File Goc 772987

BO MT EMAIL
&
CCH PHNG CHNG SPAM
Gio vin hng dn: Thy V Thng
Thc hin: Phng Ch Tu
TP.H Ch Minh, 5/2009
LI CM N
Em xin chn thnh gi li cm n n cc thy ti trung tm Athena tn tnh ging dy, trang b
cho chng em nhng kin thc cn thit, b ch trong sut thi gian hc tp ti trung tm; ng thi
cng l nhng nn tng vng chc cho em c th ng dng vo nhng cng vic mi trong
tng lai.
TP. H Ch Minh, 5/2009
Phng Ch Tu
TM TT
Mc ch n:
Tm hiu cc im yu d b tn cng trong h thng email hin nay.
Cc gii php bo mt cho h thng email.
Tm hiu v cc c ch phng chng spam mail.
Trin khai h thng bo mt email bng PGP.
Cu trc n:
Chng 1: Gii thiu tng quan v SMTP, POP3, IMAP.
Chng 2: Cc nguy c b tn cng khi s dng h thng email.
Chng 3: Cc c ch phng chng spam mail.
Chng 4: Cc gii php bo mt h thng email.
MC LC
Chng 1: GII THIU TNG QUAN V SMTP, POP3, IMAP
1.1 Kin trc v hot ng ca th in t
1.2 Gii thiu v giao thc SMTP
1.3 Gii thiu v giao thc POP v IMAP
Chng 2: CC NGUY C B TN CNG KHI S DNG H THNG EMAIL
2.1 S thiu bo mt trong h thng email
2.2 Cc nguy c trong qu trnh gi email
Chng 3: CC C CH PHNG CHNG SPAM MAIL
3.1 Gii thiu v spam
3.1.1 Spam l g?
3.1.2 Cc loi spam
3.1.3 Tc hi ca spam
3.2 C ch hot ng ca spam
3.2.1 Thu thp a ch email
3.2.2 Gi spam
3.3 Cc bin php phng chng spam
3.3.1 DNS Blacklist
3.3.2 SURBL List
3.3.3 Chn IP
3.3.4 Kim tra a ch IP
3.3.5 S dng b lc Bayesian
3.3.6 S dng danh sch Black/White list
3.3.7 S dng Challenge/Response
3.3.8 Kim tra header
Chng 4: CC GII PHP BO MT H THNG EMAIL
4.1 Cc c ch m ha email
4.1.1 M ha v xc thc bng PGP
4.1.2 M ha v xc thc bng MIME
4.2 ng dng PGP
4.2.1 Ci t
4.2.2 S dng kha
4.2.3 M ha v gii m
4.2.4 Quy trnh k nhn v kim tra ch k
CHNG I
GII THIU TNG QUAN
V SMTP, POP3, IMAP
1.1 Kin trc v hot ng ca th in t
Mun gi th in t ngi gi cn phi c mt account trn mt my ch th. Mt
my ch c th c mt hoc nhiu account. Mi account u c mang mt tn khc
nhau (user). Mi account u c mt hp th ring (mailbox) cho account . Thng
thng th tn ca hp th s ging nh tn ca account. Ngoi ra my vi tnh phi
c ni trc tip hoc gin tip vi h thng Internet nu mun gi nhn th in t
ton cu. Ngi s dng my vi tnh ti nh vn c th gi nhn th in t bng cch
kt ni my vi tnh ca h vi mt my vi tnh khc bng modem. C mt s ni cp
pht account th in t min ph cho cc my vi tnh ti nh c th dng modem
kt ni vi my vi tnh chuyn nhn th in t nh hotmail.com hoc
yahoo.com .v.v. Ngoi ra, cn c rt nhiu c quan thng mi cung cp dch v hoc
account cho my vi tnh ti nh nhng ngi s dng phi tr tin dch v hng thng.
ng i ca th
Th in t chuyn t my my ch th in t ny (mail server) ti my ch t in t
khc trn internet. Khi th c chuyn n ch th n c cha ti hp th in t ti
my ch th in t cho n khi n c nhn bi ngi nhn. Ton b qu trnh x l ch
xy ra trong vi pht, do n cho php nhanh chng lin lc vi mi ngi trn ton th
gii mt cnh nhanh chng ti bt c thi im no d ngy hay m.
Gi, nhn v chuyn th
nhn c th in t bn cn phi c mt ti khon (account) th in t. Ngha l bn
phi c mt a ch nhn th. Mt trong nhng thun li hn vi th thng thng l bn
c th nhn th in t t bt c u. Bn ch cn kt ni vo Server th in t ly th
v my tnh ca mnh.
gi c th bn cn phi c mt kt ni vo internet v truy nhp vo my ch
th in t chuyn th i. Th tc tiu chun c s dng gi th l SMTP
(Simple Mail Transfer Protocol). N c kt hp vi th tc POP (Post Office
Protocol) v IMAP ly th.
M hnh ca h thng my ch th in t:
Bo mt email v cch phng chng spam
Vi mt h thng my ch th in t cung cp cho mt n v va v nh th ton
b h thng thng c tch hp vo mt my ch. V my ch va lm chc
nng nhn, gi th, lu tr hp th v kim sot th vo ra.
- S dng th tc SMTP chuyn, nhn th gia cc my ch th vi nhau.
- S dng th tc SMTP cho php mail client gi th ln my ch.
- S dng th tc POP hoc IMAP n mail client nhn th v.
1.2 Gii thiu v giao thc SMTP
Gii thiu
Mc tiu ca SMTP l chuyn truyn email tin cy v hiu qu. SMTP khng ph
thuc h thng con v ch yu cu 1 knh truyn d liu ng tin cy. Mt tnh nng
quan trng ca SMTP ca n l kh nng relay(chuyn tip) mail qua mi trng
dch v truyn thng. Mt dch v truyn thng cung cp mt mi trng truyn
thng gia cc tin trnh (IPCE). Mt IPCE c th bao gm mt mng, mt s mng,
hay mt h thng mng con. C th hiu IPCE l mi trng cho php mt tin trnh
c th giao tip qua li trc tip vi mt tin trnh khc. iu quan trng l cc IPCE
khng ch c quan h 1-1 trn cc mng. Mt tin trnh c th giao tip trc tip vi
nhiu tin trnh khc thng qua IPCE. Mail l mt ng dng ca truyn thng lin
tin trnh. Mail c th c truyn ti gia cc tin trnh trn nhiu IPCEs khc nhau
1 tin trnh c kt ni gia hai (hay nhiu) IPCE. C th hn, email c th c
chuyn tip (relay) qua nhiu Host trn cc h thng chuyn ti khc nhau qua cc
Host trung gian.
M hnh SMTP
Cc SMTP c thit k da trn cc m hnh truyn thng sau:
- Khi c cc yu cu mail t ngi s dng, pha SMTP-send s thit lp
mt knh truyn hai chiu ti pha SMTP-receiver
- SMTP-receiver y c th l ch n cui cng hay ch l mt a ch
trung gian.
