Chuyende Virus

Virus my tnh v gii php an
ton mng cc b
phng thc hnh Internet
Ts. Trng Minh Nht Quang
2011
Chuyn
Ts. Trng Minh Nht
Quang - 2011

Ts. Trng Minh Nht Quang - 2011
GII THIU
0. Gii thiu, ti liu tham kho
1. Cc mi e da an ninh mng
2. Tn cng mng bng m c
3. Pht hin, loi tr m c
4. Cc gii php an ton mng
Ni dung
chuyn
Ts. Trng Minh Nht
Quang - 2011
GII THIU CHUYN
Mc tiu chuyn :
Tm hiu cc mi e da an ninh mng, tn
cng bng m c, cc bin php pht hin, loi
tr m c
Ci t th nghim cc gii php an ton mng
cc b cho phng thc hnh Internet
Thi lng: 45 tit (30t LT, 15t TH)
Ts. Trng Minh Nht
Quang - 2011
THC HIN, NH GI
Hnh thc thc hin:
Nghe bo co, tho lun
Thc hnh, thc tp thc t
nh gi:
Kim tra ht mn
Bo co thc tp thc t
Ts. Trng Minh Nht
Quang - 2011
KIN THC, K NNG
Cc kin thc lin quan:
Mng my tnh, h iu hnh
An ton d liu, an ninh mng
Computer Virus, Antivirus
Cc k nng cn thit:
Thao tc my tnh
Ci t h thng
Qun tr mng
Ts. Trng Minh Nht
Quang - 2011
TI LIU THAM KHO
1. Avira Anti-virus. http://www.free-av.com
2. Faronics Corporation. http://www.faronics.
com/html/company.asp
3. Joseph Rabaiotti. Counter Intrusion Software. PhD.
Thesis, Computer Science, Cardiff University, 2007.
4.Kaspersky Anti-virus. http://www.kaspersky.com
5.NetOp School. http://www.netop.
com/products/education/school.htm
Ts. Trng Minh Nht
Quang - 2011
TI LIU THAM KHO
6. NetSupport School. http://www.netsupportschool.com
7. Symantec Corp. http://www.symantec.com/index.jsp
8. The National Academy of Engineering Committee on
Engineering's Grand Challenges. http://www.
engineeringchallenges.org
9. Virtual Box. http://www.virtualbox.org
10. Virtual PC. http://www.microsoft.com/windows/virtual-
pc
11. VMware Inc. http://www.vmware.com
Ts. Trng Minh Nht
Quang - 2011
*
Cc mi e da
an ninh mng
2011
Chng 1
Ts. Trng Minh Nht
Quang - 2011

*
NI DUNG CHNG 1
Cc vn
an ninh
mng
An ninh
mng
Cc mi
e da an
ninh mng

*
AN NINH MNG
Mng my tnh (Computer Network) l
mi trng cng tc gip nng cao nng lc
tnh ton, khai thc thng tin, chia s d liu,
lin lc vin thng
An ninh mng (Network Security) l cc
hot ng v phng thc iu khin truy
nhp, di chuyn d liu an ton hiu qu
trong h thng mng my tnh

*
CC VN AN NINH MNG
Chia s thng tin
H thng phc tp
Phm vi hot ng
C nhiu im d tn cng
Kh xc nh l trnh
Ngi dng n danh

*
CC VN AN NINH
MNG
Chia s thng tin:
chia s v khai thc thng tin, user c nhu cu truy
nhp t nhiu my tnh khc nhau
Ny sinh cc vn an ninh trong chnh sch iu
khin truy nhp my n
H thng phc tp:
H thng mng gm nhiu my s dng nhiu h iu
hnh khc nhau, dng cho nhiu mc ch, cp
ngi dng khc nhau
Xut hin cc l hng bo mt do thiu s nht qun
trong chnh sch an ninh ca cc h iu hnh

*
CC VN AN NINH
MNG
Phm vi hot ng:
Khng nhng m rng s nt s dng ni mng, mng
cng cn kt ni vi cc mng khc
Kh kim sot phm vi hot ng/phc v ca mng

*
CC VN AN NINH
MNG
C nhiu im d b tn cng
Thng tin trn mng di chuyn qua nhiu my ch, mi
my ch c chnh sch an ninh khc nhau
Nu mt admin kim sot my ch qu kht khe, thng
tin s khng n c user ang c nhu cu
Kim sot thng tin d di gip user s dng mng
thun tin, nhng cc my ch cng d b tn cng
Kh xc nh l trnh
S m rng, ha nhp vi cc mng khc khin vic
xc nh ranh gii mng ngy cng kh khn
Kh xc nh l trnh di chuyn d liu trn mng

