Nguyn Linh Giang. B mn Truyn thng v Mng my tnh. 2 I. Nhp mn An ton thng tin mng II. Cc phng php m ha i xng III. Cc h mt kha cng khai ( m ha bt i xng ) IV. Xc thc thng ip V. Ch k s v cc giao thc xc thc VI. An ton an ninh h thng 3 An ton mng bng cc phng php mt m An ninh h thng Cc l hng bo mt Qut l hng bo mt An ninh mng v h thng 4 Cc v tr tim tng i vi dng tn cng ring t: LAN: Phn ln cc LAN l mng qung b nn thng tin c truyn gia hai my c th c cc my khc nhn thy. Thng tin truyn ti theo frame cha a ch ngun v ch. i phng c th quan st s chuyn ti trong LAN v xc nh mi traffic cn thit da trn a ch ngun v ch. Nu LAN cung cp kh nng truy nhp theo ng dail-in, i phng c th truy cp vo mng v theo di lung truyn ti. T LAN truy cp ra ngoi thng thng qua: router, modem, comm server. T cc comm server thng c cc ng kt ni ti cc patch panel, ... m bo tnh ring t 5 m bo tnh ring t My ch truyn thng Bung ni dy Trm truyn thng LAN Cc my trm Mng chuyn mch gi 6 V tr ni dy cng l mt imyu. i phng c th mc ni vo mng thng qua cc v tr ni dy. Dng cc sng in t nng lng thp truyn ti thng tin ra ngoi. Cc tn cng vo mng c th ti mi v tr ca ng truyn thng. i vi dng tn cng ch ng, k tn cng phi kim sot vt l ng truyn v c th thm, bt gi thng tin. m bo tnh ring t 7 1. Cc c ch m bo an ton h thng: C ch bo mt ng lin kt ( link encryption approaches ). Mi ng truyn thng c th b tn cng u c kt ni vi cc thit b m ha ti hai u mi qu trnh truyn ti trn ng u c bo mt. Nhc im: Yu cu nhiu thit b m ha gii m i vi mng ln. Thng ip phi c gii m mi khi i vo b chuyn mch gi bi v b chuyn mch cn phi c a ch ( vitual circuit number ) trong phn u gi tin nh tuyn cho gi. Nh vy thng ip l mt imyu ti mi b chuyn mch. Do nu phi lmvic vi mng cng cng, ngi s dng khng th kimsot c an ton thng tin ti nt mng. m bo tnh ring t 8 Mt s bin php: Mi ng lin kt t ngun tin ti ch cn phi c m bo m mt. Mi cp nt chia s mt ng kt ni phi cng chia s mt kha mt duy nht v mi ng lin kt khc nhau phi dng nhng kha mt khc nhau. Nh vy phi dng nhiu kha v mi kha ch c phn phi ti hai nt. m bo tnh ring t 9 C ch bo mt u cui ( end to end encryption approaches ). Qu trnh m ha mt c thc hin ti hai h thng u cui. My trm ngun m ha thng tin v c truyn qua mng ti trm ch. Trm ngun v trm ch cng chia s kha mt v do c th gii m thng ip. Dng bo mt ny cho php bo man ton i vi cc tn cng vo cc im kt ni hoc cc im chuyn mch. Dng bo mt ny cho php ngi s dng yn tm v mc an ton ca mng v ng lin kt truyn thng. m bo tnh ring t 10 Cc imyu: V d: my trm kt ni vi mng chuyn mch gi X.25 v to mch ni o ti my trm khc v truyn d liu s dng s m ha u cui. D liu truyn bao gm phn u v phn d liu. Nu m ha ton b gi tin theo s m ha i xng, thng tin khng th truyn ti ch v: ch c my ch gii m c gi tin nt chuyn mch khng th gii m v c a ch ch do khng th nh tuyn gi tin. Nu ch m ha phn thn gi tin i phng s bit phn u phn tch ti. m bo tnh ring t 11 u im: Phng php bo mt u cui cho php thc hin xc thc: hai trm u cui chia s cng mt kha mt, ngi nhn s bit c thng ip ti t ngi gi. Phng php bo mt ng truyn khng c c ch xc thc. Khc phc: s dng kt hp c hai phng php: m bo tnh ring t 12 Packet-switching network PSN PSN PSN PSN