- SMTP-send gi SMTP commands n SMTP-receiver.
- SMTP-receiver p ng SMTP commands bng cch gi tr cho SMTP-
send cc SMPT replies tng ng
Mt khi knh truyn c thit lp, SMTP-sender s gi mt MAIL command
cho bit ngi gi. Nu SMTP-receiver chp nhn mail n s p ng 1 OK reply.
Sau SMTP-sender li gi mt RCPT command cho bit l ngi s nhn mail,
nu SMTP-receiver chp nhn mail ny cho ngi nhn th n reply li l OK,
nu khng n s reply li l mail ny b loi b. Nu SMTP-receiver reply l OK th
SMTP-sender s gi d liu mail ti pha nhn v kt thc bng mt command c
bit no . Nu SMTP-receiver x l thnh cng d liu mail ny th n s reply
li l OK.
- SMTP cung cp nhiu k thut cch khc nhau gi mail:
o Truyn thng khi host pha gi v host pha nhn c kt ni ti cng mt
dch v truyn ti.
o Thng qua cc my ch SMTP khi host pha gi v host pha nhn khng
c kt ni ti cng mt dch v truyn ti
i s cho mail command l 1 tuyn ngc (reverse-path), trong ghi r mail
c gi t ai. i s cho RCPT command l mt tuyn chuyn tip (forward-path),
ch ra mail c gi cho ai. Tuyn chuyn tip l 1tuyn ngun, trong khi cc tuyn
ngc l 1 tuyn quay tr (c th c dng tr li mt thng bo cho ngi gi
khi mt li xy ra vi mt message chuyn tip).
Khi cng mt message c gi n nhiu ngi nhn, SMTP khuyn khch vic
truyn ti ch c mt bn sao ca cc d liu cho tt c cc ngi nhn ti cng mt
my ch ch.
Cc mail command v reply c mt c php cng nhc. Cc reply cng c 1 m s.
Trong phn sau y, m xut hin cc v d thc t s dng cc mail command v
reply, cc danh sch y cc command v reply.
Cc command v reply khng phi l trng hp nhy cm. Tc l, mt t
command hoc reply c th l ch thng, hoa, hay hn hp. Lu rng iu ny l
khng ng vi tn ngi s dng hp th. V i vi mt s my tn ngi s
dng l trng hp nhy cm, v cc trin khai SMTP phi a trng hp ny ra
bo v cc trng hp tn ngi dng ging vi cc tham s trong mailbox. Tn
my ch khng phi l trng hp nhy cm.
Cc command v reply l gm cc k t ASCII. Khi dch v chuyn th cung
cp 1 knh truyn 1 byte 8bit (octet), mi k t 7 bit c a vo cc bit thp ca
octet, bit cao ca octet xa v 0.
Khi c th ha cc dng chung ca mi lnh v reply, 1 i s s c biu
din bng 1 bin(hay 1 hng) trong ngn ng meta , chng hn, <string> hoc
<reverse-path>
Khi xc nh cc hnh thc chung ca mt lnh hoc tr li, mt i s. y
cc du < cho bit y l bin trong ngn ng meta.
MIMEv SMTP
MIME (Multipurpose Internet Mail Extensions) cung cp thm kh nng
cho SMTP v cho php cc file c dng m ho multimedia i km vi bc
in SMTP chun. MIME s dng bng m Base64 chuyn cc file dng
phc tp sang m ASCII chuyn i.
MIME l mt tiu chun mi nh n hin c h tr bi hu ht cc ng
dng, v bn phi thay i nu chng trnh th in t ca bn khng c h
tr MIME. MIME c quy chun trong cc tiu chun RFC 2045-2049.
S/MIME
L mt chun mi ca MIME cho php h tr cho cc bc in c m ho.
S/MIME da trn k thut m cng cng RSA v gip cho bc in khng
b xem trm hoc chn ly.ho
Lnh ca SMTP
Mt cch n gin SMTP s dng cc cu lnh ngn iu khin bc in.
Bng di l danh sch cc lnh ca SMTP
Cc lnh ca SMTP c xc nh trong tiu chun RFC 821.
HELO
Hello. S dng xc nh ngi gi in. Lnh ny ny i
km vi tn ca host gi in. Trong ESTMP (extended
protocol), th lnh ny s l EHLO.
MAIL
Khi to mt giao dch gi th. N kt hp "from" xc nh
ngi gi th.
RCPT Xc nh ngi nhn th.
DATA
Thng bo bt u ni dung thc s ca bc in (phn thn
ca th). D liu c m thnh dng m 128-bit ASCII v n
c kt thc vi mt dng n cha du chm (.).
RSET Hu b giao dch th
VRFY S dng xc thc ngi nhn th.
NOOP
N l lnh "no operation" xc nh khng thc hin hnh ng
g
QUIT Thot khi tin trnh kt thc
SEND Cho host nhn bit rng th cn phi gi n u cui khc.
SMTP m rng (Extended SMTP)
SMTP th c ci thit ngy cng p ng nhu cu cao ca ngi dng v
l mt th tc ngy cng c ch. Nh d sao cng cn c s m rng tiu
chun SMTP v chun RFC 1869 ra i b xung cho SMTP. N khng
ch m rng m cn cung cp thm cc tnh nng cn thit cho cc lnh c
sn. V d: lnh SIZE l lnh m rng cho php nhn gii hn ln ca
bc in n. Khng c ESMTP th s khng gii hn c ln ca bc
th.