*
CC VN AN NINH
MNG
Ngi dng n danh
Ngoi cc user chnh thc, v nhiu l do khc nhau (v
d, m bo tnh ring t, gia tng linh hot, ci m
ca h thng), mng cng cn m rng phc v cc
user vng lai/n danh
Trong vai cc user n danh, k thm nhp c th khai
thc cc dch v mng, email chng hn, nh cp
thng tin s dng cho cc kch bn tn cng ca chng
vo nhng l hng khc ca mng

*
CC MI E DA AN NINH
MNG
1.Nghe trm (Wiretapping)
2.Mo danh (Impersonation)
3.Vi phm cn mt (Message Confidentiality
Violations)
4.Vi phm ton vn thng tin (Message Integrity
Violations)
5.c ph h thng (Hacking)
6.Vi phm ton vn m lnh (Code Integrity
Violations)
7.Tn cng t chi dch v (Denial of Service)

*
CC MI E DA AN NINH MNG
8.Cc l hng giao thc (Protocol Flaws)
9.La bp (Spoofing)
10.Hy hoi website (Website Defacement)
11.Tn cng t chi dch v lan trn
(Distributed Denial of Service)
12.e da m tch cc (Threats to Active
Code)
13.Tn cng phc hp (Complex Attack)

*
NGHE TRM
Th phm dng cc thit b/phn mm c bit
u ni vo ng truyn chp trm (sniff) cc
gi tin
Cc mng v tuyn s dng sng radio, sng v
tinh d b nghe trm nht
Cc mng LAN cp kim loi c th b nghe trm
trn sng in t dc theo ng truyn
Cc mng cp quang an ton hn, nhng vn c
th b thm nhp nghe trm cc mi ni trn
ng truyn nh repeater, router

*
MO DANH
Th phm gi mo user ly d liu trc tip:
Vt ca xc thc bng phng on kha b mt ca
nn nhn (username, password)
Vt ca xc thc bng cch trm password ca nn
nhn (handbook, handphone, mail, document)
Vt ca xc thc bng mnh li (v d, gi mo user
khi phc password)
Vo ca xc thc m (user cha kha ti khon,
user lu password trn my dng chung)
D tm password ph bin, password mc nh
V hiu xc thc (bng cng c, b kha)

*
VI PHM CN MT
Th phm ly trm d liu bng cch:
Phn phi chch (Missdelivery): i a ch ch d
liu khng n ni, iu khin h thng gi d liu
nhiu hn yu cu
Phi by (Exposure): ly trm cc bn sao d liu cn
st li trong cc buffer trn ng truyn (switches,
routers, gateways, my ch trung gian)
Phn tch dng lu chuyn d liu (Traffic Flow
Analysics): d thng tin trn cc router, phn tch dng
d liu, nh hi (sniff) gi tin

*
VI PHM TON VN THNG
TIN
Xuyn tc thng tin (Falsification of Messages):
Thay i ni dung thng tin
Thay i mt phn thng tin
Thay th ton b thng tin
S dng li thng tin c
Thay i cch thng tin th hin
nh hng li thng tin
Ph hy hoc xa b thng tin
Lm nhiu thng tin (Noise):
Thng tin b bin dng, suy gim hoc mt ngha
Thng tin b che lp, khng th s dng c

*
C PH H THNG
Cc hacker pht trin cc cng c d tm, phn tch, kim
tra, lp trnh, m phng cc im yu ca mng ri nhanh
chng cng b cc pht hin ny trong cng ng ca
chng
Hacker c th gi mo admin truy nhp vo cc my ch
trong h thng, thc hin tn cng t chi dch v (DoS)
bng cch gi thng ip lan trn (flooding) n cc my
ch trn mng
Cc qun tr mng phi thng xuyn lin lc v phi hp
chng tr cc t tn cng ca hacker
Cha th d on y kch bn tn cng mng ca
hacker trong tng lai nh th no