Host Host Host m bo tnh ring t 13 2. im t cc hmm ha u cui. Vi m ha ng truyn, cc hmm ha c thc hin ti mc thp ca phn cp mng truyn thng ( tng vt l hoc tng lin kt ). i vi m ha u cui: Mc thp nht t cc hm m ha l tng mng. V d: cc php m ha c th c t tng ng vi X.25, do mi khi d liu ca cc khi X.25 u c m ha. m bo tnh ring t 14 Trn mc m ha tng mng, s lng cc i tng c nh danh v bo v ring r tng ng vi s lng trm u cui. Mi trm u cui c th trao i m mt vi trmkhc nu chng cng chia s mt kha mt. Nh vy c th tch chc nng m ha v a vo mt khi chc nng b x l ngoi vi. m bo tnh ring t 15 Data Header Data Header Red processor Encryption/ decryption device Black processor R/B bypass R/B bypass To/from host To/from network m bo tnh ring t 16 3. m bo tnh ring t cho lung truyn ti. Cc thng tin c th c bit bng phn tch lung truyn ti: nh danh ca cc bn thamgia vo qu trnh truyn tin. Tn sut truyn ti thng tin gia hai bn thamgia. Mu thng ip, di thng ip, s lng thng ip dng truyn ti nhng thng tin quan trng. Cc s kin lin quan ti cc i thoi c bit gia hai bn thamgia trao i thng tin. Mt vn lin quan ti lung truyn ti l: c th s dng mu ca lung to cc knh vng trm. m bo tnh ring t 17 Phng php m mt ng lin kt ( link encryption approach ). Cc phn u gi tin ( packet header ) c m ha, do lm gim kh nng phn tch ti. i phng vn c th c kh nng nh gi lu lng trn mng v quan st lu lng i n v i khi h thng. ngn chn kh nng phn tch lung truyn ti, c th s dng th tc mlung truyn ti ( traffic padding ) m bo tnh ring t 18 Th tc mlung truyn ti: B sinh d liu ngu nhin lin tc M ha Vn bn gc ri rc Kha Vn bn m mt lin tc m bo tnh ring t 19 Phng php bo mt u cui. Nu s dng phng php bo mt u cui, vc bo v cng b gii hn. V d, Nu m ha thc hin trn tng ng dng, i phng c th xc nh c cc i tng truyn ti thamgia vo qu trnh i thoi. Nu m ha c thc hin trn tng giao vn, khi cc a ch tng mng v cc mu lung truyn ti c th b l. m bo tnh ring t 20 K thut hu ch: mcc n v d liu c di c nh trn tng giao vn v c trn tng ng dng. Thmvo , cc thng ip rng c th c chn mt cch ngu nhin vo lung truyn ti. Chin thut ny lmcho i phng khng th bit c lng d liu c trao i gia cc trm u cui v che giu c mu lung truyn ti. m bo tnh ring t 21 L hng bo mt Khi nim l hng Phn loi l hng L hng lm cho t chi dch v L hng cho php ngi dng bn trong mng vi quyn hn ch c th tng quyn m khng cn xc thc. L hng cho php k khng phi l ngi dng h thng c th xm nhp t xa khng xc thc. 22 Khi nim l hng Tt c nhng c tnh ca phn mm hay phn cng m cho php ngi dng khng hp l, c th truy cp hay tng quyn truy nhp m khng cn xc thc. Tng qut : l hng l tt c mi th m k tn cng c th li dng xm nhp vo h thng 23 L hng lm t chi dch v Cho php hacker li dng lm t lit mt s dch v ca h thng . K tn cng c th lm mt kh nng hot ng ca my tnh hay mt mng, nh hng ti ton b t chc hay cng ty. Ba loi : Bandwith/Throughput Attacks Protocol Attacks Software Vulnerability Attacks 24 L hng tng quyn truy nhp khng cn xc thc. L li nhng phn mm hay h iu hnh c s phn cp ngi dng. Cho php loi ngi dng vi mc s dng hn ch c th tng quyn tri php. V d : Sendmail : cho php ngi dng bnh thng c th khi ng tin trnh sendmail, li dng sendmail khi ng chng trnh khc vi