1

An ton v An ninh thng tin

Nguyn Linh Giang.
B mn Truyn thng
v Mng my tnh.
2
I. Nhp mn An ton thng tin mng
II. Cc phng php m ha i xng
III. Cc h mt kha cng khai ( m ha bt i xng )
IV. Xc thc thng ip
V. Ch k s v cc giao thc xc thc
VI. An ton an ninh h thng
3
An ton mng bng cc phng php mt m
An ninh h thng
Cc l hng bo mt
Qut l hng bo mt
An ninh mng v h thng
4
Cc v tr tim tng i vi dng tn cng ring t:
LAN:
Phn ln cc LAN l mng qung b nn thng tin c truyn
gia hai my c th c cc my khc nhn thy.
Thng tin truyn ti theo frame cha a ch ngun v ch. i
phng c th quan st s chuyn ti trong LAN v xc nh
mi traffic cn thit da trn a ch ngun v ch.
Nu LAN cung cp kh nng truy nhp theo ng dail-in, i
phng c th truy cp vo mng v theo di lung truyn ti.
T LAN truy cp ra ngoi thng thng qua: router, modem,
comm server. T cc comm server thng c cc ng kt
ni ti cc patch panel, ...
m bo tnh ring t
5
m bo tnh ring t
My ch truyn thng
Bung ni dy
Trm
truyn
thng
LAN
Cc my
trm
Mng chuyn mch gi
6
V tr ni dy cng l mt imyu.
i phng c th mc ni vo mng thng qua cc v tr ni dy.
Dng cc sng in t nng lng thp truyn ti thng tin ra
ngoi.
Cc tn cng vo mng c th ti mi v tr ca ng truyn
thng. i vi dng tn cng ch ng, k tn cng phi kim
sot vt l ng truyn v c th thm, bt gi thng tin.
m bo tnh ring t
7
1. Cc c ch m bo an ton h thng:
C ch bo mt ng lin kt ( link encryption approaches ).
Mi ng truyn thng c th b tn cng u c kt ni vi cc thit
b m ha ti hai u mi qu trnh truyn ti trn ng u c
bo mt.
Nhc im:
Yu cu nhiu thit b m ha gii m i vi mng ln.
Thng ip phi c gii m mi khi i vo b chuyn mch gi bi v b
chuyn mch cn phi c a ch ( vitual circuit number ) trong phn u gi
tin nh tuyn cho gi.
Nh vy thng ip l mt imyu ti mi b chuyn mch. Do nu phi
lmvic vi mng cng cng, ngi s dng khng th kimsot c an
ton thng tin ti nt mng.
m bo tnh ring t
8
Mt s bin php:
Mi ng lin kt t ngun tin ti ch cn phi c
m bo m mt.
Mi cp nt chia s mt ng kt ni phi cng chia s
mt kha mt duy nht v mi ng lin kt khc nhau
phi dng nhng kha mt khc nhau.
Nh vy phi dng nhiu kha v mi kha ch c phn
phi ti hai nt.
m bo tnh ring t
9
C ch bo mt u cui ( end to end encryption
approaches ).
Qu trnh m ha mt c thc hin ti hai h thng u cui.
My trm ngun m ha thng tin v c truyn qua mng ti
trm ch.
Trm ngun v trm ch cng chia s kha mt v do c th gii
m thng ip.
Dng bo mt ny cho php bo man ton i vi cc tn cng
vo cc im kt ni hoc cc im chuyn mch.
Dng bo mt ny cho php ngi s dng yn tm v mc an
ton ca mng v ng lin kt truyn thng.
m bo tnh ring t
10
Cc imyu:
V d: my trm kt ni vi mng chuyn mch gi X.25 v
to mch ni o ti my trm khc v truyn d liu s
dng s m ha u cui.
D liu truyn bao gm phn u v phn d liu.
Nu m ha ton b gi tin theo s m ha i
xng, thng tin khng th truyn ti ch v: ch c my
ch gii m c gi tin nt chuyn mch khng
th gii m v c a ch ch do khng th nh
tuyn gi tin.
Nu ch m ha phn thn gi tin i phng s
bit phn u phn tch ti.
m bo tnh ring t
11
u im:
Phng php bo mt u cui cho php thc hin xc thc: hai trm
u cui chia s cng mt kha mt, ngi nhn s bit c thng
ip ti t ngi gi. Phng php bo mt ng truyn khng c c
ch xc thc.