Khi h thng kt ni vi mt MTA, n s s dng khi to th ESMTP thay
HELO bng EHLO. Nu MTA c h tr SMTP m rng (ESMTP) th n s tr
li vi mt danh sch cc lnh m n s h tr. Nu khng n s tr li vi
m lnh sai (500 Command not recognized) v host gi s quay tr v s
dng SMTP. Sau y l mt tin trnh ESMTP:
220 esmtpdomain.com
Server ESMTP Sendmail 8.8.8+Sun/8.8.8; Thu, 22 Jul 1999 09:43:01
EHLO host.sendingdomain.com
250-mail.esmtpdomain.com Hello host, pleased to meet you
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ONEX
250-ETRN
250-XUSR
250 HELP QUIT
221 Goodbye host.sendingdomain.com
SMTP Headers
C th ly c rt nhiu thng tin c ch bng cch kim tra phn header
ca th. Khng ch xem c bc in t u n, ch ca th, ngy
gi v nhng ngi nhn. Bn cn c th xem c nhng im m bc
in i qua trc khi n c hp th ca bn. Tiu chun RFC 822 quy
nh header cha nhng g. Ti thiu c ngi gi (from), ngy gi v
ngi nhn (TO, CC, hoc BCC)
Header ca th khi nhn c cho php bn xem bc in i qua nhng
u trc khi n hp th ca bn. N l mt dng c rt tt kim tra
v gii quyt li. Sau y l v d:
From someone@mydomain.COM Sat Jul 31 11:33:00 1999
Received: from host1.mydomain.com by host2.mydomain.com
(8.8.8+Sun/8.8.8)
with ESMTP id LAA21968 for ;
Sat, 31 Jul 1999 11:33:00 -0400 (EDT)
Received: by host1.mydomain.com with Interne Mail Service
(5.0.1460.8)
id ; Sat, 31 Jul 1999 11:34:39 -0400
Message-ID:
From: "Your Friend"
To: "'jamisonn@host2.mydomain.com'"
Subject: Hello There
Date: Sat, 31 Jul 1999 11:34:36 -0400
Trn v d trn cth thy bc in c gi i t someone@mydomain.com. T
mydomain.com, n c chuyn n host1. Bc in c gi t host2 ti host1 v
chuyn ti ngi dng. Mi ch bc in dng li th host nhn c yu cu in thm
thng tin vo header n bao gm ngy gi tm dng . Host2 thng bo rng
n nhn c in lc
11:33:00. Host1 thng bo rng n nhn c bc in vo lc 11:34:36, S
trn lch hn mt pht c kh nng l do s khng ng b gia ng h ca hai ni.
Thun li v bt li ca SMTP
Nh th tc X.400, SMTP c mt s thun li v bt li
Thun li bao gm:
SMTP rt ph bin.
N c h tr bi nhiu t chc.
SMTP c gi thnh qun tr v duy tr thp.
SMTP n c cu trc a ch n gin.
Bt li bao gm:
SMTP thiu mt s chc nng
SMTP thit kh nng bo mt nh X.400.
N ch gii hn vo nhng tnh nng n gin nht
1.3 Gii thiu v giao thc POP v IMAP
Trong nhng ngy thng u tin ca th in t, ngi dng c yu cu truy
nhp vo my ch th in t v c cc bc in ca h . Cc chng
trnh th thng s dng dng text v thiu kh nng thn thin vi ngi dng.
gii quyt vn mt s th tc c pht trin cho php ngi dng c
th ly th v my ca h hoc c cc giao din s dng thn thin hn vi ngi
dng. V chnh iu em n s ph bin ca th in t.
C hai th tc c s dng ph bin nht hin ny l POP (Post Office Protocol)
v IMAP (Internet Mail Access Protocol).
Post Office Protocol (POP)
POP cho php ngi dng c account ti my ch th in t kt ni vo MTA
v ly th v my tnh ca mnh, c th c v tr li li. POP c pht trin
u tin l vo nm 1984 v c nng cp t bn POP2 ln POP3 vo nm 1988.
V hin nay hu ht ngi dng s dng tiu chun POP3
POP3 kt ni trn nn TCP/IP n my ch th in t (s dng cng 110).
Ngi dng in username v password. Sau khi xc thc u client s s dng cc lnh
ca POP3 ly hoc xo th.
POP3 ch l th tc ly th trn my ch th in t. POP3 c quy nh bi tiu
chun RFC 1939.
Lnh ca POP3
Lnh Miu t
USER Xc nh username
PASS Xc nh password
STAT Yu cu v trng thi ca hp th nh s
lng th v ln ca th LIST
Hin danh sch ca th RETR
Nhn th
DELE Xo mt bc th xc nh
NOOP Khng lm g c
RSET Khi phc li nh th xo (rollback)
QUIT Thc hin vic thay i v thot ra
Internet Mail Access Protocol (IMAP)
Th tc POP3 l mt th tc rt c ch v s dng rt n gin ly th v cho
ngi dng. Nh s n gin cng em n vic thiu mt s cng dng cn
thit. V d: POP3 ch l vic vi ch offline c ngha l th c
ly v s b xo trn server.
IMAP th h tr nhng thiu st ca POP3. IMAP c pht trin vo nm
1986 bi trng i hc Stanford. IMAP2 pht trin vo nm 1987. IMAP4, l bn
mi nht ang c s dng v n c cc t chc tiu chun Internet chp
nhn vo nm 1994. IMAP4 c quy nh bi tiu chun RFC 2060 v
n s dng cng 143 ca TCP.
Lnh ca IMAP4
Lnh Miu t
CAPABILITY Yu cu danh sch cc chc nng h tr
AUTHENTICATE Xc nh s dng xc thc t mt server khc
LOGIN Cung cp username v password
SELECT Chn hp th
EXAMINE in hp th ch c php c
CREATE To hp th
DELETE Xo hp th
Lnh Miu t
RENAME i tn hp th
SUBSCRIBE Thm vo mt list ang hot ng
UNSUBSCRIBE Di khi list ang hot ng
LIST Danh sch hp th
LSUB Hin danh sch ngi s dng hp th
STATUS Trng thi ca h th (s lng th,...)
APPEND Thm message vo hp th
CHECK Yu cu kim tra hp th
CLOSE Thc hin xo v thot khi hp th
EXPUNGE Thc hin xo
SEARCH Tm kim trong hp th tm messages xc
nh
FETCH Tm kim trong ni dung ca message
STORE Thay i ni dng ca messages COPY
Copy message sang hp th khc
NOOP Khng lm g
LOGOUT ng kt ni
So snh POP3 v IMAP4
C rt nhiu im khc nhau gia POP3 v IMAP4. Ph thuc vo ngi dng, MTA,
v s cn thit , C th s dng POP3, IMAP4 hoc c hai.
Li ch ca POP3 l :
Rt n gin.
c h tr rt rng
Bi rt n gin nn, POP3 c rt nhiu gii hn. V d n ch h tr s dng mt hp
th v th s c xo khi my ch th in t khi ly v.
IMAP4 c nhng li ch khc:
H tr xc thc rt mnh
H tr s dng nhiu hp th
c bit h tr cho cc ch vic lm vic online, offline, hoc khng kt ni
IMAP4 ch online th h tr cho vic ly tp hp cc th t my ch, tm kim
v ly message cn tm v ...IMAP4 cng cho php ngi dng chuyn th t th
mc ny ca my ch sang th mc khc hoc xo th. IMAP4 h
tr rt tt cho ngi dng hay phi di chuyn v phi s dng cc my tnh khc
nhau.
CHNG II
CC NGUY C B TN CNG KHI
S DNG EMAIL
2.1 S thiu bo mt trong h thng email
Webmail: nu kt ni ti Webmail Server l khng an ton (v d a ch l http:// v
khng phi l https://), lc mi thng tin bao gm Username v pasword khng c m ha
khi n t Webmail Server ti my tnh.