quyn root 25 L hng tng quyn truy nhp khng cn xc thc. Code segment Buffer Data segment Overflow here Trn b m : 26 L hng cho php xm nhp t xa khng xc thc. L li ch quan ca ngi qun tr h thng hay ngi dng. Do khng thn trng, thiu kinh nghim, v khng quan tm n vn bo mt. Mt s nhng cu hnh thiu kinh nghim : Ti khon c password rng Ti khon mc nh Khng c h thng bo v nh firewall, IDS, proxy Chy nhng dch v khng cn thit m khng an ton : SNMP, pcAnywhere,VNC , 27 L hng cho php xm nhp t xa khng xc thc. Phn loi : Trojan / Backdoor SQL injection LOGIN : or 1 = 1; drop table users; -- PASSWORD : anything Query : Select * from users where userName = or 1 =1; drop table users;-- userPass =anything Xm nhp Web bt hp php Google : allinurl:admentor One result : http://www.someserver.com/admentor/admin/admin.asp LOGIN : ' or ''=' PASSWORD: ' or ''= C th xm nhp vo trang web li ny vi quyn admin 28 Mc ch ca qut l hng Pht hin cc l hng bo mt ca h thng Pht hin cc nghi vn v bo mt ngn chn 29 Cc phng php, k thut qut l hng bo mt Qut mng Qut im yu Kim tra log Kim tra tnh ton vn file Pht hin virus Chng tn cng quay s Chng tn cng vo access point 30 Qut mng Kim tra s tn ti ca h thng ch Qut cng D h iu hnh 31 Qut mng Kim tra s tn ti ca h thng ch Qut ping kim tra xem h thng c hot ng hay khng Pht hin bng IDS hoc mt s trnh tin ch Cu hnh h thng, hn ch lu lng cc gi ICMP ngn nga 32 Qut mng Qut cng Nhm nhn din dch v, ng dng S dng cc k thut qut ni TCP, TCP FIN, xt s cng suy ra dch v, ng dng Pht hin qut da vo IDS hoc c ch bo mt ca my ch V hiu ha cc dch v khng cn thit du mnh 33 Qut mng D h iu hnh D da vo du vn tay giao thc Pht hin bng cc trnh pht hin qut cng, phng nga s dng firewall, IDS. 34 Qut im yu Lit k thng tin Qut im yu dch v Kim tra an ton mt khu 35 Qut im yu Lit k thng tin Xm nhp h thng, to cc vn tin trc tip Nhm thu thp cc thng tin v Dng chung, ti nguyn mng Ti khon ngi dng v nhm ngi dng ng dng v banner V d v lit k thng tin trong Windows V d v lit k thng tin trong Unix/Linux 36 Qut im yu Qut im yu dch v Qut ti khon yu: Tm ra acc vi t in khi ti khon yu Qut dch v yu: Da trn xc nh nh cung cp v phin bn Bin php i ph: Cu hnh dch v hp l, nng cp, v li kp thi. 37 Qut im yu B kha mt khu Nhanh chng tm ra mt khu yu Cung cp cc thng tin c th v an ton ca mt khu D thc hin Gi thnh thp 38 Kim sot log file Ghi li xc nh cc thao tc trong h thng Dng xc nh cc s sai lch trong chnh sch bo mt C th bng tay hoc t ng Nn c thc hin thng xuyn trn cc thit b chnh Cung cp cc thng tin c ngha cao p dng cho tt c cc ngun cho php ghi li hot ng trn n 39 Kim tra tnh ton vn file Cc thng tin v thao tc file c lu tr trong c s d liu tham chiu Mt phn mm i chiu file v d liu trong c s d liu pht hin truy nhp tri php Phng php tin cy pht hin truy nhp tri php T ng ha cao Gi thnh h Khng pht hin khong thi gian Lun phi cp nht c s d liu tham chiu 40 Qut Virus Mc ch: bo v h thng khi b ly nhim v ph hoi ca virus Hai loi phn mm chnh: Ci t trn server Trn mail server hoc trm chnh (proxy) Bo v trn ca ng vo Cp nht virus database thun li Ci t trn my trm c im: thng qut ton b h thng (file, a, website ngi dng truy nhp) i