Khc phc: s dng kt hp c hai phng php:
m bo tnh ring t
12
Packet-switching
network
PSN
PSN
PSN
PSN
Host Host
Host
m bo tnh ring t
13
2. im t cc hmm ha u cui.
Vi m ha ng truyn, cc hmm ha c thc hin ti
mc thp ca phn cp mng truyn thng ( tng vt l hoc
tng lin kt ).
i vi m ha u cui:
Mc thp nht t cc hm m ha l tng mng. V d: cc
php m ha c th c t tng ng vi X.25, do mi khi
d liu ca cc khi X.25 u c m ha.
m bo tnh ring t
14
Trn mc m ha tng mng, s lng cc i tng
c nh danh v bo v ring r tng ng vi s
lng trm u cui. Mi trm u cui c th trao i
m mt vi trmkhc nu chng cng chia s mt kha
mt.
Nh vy c th tch chc nng m ha v a vo mt
khi chc nng b x l ngoi vi.
m bo tnh ring t
15
Data
Header
Data
Header
Red
processor
Encryption/
decryption
device
Black
processor
R/B bypass
R/B bypass
To/from host
To/from network
m bo tnh ring t
16
3. m bo tnh ring t cho lung truyn ti.
Cc thng tin c th c bit bng phn tch lung truyn ti:
nh danh ca cc bn thamgia vo qu trnh truyn tin.
Tn sut truyn ti thng tin gia hai bn thamgia.
Mu thng ip, di thng ip, s lng thng ip dng truyn ti
nhng thng tin quan trng.
Cc s kin lin quan ti cc i thoi c bit gia hai bn thamgia trao
i thng tin.
Mt vn lin quan ti lung truyn ti l: c th s dng mu ca
lung to cc knh vng trm.
m bo tnh ring t
17
Phng php m mt ng lin kt ( link
encryption approach ).
Cc phn u gi tin ( packet header ) c m
ha, do lm gim kh nng phn tch ti.
i phng vn c th c kh nng nh gi lu
lng trn mng v quan st lu lng i n v
i khi h thng.
ngn chn kh nng phn tch lung truyn ti,
c th s dng th tc mlung truyn ti (
traffic padding )
m bo tnh ring t
18
Th tc mlung truyn ti:
B sinh d liu
ngu nhin
lin tc
M ha
Vn bn
gc ri rc
Kha
Vn bn
m mt
lin tc
m bo tnh ring t
19
Phng php bo mt u cui.
Nu s dng phng php bo mt u cui, vc bo v cng b gii
hn.
V d,
Nu m ha thc hin trn tng ng dng, i phng c th xc nh
c cc i tng truyn ti thamgia vo qu trnh i thoi.
Nu m ha c thc hin trn tng giao vn, khi cc a ch tng
mng v cc mu lung truyn ti c th b l.
m bo tnh ring t
20
K thut hu ch: mcc n v d liu c di
c nh trn tng giao vn v c trn tng ng
dng. Thmvo , cc thng ip rng c th
c chn mt cch ngu nhin vo lung truyn
ti. Chin thut ny lmcho i phng khng th
bit c lng d liu c trao i gia cc
trm u cui v che giu c mu lung truyn
ti.
m bo tnh ring t
21
L hng bo mt
Khi nim l hng
Phn loi l hng
L hng lm cho t chi dch v
L hng cho php ngi dng bn trong mng
vi quyn hn ch c th tng quyn m khng
cn xc thc.
L hng cho php k khng phi l ngi dng
h thng c th xm nhp t xa khng xc thc.
22
Khi nim l hng
Tt c nhng c tnh ca phn mm
hay phn cng m cho php ngi
dng khng hp l, c th truy cp hay
tng quyn truy nhp m khng cn xc
thc.
Tng qut : l hng l tt c mi th m
k tn cng c th li dng xm
nhp vo h thng
23
L hng lm t chi dch v
Cho php hacker li dng lm t lit mt s dch
v ca h thng .
K tn cng c th lm mt kh nng hot ng
ca my tnh hay mt mng, nh hng ti
ton b t chc hay cng ty.
Ba loi :
Bandwith/Throughput Attacks
Protocol Attacks
Software Vulnerability Attacks
24
L hng tng quyn truy nhp
khng cn xc thc.
L li nhng phn mm hay h iu hnh
c s phn cp ngi dng.
Cho php loi ngi dng vi mc s dng
hn ch c th tng quyn tri php.
V d :
Sendmail : cho php ngi dng bnh thng c
th khi ng tin trnh sendmail, li dng
sendmail khi ng chng trnh khc vi
quyn root
25
L hng tng quyn truy nhp
khng cn xc thc.
