Tom Tat LV THS Nguyen Manh Hung 2013

HC VIN CNG NGH BU CHNH VIN THNG
---------------------------------------

Nguyn Mnh Hng

PHT HIN V PHNG CHNG
XM NHP TRI PHP MNG MY TNH

Chuyn ngnh: Truyn d liu v mng my tnh
M s: 60.48.15

TM TT LUN VN THC S

H NI - 2013

Lun vn c hon thnh ti:
HC VIN CNG NGH BU CHNH VIN THNG

Ngi hng dn khoa hc: PGS.TSKH HONG NG HI
(Ghi r hc hm, hc v)

Phn bin 1:

Phn bin 2: ..

Lun vn s c bo v trc Hi ng chm lun vn thc s ti Hc vin Cng ngh Bu
chnh Vin thng
Vo lc: ....... gi ....... ngy ....... thng ....... .. nm ...............

C th tm hiu lun vn ti:
- Th vin ca Hc vin Cng ngh Bu chnh Vin thng

1
M U
Hin nay hu ht cc c quan, t chc, doanh nghip u c h thng mng my tnh
ring kt ni vi mng Internet v ng dng nhiu tin ch CNTT vo cc hot ng sn xut
kinh doanh. Vic lm ny gp phn tch cc trong qun l, iu hnh, kt ni, qung b v
l cha kho thnh cng cho s pht trin chung ca h v cng ng. Trong cc h thng
mng my tnh c cha rt nhiu cc d liu, cc thng tin quan trng lin quan n hot
ng ca cc c quan, t chc, doanh nghip. iu ny hp dn, thu ht cc k tn cng.
Cng ngh v my tnh v mng my tnh lin tc pht trin v thay i, cc phn mm mi
lin tc ra i mang n cho con ngi nhiu tin ch hn, lu tr c nhiu d liu hn,
tnh ton tt hn, sao chp v truyn d liu gia cc my tnh nhanh chng thun tin
hn,....Nhng bn cnh , h thng mng vn cn tn ti nhiu l hng, cc nguy c v mt
an ton thng tin. Cc v xm nhp mng ly cp thng tin nhy cm cng nh ph hy thng
tin din ra ngy cng nhiu, th on ca k ph hoi ngy cng tinh vi. Vic lm th no
c th pht hin ra my tnh hoc mng my tnh ca mnh ang b xm nhp tri php, cng
nh cch phng v chng xm nhp tri php hiu qu, lun l mong mun ca tt c nhng
ai lm CNTT ni chung cng nh ngi s dng my tnh ni ring.
Nm bt c xu th v s quan tm , cng vi nim am m c nhn trong lnh lc
tm hiu bo mt v h thng, hc vin chn ti: Pht hin v phng chng xm nhp
tri php mng my tnh vi mong mun tm hiu mt cch h thng v cc nguy c tim n
v xm nhp tri php vo mng my tnh, cng nh cc cch thc cn thit i ph vi
vn ny.
Cu trc ca lun vn, ngoi phn m u v phn kt lun c cc chng chnh sau
y:
Chng 1. Tng quan v xm nhp mng my tnh
Ni dung chng ny nu khi nim v vn xm nhp mng my tnh, cc k thut
tn cng v xm nhp tri php mng my tnh cng vi hu qu ca n.
Chng 2. Phng php v h thng pht hin xm nhp mng my tnh.
Ni dung chng trnh by v cc phng php pht hin xm nhp mng my tnh;
H thng pht hin xm nhp tri php mng my tnh.
Chng 3. Phng chng v ngn chn xm nhp mng my tnh
Ni dung chng gm: Cc bin php k thut phng chng xm nhp; Cc h thng
pht hin v ngn chn xm nhp mng.
Chng 4. M hnh th nghim
Gii thiu v mi trng th nghim, xy dng kch bn, ci t phn mm m phng
v thc hin cc bi th nghim, nh gi v a ra kt lun.
2
Chng 1. TNG QUAN V XM NHP MNG MY TNH
1.1. Khi qut v vn xm nhp tri php mng my tnh.
Xm nhp tri php mng my tnh l hnh vi t nhp vo mng (tn cng mng)
truy cp, thao tc hoc lm dng mt s ti sn c gi tr trn mng. Vic lm dng c th dn
n kt qu hoc khin cho ti sn trong mng tr nn khng ng tin cy hoc khng s
dng c. Hu ht cc cuc tn cng xm nhp mng my tnh ch vi mc tiu ph hu h
thng bo mt ca h thng theo nhng phng thc c th. V d mt s cuc tn cng nhm
c, nh cp cc thng tin nhng khng thay i thnh phn no trong h thng; Mt s
cuc tn cng li tt hoc ngng s dng thnh phn no trong h thng; Hoc nhng cuc
tn cng khc th c kh nng chim ton quyn iu khin h thng hoc ph hu h thng.
Chung quy li chng thng gy nn ba tn thng n bo mt h thng: tnh b mt, tnh
ton vn v tnh kh dng ca thng tin hoc h thng thng tin.
1.2. Mt s k thut xm nhp mng my tnh.
1.2.1. Xm nhp qua l hng lp vt l
Mt s l hng v lp ny c th thy y gm: Li ngun in; Li mi trng
kim sot). Trm cp d liu v phn cng;Thit hi vt cht hoc ph hu d liu v phn
cng;Thay i tri php mi trng chc nng h thng; gin on cc lin kt vt l;....
1.2.2. Xm nhp qua lp 2
a. u c ARP (ARP Poisoning)
Tn cng u c ARP (ARP poisoning) l cch c gng truyn ti thng tin sai vo
trong bng ARP. Gi tin c gi bi my b nhim c s khng c gi ng a ch ch
m n mt a ch IP c ch nh bi cc thng tin ARP gi mo. Mc ch chnh ca
phng php ny l gn kt a ch MAC ca k gi mo vi a ch IP ca mt my b tn
cng, khin cho bt k lu lng truy cp ti my c IP s c gi ti k tn cng thay
v gi n ng ch hp php.
b. Gi mo a ch MAC (MAC Spoong)
MAC Spoofing lin quan n k thut thay i a ch MAC. MAC Spoofing c
thc hin gm c l do khng chnh ng nh vic chim danh tnh my tnh khc v c l
do chnh ng nh vic to ra cc kt ni khng dy vi mt mng.
c. nh trn a ch MAC (Mac Flooding)
Kiu tn cng lm trn bng CAM (MAC flooding) da vo im yu ca thit b
chuyn mch: bng CAM ch cha c mt s hu hn cc nh x v cc nh x ny khng
tn ti mi mi trong bng CAM. Sau mt khong thi gian no , thng l 300s, nu a
3
ch ny khng c dng th n s b g b khi bng. Khi bng CAM c in y, tt c
thng tin n s c gi n tt c cc cng ca n tr cng n nhn c. Chc nng ca
switch khi khng khc mt HUB.
Hu qu ca kiu tn cng ny c th thay i qua vic thc thi, a ch MAC hp l
s y ra khi bng CAM khin cho mt s lng ng k khung tin b trn ra ngoi cc cng.
d. Lm cn kit DHCP (DHCP Exhaustion / Starvation)