*
VI PHM TON VN M
LNH
Khng phi ai cng c th bit m lnh ca cc
tp thc thi ti v l an ton hay khng
Mt s t chc ng du an ninh (Security
Certificate) cho cc tp thc thi, tuy nhin vn cn
nhiu tp exe khng r ngun gc
Vic thc thi m lnh trn my ch vi phm s
ton vn m lnh, nh hng nghim trng n an
ninh thng tin ca h thng

*
CC NG DNG RI RO
(RISKWARE)
Cc ng dng tham lam (Greedy
Programs):
c to bi cc lp trnh vin t kinh nghim
C th lp v tn, treo my, hng d liu, hoc
ngn cn cc ng dng khc hot ng
Xc xch Italia (Salami Attack):
Vt/ct xn tin l ca khch hng trong cc
giao dch thng mi
Tin tch ly sau c chuyn vo ti khon
b mt ca tc gi

*
CC NG DNG GIN IP
Cc cng ty cn thu thp thng tin user
xy dng chnh sch phc v, u i khch
hng
Tit l, r r thng tin (program that leaks
information): ng dng c lp trnh vin
hai mang ci thm cc th tc b mt
chuyn thng tin khch hng cho cc cng ty
i th

*
TN CNG T CHI DCH V
(DOS)
T chi dch v (Denial of Service):
Hnh thc tn cng ph bin hin nay
Mc tiu ca hacker l lm suy gim nng lc
phc v tng phn hay ton b mng
Cc hnh thc DoS ph bin:
Di l thng tin
Nhiu lon l trnh
Ph v dch v

*
DI L THNG TIN (FLOOD)
Hacker gi v s thng ip gi lm trn
ngp mng
Khi c qu nhiu yu cu, mng b suy gim
nng lc phc v
Khi s yu cu x l vt ngng, mng s
t chi phc v

*
NHIU LON L TRNH
Router tm l trnh trong bng ch ng
cho cc gi tin t my gi qua nhiu kt ni
n my nhn
Hacker tm cch thay i, xa ni dung, i
a ch chuyn tip hoc v hiu bng ch
ng khin cc gi tin mt phng hng

*
PH V DCH V
Hacker c th lp trnh gi mo nt mng
S xut hin ca cc nt mng gi lm ri
lon l trnh mng, cc dch v b ngng tr
do khng xc nh a ch tht ca nt
chuyn tip cc gi tin

*
CC L HNG GIAO THC
Cc giao thc c cc chuyn gia xem xt
qua nhiu quy trnh cht ch tr thnh
chun mc
Mt s giao thc vn tim n k h, tr
thnh cng c tn cng mng ca hacker
Cc thut gii mt ha cng c th b gii
m, cc php sinh ngu nhin cng c th
to chui trng nhau, cc c on lun c
sai s

*
LA BP
Gi dng (Masquerade):
Tn min: xyz.com, xyz.net, xyz.org, cocacola.com,
coca-cola.com, citybank.com, citibank.com, lexus.com,
1exus.com
Website: nh hng li (redirect), ghi (overwrite),
thit k ging website gc
Cp phin (Session Hijacking):
Tc ot, ngt ngang phin lm vic ca 2 user
Nu admin b cp phin t my khc host, server web
sau c nguy c b nh sp

*
La bp
Chim phin (Man-in-middle Attack):
ot quyn ngay t u
phin lm vic ca 2 user
Khng ch, chim dng
kha m ca nn nhn
Gii m, thay i, v hiu
ti khon ca nn nhn

*
BI NH WEBSITE
Trn b m (Buffer Overflows):
Cc buffer u c mc gii hn ca n, nu d liu
vt ngng, ng dng/website s mt kim sot
Hacker sinh d liu gi lm y cc buffer ni ca
website, to iu kin kch hot m c
Cc vn a ch (Address Problems):
Trong Unix/Window, k hiu .. nh v th mc cha
http://URL/null.htw?CiWebHitsFile=/../../../../..
/winnt/system32/autoexec.nt c th kch hot tp tin l
Web server cn vn hnh trong mi trng hn ch

*
BI NH WEBSITE
Li m ng dng (Application Code Errors):
Web server thng gi thng bo cho cc browser di
dng chui ng cnh (context strings)
Nu cc thng bo ny b thay i, h thng s ri lon
Gi cc ng dng my ch (Server-side Include)
Server cho php cc ng dng web thc hin mt s
API tch hp sn (include) trong h iu hnh my ch
Nu cc API b cu mc (hook), cc li gi h thng ca
ng dng web s kch hot m c ca hacker