Code segment
Buffer
Data segment
Overflow here
Trn b m :
26
L hng cho php xm nhp t xa
khng xc thc.
L li ch quan ca ngi qun tr h thng hay
ngi dng.
Do khng thn trng, thiu kinh nghim, v khng
quan tm n vn bo mt.
Mt s nhng cu hnh thiu kinh nghim :
Ti khon c password rng
Ti khon mc nh
Khng c h thng bo v nh firewall, IDS, proxy
Chy nhng dch v khng cn thit m khng an ton :
SNMP, pcAnywhere,VNC ,
27
L hng cho php xm nhp t xa
khng xc thc.
Phn loi :
Trojan / Backdoor
SQL injection
LOGIN : or 1 = 1; drop table users; --
PASSWORD : anything
Query : Select * from users where userName = or 1 =1;
drop table users;-- userPass =anything
Xm nhp Web bt hp php
Google : allinurl:admentor
One result :
http://www.someserver.com/admentor/admin/admin.asp
LOGIN : ' or ''='
PASSWORD: ' or ''=
C th xm nhp vo trang web li ny vi quyn admin
28
Mc ch ca qut l hng
Pht hin cc l hng bo mt ca h thng
Pht hin cc nghi vn v bo mt ngn
chn
29
Cc phng php, k thut qut l
hng bo mt
Qut mng
Qut im yu
Kim tra log
Kim tra tnh ton vn file
Pht hin virus
Chng tn cng quay s
Chng tn cng vo access point
30
Qut mng
Kim tra s tn ti ca h thng ch
Qut cng
D h iu hnh
31
Qut mng
Kim tra s tn ti ca h thng ch
Qut ping kim tra xem h thng c hot ng
hay khng
Pht hin bng IDS hoc mt s trnh tin ch
Cu hnh h thng, hn ch lu lng cc gi
ICMP ngn nga
32
Qut mng
Qut cng
Nhm nhn din dch v, ng dng
S dng cc k thut qut ni TCP, TCP FIN,
xt s cng suy ra dch v, ng dng
Pht hin qut da vo IDS hoc c ch bo mt
ca my ch
V hiu ha cc dch v khng cn thit du
mnh
33
Qut mng
D h iu hnh
D da vo du vn tay giao thc
Pht hin bng cc trnh pht hin qut cng,
phng nga s dng firewall, IDS.
34
Qut im yu
Lit k thng tin
Qut im yu dch v
Kim tra an ton mt khu
35
Qut im yu
Lit k thng tin
Xm nhp h thng, to cc vn tin trc tip
Nhm thu thp cc thng tin v
Dng chung, ti nguyn mng
Ti khon ngi dng v nhm ngi dng
ng dng v banner
V d v lit k thng tin trong Windows
V d v lit k thng tin trong Unix/Linux
36
Qut im yu
Qut im yu dch v
Qut ti khon yu: Tm ra acc vi t in khi ti
khon yu
Qut dch v yu: Da trn xc nh nh cung cp
v phin bn
Bin php i ph: Cu hnh dch v hp l, nng
cp, v li kp thi.