V c bn, y l cch k tn cng yu cu my ch DHCP cung cp khng ch mt
m nhiu a ch IP cho n khi kt sch, khng cn a ch IP cung cp cho ngi dng
khc. Vic vt cn a ch IP lm cho cc b nh tuyn khng cn a ch IP cung cp cho
ngi dng, vic ny ng ngha rng cc my trm s khng th kt ni mng. K tn cng
chy cc chng trnh DHCP cung cp a ch IP t cc b nh tuyn/ gateway gi, ngn
chn cc yu cu ni mng t my tnh ca ngi dng, cho php ngi dng s dng my
ch DHCP gi kt ni ra bn ngoi.
e. My ch DHCP gi mo (Rouge DHCP Server)
My ch DHCP khng yu cu xc thc trong qu trnh cp pht a ch IP cho DHCP
client v cc DHCP client khng cn bit a ch IP ca DHCP server trong qu trnh xin cp
a ch IP. Li dng k h ny, k tn cng c th xy dng mt my ch DHCP gi mo
nhm mc ch cung cp mt a ch Gateway IP gi mo (ca k tn cng hoc mt my tnh
no c t di s kim sot ca chng) cho DHCP client. Vic ny cho php k tn
cng xem trm ni dung gi tin.
f. Gi mo nt mng n (Hidden Node Attack)
g. Gi mo im truy nhp khng dy (Fake access point attack)
1.2.3. Xm nhp thng qua lp 3
a. Gi mo IP (IP Spoong)
Gi mo IP hoc gi mo a ch IP (IP addresss spoofing/IP spoofing) l khi to gi
tin IP vi mt ngun a ch IP gi mo nhm mc ch che giu danh tnh thc ca ngi
gi hoc mo nhn mt h thng my tnh no .
b. Qut/Chuyn i IP (IP Scan/Sweep)
Qut ICMP (Internet control message protocol scanning) l qu trnh gi mt yu cu
ICMP hoc ping cho tt c cc host trn mng xc nh nhng host ang tn ti v tr li
ping. Li ch ca qut ICMP l c th qut ng thi tt c cc my, do nhanh chng qut
c ton b mng.
c. Tn cng nh tuyn (RIP Attacks)
Tn cng nh tuyn c th s dng b nh tuyn gi mo, ngha l b nh tuyn tri
4
php c trin khai v thay i n ph hp vi nhu cu ca k tn cng. Mt b nh tuyn
gi mo c th l mt my tnh ang chy mt h iu hnh ph bin, vi mt b ci t phn
mm nh tuyn. Ngoi ra, k tn cng c th xen cc cp nht nh tuyn lu vo mng bng
cc gi cng c th cng, nh l Nemesis, Spoof, hoc IRPAS. K tn cng c th tim quyn
mt b nh tuyn bng cch khai thc mt l hng trong qu trnh nh tuyn d liu. Kt
qu cui cng ca bt k cuc tn cng nh tuyn no l chuyn hng lu lng truy nhp
trn mng.
1.2.4. Xm nhp thng qua lp 4
a. Qut UDP (UDP scans)
Qut UDP l k thut gi mt gi tin UDP cho cc cng ch khc nhau. Nu cng
ch p ng bng mt thng ip "ICMP port unreachable ", c ngha l cng ng, khng
th truy nhp. Ngc li, nu khng nhn c thng ip trn, ta c th suy ra cng m !
chnh xc ca k thut ny ty thuc nhiu vo yu t c lin quan n vic s dng cc ti
nguyn mng v h thng. Ngoi ra, qut UDP l mt qu trnh din ra chm, nu nh mun
qut mt thit b c s dng tnh nng lc gi tin qu nng.
b. Qut TCP (TCP scans)
Qut TCP c xy dng da trn c ch bt tay 3 bc ca TCP (TCP threeway
handshake). Kt ni TCP yu cu threeway handshake trc khi kt ni c to v
truyn d liu gia ngi gi v ngi nhn.
K tn cng c th ngn cn vic pht hin bng cch s dng c thay v hon thnh
mt kt ni TCP thng thng. Trn gi TCP/UDP c 16 bit dnh cho Port Number iu
c ngha n c t 1 65535 port. Khng mt k tn cng no li scan ton b cc port trn
h thng, chng ch scan nhng port hay s dng nht (thng ch t 1... 1024). ACK Scan:
dng Scan ny nhm mc ch tm nhng Access Controll List trn Server. Client c gng kt
ni ti Server bng gi ICMP nu nhn c gi tin l Host Unreachable th client s hiu
port trn server b lc.
c. Tn cng TCP SYN
K tn cng gi cc yu cu (request o) TCP SYN ti my ch b tn cng. x l
lng gi tin SYN ny h thng cn tn mt lng b nh cho kt ni. Khi c rt nhiu gi
SYN o ti my ch v chim ht cc yu cu x l ca my ch.
d. Tn cng gi mo SSL (SSL Man-in-the-Middle Attacks)
Tn cng SSL Man-in-the-middle nhm mc ch gy tn hi cho cc phin SSL, c
ngha l k tn cng c gng thy cc thng ip m ha di dng vn bn gc. Khi
vic ny c thc hin, k tn cng c th m nhn vai tr gateway. Sau gi mo DNS
5
(DNS spoofing) c thc hin, k tn cng khng ch hnh ng n gin nh mt gateway
gi mo, m s hot ng nh my ch web mong mun i vi nn nhn. Nu tt c iu
ny c thc hin, sau k tn cng s x l mt phin m ha vi my ch thc, v mt
phin ring r vi nn nhn. V th thng ip bt k c gi hoc c nhn s kt dng
li vn bn gc ca k tn cng.
e. nh cp phin TCP (TCP Session Hijacking)
TCP Session Hijacking l qu trnh chim ly mt phin TCP ang hot ng, nhm
mc ch vt qua qu trnh chng thc truy cp bt hp l vo thng tin hoc dch v ca
mt h thng my tnh. Qu trnh chng thc ch xut hin khi bt u mt phin TCP, k tn
cng c th ginh quyn truy cp vo my tnh.
1.2.5. Xm nhp thng qua lp cao
K tn cng c th xm nhp thng qua cc ng dng lp cao hn. Tuy nhin, ni
dung ny vt qu phm vi ca bi lun vn ny.
1.3. Tm tt chng
Chng 1 trnh by khi nim xm nhp mng, cc k thut tn cng xm nhp
mng. Nh nu trn, cc k thut xm nhp mng c th c thc hin thng qua l
hng bo mt ti cc lp t vt l n lp cao. Da vo , c th a ra cc bin php r
qut l hng bo mt, pht hin tn cng v a ra cc bin php ngn chn, phng chng
xm nhp tri php.
Vn t ra l lm th no pht hin ra xm nhp mng tri php t ra
c cc bin php phng chng, ngn chn hiu qu? Trong chng tip theo, lun vn s
i su vo phn tch k thut pht hin xm nhp mng my tnh, tp trung ch yu vo vic
bt cc du hiu tn cng hoc du hiu bt thng pht hin tn cng xm nhp.

