NGN HNG NH NC VIT NAM

CC CNG NGH TIN HC

TI LIU HNG DN
TNG CNG AN TON THNG TIN
TRN H IU HNH WINDOWS XP

H Ni 04/2013
1

MC LC

I. MC CH.........................................................................................3
II. NI DUNG HNG DN....................................................................3
1. Bt chc nng tng la ca h iu hnh Windows (Windows Firewall).....3
2. Tt cc dch v (services) khng cn thit..........................................................4
3. Thit lp v s dng ti khon ngi dng.......................................................5
4. Ghi nht k hot ng ca h thng...................................................................8
5. Tt cc mc chia s khng cn thit (mc ch)................................................8
6. Thit lp chnh sch mt khu ti khon ng nhp........................................9
7. Tt chc nng AutoPlay v AutoRun:................................................................9
III. LIN H........................................................................................10

I. MC CH.
Ti liu ny hng dn cn b Ngn hng Nh nc thc hin cc bin php k thut
nhm m bo an ton thng tin trong qu trnh s dng h iu hnh Windows XP (c
th p dng cc bin php ny i vi cc phin bn h iu hnh t Windows XP tr
ln) .
II. NI DUNG HNG DN.
1. Bt chc nng tng la ca h iu hnh Windows (Windows Firewall).
Windows tch hp sn tng la v vy ngi dng khng cn phi ci t tng
la bn th ba. Mc d Windows Firewall c th gy bt tin cho qu trnh s dng ca
bn, nhng bn vn nn kch hot tnh nng ny. Windows Firewall s gip chn nhng
kt ni khng an ton, bo v Windows v cc phn mm khc trn my tnh khi m c
v cc l hng cha c v. Windows Firewall l mt trong nhng l do quan trng
nht khin virus dng worm nh Blaster khng th ly lan nhanh chng nh thi k u
ca Windows XP.
Hng dn thc hin:
- n t hp phm

+R, ca s Run xut hin.

- Ti ca s Run, g lnh firewall.cpl , nhp chn OK, ca s Windows Firewall xut

hin. Thc hin cc thit lp sau:
+ Bt chc nng tng la: nh hnh di.

+ Thit lp danh sch ngoi l (Exceptions): ngm nh Windows Firewall s thng

bo chn (Block) cc chng trnh (Program) v cc cng (Port) ngoi tr cc Program
v cc Port trong danh sch ngoi l. Ngi dng c th thit lp thm, bt vo danh sch
ny: thm cc chng trnh bng cch bm nt Add Program... la chn (Browse)
chng trnh cn a vo danh sch, v thm cc cng bng cch bm nt Add Port...;
b cc chng trnh v cc port trong danh sch bng cch b chn hoc bm nt Delete.
Hy chn Display a notification when Windows Firewall blocks a program
Windows Firewall thng bo mi khi thc hin chn.

2. Tt cc dch v (services) khng cn thit.

Ngi dng nn tt cc dch v khng cn thit, c bit cc dch v cho php bn
ngoi kt ni ti my tnh. Hy tr li cc cu hi i vi cc dch v sau, nu cu tr li
l C th dch v nn c Bt, ngc li th dch v nn c Tt:
Application Management : My tnh c c kt ni (join) vi mt domain c
trin khai ci t, g b v lit k cc ng dng t xa khng?
Clipbook: Bn c mun chia s nhng g lu trong Clipboard (mt vng lu tr ngn
hn cho tt c cc d liu m bn sao chp <copy> t mt ni v bn d nh s
dng mt ni khc <paste>) qua my tnh khc trong mng khng?
HTTP SSL: My tnh ca bn c phi l mt my ch web v s dng giao thc
HTTPS kt ni gia my khc (client) n my (Server) ca bn khng?
IPSEC Services: My tnh ca bn c kt ni vi my khc qua knh bo mt IPSEC
VPN khng?
Messenger: Bn c mun gi, nhn tin nhn trong mng khng (s dng lnh net send
gi)?
NetMeeting Remote Desktop Sharing: Bn c mun chia s mi th vi cc my
khc thng qua NetMeeting (chia s chng trnh, chat, ghi ch, truyn v nhn tp
tin) ?
Remote Desktop Help Session Manager: Bn c mun ngi khc trong mng ng
nhp vo my tnh bn t xa khng?
Remote Registry: Bn c mun ngi khc trong mng c th thay i Registry trn
my bn t xa khng?
Server: My tnh ca bn c phi l my ch chia s tp tin v my in khng?
5

Smart Card: Bn c kt ni ti cc Smart Card khng?