hi phi c quan tm nhiu ca ngi dng C hai loi u c th c t ng ha v c hiu qu cao, gi thnh hp l 41 War Dialing Ngn chn nhng modem khng xc thc quay s ti h thng Chng trnh quay s c th quay t ng d tm cng vo h thng Policy: hn ch s in thoi truy nhp cho tng thnh vin Phng php ny i hi nhiu thi gian 42 Qut LAN khng dy Lin kt bng tn hiu khng dng dy dn -> thun tin cho kt ni ng thi to ra nhiu l hng mi Hacker c th tn cng vo mng vi my tnh xch tay c chun khng dy Chun thng dng 802.11b c nhiu hn ch v bo mt Chnh sch bo m an ton: Da trn cc nn phn cng v cc chun c th Vic cu hnh mng phi cht ch v b mt G b cc cng vo khng cn thit 43 Kim th cc thm nhp Dng cc k thut thc t c s dng bi nhng k tn cng Xc nh c th cc l hng v mc ca chng Chu trnh: 44 Kim th thm nhp (Cont) Cc loi l hng c th c pht hin: Thiu st ca nhn Trn b m Cc lin kt ng dn Tn cng b miu t file Quyn truy nhp file v th mc Trojan 45 So snh cc phng php Kiu qut im mnh im yu Qut mng nhanh so vi qut im yu hiu qu cho qut ton mng nhiu chng trnh phn mm min ph tnh t ng ha cao gi thnh h khng ch ra c cc im yu c th thng c dng m u cho kim th thm nhp i hi phi c kin chuyn mn nh gi kt qa Qut im yu c th nhanh, ty thuc vo s im c qut mt s phn mm min ph t ng cao ch ra c im yu c th thng a ra c cc gi gii quyt im yu gi thnh cao cho cc phn mm tt cho ti free d vn hnh tuy nhin t l tht bi cao chim ta nguyn ln ti im qut khng c tnh n cao (d b pht hin bi ngi s dng, tng la, IDS) c th tr nn nguy him trong tay nhng ngi km hiu bit thng khng pht hin c cc im yu mi nht ch ch ra c cc im yu trn b mt ca h thng 46 So snh (Cont) Kim th thm nhp S dng cc k thut thc t m cc k tn cng s dng Cch ra c cc im yu Tm hiu su hn v im yu, chng c th c s dng nh th no tn cng vo h thng Cho thy rng cc im yu khng ch l trn l thuyt Cung cp bng chng cho vn bo mt i hi nhiu ngi c kh nng chuyn mn cao Tn rt nhiu cng sc Chm, cc im kim th c th phi ngng lm vic trong thi gian di Khng phi tt c cc host u c th nghim (do tn thi gian) Nguy him nu c thc hin bi nhng ngi khng c chuyn mn Cc cng c v k thut c th l tri lut Gi thnh t 47 Directory Listings Cc danh sch th mc c th cho rt nhiu thng tin Query : intitle:index.of/admin 48 Directory Listings Cc danh sch th mc c th cung cp cc thng tin version ca server Query : intitle:index.of apache server.at 49 Default Server Pages Cc web server vi cc trang mc nh c th cung cp kh nhiu thng tin cho hacker : version, OS Query : intitle:test.page.for.apache it worked Query : allintitle:Netscape FastTrack Server Home Page 50 CGI Scanning xc nh cc im yu web trn mng vi quy m ln nhiu hacker s dng cc b qut CGI. Hu ht cc b qut c th c file d liu v truy vn vo cc web server tm cc file d r. /iisadmpwd/ /iisadmpwd/achg.htr /iisadmpwd/aexp.htr /iisadmpwd/aexp2.htr /iisadmpwd/aexp2b.htr inurl;/iisadmpwd/ inurl;/iisadmpwd/achg.htr inurl;/iisadmpwd/aexp.htr inurl;/iisadmpwd/aexp2.htr inurl;/iisadmpwd/aexp2b.htr 51 Port Scanning Cc s cng nhiu lc xut hin trong url 52 Others Login Portals : inurl:admin/login.asp Microsoft Outlook Web Access Coldfusion Admin Page SQL Information SQL dump: # Dumping data for table username password SQL injection