Chng 2. PHNG PHP V H THNG PHT HIN XM
NHP MNG MY TNH
2.1. Phng php pht hin xm nhp mng my tnh
2.1.1. Khi nim Pht hin xm nhp
Pht hin xm nhp l tp hp cc k thut v phng php c s dng trong qu
trnh theo di cc s kin bt thng ng nghi ng xy ra trn mt h thng my tnh hoc
mng, t phn tch tm ra cc du hiu s c c th xy ra, l cc vi phm hoc cc mi
6
e da sp xy ra xm phm chnh sch bo mt my tnh.
Xm nhp tri php c hiu l s c gng tm mi cch xm hi n tnh ton
vn, tnh sn sng, tnh tin cy hay l s c gng vt qua cc c ch bo mt ca h thng
my tnh hay mng . K xm nhp tri php c th l k t nhp t bn ngoi h thng
my tnh, h thng mng hoc cng c th l mt ngi dng hp php trong h thng my
tnh, h thng mng .
2.1.2. Hin tng v cc du hiu nhn bit khi my tnh b xm nhp
C nhiu cuc tn cng hot ng trong ch nn, m thm, khng li bt k du
vt c bit no hoc khng gy hu qu trn chnh my ngi dng, v d cc chng trnh
nh cp thng tin ngi dng, th rt kh nhn bit nu khng c cc cng c c bit h
tr. Tuy nhin cng c mt s kiu thm nhp, tn cng gy ra nhng hu qu, hin tng c
th nhn bit c.
2.2. H thng pht hin xm nhp tri php mng my tnh.
2.2.1. Gii thiu v h thng pht hin xm nhp
Mt h thng pht hin xm nhp (IDS-Intrusion Detection System) l mt thit b
phn cng hoc phn mm theo di h thng mng, c chc nng gim st lu thng mng,
t ng theo di cc s kin xy ra trn mt h thng mng my tnh, phn tch pht hin
ra cc vn lin quan n an ninh, bo mt v a ra cnh bo. Mt s h thng pht hin
xm nhp cn c th ngn chn cc n lc xm nhp nhng iu ny l khng bt buc i
vi mt h thng gim st. Khc vi tng la, IDS khng thc hin cc thao tc ngn chn
truy xut m ch theo di cc hot ng trn mng tm ra cc du hiu ca tn cng v cnh
bo.
2.2.2. Phn loi IDS
a. NIDS H thng IDS da trn mng
Phn ln cc IDS thng mi l dng Network-based. NIDS (Network-based IDS)
thng bao gm mt tp hp cc cm bin c t ti cc im khc nhau trong mng.
b. IDS da trn my ch
HIDS s dng cc chng trnh phn mm ci t trn mt my ch. HIDS hot ng
thu thp thng tin t bn trong mt h thng my tnh c nhn nh quan st tt c cc hot
ng h thng, cc file log v nhng lu lng mng thu thp c.
c. IDS da trn ng dng
AIDS l mt b phn c bit v IDS da trn my ch phn tch cc s kin xy
ra trong mt ng dng phn mm.
d. IDS da trn du hiu
7
Signature-based IDS l h s dng nh ngha tru tng m t v tn cng gi l
du hiu. Du hiu bao gm mt nhm cc thng tin cn thit m t kiu tn cng.
e. IDS da trn thng k s bt thng
Statistical-Anomaly-based-IDS hay behavior-based-IDS t ng pht hin sai lch ca
cc mu c hc t hnh vi bnh thng ca ngi dng v kch hot bo ng khi hot
ng xm nhp xy ra. Cc h IDS da trn hnh vi hc bnh thng hoc d kin hnh vi
ca h thng hay ngi dng v d kin mt xm nhp c th c pht hin bi vic quan
st lch t tiu ch ny.
2.2.3. Kin trc v thnh phn ca IDS.
B phn thu thp phn tch gi tin:
B phn ny c nhim v ly tt c cc gi tin i n mng.
B phn pht hin gi tin:
Trong b phn pht hin gi tin c mt thnh phn quan trng l b cm bin. Vai
tr ca b cm bin l dng lc thng tin v loi b d liu khng tng thch t c t
cc s kin lin quan n h thng bo v, v vy c th pht hin c cc hnh ng nghi
ng.
B phn x l (phn ng):
Khi c du hiu ca s tn cng hoc thm nhp, thnh phn pht hin tn cng s gi
tn hiu bo hiu n thnh phn phn ng. Lc thnh phn phn ng s kch hot tng
la thc hin chc nng ngn chn cuc tn cng hay cnh bo ti ngi qun tr.
2.2.4. C ch hot ng ca IDS.
Pht hin da trn s bt thng: cng c ny thit lp mt hin trng cc hot ng
bnh thng v sau duy tr mt hin trng hin hnh cho mt h thng. Khi hai yu
t ny xut hin s khc bit, ngha l c s xm nhp.
Pht hin thng qua giao thc (Protocol):Tng t nh vic pht hin da trn du
hiu, nhng n thc hin mt s phn tch theo chiu su ca cc giao thc c xc
nh c th trong gi tin.
Pht hin nh qu trnh t hc: K thut ny bao gm hai bc. Khi bt u thit lp,
h thng pht hin tn cng s chy ch t hc v to ra mt h s v cch c x
ca mng vi cc hot ng bnh thng. Sau thi gian khi to, h thng s chy
ch lm vic, tin hnh theo di, pht hin cc hot ng bt thng ca mng bng
cch so snh vi h s thit lp.
8
2.3. Tm tt chng
Ni dung chng 2 trnh by khi nim v pht hin xm nhp tri php mng my
tnh, nu cc hin tng v cc du hiu nhn bit khi my tnh b xm nhp v gii thiu h
thng pht hin xm nhp tri php mng my tnh (IDS).
Nh trnh by, h thng IDS c chc nng t ng theo di cc s kin xy ra trn
mt h thng mng my tnh, phn tch pht hin ra cc vn lin quan n an ninh,
bo mt v a ra cnh bo.

