Professional Documents
Culture Documents
Ni dung
1. 2.
Layer 1 : Data
3.
4.
5.
6. 7.
Layer 1 : DATA
Ni dung :
Data l g ? AAA l g ? M ha thng tin Ch k in t H thng chng nhn kha cng cng
Layer 1 : DATA
Data l g ?
Data l d liu chng ta cn bo v.
D liu nn c phn chia thnh 3 cp :
Tuyt mt Cng cng Quyn hn s dng
Layer 1 : DATA AAA l mt nhm qui trnh c s dng bo mt thng tin. Mt trong nhng mc ch ca AAA l CIA
C : Confidential I : Integrity A : Availability
AAA l g ?
Ch vit tt ca AAA :
A : Access Control A : Authentication A : Accounting
Xy dng chnh sch ATTT
6
Layer 1 : DATA
AAA l g ?
Access Control l cng c cp quyn truy cp vo ti nguyn : Policy, NTFS, Smart Card, VPN, 3 k thut c s dng trong Access Control
Mandatory Access Control (MAC)
Build-in trong h iu hnh S dng hard-code thit lp trn cc objects
Layer 1 : DATA
AAA l g ?
Authentication l qui trnh xc nhn mt i tng no l hp l hay khng hp l. Sau khi xc nhn xong s cp cho i tng quyn tng ng hot ng trong mi trng mng my tnh. Phng thc xc thc :
Username/Password Smart card Biometric One-Time Password Kerberos RADIUS
Layer 1 : DATA
AAA l g ?
Accounting l qu trnh theo di v ghi nhn nhng hnh ng ca i tng S dng chnh sch ca Windows theo di
Layer 1 : DATA
AAA l g ?
Thc hnh :
Tm hiu nhng chnh sch theo di ngi dng ca Windows Server Tm hiu nhng cng c theo di , qun l hot ng ca ngi dng v h thng
10
Layer 1 : DATA
M ha thng tin
1.
2. 3. 4.
M ha l g ? M ha i xng
M ha bt i xng
Ch k in t H thng chng nhn kha cng cng Summary
Xy dng chnh sch ATTT
11
5.
6.
Layer 1 : DATA
M ha thng tin
M ha l mt dng ca mt m. M ha cch thc xo trn hay bin thng tin t dng c th c c sang dng khng th c c. V d :
Xo trn d liu : 2 k t ng cnh nhau th hon i v tr cho nhau, nhng k t no l th gi nguyn v tr
ABCDEF BADCFE
Layer 1 : DATA
M ha thng tin
M ha i xng l c ch m ha v gii m s dng chung 1 key Key : l gi tr c s dng m ha v gii m
13
Layer 1 : DATA
M ha thng tin
M ha bt i xng l c ch m ha v gii m s dng 2 key khc nhau
Public Key : l key dng m ha Private Key : l key dng gii ha
M ha bt i xng cn c s dng to ra ch k in t
14
Layer 1 : DATA
M ha thng tin
15
Layer 1 : DATA
Ch k in t
Ch k in t : l mt chui s cho php xc nh ngun gc/xut x/thc th to ra thng ip Ch k in t dng :
Xc thc (Authentication) m bo tnh ton vn d liu (Integrity) Khng th t chi trch nhim (Non-Repudiation)
Demo1
Vn phng B cn thc hin giao dch hng rt tin vi Ngn hng A Khch phi n tn ni giao dch. $ 5,000,000 OK !
Rt $5,000,000
M ti khon: NHB-212551245 ....
GV.Nguyn Duy
..
Rt $5,000,000 M ti khon: NHB-212551245 Ngn hng A .... Gi
Vn phng B
17
Layer 1 : DATA
Ch k in t
Qui trnh to ch k in t
D liu D liu
Hash
MessageHash
Sign
Signature
Kho b mt
Xy dng chnh sch ATTT
18
Layer 1 : DATA
Ch k in t
Qui trnh xc nhn ch k in t
D liu
Hash
Signature
Verify
Layer 1 : DATA
Ch k in t
20
Demo2
Gii m & kim tra ch k
$ 5,000,000
email
Ngi gi: Vn phng B M ha & K
Rt $5,000,000
M ti khon: NHB-212551245 ....