*
TN CNG T CHI DCH V
LAN TRN
DDoS: tn cng t chi dch v trn din rng
Giai on 1, chun b lc lng:
B mt ci m c (trojan, worm) vo cc trm
Cc ni ng nm sn trn my nn nhn (zombie)
thng bo cho hacker v tnh hnh an ninh mng
Giai on 2, tn cng:
Khi s zombie ln, hacker s pht lnh tn cng vo
cc host th cp
Khi cc host tin phng b t lit, cc zombie s tp
trung tn cng vo host trung ng

*
KCH BN TN CNG DDOS

*
E DA M TCH CC
Active Code: m thi hnh tch cc thc thi
trn my khch
Cc dng m tch cc: Cookies, Script, Auto
Exec by Type

*
COOKIES
Hnh thc thu thp thng tin khch hng
ca cc ng dng web (keystrocks, user
name, machine name, IP address, date &
time)
Cookies c lu vo my cc b ri
chuyn v web server cho cng ty
L cookies c th tn hi tnh ring t ca
khch hng

*
SCRIPT
My khch c th gi cc dch v thng qua thc
thi m lnh scripts trn server
Khi nhn lnh thc thi script t HTML, server
khng th phn bit cc lnh ca user thng
thng vi cc lnh nguy him ca hacker
Hacker khai thc cc thng tin v cch thi hnh
script, cc kt qu tr v, cc thng bo li t
server cho cc kch bn tn cng tip theo
Cc ngn ng script ph bin: CGI (Common
Gateway Interface, ASP (Active Server Page)

*
ACTIVE CODE
Cc hiu ng ha ca trang web cn c cc
thng trnh (routine) iu khin trnh din (show,
slide, flash, animate), vn cha c sn trn my
khch
Active Code l cc on m dnh cho cc trnh
duyt ti v my khch trnh din cc hiu ng
ha, ch yu l Java Script (Sun Microsystems)
v ActiveX (Microsoft)
Active Code m rng nng lc x l cho my
khch, nhng cng tim n nhiu mi nguy him
v chng c ngun gc t bn ngoi

*
AUTO EXEC BY TYPE
D liu c s dng bi cc ng dng ch (.doc
~ Microsoft Word, .pdf ~ Adobe Acrobat)
Khi open mt tp tin ph bin (known file type), h
thng s thc thi ng dng ch tng ng
V nguyn tc, cc tp tin d liu (v d, .txt file)
an ton v khng cha m thi hnh
Hacker c th gi mo cc tp tin cha m thi
hnh di hnh thc cc tp d liu v hi

*
SCRIPT KIDDIES
Cc cuc tn cng DoS c th kch bn ha
thnh cng ngh mt a tr cng c
th lm c
Script Kiddies ch n thun download cc
Sripted DoS v thi hnh chng

*
BUILDING BLOCK
Trc khi ra tay, hacker thng lp k
hoch tn cng chi tit, xy dng chin lc
nh ph lin hon
Vi cc cuc tn cng quy m ln, cc
hacker thng kt hp nhiu k thut t
hiu qu tt nht