Chng 3. PHNG CHNG V NGN CHN XM NHP MNG
MY TNH
3.1. Mt s bin php k thut phng chng xm nhp in hnh
3.1.1. Tng la (Firewall)
Firewall l mt k thut c tch hp vo h thng mng chng s truy cp tri
php, nhm bo v cc ngun thng tin ni b v hn ch s xm nhp khng mong mun t
bn ngoi vo mng cng nh nhng kt ni khng hp l t bn trong ra ti mt s a ch
nht nh trn Internet. Firewall thc hin vic lc b nhng a ch khng hp l da theo
cc quy tc hay ch tiu nh trc. Cng c th hiu Firewall l mt c ch bo v mng
tin tng khi cc mng khng tin tng. Thng thng Firewall c t gia mng bn
trong (Intranet) ca mt cng ty, t chc, nghnh hay mt quc gia, v Internet.
Firewall c th l h thng phn cng, phn mm hoc kt hp c hai.
a. Chc nng ca Firewall
Firewall dng kim sot v thit lp c ch iu khin lung thng tin gia ni b
mng v bn ngoi.
Cho php hoc cm cc dch v truy nhp ra ngoi mng.
Cho php hoc cm cc dch v truy nhp t mng ngoi v trong mng.
Theo di lung d liu mng gia Internet v Intranet.
Kim sot a ch truy nhp, cm hoc cho php a ch truy nhp.
Kim sot ngi dng v vic truy nhp ca ngi dng.
Kim sot ni dung thng tin lu chuyn trn mng.
b. Thnh phn ca Firewall
Firewall c th c cc thnh phn sau:
B lc gi tin (Packet filtering router):
Cng lc ng dng (Application level gateway hay proxy server):
Cng mch (Circuit level gateway):
9
Kim sot ni dung gi tin ti nhiu lp (Stateful Muliplayer Inspection):
c. Nguyn l hot ng ca Firewall
Firewall hot ng vi giao thc TCP/IP. V giao thc ny lm vic theo thut ton
chia nh cc d liu nhn c t cc ng dng trn mng (cc dch v chy trn cc giao
thc telnet, SNMP, DNS, SNTP, NFS) thnh cc gi d liu ri gn cho cc gi ny nhng
a ch c th nhn dng, ti lp li ch cn n, cc a ch c lu trong phn u ca
gi tin (Header) v Firewall s da v Header ca gi tin lc.
B lc gi tin c kh nng cho php hay t chi mi gi tin m n nhn c. N kim
tra ton b d liu quyt nh xem on d liu c tha mn mt trong cc lut l ca
lc gi tin hay khng. Nu tha mn, gi tin c chuyn qua, ngc li, gi tin s b hy.
Vic kim sot cc cng s cho php Firewall kim sot mt s loi kt ni nht nh mi
c vo mng cc b.
Do vic kim tra da trn Header ca cc gi tin nn b lc khng kim sot c ni
dung thng tin ca gi tin . V vy cc gi tin chuyn qua vn c th mang theo nhng hnh
ng vi xu ca Hacker.
d. Cc ch hot ng ca Firewall
Ch Route/NAT:
Ch trong sut (Transparent):
e. Cc dng ca Firewall
M hnh firewall mc mng:
Firewall hot ng da trn cng lp ng dng:
3.1.2. H thng Proxy Server.
a. Khi nim Proxy Server
Mt Proxy Server l mt my ch (mt my tnh hoc mt chng trnh ng dng)
ng vai tr trung gian cho cc yu cu gia ngi dng tm kim ti nguyn vi h thng
my ch dch v hoc kt ni truy nhp/ truy xut mng v Internet. Khi cc my khch p
dng Proxy Server, nu mun truy nhp Internet hoc cc dch v mng t my ch ng dng
khc, n phi thng qua Proxy Server.
b. Chc nng ca Proxy Server
Chc nng quan trng ca Proxy server l tng la (firewall) v lc ng dng
(filtering).
i vi h thng mng ln, Proxy server ng vai tr qun l mi truy nhp vo ra
trong mng, cho php hoc khng mt yu cu hay p ng t ni b trong mng ra ngoi
hoc ngc li. Proxy Server lm cho vic s dng bng thng c hiu qu do chng c th
qun l c cc hot ng ca ngi dng. Nn c th gii hn thng tin no c dng v
10
khng c dng trnh vic nghn bng thng.
Mt chc nng khc ca h thng Proxy Server l Caching, lu tr tm thi ni dung
cc trang web c th ci thin cht lng dch v ca mt mng theo 3 cch. Th nht, n c
th bo tn bng thng mng, tng kh nng m rng. Tip n, c th ci thin kh nng p
tr cho cc my khch. V d, vi mt HTTP proxy cache, Web page c th load nhanh hn
trong trnh duyt web.
3.1.3. To ng hm (Tunneling)
K thut to ng hm (tunneling) l cch dng h thng mng trung gian (thng
l Internet hoc Extranet) kt ni logic im im, t my tnh ny n my tnh qua h
thng mng. K thut ny cho php m ha v tip nhn i vi ton b gi tin IP. Cc cng
bo mt s dng k thut ny cung cp cc dch v bo mt thay cho cc thc th khc
trn mng. Phng thc ny c p dng trong mng ring o VPN. D liu c chia
nh thnh cc khung hoc cc gi theo giao thc truyn thng s c bc thm mt lp
header cha thng tin nh tuyn gip cc gi tin c th truyn qua cc h thng mng trung
gian theo nhng tuyn ng truyn ngm ring (tunnel ng hm). Khi n ch, cc
khung hoc gi tin s c tch b lp header v chuyn n cc my trm ch cui cng.
Vic thit lp ng hm i hi my trm v my ch phi s dng cng mt giao thc
(tunnel protocol).
3.1.4. Thit b kim sot ni dung SCM (Secure Content Management)
a. Khi nim v tm quan trng ca thit b kim sot ni dung
Secure Content Management (SCM) l mt thit b mng chuyn dng c t sau
tng la v trn mt vng mng bo v cho ton b h thng pha sau.
Thit b SCM phn tch su vo ni dung ca d liu, v d tp tin nh km, email
hay nhng tp d liu c ti v qua cc giao thc HTTP, FTP, tm Virus/Spam,
Spyware, Keyloggerm Phishing,Khi pht hin c phn t ph hoi nh trn, thit b s
phn ng bng cch ngn chn (block), loi b v cnh bo cho ngi qun tr mng. Thit
b SCM thng c s dng chuyn bit cho vic kim sot cc dng d liu quan trng
nh SMTP, POP3, HTTP, FTP
b. C ch hot ng ca b qun l ni dung SCM
SCM kim sot truy nhp ti cc website da trn tiu ch xc nh trc.
Ngn chn website hay gim st ni dung:
Gii php qun l bo mt ni dung s dng mt trong hai phng php c bn: Ngn
chn trang web (Site blocking) hoc Gim st ni dung (Content Monitoring).
Site blocking:
11
Phng php ny qun l ni dung s dng cc b lc danh sch URL hoc da trn
ni dung URL, xc nh v ngn chn ni dung website. Mt s gii php da trn danh
sch trng ch cho php truy nhp ti cc website c trong danh sch . Gii php s dng
danh sch en ch cho php truy nhp vo tt c cc website, ngoi tr cc website c trong
danh sch en.
Hn ch ca phng php Site Blocking l n ch tp trung vo truy nhp da trn
HTTP, m khng chn c tin nhn tc thi, tp nh km email, cc ng dng ngang hng
v cc ng dng khc c cha cc mi e da an ninh.
Content Monitoring:
Cp c bn nht ca Content Monitoring s dng phng php ngn chn bng t