GV.Nguyn Duy
Rt $5,000,000
M ti khon: NHB-212551245 ....
21
Layer 1 : DATA
Ch k in t
Qui trnh xc nhn ch k in t
D liu
Hash
Signature
Verify
Layer 1 : DATA
23
Demo3
D liu b tn cng trn ng truyn. MIM (Man in Middle)
..
Rt Chuyn $5,000,000 khon $5,000,000 M quati tikhon: khon NHB-8888888 -212551245 GV.Nguyn Duy M ti khon: NHB-212551245 .... .... 24
Layer 1 : DATA
Ch k ca t chc th ba ng tin cy
25
Layer 1 : DATA
Layer 1 : DATA
Signature
Decryption Frans Cert Info Subject Name Public Key (Other fields)
=?
Hash digest
27
Demo4
Gii m &
Ti liu Xc nhn ch k
key
Chng nhn Yu cu cp K X.509 chng nhn theo & Chun X.509 M ha Ti Public liu Thng tin Private key GV.Nguyn Duy key
28
Demo5
Yu cu chng thc Chng nhn Chp nhn giao dch xc thc. thc ?OK! Chng nhn xc thc Chng nhn khng tn ti 29
Layer 2 : Application
Ni dung :
Vai tr ca Application trong bo mt d liu Xc nh nhng ng dng trong h thng Phn loi ng dng C ch truy xut vo d liu ca ng dng Kim tra ng dng ng dng bo mt
30
Layer 2 : Application
Vai tr ca Application trong bo mt d liu C th chy trc tip trn my cha d liu hoc khng Truy cp trc tip vo d liu
Layer 2 : Application
Xc nh nhng ng dng trong h thng Lit k tt c nhng ng dng ang chy trong h thng
STT 1 2 3 Tn ng dng Windows Server 2003 SP2 Unikey MISA Nh cung cp Microsoft Phm Kim Long Cty CP MISA M t
32
Layer 2 : Application
License :
C ph Min ph Opensource
Xy dng chnh sch ATTT
33
Layer 2 : Application
Client/Server System
Unikey
Khng
Local
No
No (Integrated)
Endian Firewall
Opensource
Local
34
Layer 2 : Application
35
Layer 2 : Application
36
Layer 2 : Application
ng dng bo mt
Endpoint Security Antivirus Personal Firewall Host Intrusion Detection System (HIDS) Bo mt ng dng
Update ng dng thng xuyn Application Control
..
Xy dng chnh sch ATTT
37
Layer 3 : Host
Host = Computer Bo mt Host :
Tnh sn sng ca Host Tnh tin cy ca Host Bo mt h iu hnh Bo mt ng dng chy trn Host Qun l vic truy cp Qun l cc thit b ngoi vi khi gn vo Host Kim tra vt l theo nh k .
Xy dng chnh sch ATTT
38
Layer 4 : Internal
Nhng mi e da :
Eavesdropping Data Modification Identity Spoofing Password-Based Attacks Sniffer Attack Application-Layer Attack Worm .
Xy dng chnh sch ATTT
39
Layer 4 : Internal
Nhng gii php hn ch tn cng :
Port security IP Security VLAN IDS/IPS Firewall .
40
Layer 5 : Perimeter
c bo v ch yu Firewall v Router
Router : thit lp Access Control List Firewall : thit lp nhng chnh sch (Rule) qun l vic truy cp thng tin gia cc Zone
41
Layer 6 : Physical
C ch qun l thit b phn cng C ch xc thc khi truy cp vo thit b phn cng chuyn dng Chnh sch bo hnh thit b phn cng Chnh sch h tr khi phn cng xy ra s c m bo cc thit b phn cng chuyn dng phi c giy t xc mnh hp chun
42
Layer 7 : Policy
S c hc sau
43
Summary
Nm c kin trc ca m hnh Nm c mi e da tn cng tng lp Nm c c ch bo mt tng lp
44
Question ???