Tn cng mng
bng m c
Chng 2
Ts. Trng Minh Nht
Quang - 2011

NI DUNG CHNG 2
Khi nim v m c
Phn loi m c
Cc m c l thuc ng dng ch
Cc m c thc thi c lp
KHI NIM V M C
tn cng/thm nhp mng, hacker
thng s dng cc tr th nh virus,
worm, trojan horse, backdoor
M c (malicious code): tp m thc thi t
ch, khng i hi s can thip ca hacker
Cc bc tn cng/thm nhp mng:
1.Hacker thit k m c
2.Hacker gi m c n my ch
3.M c nh cp d liu my ch, gi v cho hacker
4.Hacker tn cng h thng ch
PHN LOI M C
Phn loi m c theo c trng thi hnh:
L thuc ng dng ch (need to host)
Thc thi c lp (stand alone)
Phn loi m c theo c trng hnh vi:
Ngn cm, thay i d liu
Khai thc dch v h thng
CC HNH THC TN CNG
M C
L thuc ng dng ch:
Ca sp (trapdoors)
Bom hn gi (logic bomb)
Virus my tnh (computer virus)
Ni ng nga g (trojan horse)
Thc thi c lp:
Vi khun my tnh (computer bacteria)
Su mng (worm) v rootkit
Backdoor v key logger
Spyware v adware
Companion v link
Germ, constructor v hacktool
CA SP (TRAPDOOR)
Trong qu trnh thit k phn mm, cc lp
trnh vin thng ci cc on chng trnh
(ca) kim tra, sa li, chuyn giao k
thut
V tnh hay c , cc ca ny vn cha
c g b trc khi ng gi pht hnh
Trong qu trnh s dng, nu tha iu
kin, ca s sp v khng ai bit iu g
s xy ra
T k thut kim li trong cng ngh phn
mm, trapdoor bin thi thnh h t thn
ci b mt trong cc phn mm tri ni trn
mng
BOM HN GI (LOGIC
BOMB)
Bomp hn gi: on m t kch hot khi
tha iu kin hn trc (ngy thng, thi
gian)
Trc khi thot khi h thng, hacker
thng ci li bom hn gi nhm xa mi
chng c, du vt thm nhp
K thut bom hn gi cng c virus my
tnh khai thc ph bin: virus Friday,
Chernobyl (24/04), Michelangelo (06/03),
Valentine...
VIRUS MY TNH
(COMPUTER VIRUS)
Virus my tnh: on m thc thi ghp vo
chng trnh ch v ginh quyn iu khin
khi chng trnh ch thc thi
Virus c thit k nhm nhn bn, trnh
n s pht hin, ph hng/thay i d liu,
hin th thng ip hoc lm cho h iu
hnh hot ng sai lch
Cu trc virus: pay-load, vir-code, vir-data
Phn loi virus: F-virus, B-virus, D-virus
FILE VIRUS (F-VIRUS)
Loi virus k sinh (parasitic) vo cc tp tin
thi hnh (com, exe, pif, scr, dll...) trn h
thng ch
ng dng ch (host application) c th b
nhim virus vo u file, gia file hoc cui
file
Khi h thng thi hnh mt ng dng ch
nhim:
Pay-load nm quyn s dng CPU
Vir-code thc thi cc th tc ph hoi, s dng
d liu trong Vir-data
Tr quyn s dng CPU cho ng dng ch
BOOT VIRUS (B-VIRUS)
Boot-virus: loi virus nhim vo mu tin khi
ng (boot record - 512 byte) ca t chc a
Multi-partite: loi virus t hp tnh nng ca
F-virus v B-virus, nhim c file ln boot
sector
a mm c 1
boot record
side 0, track 0,
sector 0
a cng c 1
master boot
record side 0,
track 0, sector
0 v cc
partition boot
record sector
u tin ca
mi phn khu
lun l
DATA VIRUS (D-VIRUS)
nh vo cc tp tin d liu c s dng
macro, data virus t ng thc hin khi tp
d liu nhim c m bi ng dng ch
Cc data virus quen thuc:
Microsoft Word Document: doc macro virus
Microsoft Excel Worksheet: xls macro virus
Microsoft Power Point: ppt macro virus
Adobe Reader: pdf script virus
Visual Basic: vb script virus
Java: java script virus
Startup file: bat virus
NI NG NGA G
(TROJAN HORSE)
Truyn thuyt: cc chin binh Hi Lp np
trong bng nga g, na m lm ni ng
m ca cho qun Hi Lp p vo ph thnh
Troie
Trojan horse: cc ng dng c v hin lnh
nhng bn trong cha cc th tc b mt,
ch thi c xng ra ph hy d liu
Trojan horse l cng c iu khin t xa
c lc, gip hacker gim st my ch
ging nh hn ang ngi trc bn phm
CNG TRUY NHP
Trn mng TCP/IP, cng (port) c t im
cui ni kt gia 2 hay nhiu my tnh
i vi my khch, s hiu cng tiu biu
cho cc ng dng/dch v lin lc vi server
Phn loi cng theo s hiu:
Cc cng ph bin: 0 - 1023
Cc cng c ng k: 1024 - 49151
Cc cng dnh ring: 49152 - 65535
Trojan horse v cng
Mi trojan horse s dng cng trjPort(s)
lm du hiu nhn dng v lin lc vi
hacker
Qut cng (0-65535) trn my ch
thu thp cc thng tin: danh sch cng
chun, dch v s dng, h iu hnh s
dng, cc ng dng ang s dng, tnh
trng an ninh h thng
V d: Nu cng 80 m, my tnh ang connect
vo dch v HTTP
Ts. Trng Minh Nht
Quang - 2011