SMTP: SMTP khng m ha thng ip. Mi kt ni gia SMTP servers gi thng ip
ca bn di dng ch cho mi k nghe trm thy. Thm vo , nu email server yu cu
bn gi username v password login vo SMTP server mc ch chuyn thng
ip ti mt server khc, khi tt c u c gi di dng ch, mc tiu nghe trm.
Cui cng, thng ip gi bng SMTP bao gm thng tin v my tnh m chng c gi
i, v chng trnh email c s dng. Nhng thng tin ny sn sng cho mi ngi
nhn, c th mang tnh cht c nhn.
POP v IMAP: Giao thc POP v IMAP yu cu bn gi username v password
login, u khng c m ha. V vy, thng ip ca bn c th c c bi bt k
k no ang nghe ln thng tin ca my tnh cng nh nh cung cp dch v email ca bn.
Backups: thng ip c lu tr trn SMTP server di dng ch, khng c m
ha.Vic Sao lu d liu trn server c th c thc hin bt c lc no v ngi qun
tr c th c bt k d liu no trn my tnh.
2.1 Cc nguy c trong qu trnh gi email
Eavesdropping:
Internet l ni rng ln vi rt nhiu ngi. Tht d dng ai truy cp vo my tnh
hoc on mng m thng tin ca bn ang c truyn trn , bt thng tin v c.
Ging nh ai ang phng k bn ang lng nghe cuc ni chuyn in thoi ca bn,
hacker c th s dng cc cng c man-in-the-middle bt ton b cc gi tin t ngi s
dng email. Vic ny c th c thc hin mt cch d dng thng qua cc chng trnh
nh Cain&Abel, Ettercap...
Khc phc Eavesdropping:
- Do trnh tnh trng eavesdropping xy ra, chng ta nn m ha cc thng tin khi
chng c chuyn i trn mng internet n server Mail. V ngay trn server, thng tin
cng cn phi c m ha lu tr 1 cch an ton s dng kha bo mt m ch c ngi
nhn ch thc mi bit.
Identify Theft:
Nu ai c th thu thp username v password m bn dng truy cp vo email server,
h c th c mail ca bn v gi mail nh bn. Thng thng, nhng thng tin ny c th
thu thp bi k nghe ln trn SMTP, POP, IMAP hoc kt ni WebMail, bng cch c
thng ip m bn nh km theo cc thng tin ny.
Khc phc Identify Theft:
- c th khc phc identity theft, chng ta cn phi to ra c 1 s trao i ring t, b
mt v an ton bng cch gi nhng thng tin c nhn v ni dung tin nhn di dng m
ha khi chng di chuyn trn internet.
VD: MyMail s dng cc ng link giao tip Secure Socket Protocol gim tnh trng
indentify Theft xy ra.
Invasion of Privacy:
Nu bn rt quan tm n thng tin ring t ca mnh, bn cn xem xt kh nng vic sao
lu ca bn khng c bo v .
Bn c th cng quan tm n vic nhng ngi khc c kh nng bit c a ch IP ca
my tnh bn. Thng tin ny c th c dng nhn ra thnh ph bn ang sng hoc
thm ch trong trng hp no c th tm ra a ch ca bn. Vic ny khng xy ra vi
WebMail, POP, IMAP, nhng i vi SMTP th li c kh nng xy ra.
Khc phc invasion of Privacy:
- Tt c cc thng tin s c bo mt bng cch m ha bng kha b mt ri lu tr, c
th c c mail, ngi nhn cn phi nh chnh xc username v password ca mnh.
- Du a ch IP trong phn header message, iu ny s gip bo v nhng thng tin c
nhn nh a ch thnh ph, tiu bang m bn ang sng.
- M ha tt c ni dung email lu tr v cng m ha khi cn truyn.
Message Modification:
Bt c ngi no c quyn admin trn bt k server SMTP no m thng ip ca bn n,
th khng ch c th c thng ip ca bn, m h cn c th xa hay thay i thng ip
trc khi n tip tc i n ch. Ngi nhn ca bn s khng th bit thng ip ca bn
c b thay i hay khng? Nu thng ip b xa i mt th h cng khng th bit rng c
thng ip c gi cho h.
Khc phc Message Modification:
- Khi email c gi n server mail th n cn lu tr di dng m ha bng 1 kha bo
mt ring, khi d cho ai c quyn admin trn server, h vn khng th thay i c ni
dung email.
- Thm na chng ta cng phi ngn chn khng cho System administrator c quyn truy
sut ti khan email bng cch n gin reset v to ra 1 password mi.
False Messages:
Tht d dng to ra mt thng ip gi mo m c v nh c gi bi mt ngi no
. Nhiu vius li dng im ny lan truyn sang cc my tnh khc. Nhn chung,
khng c cch g chn chn rng ngi gi thng ip l ngi gi thc s - tn ngi gi
c th d dng lm gi.
Khc phc False Messages:
- Chng ta c th s dng Reverse DNS lookup, finger, v s tng cng s kim tra
credential (account,password) nhn dng a ch email c chnh xc khng, ng thi
cng xem xt c email c c gi t server Email v host hp l hay khng.
Message Relay:
Thng ip c th b chn li, chnh sa va gi li sau. Bn c th nhn c mt tin nhn
nguyn gc hp l nhng sau li nhn c nhng tin nhn gi mo m c v nh hp l.
Khc phc Message Relay:
- Do tt c ni dung ca email c m ha bng cc kha bo mt ng tng ng do
s khng c bt k ai c th thay i ni dung ca email v khng c kha bo mt.
Unprotected Backups:
Thng ip c lu di dng plain-text trn tt c cc server SMTP. V th cc bn sao
lu ca cc server s cha bn copy thng ip ca bn. Bn sao lu c th gi trong nhiu
nm v c th c bi bt k ngi no c quyn truy cp. Thng ip ca bn c th c
t nhng ni khng an ton,v bt k ai cng c th ly n c, thm ch sau khi bn
ngh l xa ht cc bn copy ca n.
Khc phc Unprotected Backups:
- Nh ni trn, nu nh ni dung v cc thng tin ca email c lu di dng m
ha th d cho n c c lu li mt cch khng mong i th cng khng ai c th c
c n.
Repudiation:
Bi v nhng thng ip thng thng c th b gi mo, do khng c cch no chng
minh rng ngi khc c gi ci thng ip cho bn hay khng. Ngha l thm ch nu mt ai
gi cho bn mt thng ip, h hon tan c th chi b. y l 1 trong s nhng im ht sc
cn lu khi s dng email thc hin cc hp ng, giao dch kinh doanh
Khc phc Repudiation:
Chng ta cn m ha v lu tr bo mt cc thng tin cng nh ni dung ca email bng 1 kha
bo mt duy nht tng ng vi tng user khc nhau. Khi khng ai c th gio mo hoc thay
i ni dung ca email. iu ny gip ta m bo c s chnh xc ca email, nh cc hot
ng kinh doanh, giao dch s din ra thun li hn, v cng khng ai c th t chi email m chnh
mnh gi.
