Bin php t bo v bn: iu tin quyt, hy m bo rng hin my tnh bn ang chy mt ng dng bo mt [antivirus/internet security] c bit l mt thng ng dng c uy tn trong vic ngn chn hiu qu cc malware mi v tim tng, cp nht chng thng xuyn. V khng bao gi ti mt ng dng bo mt t cc ca s pop-up m bn nhn thy khi online hoc t cc trang th ba khc.

5 nguy c bo mt nghim trng trong nm 2012.

Nguy c th 4: Cc ti liu PDF. Nhn din.

5 nguy c bo mt nghim trng trong nm 2012.

Bin php t bo v bn:

5 nguy c bo mt nghim trng trong nm 2012.

Nguy c th 5: Nhng cuc chin internet din rng Nhn din.

5 nguy c bo mt nghim trng trong nm 2012.

Bin php t bo v bn:

Kt Lun
Tm li, l hng bo mt kh nguy him. Ngi tn cng c th li dng nhng l hng ny trc li hay ph hoi. Khng nhng th, h c th s dng cc l hng bo mt ny to ra cc l hng mi v to ra mt chui mc xch cc l hng bo mt. Nu l mt qun tr vin, bn nn tham gia mt s nhm tin thng tho lun v cc ch lin quan n cc l hng bo mt,

Phn loi cc loi l hng bo mt:

V d nh :

- CERT (Computer Emergency Response Team) : c hnh thnh sau khi c phng thc tn cng Worm xut hin trn mng Internet. a ch : http://www.cert.org/. - CIAC (Department of Energy Computer Incident Advisory Capability) : t chc ny xy dng mt c s d liu lin quan n bo mt cho b nng lng Hoa K. a ch : http://ciac.lnll.org/. - FIRST (The Forum of Incident Response and Security Teams) : y l mt din n lin kt nhiu t chc x hi v t nhn, lm vic tnh nguyn gii quyt cc vn an ninh ca mng Internet. a ch : http://www.first.org.