LIN LC TROJAN-HACKER
Bo co tnh hnh, thng tin h thng cho hacker
Nhn nhim v t hacker thng qua cng trjPort(s)
Cc trojan tiu biu: Back Orifice, NetBus, QAZ...
M C THC THI C LP
Vi khun my tnh (computer bacteria):
To ra nhiu bn sao, thc thi a tin trnh lm tiu hao
ti nguyn, suy gim cng nng h thng
Cc vi khun thng khng gy nguy hi d liu
Su mng (worm):
Tp m lnh khai thc ni kt mng, thng tr trong
b nh my ch, ly nhim v lan truyn t h thng
ny sang h thng khc
Hnh vi ly lan ging virus, worm c th cha m su
con, su i, injector, dropper, intruder
Cch thc lan truyn: email, chat room, Internet, P2P
MT S SU MNG TIU
BIU
Nimda v Code Red (2001) tn cng
Microsofts Internet Information Server (IIS)
Web Server:
Qut mng tm cc my d tn thng, Nimda to
ra ti khon guest vi quyn qun tr trn my nhim
Code Red hy hoi cc website, suy thoi hiu nng h
thng, gy mt n nh do sinh ra nhiu thread v tiu
tn bng thng
SQL Slammer (2003) khai thc trn buffer
trong Microsofts SQL Server v Microsoft
SQL Server Desktop Engine (MSDE), lm
my nhim sinh ra lng d liu lu thng
khng l
MT S SU MNG TIU
BIU
Blaster (2003): khai thc trn buffer trong
Microsoft Distributed Component Object
Model (DCOM), Remote Procedure Call
(RPC) service, gy mt n nh v t ng
boot my
Sasser (2004) khai thc trn buffer trong
Microsofts LSAS service (port 139), lm my
nhim t ng boot li
Zotob (2005) li dng tnh d tn thng
ca dch v Plug-and-play ca Microsoft
Windows lan truyn qua mng
ROOTKIT
Rootkit: b cng c (kit) gip hacker khng
ch h thng mc cao nht (root)
Rootkit c th sa i cc khi c s ca
mt OS nh kernel, cc driver lin lc hoc
thay th cc chng trnh h thng c
dng chung bi cc phin bn rootkit
Mt s rootkit c ci t nh cng c
qun tr my o, sau np OS nn nhn
vo my o khin anti-virus khng th pht
hin n
Hacker s dng rootkit ci t cc
chng trnh iu khin t xa mnh m
BACKDOOR V KEY
LOGGER
Backdoor (ca hu): loi m c c thit
k cho php truy xut h thng t xa
Key logger (thm bo bn phm): ban u
dng gim st tr con s dng mng, v sau
bin thi thnh cng c nh cp mt khu
Trojans, rootkit v cc chng trnh hp
thc (nh key logger) u c th c dng
ci t backdoor
SPYWARE V ADWARE
Spyware (phn mm gin ip): rt a
dng, thng khng gy nguy hi v mt
d liu
Tc hi ca spyware:
R r thng tin c nhn
Tiu th ti nguyn my ch
H thng mt n nh
Spyware ly nhim qua download phn
mm
Adware: spyware qung co
COMPANION V LINK
Companion (ng hnh): to tp thc thi gi
mo chng trnh hp php ang tn ti,
sau la OS chy chng trnh
companion kch hot m c
VD: svohost.exe # svchost.exe
Link (lin kt): cu hnh cho OS tm n lin
kt thay v n chng trnh mong mun
VD: thay cc ng link/shortcut ca Windows
tr n file .exe cha m c trong 1 folder b
mt
GERM, CONSTRUCTOR V
HACKTOOL
Germ (mm c): tp m c gc dng sn
sinh cc bin th m c th cp, s dng
km constructor v/hoc hacktool
Constructor (b kin to): cng c bin dch
mm m c c tp kt b mt my
ch, m thm xy dng lc lng ti ch,
ch thi c ng lot tn cng
Hacktool (cng c c ph): phng tin h
tr constructor xy dng lc lng ti ch,
c ph h thng chun b tn cng
TS. Trng Minh Nht Quang - 2011
Chng 3
Kin thc c s 1
M c v tin trnh 2
Pht hin m c
3
Loi tr m c
4
NI DUNG CHNG 3
TS. Trng Minh Nht
Quang - 2011
KIN THC C S
Cc nh dng thc thi ca h iu hnh
Windows
Tin trnh, c ch thc thi ng dng ca
Windows
TS. Trng Minh Nht
Quang - 2011
CC NH DNG THC THI CA
WINDOWS
Lc s vn :
8/1981, Microsoft pht hnh MSDOS 1.0 (16 bit) s dng 2 nh
dng thi hnh chnh l .com v .exe, h tr .bat thi hnh theo l
11-1985, Windows 1.0 (16 bit) s dng nh dng thi hnh exe mi
(NE-New Execution) v th vin lin kt ng .dll (dynamic link
library)
9-1995, Windows 95 (32 bit) p dng .exe v .dll kh chuyn (PE-
Portable Execution)
Hin nay, Windows 7/Vista c 2 dng sn phm:
Windows 7/Vista 32 bit: nh dng thc thi pe (32 bit)
Windows 7/Vista 64 bit: nh dng thc thi pe+ (64 bit)
TS. Trng Minh Nht
Quang - 2011
CC NH DNG THC
THI
m bo tnh tng thch i ln, cc HH ra sau
lun h tr cc nh dng thi hnh ca cc HH trc
Xt v t chc thi hnh, cc tp .pif, .scr, .cpl, .sys