CHNG III
CC BIN PHP PHNG CHNG
SPAM MAIL
3.1 Gii thiu v spam
3.1.1 Spam l g?
Spam hay cn gi l UBE (Unsolicited Bulk Email) . Spam l nhng email khng c s
cho php ca ngi nhn (unsolicited email) c gi i vi s lng ln ti hm th ca
ngi dng internet.
Spam i khi cng l nhng email thng mi khng c s cho php ca ngi
nhn(UCE-Unsolicited Commercial E-Mail).
Vy Spam lm trn mi trng Internet bng cch gi i nhiu gi tin vi cng
mt ni dung, nhng gi tin ny c truyn n nhng ngi m h khng th khng
nhn chng.
3.1.2 Cc loi spam
C hai loi spam chnh, chng c nhng nh hng khc nhau n ngi dng Internet:
Usernet spam: y l dng spam ta thng gp trn cc forum, mt gi tin s
c gi n trn 20 newsgroup. Qua qu trnh s dng, ngi dng thy rng bt k
mt tin no c gi n nhiu newgroup mt lc thng s mang nhng thng tin
khng cn thit. Usernet spam c gng tr thnh mt k giu mt c thng tin trong
cc newsgroup nhng t khi hoc khng bao gi post bi hay cho a ch ca mnh.
Usernet spam chim quyn s dng ca cc newsgroup bng cch lm trn ngp cc
qung co hoc nhng bi vit khng ph hp. Ngoi ra, Usernet spam c khi cn lm
nh hng n quyn iu khin ca qun tr h thng, chim quyn qun l mt topic
no .
Email spam: Email spam nhm n ngi dng ring bit trc tip qua cc th in t.
Cc spammer s tin hnh thu thp a ch mail bng cch duyt qua hm th Usenet,
n cp danh sch mail hay tm kim trn web. i vi nhng user s dng dch v in
thoi th ng h o vn chy trong khi h nhn hay c mail, chnh v vy m spam lm h
tn thm mt khon tin. Trn ht,cc ISP v cc dch v trc tuyn ( online services) phi
tn tin chuyn cc email spam i, nhng chi ph ny s c chuyn trc tip n cc
thu bao.
Bt c ai cng c th tr thnh ngi gi th rc (spammer) Chng hn, bn c
mt mn hng c o cn bn ngay. Nhng lm sao mi ngi bit . Trc ht bn
thng bo cho bn b bng cch gi email cho 100 ngi nm trong s a ch ca bn.
Nh th bn khng mt mt ng no m vn c th gi i 100 email qung co sn
phm ca mnh. Nu c ngi bit mua hng th bn s li to. V bn t nh : "Ti
sao mnh khng gi email cho nhiu ngi khc na? Mnh s c th thu c nhiu li
nhun hn? Ri bn s tm ti ng dng cc gii php gi i c nhiu email cho
c nhng ngi bn khng quen bit hn. Vy l bn tr thnh spammer.
3.1.3 Tc hi ca spam
Hu ht cc spam u nhm mc ch qung co, thng cho nhng sn phm
khng ng tin cy hoc nhng dch v c v nh hp php. Tuy nhin, khng phi
mi v gi SPAM u l nhm mc ch qung co thng mi. Mt s v gi SPAM
li nhm mc ch bt chnh hoc cng c nhng k gi SPAM ch by t quan im
chnh tr hoc tn gio. Hnh thc gi SPAM nguy him nht l hnh thc gi i nhng
thng ip la ngi dng tit l thng tin ti khon ngn hng trc tip, s th tn
dng - hay y chnh l mt dang ph bin ca la o trc tuyn.
Do khng c mt cch thc hiu qu no lc spam nhn vo trc khi n c
nhn bi server ti ISP cc b, ISP phi tr chi ph v bng thng cho cc gi tin m h
nhn.
Theo thng k ca phn ln cc ISP th h thng b spam chim khong 25-30%
bng thng. Spam lm trn b m ca ngi dng vi cc mail qung co, c khi lm h
khng nhn c cc mail khc. Qua ta thy spam s dng mt lng ln ti
nguyn m khng cn s cho php hay c bt k mt hnh ng bi thng thit hi no,
lm cho cng ng Internet phi tn mt chi ph ng k.
Nhng chi ph lin quan khi spam s c tr bi ngi nhn ch khng phi l
t cc spammer. Ti khon ca spammer s b hy b ngay khi ISP pht hin ra n dng
gi spam, v th m hu ht cc spam u c gi t nhng ti khon th min ph
(Trial account) khng mt bt k mt chi ph no.
Do hu ht cc ISP u c mt chnh sch gii hn t ng nhm trnh s lm
dng h thng ca h, cc spammer s chuyn gi tin sang cc h thng cc nc khc,
chim thi gian x l v bng thng m khng cn hiu r v cc h thng .
Theo bo co vo khong thng 6 nm 2008 th phn trm Spam trong tng s
email trn ton th gii c xu hng tng ln kh r. V tc hi do n th khng th o
hay tnh c, nhng theo thng k ca Internet Week th "50 t USD mi nm" l s tin
m cc cng ty, t chc thng mi trn th gii phi b ra i ph vi nn th rc
ang hng ngy tn cng vo hm th ca nhn vin.
M l quc gia chu nhiu thit hi nht, chim 1/3 s tin ni trn. l tc hi
chung v kinh t, ring c nhn th mi ngi cng c kin ring ca mnh v tc hi
ca Spam. Vy, bin php v cch hn ch nh th no mi khi check mail, bn khng
cn phi i ph vi ng th Spam kia na?
3.2 Cc bin php phng chng spam
Gmail, hay cn gi l Google Mail l mt dch v e-mail trn nn web v e-mail
POP3 min ph do Google cung cp. Bn beta c a vo hot ng vo ngy 1
thng 4 nm 2004, vi hnh thc ch dnh cho th mi v c m rng thnh bn
beta cho tt c mi ngi vo thng 2 nm 2007.
Gmail h tr POP3 v hn 7GB khng gian lu tr, mt cng c tm kim v m
thoi trc tuyn hay chat, v kh nng bo mt tt, cnh bo virus. Gmail ni ting
vi vic s dng cng ngh Ajax trong thit k.
Gmail h tr nhiu trnh duyt (browser) v h tr a ngn ng (multilanguages),
a ch ngi gi n v ngi gi i t ng nhp lu vo address book.
Nm 2005, Gmail l sn phm ng th hai sau Mozilla Firefox trong 100 sn
phm tt nht c tp ch PC World bnh chn.
Cn y l Biu lc Spam mail ca Gmail qua thi gian c thng k:
Nh phn tch phn u, cc spammer lin tc x mail vo ngi dng qua
Internet, mu tng lin tc theo thi gian cho thy s bnh trng ca nn spam
mail ny.