kha (keyword-blocking). Thay v ngn chn URL, n so snh cc t kha d liu vo mt
th vin m ngi dng nh ngha mt t hoc cm t. Khi mt trong cc t hoc cm t
b chn c pht hin ph hp, th gii php lc hoc chn d liu, hoc trong mt s trng
hp l ng ng dng c thc thi. C vn vi phng php ny l v tnh ngn chn
cc website hp php da trn thc t l chng c cha cc t kha ph hp vi t b chn.
Gii php kin trc:
Gii php my trm (Client solutions): gii php phn mm my trm bao gm mt
giao din qun l v mt c s d liu ca cc website b chn;
Gii php c lp (Sandalone solutions): gii php ny bao gm cc my ch c s d
liu chuyn dng xc nh cc chnh sch v mt gateway ring bit hoc firewall
thi hnh cc chnh sch qun l ni dung.
Gii php tch hp: gii php tch hp tng cng qun l v x l trong mt gateway
duy nht hoc tng la. Tuy nhin, khi gateway hoc firewall cng c s dng cho
cc dch v nh chng virus v phng chng xm nhp, hiu sut c th b nh hng.
c. nh gi cc gii php:
Ty thuc vo mc bo v, thc hin v qun l yu cu, khch hng c nh nn
la chn gia gii php c lp v gii php tch hp. C hai la chn c th kt hp qun l
ni dung Internet vi cc k thut bo v ng qun l truy nhp v bo m mng chng
li mt lot cc e da t virus, phn mm gin ip (spyware), su my tnh (worm), tin
nhn tc thi v cc ng dng ngang hng.
SCM v tng la:
Lc ni dung c tch hp trn mt tng la l mt gii php qun l ni dung hiu
qu v l tng cho cc t chc c mng c va v nh. Phng n ny tch hp cng ngh
tng la hin c, hoc c ci t ng thi vo mt gii php tng la mi. Mt dch v
12
in hnh s cung cp mt cp nht lin tc cp, ton din c s d liu ca hng triu trang
web, tn min v a ch IP.
Cc cng c c lp:
i vi cc doanh nghip ln hn v mi trng doanh nghip i hi phi c kh
nng kim sot ni dung ton din hn, mt cng c lc ni dung c lp ti a ha vic bo
v mng bt k, trc cc mi e da phc tp t Internet ngy nay. Mc d n i hi vic
mua thit b phn cng b sung, nhng vic d dng ci t v s dng to nn s hp dn
ca gii php ny. Thit b c th c thm vo mng hin ti m khng cn phi cu hnh
li thit b phn cng v phn mm hin c.
3.2. H thng pht hin v ngn chn xm nhp
3.2.1. Gii thiu v h thng pht hin v ngn chn xm nhp
H thng phng chng xm nhp (IPS Intrusion Prevention System) hay cn gi l
H thng pht hin v phng chng xm nhp (IDPS Intrusion Detection and Prevention
System) l cc thit b an ninh mng theo di pht hin cc hot ng c hi trong mng
v h thng my tnh, xc nh khi mt cuc tn cng bt u v thc hin cc bin php i
ph thch hp, c gng ngn chn s xm nhp v cnh bo s c. Hn na, IDPS cng c
th nhn ra cc hot ng do thm - iu m c th l du hiu ca mt cuc tn cng sp
din ra, ngn chn chng v bo co cho qun tr vin an ninh mng ngi m sau c th
cho php kim sot an ninh hoc chng li cc cuc tn cng. V d khi m c thc hin
qut cng xem c th tn cng c hay khng.
Ngoi ra IDPS cn c s dng cho cc mc ch khc, chng hn nh xc nh chnh
sch bo mt, ghi li cc mi e da, ngn chn ring r cc vi phm chnh sch bo mt...
IDPS tr thnh mt s b sung cn thit cho c s h tng an ninh ca gn nh tt c cc
t chc.
3.2.2. Thnh phn v kin trc ca IDPS
a. Cc thnh phn in hnh
B cm bin/tc t: cc b cm bin/tc t theo di v phn tch cc hot ng.
My ch qun l: mt my ch qun l l mt thit b tp trung tip nhn thng tin t cc
cm bin hoc cc tc t v qun l chng.
My ch c s d liu: Mt my ch c s d liu l mt kho lu tr thng tin s kin
c ghi li bi cc b cm bin, cc tc t, v/hoc cc my ch qun l.
Giao din iu khin (Console): l mt chng trnh cung cp giao din cho ngi dng
IDPS v qun tr vin.
b. Kin trc mng
Cc thnh phn ca IDPS c th c kt ni vi nhau thng qua mng chun ca mt
13
t chc hoc thng qua mt mng ring bit c thit k ng qun l phn mm an ninh,
c bit n nh mt mng gim st.
3.2.3. Kh nng bo mt
a. Kh nng thu thp thng tin
Mt s cng ngh IDPS cung cp cc kh nng thu thp thng tin, chng hn nh thu
thp thng tin v my ch hoc cc mng t hot ng c quan st.
b. Kh nng ng nhp
Cc trng d liu c s dng ph bin bi IDPS bao gm ngy gi s kin, kiu
s kin, tm quan trng (v d: mc u tin, mc nghim trng, tc ng, t tin), v
hnh ng phng nga c thc hin (nu c).
c. Kh nng pht hin
Cc cng ngh IDPS thng kt hp k thut pht hin, h tr pht hin chnh xc hn
v linh hot. Cc kiu ca s kin c pht hin v chnh xc ca pht hin thay i rt
nhiu ty thuc vo kiu cng ngh IDPS.
d. Kh nng ngn chn
IDPS thng cho php xc nh cu hnh kh nng ngn chn i vi tng loi cnh
bo. iu ny thng bao gm vic kch hot hoc v hiu ha phng chng, xc nh loi
kh nng phng nga nn c s dng. Mt s cm bin IDPS c mt ch hc hoc m
phng ngn chn tt c cc hnh ng phng nga.
3.2.4. Phn loi IDPS
3.2.4.1. Network based IDPS (NIDPS)
Mt NIDPS gim st lu lng mng cho cc phn on mng ring bit hoc cc thit
b v phn tch mng, chuyn vn, v cc giao thc ng dng xc nh cc hot ng ng
ng.
3.2.4.2. Network behavior analysis (NBA)
Mt h thng phn tch cc hnh vi mng (NBA) kim tra lu lng mng hoc s liu
thng k v lu lng xc nh lu lng bt thng.
3.2.4.3. Host-based IDPS (HIDPS IDPS da trn my ch)
HIDPS gim st cc c tnh ca mt my n nht v cc s kin hot ng ng ng
xy ra bn trong my . Cc kin trc mng cho HIDPS thng n gin, cc tc t trin
khai cho host hoc cc my ch quan trng, giao tip qua mng thay v s dng mng qun
l ring.
K thut pht hin ca HIDPS s dng phn tch m, phn tch lu lng mng, lc
lu lng mng, gim st tp tin h thng, phn tch cc ng nhp v theo di cu hnh mng.
iu ny c th rt hiu qu trong vic ngn chn c cc cuc tn cng c bit hoc
14
cha bit trc y.
HIDPS c mt s hn ch. Mt s k thut pht hin thc hin nh k theo gi hoc
mt vi ln mt ngy, xc nh nhng s kin xy ra, gy ra s chm tr ng k trong
xc nh cc s kin v nh hng n hiu sut my.
3.3. Tm tt chng
Ton b ni dung chng 3 tp trung ch yu vo vn phng chng v ngn
chn xm nhp tri php mng my tnh, trong c nu mt s bin php k thut
phng chng xm nhp in hnh v c bit gii thiu h thng pht hin v ngn
chn xm nhp (Ting Anh: Intrusion Detection and Prevention System). y l mt
thit b an ninh mng c chc nng theo di pht hin cc hot ng c hi xy ra
trong h thng mng my tnh, a ra cnh bo phng chng hoc c th xc nh khi
no mt cuc tn cng bt u v thc hin cc bin php i ph thch hp, ngn chn
tn cng.