System Restore Service: Bn c mun to cc im (point) lu tnh trng h thng,
sau ny h thng chng may b li tin hnh phc hi (restore) li tnh trng h
thng ti cc im khng? Ch : vic to cc im ny gy chim dung lng
cng v cc phn mm c hi thng ly vo cc im lu tnh trng h thng ny.
Telnet: Cho php ngi khc ng nhp vo my bn t xa thng qua ch dng
lnh. Bn c mun ngi khc lm nh vy khng?
Hng dn thc hin
- Ti ca s Run, thc hin lnh services.msc, ca s Services xut hin.
- Bt/Tt mt dch v: kch p vo dch v cn bt/tt, ca s Properties ca
dch v xut hin. Chn Startup Type l Manual (dch v phi do ngi dng
bt/tt th cng) hoc Automatic (Dch v c t ng bt/tt khi h thng cn),
sau bm chn Start bt dch v hoc Stop tt dch v; vi Startup Type l
Disabled th dch v s lun b tt.

3. Thit lp v s dng ti khon ngi dng.

Ngi s dng nn to v s dng ti khon c quyn gii hn (thnh vin
<Member> ca nhm <Group> Users) thay v dng ti khon quyn qun tr (thnh vin
ca nhm Administrators) v v hiu ha cc ti khon khng cn thit nh Guest.
Trong qu trnh s dng ti khon c quyn gii hn, mi khi c s thay i trn h
thng (ci t phn mm; chnh sa regedit, chnh sa cc tp h thng do ngi s dng
hoc phn mm c hi; ...) h thng s chn v thng bo (trn windows XP) hoc cnh
bo v yu cu xc nhn bng ti khon c quyn Administrators (T Windows Vistra tr
6

ln). c th chnh sa h thng trn ti khon c quyn gii hn bng cch nhp chut
phi vo tp tin cn chy chn Run as... nhp ti khon c quyn Administrators
thc thi.
Hng dn thc hin:
-

Ti ca s Run, thc hin lnh lusrmgr.msc, ca s Local User and Groups xut
hin.
To user c quyn gii hn: Ti ca s Local User and Groups nhp chut phi
ln mc Users chn New User... , ca s New User xut hin, thc hin nhp nh
hnh di, mc nh ti khon quyn gii hn (Users) s c to.

Thay i quyn ca mt ti khon: Ti ca s Local User and Groups nhp

chut phi ln ti khon cn thay i chn Properties, ca s Properties xut hin,
Bm nt Add... thm quyn cho ti khon, mt s quyn (Group):
Administrators Quyn cao nht khng b gii hn; Guests, Remote Desktop
Users, Users cc quyn b gii hn.

V hiu ha mt ti khon: Ti ca s Local User and Groups nhp chut phi

ln ti khon cn v hiu ha chn Properties, ca s Properties xut hin, thc hin
thit lp nh hnh di.

Thay i mt khu ti khon: ti ca s Local User and Groups, nhp chut phi
ln ti khon cn thay i mt khu chn Set Password... thit lp mt khu cho
ti khon.

4. Ghi nht k hot ng ca h thng.

8

Dch v EventLog ngm nh c bt. Cc loi thng tin nh Audit account logon
events, Audit account management, Audit directory service access, Audit logon events,...
cn c ghi nht k hot ng.
Hng dn thc hin
-

Ti ca s Run, thc hin lnh secpol.msc, ca s Local Security Settings xut

hin.
Ti ca s Local Security Settings tm n cy th mc Local Policies\Audit
Policy, ln lt nhp p chut vo cc mc nh (Audit account logon events, Audit
account management, Audit directory service access, Audit logon events, ...) nm
trong mc Audit Policy bt chc nng ghi nht k (nh hnh di):