Mu xanh dng l s email may mn lt qua c b lc ca Gmail vo Inbox trong ti
khon ngi dng Gmail. Chng ta c th thy, cng ngy s lng %spam mail thot qua
b lc cng gim i d cho chng c bnh trng ln mc cao nh th no.
Vy Gmail lm nh th no t c nhng thnh cng ng n nh vy?
Chng ta cng nhau nghin cu cc cng ngh ca Google chng spam.
Nhn trn S m t b lc Gmail ta thy:
Email c gi ti ngi dng t nhiu ngun v c phn loi thnh nhiu loi khc
nhau:
- Email hp l: bao gm cc email bn b, cng vic... khi gi ti me@gmail.com,
bc tip theo l qua b lc Gmail Filter v c i thng vo Gmail Inbox.
- Email cha file ln, dng julk mail c th gy nghn ng truyn ISP khi n i qua b
lc ca Gmail th i thng vo All Mail lun ch khng nm trong Inbox v cng khng
trong Spam box bi v chng khng phi l Spam mail.
- Mail li, sai a ch, li ng truyn... tt nhin n b ct t ngay khi cn lang thang trn
mng.
- Spam mail: Sau khi qua b lc ca Gmail th nhanh chng b a vo Spam box ngay.
Ngi dng c th check mail trong Gmail Inbox bng trnh duyt Web (browser)
hoc cc phn mm check mail Client nh Outlook, Windows Mail, Thunder
Bird... Mt khi m b lc cha lm tt cng vic ca mnh th Gmail c thm chc
nng ngi dng t bo co spam mail cho b lc bit, ti y qua qu trnh tng
hp v phn tch t nhiu report tng t khc v email pht tn spam th nhng
ln ti chng s b loi ra khi Inbox v y vo thng Spam box ca Gmail.
Nhn m t trng tht l n gin v d hiu, vn khng h n gin nh vy,
to c b lc thng minh, khng ch Gmail m tt c cc nh cung cp dch
v email khc nh Yahoo, Live Mail, AOL Mail... u phi p dng cc cng ngh
chng th rc sau y.
3.2.1 DNS Blacklist
Google s dng phng php DNS blacklist s chn cc email n t cc a ch nm trong
danh sch DNS blacklist. C hai loi danh sch DNS Blacklist thng c s dng, l:
Danh sch cc min, cc domain name gi spam bit.
Danh sch cc my ch email cho php hoc b li dng thc hin vic chuyn tip
spam ti ngi dng t nhng email c gi i t spammer.
Khi mt email c gi i, n s i qua mt s SMTP server trc khi chuyn ti a ch
ngi nhn. a ch IP ca cc SMTP server m email chuyn qua c ghi tron phn
header ca email.
Cc chng trnh chng spam s kim tra tt c cc a ch IP c tm thy trong phn
header ca email sau so snh vi c s d liu DNS Blacklist bit. Nu a ch IP
tm thy trong phn ny c trong c s d liu v cc DNS Blacklist, n s b coi l spam,
cn nu khng, email s c coi l mt email hp l.
3.2.2 SURBL list
Phng php m Google s dng l: SURBL - pht hin spam da vo ni dung ca email.
Chng trnh chng spam s phn tch ni dung ca email xem bn trong n c cha cc
lin kt c lit k trong Spam URI Realtime Blocklists (SURBL) hay khng.
SURBL cha danh sch cc min v a ch ca cc spammer bit.
C nhiu danh sch SURBL khc nhau nh sc.surbl.org, ws.surbl.org, ob.surbl.org,
ab.surbl.org..., cc danh sch ny c cp nht t nhiu ngun. Thng thng, ngi
qun tr thng kt hp cc SURBL list bng cch tham chiu ti a ch multi.surbl.org.
Nu mt email sau khi kim tra ni dung c cha cc lin kt c ch ra trong SURBL
list th n s c nh du l spam email, cn khng n s c cho l mt email thng
thng v c chuyn qua cc b lc khc.
Phng php ny c u im pht hin c cc email gi mo a ch ngi gi nh
la cc b lc. Nhc im ca n l email phi c ti xung trc khi tin hnh
kim tra, do s chim bng thng nguyn ca my tnh phn tch cc ni dung
email.
3.2.3 Chn IP
Phng php ny s chn cc email c gi n t cc a ch IP bit trc. Khi mt
email n, b lc s phn tch a ch my gi v so snh vi danh sch a ch b chn. Nu
email n t mt my c a ch trong danh sch ny th n s b coi l spam, ngc li
n s c coi l email hp l.
3.2.4 Kim tra a ch IP
Bng cch kim tra a ch ngi gi v ngi nhn, phn ln spam s c pht hin
v chn li. Thc hin kim tra a ch ngi gi trc khi email c ti xung s tit kim
c bng thng ng truyn cho ton h thng.
K thut Sender Policy Framework (SPF, www.openspf.org) c s dng kim tra a
ch ngi gi email. K thut SPF cho php ch s hu ca mt tn min Internet s dng
cc DNS c bit (gi l bn ghi SPF) ch r cc my c dng gi email t min
ca h. Khi mt email c gi ti, b lc SPF s phn tch cc thng tin trong trng
From hoc Sender kim tra a ch ngi gi. Sau SPF s i chiu a ch
vi cc thng tin c cng b trong bn ghi SPF ca min xem my gi email c
c php gi email hay khng. Nu email n t mt server khng c trong bn ghi SPF
m min cng b th email b coi l gi mo.
3.2.5 S dng b lc Bayesian
B lc Bayesian hot ng da trn nh l Bayes tnh ton xc sut xy ra mt s kin
da vo nhng s kin xy ra trc . K thut tng t nh vy c s dng phn
loi spam. Nu mt s phn vn bn xut hin thng xuyn trong cc spam nhng
thng khng xut hin trong cc email thng thng, th c th kt lun rng email
l spam.
Trc khi c th lc email bng b lc Bayesian, ngi dng cn to ra c s dliu t kha
v du hiu (nh l k hiu $, a ch IP v cc min...) su tm t cc spam v cc email
khng hp l khc.
Mi t hoc mi du hiu s c cho mt gi tr xc sut xut hin, gi tr ny da trn
vic tnh ton c bao nhiu t thng hay s dng trong spam, m trong cc email hp l
thng khng s dng. Vic tnh ton ny c thc hin bng cch phn tch nhng email
gi i ca ngi dng v phn tch cc kiu spam bit.
b lc Bayesian hot ng chnh xc v c hiu qu cao, cn phi to ra c s d liu v
cc email thng thng v spam ph hp vi c th kinh doanh ca tng cng ty. C s
d liu ny c hnh thnh khi b lc tri qua giai on hun luyn. Ngi qun tr
phi cung cp khong 1000 email thng thng v 1000 spam b lc phn tch to ra
c s d liu cho ring n.