Chng 4. M PHNG TH NGHIM TN CNG XM NHP
MNG
4.1. Mi trng th nghim
4.1.1. Gii thiu cng c m phng NeSSi2.
NeSSi
2
l mt cng c m phng mng do TU Berlin (CHLB c) mi pht trin.
NeSSi
2
cho php m phng th h tn cng t ng da trn profile, phn tch lu lng v
h tr cho cc thut ton pht hin s dng cho nghin cu an ninh v cc mc ch nh gi.
NeSSi
2
c th nghim thnh cng cho cc thut ton pht hin xm nhp, tin hnh phn
tch an ninh mng.
NeSSi
2
cung cp h tr rng ri cc kch bn ng dng phc tp trn nh mt m
phng tin cy ca ngn xp giao thc TCP/IP. Mng m phng c m hnh ha phn
nh cu trc lin kt mng trong th gii thc bi s h tr m hnh ha lp mng con v cc
loi nt khc nhau vi cc kh nng s dng khc. NeSSi
2
tun th mt mu thit k kiu m-
un. Cc kch bn tn cng ph bin c bit c h tr v c th c m phng, cc kch
bn su ly lan v cc cuc tn cng DDoS da trn botnet l hai trong s cc kch bn v d
c h tr bi NeSSi
2
. Ngoi ra, cc profile ty chnh th hin cc hnh vi nt c th c
p dng trong m phng.
4.1.2. Cc thnh phn ca NeSSi2
a. Giao din ngi dng ha (Graphical User Interface):
15
Giao din ngi dng ha ca NeSSi
2
l thnh phn cho php ngi dng to v
thay i tt c cc thnh phn cn thit cho mt m phng. Kt qu ca cc m phng hon
thnh c th c hnh dung y.
Cc thnh phn m phng trong giao din ngi dng:
Lp d n m phng (NeSSi
2
project):
Mt NeSSi
2
Project bao gm mt tp tin mng duy nht trong mt th mc gc, ni
m cc thng tin v topo ang c lu tr vo. Cu trc lin kt mng m t cc thng tin
tnh c cha trong mng (v d, cc nt, thuc tnh ca chng v kt ni vi nhau...). Cc
mng da trn nn IP, thm cc thng tin, nh bng thng cho cc lin kt hoc MTU cho
cc giao din mng, c lu tr.
H s (Profile):
Profile c s dng cho cc ng dng c trin khai trn cc nt trong mng. y
l bc u tin ca vic to ra thng tin hnh vi ng cho mt m phng. Khi to profile,
ngi dng cn thm cc ng dng cho n. ng dng to thnh hnh vi thc t ca mt nt
trong thi gian chy m phng.
Kch bn m phng (Scenarios):
trin khai profile vo cc nt trong mt mng, ngi dng cn phi to ra mt kch
bn, bc th hai l to ra cc thng tin hnh vi ng cho mt m phng. Mt kch bn v c
bn l mt bn ca cc nt trong cu trc lin kt mng v cc profile c trin khai
vo cc nt ny.
Phin m phng (Sessions):
m phng mt kch bn, mt phin lm vic c to ra, phin cha tt c cc
thnh phn to ra trc cng vi thng tin b sung cho cc kch bn s c m phng.
Mu d liu (Templates):
Khi to cc topology mng, NeSSi
2
cung cp mt lot cc nt c th c t vo
mng. tng ca Templates l ngi dng c th to ra cc mu b sung.
b. Phn mm nn ca m phng (Simulation Backend)
Sau khi mt phin c gi thi hnh, phn mm nn phn tch cc thng s phin
(s kin ng nhp, bao nhiu tin trnh chy c thc thi, v.v), to ra mt mi trng m
phng tng ng, thit lp cc kt ni c s d liu v lp biu m phng chy cng sm
cng tt cc ngun lc x l cn thit c sn.
c. Cc tnh nng ca NeSSi2
To lu lng m phng (Trafc Generation)
Lu lng mng di dng cc gi IP, vi phn tiu v thn, c th c to ra bi
16
cch thc khc nhau. Thc thi ngn xp giao thc TCP/IP, cc tnh nng mt m-un lp ng
dng NeSSi2 da trn tiu chun trin khai Java socket. NeSSi2 kt hp mt s giao thc
mc ng dng (HTTP, SMTP, v.v) v h tr cc giao thc nh tuyn tnh hoc ng m
c th c la chn bi ngi dng.
Ngn xp giao thc v Socket-based API
i vi qun l li, TTL v checksum tiu c h tr v giao thc ICMP c
thc th thng bo li.
c tnh an ninh
NeSSi2 tp trung trong khun kh an ninh mng v nh gi thut ton. NeSSi2 tp
trung m phng cc lu lng mng qua cc profile nt, mt m hnh thc hin song song,
m phng cc s kin ri rc v trc quan.
d. nh gi m phng
NeSSi
2
cho php m phng cc tnh hung bo mt khc nhau. Cc thnh phn nh
gi chnh trong NeSSi
2
xem cc thng k hnh dung cc s kin m phng c ghi li.
Cc biu ny linh hot v c th cu hnh theo nhiu cch. Hng lot cc s kin c ghi
li c th c hn th nh biu vng, thanh hoc dng, hn na c th xp chng hoc/v
cng dn. Mt khc, c ch pht li cho cc m phng c ghi, cho php ngi dng
xem li ton b cc m phng, theo cc s kin xy ra.
4.1.3. Ci t phn mm m phng NeSSi2
a. Yu cu chung cho vic ci t NeSSi
2
:
b. Ti v ci t NeSSi
2