vn thuc cc nh dng pe-exe hoc pe-dll
Cc tp ng dng m rng application extension (.
dll, .ovl, .cpl, .sys) khng t thi hnh, chng cn cc
ng dng ch - host application (.exe) np vo b nh
thc thi
TS. Trng Minh Nht
Quang - 2011
TIN TRNH (PROCESS)
h tr a chng, my tnh phi c kh nng thc
hin nhiu tc v ng thi
Hn ch phn cng: phn ln cc my tnh ch c 1
CPU nn khng th x l song song trit
Gii php phn mm: chuyn i CPU qua li gia
cc chng trnh nhm duy tr hot ng ca nhiu
ng dng cng lc
M hnh tin trnh: x l song song gi lp
TS. Trng Minh Nht
Quang - 2011
PHN BIT CHNG TRNH,
TIN TRNH
Chng trnh: tp m lnh trong file exe (thc th th ng
lu trn a)
Tin trnh: chng trnh ang x l (thc th hot ng
ang chy trong b nh)
Mi tin trnh s hu 1 con tr lnh, tp thanh ghi, cc bin
v mt s ti nguyn (CPU, RAM, Files, IO...) thc hin
cng vic ca n
Di s iu phi ca HH, CPU c chuyn i qua li
gia cc tin trnh, cc tin trnh c lp lch khi to,
chy, dng, chy tip hoc kt thc
TS. Trng Minh Nht
Quang - 2011
CH X L CA TIN
TRNH
m bo h thng hot ng ng n, HH cn c bo
v khi s xm phm ca cc tin trnh
Bn thn cc tin trnh v d liu cng cn c bo v
trnh cc tin trnh khc xm phm
Gii php: t chc 2 ch x l c quyn (dnh ring cho
HH) v khng c quyn (dnh cho ng dng/user)
Khi tin trnh user pht li gi h thng, HH x l yu cu trong
ch c quyn, sau chuyn kt qu cho tin trnh user
trong ch khng c quyn
Trn cc h thng a ngi dng, Windows chia ch khng
c quyn thnh 2 cp administrator v limited user
TS. Trng Minh Nht
Quang - 2011
PHN CP X L LNH
Ngi s dng
shell, editor
H iu hnh
Hardware
Ch khng c
quyn
Ch c quyn
TS. Trng Minh Nht
Quang - 2011
TO LP TIN TRNH
Tin trnh cha pht li gi h thng to tin trnh con
Nhn yu cu to tin trnh, HH s:
nh danh tin trnh mi
a tin trnh vo danh sch qun l tin trnh
Xc nh u tin ca tin trnh
To PCB Program Control Block cho tin trnh
Cp pht ti nguyn cho tin trnh
Tin trnh con nhn ti nguyn do HH cp pht, hoc/v tha
hng mt phn ti nguyn t tin trnh cha
Sau khi to tin trnh, tin trnh cha tip tc x l cng vi tin
trnh con, hoc ch tin trnh con x l xong x l tip
TS. Trng Minh Nht
Quang - 2011
KT THC TIN TRNH
Sau khi hon tt cng vic, tin trnh pht li gi h thng
yu cu HH kt thc n
Nhn yu cu kt thc tin trnh, HH s:
Thu hi cc ti nguyn h thng cp cho tin trnh
Hy tin trnh khi danh sch tin trnh
Hy PCB ca tin trnh
Khi tin trnh cha kt thc, HH s kt thc cc tin trnh
con ca n
Tip: nu c gi bng hm WinExec (Win16 API), tin
trnh s hot ng cho n khi n t kt thc m khng ph
thuc cha n c kt thc hay khng
TS. Trng Minh Nht
Quang - 2011
TIU TRNH (THREAD)
Tiu trnh l c ch x l cho php nhiu dng x l
trong cng mt tin trnh
Mt tin trnh c th s hu nhiu tiu trnh, mt tiu
trnh c th to nhiu tin trnh con
Cc tiu trnh x l song song v cng chia s khng
gian a ch chung ca tin trnh
Trc khi kt thc, tin trnh phi m bo cc tiu
trnh ca n ngng hot ng
Khi kt thc tin trnh, HH s gii phng cc tiu
trnh ca n, k c cc tiu trnh ang chy
TS. Trng Minh Nht
Quang - 2011
M C V TIN TRNH
Thc th
th ng
com, exe (DOS)
ne-exe, ne-dll (Win16)
pe-exe, pe-dll (Win32)