5. Tt cc mc chia s khng cn thit (mc ch).

- Ti ca s Run, thc hin lnh cmd, ca s dng lnh cmd xut hin
- Xem Danh mc chia s (Share): Ti ca s cmd, thc hin lnh
net
share
- Xa cc mc khng cn thit trong Danh mc chia s nh $ADMIN,$IPC, C$,
D$...: Ti ca s cmd, thc hin lnh:
net
share
Tn_Mc _Chia_S
/delete
- V d:
+ Kt qu thc hin lnh net
share nh sau:
Share name Resource
Remark
------------------------------------------------------------------------------C$
C:\
Default share
ADMIN$
C:\WINDOWS
Remote Admin
IPC$
Remote IPC
9

+ Xa cc mc chia s:
net
share
c$
/delete
net
share
ADMIN$
/delete
net
share
IPC$
/delete
+ Hin th li danh mc chia s bng lnh net share, kt qu nh sau:
There are no entries in the list.
6. Thit lp chnh sch mt khu ti khon ng nhp.
Mt khu phi c di t 8 k t tr ln, kt hp gia ch ci thng v hoa, ch s
v cc k t c bit (~!@#$%^&*()_-+ ) phi d nh v kh on. Vi mt khu
mnh, vic r v th mt khu l rt kh.
Hng dn thc hin:
- Thay i mt khu: M ca s dng lnh cmd, thc hin lnh di:
net

user

Ten_User

Mat_Khau

(Thc hin thnh cng nu kt qu tr v l The operation completed successfully)

- Thit lp chnh sch chng th mt khu: Ti ca s Local Security Settings (s
dng lnh secpol.msc ti ca s Run), tm n cy th mc Security Settings\Account
Policy\Account Lockout Policy. khung bn phi ca Account Lockout Policy tin
hnh nhp p chut vo cc mc v thit lp nh di:
Account lockout threshold - S ln ng nhp khng thnh cng dn ti ti khon b
kha: nhp 5.
Account lockout duration - Thi gian (Pht) ti khon b kha: nhp 60.
Reset account lockout counter after - Thi gian (Pht) ch chuyn s ln ng
nhp sai v 0 vi iu kin thi gian ny phi nh hn hoc bng thi gian ti khon b
kha thng th ta thit lp thi gian ny bng thi gian ti khon b kha: nhp 60.
- Thit lp chnh sch t mt khu: Ti ca s Local Security Settings, tm n cy
th mc Security Settings\Account Policy\Password Policy. khung bn phi ca
Password Policy tin hnh nhp p chut vo cc mc v thit lp nh di:

Maximum password age - Vng i ca mt mt khu: nhp 30.

Minimum password length - di ti thiu ca mt khu: nhp 8.
Password must meet complexity requirements - Yu cu v kh ca mt khu:
chn enable

7. Tt chc nng AutoPlay v AutoRun:

Khi h thng pht hin ra mt thit b mi c cm vo (USB, CD/DVD, Mobile,
Th nh ...): chc nng AutoPlay gip h thng t ng kch hot chng trnh mc nh
10

 c thit lp chy v hin th ni dung (nh, video, audio, cc phn mm v tr

chi,...) c trong thit b ny; Chc nng AutoRun s t ng chy tp c tn
Autorun.inf ti th mc gc ca thit b. Cc loi phn mm c hi (Malware) thng
da vo 2 chc nng ny ly nhim vo h thng. V d: Phn mm c hi Stuxnet
kht ting c xem l nguyn nhn chnh to ra mt tp tin autorun.inf ly nhim vo
cc my tnh thng qua a USB
Hng dn thc hin:
- M ca s Run, g lnh cmd , nhp chn OK, ca s dng lnh cmd xut hin.
- Ti ca s cmd, thc hin ln lt cc lnh sau:
V hiu ha cc tp tin autorun.inf:
reg
add
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\IniFileMapping\Autorun.inf"
Tt chc nng AutoPlay:
reg
add
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policie
s\Explorer" /v NoAutorun /t REG_DWORD /d 1 /f
reg
add
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policie
s\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f
(Thc hin thnh cng nu kt qu tr v tng lnh l The operation completed
successfully.)
III. LIN H.
Mi yu cu tr gip xin lin h:
B phn HelpDesk - Cc Cng ngh tin hc - Ngn hng Nh nc.
a ch: 64 Nguyn Ch Thanh - ng a - H Ni.
in thoi: (04) 377.56789 s my l 8888
Email: itdb_service@sbv.gov.vn

11