c. Cu hnh NeSSi
2

d. Khi ng NeSSi
2

4.1.4. Ci t giao din ngi dng NeSSi2
Giao din ngi dng NeSSi
2
l cn thit to topo mng, h s, kch bn,
phin v qun v gim st m phng ang chy.
a. Ti v ci t
b. Cu hnh
c. Khi ng giao din ngi dng NeSSi
2

4.1.5. C s d liu NeSSi
2

NeSSi
2
dng mt c s d liu ghi li mt cu trc lin kt (topology) mng, cc
kch bn v thng tin phin cho hot ng m phng. Trong thi gian mt m phng chy,
n ghi cc s kin m phng c la chn vo c s d liu.
Ti v v ci t
4.2. M phng vn pht hin v phng chng xm nhp mng my tnh trn
phn mm NeSSi
2

17
4.2.1. Xy dng m hnh mng m phng, kin trc v thnh phn

Hnh 4 3: S mng m phng.
Da trn m hnh mng thc t ti i Dch v khch hng VDC1, tc gi xy dng
m hnh mng m phng trn phn mm NeSSi
2
vi kin trc mng v cc thnh phn c th
nh sau:
4.2.2. Quy trnh thc hin cc bc m phng vi phn mm NeSSi
2

Quy trnh to v chy m phng trn phn mm NeSSi
2
c m t qua s v cc
bc c th nh sau:

Hnh 4 4: S quy trnh to v chy m phng vi NeSSi
2

4.2.3. Thit lp m hnh m phng c th vi phn mm NeSSi
2

a. Khi ng phn mm m phng
Khi ng phn mm NeSSi
2
c ci t trn my th nghim.
b. Thit lp d n mng m phng (Project)
Khi to mt d n NeSSi
2
, cha ton b cc thng tin v cu trc lin kt, h s, kch
bn, phin Tip , khi to mt subnet thm vo cc thnh phn nh kin trc mng
d kin m phng.
Di y l quy trnh thit lp mt mng cn m phng trong phn mm NeSSi
2
.
Khi u
Khi to mt
d n NeSSi
2

Khi to
mng
Khi to
profile
Khi to
phin
Chy m
phng
Kt thc
Khi to
kch bn
18

Hnh 4 5: S quy trnh thit lp mt d n trong NeSSi
2
Thit lp cc thnh phn ca mng m phng c th gm:
Access Router: b nh tuyn v tp trung kt ni trong cc mng LAN.
Internet PE Router: b nh tuyn bin ca nh cung cp dch v Internet, kt ni ra
Internet.
Insite Client 1 v 2: my trm trong ni mng.
Remote Client: my trm truy nhp t xa qua mng Internet.
E-mail Sever: my ch dch v email.
Web Server: my ch dch v web.
Database Server: my ch c s d liu.
Application server: my ch chy cc ng dng dch v khc.
Insite Attacker 1 v 2: k tn cng t bn trong mng LAN.
Outsite Attacker: k tn cng t bn ngoi mng LAN, thng qua kt ni Internet.
Firewall: tng la.
Internet: mng Internet.
c. Thit lp h s (Profile)
Di y l quy trnh thit lp mt h s (profile) cho mng cn m phng.

19
Hnh 4 6: S thit lp mt h s trong NeSSi
2
H s (Profile) phc v cho m phng c th gm:
Thit lp profile ng dng Echo client c tn Echo client cho cc my trm.
+ Mc Application on profile: n nh thuc tnh Echo client vi cc tham s:
Echo Server port: 7
Echo client: 8
Thit lp profile ng dng Echo Server c tn Echo Server cho cc my ch.
+ Mc Application on profile: n nh thuc tnh Echo Server vi cc tham s:
Server port: 7
Thit lp mt profile ca ng dng Web service c tn Web Normal cho cc my
trm hot ng trng thi bnh thng (gm Remote_client v Insite_client) vi cc
thuc tnh:
+ Mc Application on profile: gm cc thuc tnh Web-services client.
Web-services client: trong mc Configuration for Web-Services Client t
gi tr Web Client
Thit lp mt profile ng dng Web Service c tn Web server cho My ch dch v
Web (Web Server).
+ Mc Application on profile: gm cc thuc tnh Web-Services Server.
Thit lp mt profile ng dng Web Service c tn Web Spam cho cc my tn cng
(gm Ousite_Attacker v Insite Attacker).
+ Mc Application on profile: chn gi tr Web-services client
Web-services client: trong Configuration for Web-Services Client chn
Spam Attacker
Thit lp mt profile ng dng Firewall c tn Firewall ch dnh cho vic ngn chn
tn cng web:
+ Mc Application on profile: gm cc thuc tnh Firewall Application.
Firewall Application: trong mc Configuration for Firewall Applcation chn
gi tr Filter port = [80], v tch chn y cc mc Process Incoming
Packets v Packets should be handled inline v Process Outgoing Packets
d. Thit lp kch bn (scenario)
Di y l quy trnh thit lp mt kch bn cho mng cn m phng.
20

Hnh 4 7: S thit lp mt kch bn trong NeSSi
2

Cc kch bn c th cho mng cn m phng gm:
Kch bn 1: Khi mng hot ng trng thi bnh thng, firewall cha c kch hot.
Bc 1. Thit lp profile Web Normal v Echo Client cho 3 my trm :
Insite_Client1, Insite_Client2, Remote_Client.
Bc 2. Thit lp profile Web Server v Echo Server cho my ch Web Server.
Bc 3. Cc my tn cng v cc Server khc trng thi khng c kch hot.
Bc 4. Chy chng trnh.
Bc 5. Quan st v ghi li kt qu.
Bc 6. Phn tch v nh gi.
Kch bn 2: Khi mng hot ng trng thi cc my trm b tn cng spam web,
firewall cha c kch hot.
Bc 1. Thit lp thm cc profile Web Spam v Echo Client cho 3 my tn cng
Outsite_Attacker v Insite_Attacker 1 v Insite_Attacker 2.
Bc 2. Thit lp profile Web Server v Echo Server cho my ch Web Server.
Bc 3. Cc my trm Insite_Client1, Insite_Client2, Remote_Client t trng
thi khng c kch hot.
Kch bn 3: Khi mng hot ng trng thi cc my trm b tn cng spam web,
firewall c kch hot.
Bc 1. Gi nguyn cc thit lp mng c cu hnh kch bn 2.
Bc 2. Thit lp thm profile Firewall cho thit b Firewall.
21
e. Thit lp phin (Session)
Di y l quy trnh thit lp mt kch bn cho mng cn m phng.