37
Qut im yu
B kha mt khu
Nhanh chng tm ra mt khu yu
Cung cp cc thng tin c th v an
ton ca mt khu
D thc hin
Gi thnh thp
38
Kim sot log file
Ghi li xc nh cc thao tc trong h thng
Dng xc nh cc s sai lch trong chnh sch
bo mt
C th bng tay hoc t ng
Nn c thc hin thng xuyn trn cc thit b
chnh
Cung cp cc thng tin c ngha cao
p dng cho tt c cc ngun cho php ghi li hot
ng trn n
39
Kim tra tnh ton vn file
Cc thng tin v thao tc file c lu tr trong c
s d liu tham chiu
Mt phn mm i chiu file v d liu trong c s
d liu pht hin truy nhp tri php
Phng php tin cy pht hin truy nhp tri
php
T ng ha cao
Gi thnh h
Khng pht hin khong thi gian
Lun phi cp nht c s d liu tham chiu
40
Qut Virus
Mc ch: bo v h thng khi b ly nhim v ph
hoi ca virus
Hai loi phn mm chnh:
Ci t trn server
Trn mail server hoc trm chnh (proxy)
Bo v trn ca ng vo
Cp nht virus database thun li
Ci t trn my trm
c im: thng qut ton b h thng (file, a, website
ngi dng truy nhp)
i hi phi c quan tm nhiu ca ngi dng
C hai loi u c th c t ng ha v c hiu
qu cao, gi thnh hp l
41
War Dialing
Ngn chn nhng modem khng xc thc
quay s ti h thng
Chng trnh quay s c th quay t ng
d tm cng vo h thng
Policy: hn ch s in thoi truy nhp cho
tng thnh vin
Phng php ny i hi nhiu thi gian
42
Qut LAN khng dy
Lin kt bng tn hiu khng dng dy dn -> thun
tin cho kt ni ng thi to ra nhiu l hng mi
Hacker c th tn cng vo mng vi my tnh xch tay
c chun khng dy
Chun thng dng 802.11b c nhiu hn ch v bo
mt
Chnh sch bo m an ton:
Da trn cc nn phn cng v cc chun c th
Vic cu hnh mng phi cht ch v b mt
G b cc cng vo khng cn thit
43
Kim th cc thm nhp
Dng cc k thut thc
t c s dng bi
nhng k tn cng
Xc nh c th cc l
hng v mc ca
chng
Chu trnh:
44
Kim th thm nhp (Cont)
Cc loi l hng c th c pht hin:
Thiu st ca nhn
Trn b m
Cc lin kt ng dn
Tn cng b miu t file
Quyn truy nhp file v th mc
Trojan
45
So snh cc phng php
Kiu qut im mnh im yu
Qut mng
nhanh so vi qut im yu
hiu qu cho qut ton mng
nhiu chng trnh phn mm
min ph
tnh t ng ha cao
gi thnh h
khng ch ra c cc im yu c
th
thng c dng m u cho kim
th thm nhp
i hi phi c kin chuyn mn
nh gi kt qa
Qut im yu
c th nhanh, ty thuc vo s
im c qut
mt s phn mm min ph
t ng cao
ch ra c im yu c th
thng a ra c cc gi gii
quyt im yu
gi thnh cao cho cc phn mm
tt cho ti free
d vn hnh
tuy nhin t l tht bi cao
chim ta nguyn ln ti im qut
khng c tnh n cao (d b pht
hin bi ngi s dng, tng la,
IDS)
c th tr nn nguy him trong tay
nhng ngi km hiu bit
thng khng pht hin c cc
im yu mi nht
ch ch ra c cc im yu trn b
mt ca h thng
46
So snh (Cont)
Kim th
thm nhp
S dng cc k thut thc t m cc k tn
cng s dng
Cch ra c cc im yu
Tm hiu su hn v im yu, chng c
th c s dng nh th no tn cng
vo h thng
Cho thy rng cc im yu khng ch l
trn l thuyt
Cung cp bng chng cho vn bo mt
i hi nhiu ngi c kh nng chuyn
mn cao
Tn rt nhiu cng sc
Chm, cc im kim th c th phi ngng
lm vic trong thi gian di
Khng phi tt c cc host u c th
nghim (do tn thi gian)
Nguy him nu c thc hin bi nhng
ngi khng c chuyn mn
Cc cng c v k thut c th l tri lut
Gi thnh t
47
Directory Listings
Cc danh sch th mc c th cho rt nhiu thng tin
Query : intitle:index.of/admin
48
Directory Listings
Cc danh sch th mc c th cung cp cc thng tin version
ca server
Query : intitle:index.of apache server.at
49
Default Server Pages
Cc web server vi cc trang mc nh c th cung cp kh
nhiu thng tin cho hacker : version, OS
Query : intitle:test.page.for.apache it worked
Query : allintitle:Netscape FastTrack Server Home Page
50
CGI Scanning
xc nh cc im yu web trn mng vi quy m
ln nhiu hacker s dng cc b qut CGI.
Hu ht cc b qut c th c file d liu v truy vn
vo cc web server tm cc file d r.
/iisadmpwd/
/iisadmpwd/achg.htr
/iisadmpwd/aexp.htr
/iisadmpwd/aexp2.htr
/iisadmpwd/aexp2b.htr
inurl;/iisadmpwd/
inurl;/iisadmpwd/achg.htr
inurl;/iisadmpwd/aexp.htr
inurl;/iisadmpwd/aexp2.htr
inurl;/iisadmpwd/aexp2b.htr
51
Port Scanning
Cc s cng nhiu lc xut hin trong url
52
Others
Login Portals : inurl:admin/login.asp
Microsoft Outlook Web Access
Coldfusion Admin Page
SQL Information
SQL dump: # Dumping data for table username password
SQL injection