3.2.6 S dng danh sch Black/white list
Vic s dng cc danh sch black list, white list gip cho vic lc spam hiu qu hn.
Black list l c s d liu cc a ch email v cc min m bn khng bao gi
mun nhn cc email t . Cc email gi ti t cc a ch ny s b nh du
l spam.
White list l c s d liu cc a ch email v cc min m bn mong mun nhn email t
. Nu cc email c gi n t nhng a ch nm trong danh sch ny th chng lun
c cho qua.
Thng thng cc b lc c tnh nng t hc, khi mt email b nh du l spam th
a ch ngi gi s c t ng a vo danh sch black list. Ngc li, khi mt email
c gi i t trong cng ty th a ch ngi nhn s c tng a vo danh sch white
list.
3.2.7 S dng tnh nng Challenge/Response
Tnh nng ny s yu cu ngi ln u gi email xc nhn li email u tin m h
gi, sau khi xc nhn, a ch email ca ngi gi c b sung vo danh sch White list v
t tr v sau cc email c gi t a ch c t ng cho qua cc b lc.
Do spammer s dng cc chng trnh gi email t ng v h khng th xc nhn li tt c
cc email gi i, v th nhng email khng c xc nhn sb coi l spam.
Phng php ny c hn ch l n yu cu nhng ngi gi mi phi xc nhn li email u
tin m h gi. khc phc nhc im ny, ngi qun tr chnn s dng phng php
ny i vi nhng email m h nghi ng l spam.
3.2.8 Kim tra header
Phng php ny s phn tch cc trng trong phn header ca email nh gi email
l email thng thng hay l spam. Spam thng c mt s c im nh:
- trng trng From: hoc trng To:
- Trng From: cha a ch email khng tun theo cc chun RFC.
- Cc URL trong phn header v phn thn ca message c cha a ch IP c m
ha di dng h hex/oct hoc c s kt hp theo dng username/password
V d cc a ch: http://1313165456494054/abcd.com
www.website.com@spammer.com
- Phn tiu ca email c th cha a ch email ngi nhn c nhn ha email
. Lu khi s dng tnh nng ny vi cc a ch email dng chung c dng nh
sales@company.com. V d khi mt khch hng phn hi bng cch s dng
tnh nng auto-reply vi tiu your email to sales c th b nh du l
spam.
- Gi ti mt s lng rt ln ngi nhn khc nhau.
- Ch cha nhng file nh m khng cha cc t nh la cc b lc.
- S dng ngn ng khc vi ngn ng m ngi nhn ang s dng.
Da vo nhng c im ny ca spam, cc b lc c th lc chn.
CHNG IV
CC GII PHP BO MT EMAIL
4.1 Cc c ch m ha email
4.1.1 M ha v xc thc bng PGP
PGP_Xc thc:
- User to th
- Dng hm bm SHA-1 ln ni dung th
- Dng RSA m ha m bm bng kha ring ca ngi gi.
- Gn kt qu vo ni dung th
PGP_M ha:
- Ngi gi to s ngu nhin 128 bit
- M ha ni dung th bng thut ton m ha (3DES, CAST_128 hoc IDEA), dng
s ngu nhin va sinh ra lm kha
- M ha bng kho cng khai ca ngi nhn v gn vo u th
PGP_Kt hp m ha v xc thc:
4.1.2 M ha v xc thc bng MIME
Cc chc nng ca MIME:
- Enveloped data: m ha th
- Signed data: xc thc th, c chuyn m
- Clear-signed data: xc thc khng chuyn m
- Signed and enveloped data: m ha v xc thc ng thi
MIME_M ha ni dung th:
- To kha ngu nhin tng ng vi thut ton m i xng c chn
- M ha bng kha cng khai ca ngi nhn (RSA).
- M ha ni dung th vi kha ngu nhin va to
MIME_Xc thc:
- Chn mt hm bm tng ng vi kh nng ca ngi nhn
- p dng hm bm ln ni dung th
- M ha hm bm bng kha ring (PR) ca ngi gi
4.2 ng dng PGP
4.2.1 Ci t
Bn c th ly GnuPG t Site chnh thc ca GnuPG (http://www.gnupg.org/) t bn
c th chn cc Mirmor c v tr a l gn bn Download GnuPG v.
Phin bn m nhm lm l phin bn c giao din dnh cho window. Hin nay l
vesion gpg4win-1.1.3
Sau nhp i vo gpg4win-1.1.3
Ta chn next tip tc
Ta chn next, mc nh ta s c hnh sau:
Ta thy bng trn, chn next ta c nh hnh sau:
Bm nt Browse.. chn a m bn mun lu, sau chn next xut hin bng
sau:
Tip tc chn next tin trnh install bt u
Chn next
Chn finish kt thc qu trnh ci t.
My tnh ca bn s yu cu restart .
Sau khi ci t xong chng ta c th s dng chng trnh ny m ha file.
4.2.2 S dng kha
4.2.2.1 To kha (Creating Keys)
u tin bn m chng trnh ln, bn s thy c giao din nh sau:
Bn chn key
Mt cp kho mi s c to (gm Secret Key v Public Key). GnuPG s h
bn s dng thut ton m ho no.
2 thut ton m ho c s dng rng ri l DSA v RSA. Tuy nhin theo kin
ca bn thn ta th RSA c s dng rng ri v c kh nng m ho d liu mc
cao hn DSA.
La chn k tip ca bn s l di ca Key (Key Lenght). Bn cn la chn gia
2 tnh nng s bo mt v thi gian. Ni mt cch d hiu nu di ca Key ln th
kh nng m ho thng ip cng cao. Chnh v vy thi gian m PC ca bn
dnh thc hin cng vic m ho v gii m ho s ln. Mc nh vi GnuPG gi
tr cc tiu di ca key l 768 bits v gi tr cc i l 2048 bits.
GnuPG s ln lt yu cu bn vo cc thng tin v bn nh: H v tn y
(Fullname), a ch (Comment), a ch mail (E-mail). lm c s cho cng vic
to ra cp kho mi ca GnuPG. Bn c th thay i cc thng tin ny sau.
Cui cng bn s phi nhp vo mt Password (c chp nhn k t Space). N c
s dng iu khin Secret Key ca bn. Mt Passphrase tt cha ng nhng yu
t sau:
N phi c di hp l
Cha ng nhng k t c bit
m bo an ton khng b suy on mt cch d dng (khng s dng cc thng tin
lin quan n bn nh: tn, ngy sinh, a ch, s nh...)
Nn nh rng bn khng c php qun Password nu trn. Bi nu qun n
bn s khng th phc hi li n cng nh iu kim sot Secret Key m bn to
ra.