Hnh 4 8: S thit lp mt phin trong NeSSi
2

Cc phin c th cho mng cn m phng gm:
Phin th nht c tn Trang thai binh thuong (Firewall chua duoc kich hoat) chy
m phng kch bn 1 vi gi tr Number of ticks trong mc Configuration for Fix
Run Length bng 20000.
Phin th hai c tn Trang thai bi tan cong (Firewall chua duoc kich hoat) chy m
phng kch bn 2 vi gi tr Number of ticks trong mc Configuration for Fix Run
Length bng 20000.
Phin th ba c tn Trang thai bi tan cong (Firewall da duoc kich hoat) chy m
phng kch bn 3 vi gi tr Number of ticks trong mc Configuration for Fix Run
Length bng 20000.
f. Thc hin chy m phng

Hnh 4 9: S chy m phng trong NeSSi
2

Kch bn 1: Khi mng trng thi bnh thng, Firewall cha kch hot
Lu lng mng trn kt ni ti Web Server:
22

Hnh 4 12: Lu lng mng trn kt ni ti Web Server.
HTTP Packets sent: 28000; Packets sent: 26000; IPv4 Packets sent: 12000.
Gii thch s :
Trc honh (Tick): l i lng th hin thi gian mt m phng c thc hin trong
NeSSi
2
.
Trc tung (Amount): l mc lu lng o c trong qu trnh thc hin m phng.
HTTP packets sent: s lng gi tin ca ng dng Web Services.
IPv4 packets sent: cc loi gi tin khc.
Packets Sent: cc gi Echo.
Kch bn 2: Trng thi mng b tn cng, Firewall cha c kch hot.

Hnh 4 15: Lu lng mng trn kt ni ti Web Server khi b tn cng.
HTTP Packets sent: > 60000; Packets sent: 45000; IPv4 Packets sent: 30000.
Kch bn 3: Khi mng b tn cng, Firewall c kch hot.
23

Hnh 4 18: Lu lng mng Firewall-Web Server khi Firewall c kch hot.
Packets sent: 24000.
IPv4 Packets sent: 10000.
4.3. Phn tch nh gi
Khi Firewall cha c kch hot:
So snh kt qu hnh 4 10 v hnh 4 13; hnh 4 12 v hnh 4 15 cho thy, cng
mt khong thi gian nh nhau, cng cu trc lin kt v s lng thit b mng nh
nhau, nhng lu lng ca my trm v my ch Web Server kch bn 2 tng t
bin so vi kch bn 1 (v d lu lng HTTP ti Web Server kch bn 1 l xp x
28000, kch bn 2 l ln hn 60000). Ngoi ra cc lu lng khc (IPv4 Packets sent,
Packets sent) cng tng. iu chng t mi trng mng trong kch bn 2 b tn
cng.
Khi Firewall c kch hot:
Hnh 4 18: lu lng ng dng web (HTTP packets) trn kt ni ti Web Server
trong kch bn 3 b trit tiu. Chng t lu lng spam web t cc my tn cng
c Firewall ngn chn thnh cng.
So snh hnh 4 18 v hnh 4 12 ta thy lu lng IPv4 packets sent v Packets sent
tng ng nhau. Chng t cc lu lng ny khng b Firewall ngn chn. iu ny
ng vi cu hnh profile ca Firewall.
Kt lun: kt qu m phng trn y th hin r s khc bit v tnh trng mng khi
trng thi bnh thng v khi b tn cng, vai tr ngn chn tn cng ca Firewall. Tuy
nhin do nhng hn ch ca phn mm m phng, kt qu m phng mi ch miu t
gii hn mt s thng s ca mng nh mt s t giao thc, s lng gi tin, lu lng
m cha th hin c cc thng s quan trng khc nh tn sut s dng CPU, RAM,
tr gi tin, jitter,cc giao thc v ng dng mng quan trng khc.
24
KT LUN V HNG PHT TRIN TIP
Vic m bo an ton cho mng my tnh trc s tn cng v xm nhp tri php, hn
ch thp nht cc ri ro v thit hi l vic lm y kh khn thch thc. i hi ngi lm CNTT
cn thit phi c kin thc am hiu cc nguy c c th c i vi mng my tnh, trong c
vic pht hin v phng chng xm nhp tri php mng my tnh.
Trong lun vn ny, tc gi cung cp nhng hiu bit tng quan v an ton an ninh
thng tin, nhng nguyn tc c bn, mt s hnh thi v cng ngh phng chng xm nhp mng
tri php. Mc ch ca lun vn l nghin cu v cc k thut v cch thc xm nhp mng my
tnh; phng php v cc h thng pht hin xm nhp tri php mng my tnh t ra
c cc bin php phng chng v cc h thng ngn chn xm nhp tri php mng my tnh
mt cch hiu qu. Kt qu nghin cu kt hp gia tm hiu l thuyt v cc tng hp, phn tch
s liu thng tin lin quan n ch ny, cng cc thc hnh th nghim kim nghim
nh gi. Kt qu nghin cu hng ti kh nng p dng vo thc t vic qun l, vn hnh v
s dng mng my tnh trong cc c quan, t chc.
Cc kt qu t c c th ca lun vn gm:
Nghin cu v vn xm nhp mng my tnh, cc k thut tn cng v xm nhp
tri php mng my tnh cng vi hu qu ca n.
Trnh by v phn tch cc phng php pht hin xm nhp mng my tnh; cc h
thng pht hin xm nhp tri php mng my tnh.
Nghin cu xut cc bin php k thut phng chng xm nhp; kh nng tch hp
cc h thng pht hin v ngn chn xm nhp mng.
Xy dng cc kch bn m phng th nghim cho cc tn cng xm nhp mng v nh
gi kt qu.
Tuy nhin v mt thi gian nghin cu c hn, phm vi nghin cu cha c su rng
v m phng ch yu c thc hin trn h thng gi lpcc kt qu t c trong bi lun
vn khng trnh khi nhng hn ch nht nh.
Hng pht trin tip theo ca bi l tip tc trin khai ng dng h thng IDPS vo thc
t, thc hin vic phn tch cc hnh vi bt thng pht hin v ngn chn vi cc loi tn
cng in hnh nh DDoS, virus my tnh,. Ngoi ra c th kt hp h thng IDPS vi cc h
thng an ninh mng khc nh h thng gim st lu lng, h thng m ha, nhm tng mc
an ninh an ton cho mng my tnh.

Tom Tat LV THS Nguyen Manh Hung 2013

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Tom Tat LV THS Nguyen Manh Hung 2013

Uploaded by

Copyright:

Available Formats

HC VIN CNG NGH BU CHNH VIN THNG

You might also like