Sau cng bn dng bn phm nhp vo cc k t ngu nhin yu cu s bit m
GnuPG cn to ra mt cp kho mi ( m bo tnh ngu nhin v s bo mt
cho cp kho mi). Bn i trong giy lt, GnuPG ang phn tch, tnh ton cc
thng tin m bn a vo to ra cho bn mt cp kho mi. Qu trnh ny hon
tt bn s c trong tay 2 Key: Public Key v Secret Key (Private Key).
C mt iu bn ch l nu chn thut ton l DSA and ElGamal th c 2 subkey
v mi chc nng ca chng trnh u thc hin c:
Nu bn chn thut ton l RSA v DSA th ch c 1 Subkeys c to ra v nu
thut tan l DSA th khng th m ha c , cn RSA th thc hin cc chc
nng :
Ta c th thay i thi gian cho php ca key :Chn key ri vo menu Keys->Edit
private key->Change expiration
Ta c th thay i pass pharse ca key :Chn key ri vo menu Keys->Edit private
key->Change passphrase :
Chc n y bn s t cu hi ti sao li phi xut Keys ? Hiu mt cch n gin
khi xut kho bn s c kh nng trao i d liu mt cch an ton vi nhiu dng
khc trn Internet. Khi xut Public Key bn s chia s n vi bt c ai mun trao i
thng tin vi bn mt cch an ton.
4.2.2.2 Nhp kho (Import Keys)
Khi bn c c Public Key ca mt ai . Bn cn phi Add n vo Key Database
ca bn sau ny s s dng n n. Bn s dng chnh n gii m ho cc d
liu c chnh ch nhn ca n m ho bng Public Key m bn ang c cc
ln sau.
4.2.2.3 Hu b kho (Revoke A Keys)
Bi mt vi l do nh: Secret Key b mt, UID b thay i, n khng cn p ng
c cc nhu cu ca bn na...hay n gin l bn khng mun s dng Key
na. Bn mun hu b chng.
thc hin iu ny bn cn mt Secret Key khc m bo rng ch c ch s
hu thc s mi c quyn hu b cc Key . Lc ny! nu nh khng bit
Passphrase ca Key th mi vic s tr ln v ch, tht bt li. khc phc vn
ny, GnuPG s cp cho bn mt s cho php hu b Key "License Revoke" ngay
khi bn to mt cp kho mi. Bn ln ct gi n mt cch cn thn...Bi nu b lt
ra ngoi th hu qu ca n s rt nghim trng.
thc hin iu ny bn cn mt Secret Key khc m bo rng ch c ch s
hu thc s mi c quyn hu b cc Key . Lc ny! nu nh khng bit
Passphrase ca Key th mi vic s tr ln v ch, tht bt li. khc phc vn
ny, GnuPG s cp cho bn mt s cho php hu b Key "License Revoke" ngay
khi bn to mt cp kho mi. Bn ln ct gi n mt cch cn thn...Bi nu b lt
ra ngoi th hu qu ca n s rt nghim trng.
y l mt lnh kh quan trng trong qu trnh s dng cc Keys. N c s dng
thay i thng tin v thi hn cu Keys (Expiration Dates), thm vo
Fingerprint...cng nh chnh sa cc thng tin quan trng khc. Trc khi bt u
qu trnh chnh sa, m bo an ton GnuPG s yu cu bn vo thng tin v
Passphrase.
4.2.3 M ho v gii m ho (Encrypt And Decrypt)
Sau khi mi cng vic nh ci t v cu hnh xong xui. By gi chng ta bt
u xem xt n tnh nng chnh ca GnuPG l m ho v gii m ho.
Bn cn bit rng trong qu trnh m ho v gii m ho khng ch cn Public Key
v Secret Key ca bn m cn cn n Public key ca nhng ngi m bn mun
trao i d liu vi h mt cch an ton. Khi m ho mt i tng d liu cho
ngi khc th bn s phi chn chnh Public Key ca h m ho n. Sau gi
cho h, h s dng chnh Secret Key ca mnh gii m ho d liu m bn m
ho bng chnh Public Key ca h. Chnh v vy phng php m ho d liu ny t
ra rt an ton.
4.2.3.1 M ho (Encrypt)
Trc khi mun m ho d liu v trao i vi h bn phi c v b xung Public
Key ca h vo Database Key ca bn. Ni mt cch d hiu ta dng chnh
Public Key ca h m ho d liu ri gi li cho h.
V d :
Bc 1: Nhp file cn m ha .Chn chc nng Encrypt .
Bc 2: Chn public key cua userVinh , Sign l User Vu .
Bc 3: Nhp vo public key ca user Vu .
To ra file m ha data.doc.asc
4.2.3.2 Gii m ho (Decrypt)
Qu trnh gii m ho th n gin hn, sau khi nhn c d liu m ho ca ta
gi cho. V pha ngi nhn nu h mun gii m ho
Thc cht ca qu trnh gii m ho d liu l ngi nhn s dng chnh Secret Key
ca h gii m ho d liu m ta m ho bng chnh Public Key ca h. D
nhin, khi h mun trao i d liu m ho bng GnuPG vi ta th h cng lm
nhng vic tng t nh nu trn i vi ta.
V d : user Vinh send d liu cho user Vu file data.doc.asc ( l file m ha) th
user Vu mun ly c d liu th cn phi gii m li .Cc bc nh sau :
Bc 1: chn file cn gii m .Chn chc nng Decrypt
Bc 2 : Cn nhp pass ca user Vu ly c Secret Key
Bc 3: To ra file ban u la data .doc
(Nu khng ng nh dng file th chng trnh s bo li)
4.2.4 Qu trnh k nhn v kim tra ch k (Sign And Checking Signatures)
4.2.4.1 K nhn:
Bc 1: Vo chc nng file .Chn file mun k nhn ri chn chc nng Sign
Bc 2:
+ k nhn d liu bng Key ca mnh ta chn chc nng :sign and compress.
+Nu nh ta mun c mt kt qu r rng hn ta c th s chc nng : cleartext
signature.
+Khi cc kt qu c hin th khng r rng .Nu ta mun tch ring ch k ca
mnh ra mt file ring bit ? Tnh nng ny thng c s dng m ho nhng
file nh phn (Binary). ta c th s dng chc nng :sign in separate file.
Sau k xong ta c kt qu :
+Nu chn sign and compress : to ra file data.txt.pgp .
+Nu chn cleartext signature: to ra file data.txt.asc .
+Nu chn sign in separate file: to ra file data.txt.sig .
4.2.4.2 Xc nhn:
+Trc tin ta vo WinPT tc l qun l kha chn pass pharse ca user no cho
public key
Chn Key->sign
Ri in vo Passphrase:
+Sau Ta Vo chc nng file .Chn file mun k nhn ri chn chc nng Verify
Nu nh file c ch k hp l th s hin th nh vy :
THE END

File Goc 772987

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

File Goc 772987

Uploaded by

Copyright:

Available Formats

BO MT EMAIL

You might also like