M c
Chng trnh
hot ng
Tin trnh
Tiu trnh

TS. Trng Minh Nht
Quang - 2011
THC TH TH NG
Phn ln cc m c c nh dng .exe (ne,
pe)
Cc m c .dll khng t chy, n cn host
ca n gi (hoc rundll32.exe ca Windows
gi)
D .exe hay .dll, m c cn kch hot mi
c th hot ng v gy hi
Khi cha hot ng, cc file m c (.exe, .
dll) c th b xa d dng
TS. Trng Minh Nht
Quang - 2011
CHNG TRNH HOT NG
Khi c np vo thi hnh, m c chuyn
t thc th th ng sang tin trnh hot
ng
Do file ch (.exe) ca tin trnh c
Windows bo v: phi kt thc tin trnh
trc khi xo file
Mt s k thut bo v tin trnh ca m
c:
n tin trnh trong danh sch
V hiu cc API KillProcess, TerminateProcess
To cc tin trnh gi mo (companion)
Chy nhiu tin trnh kim sot ln nhau
TS. Trng Minh Nht
Quang - 2011
CC GIAI ON HOT NG
1.Giai on thm nhp:
Thm nhp my ch
Lu vo h thng lu tr
Chun b iu kin kch hot
2.Giai on hot ng:
Kch hot
n nu
Thi hnh nhim v
3.Giai on pht tn:
Cng c, bm tr
Ph hoi, ly lan
TS. Trng Minh Nht
Quang - 2011
THM NHP VO MY CH
Ngun pht tn m c:
Mng Internet: hotlink, email attachment, spam,
embedded webpage
My trung gian: work station, zombie
Thit b lu tr c nhn: usb flash drive, mobile
hdd
Cc hnh thc thm nhp ca m c:
Online: mng >> my (truy cp mng,
download phn mm, share d liu)
Offline: my >> my (sao chp/di chuyn d
liu, trao i thit b lu tr c nhn)
TS. Trng Minh Nht
Quang - 2011
LU VO H THNG LU
TR
Thm nhp online:
Lu system cache: C:\Documents and
Settings\LocalService\Local Settings\Temporary
Internet Files\Content.IE5\...
Lu users folder: C:\Documents and
Settings\<User name>\Documents\My Received
Files
Thm nhp offline:
Lu vo system cache (vd, gii nn file cha
m c)
Lu vo folder ch (do user ch nh trong lc
copy)
TS. Trng Minh Nht
Quang - 2011
CHUN B IU KIN KCH
HOT
Khai thc cc l hng bo mt
Thi hnh m tch cc: ActiveX, Java Script
Thi hnh m macro: VBA macro, Adobe
macro
Khai thc tm l ngi dng
Thi quen thao tc: single click, favorite
folders
T m, hiu k: hot links, hot pictures
Khi to k hoch kch hot
ng k ng dng: registry, auto startup
ng k dch v: service, device driver
TS. Trng Minh Nht
Quang - 2011
GIAI ON HOT NG
Kch hot
Kch hot ngay: do h thng lng lo, user v
tm
Kch hot sau: li dng c ch auto startup
n nu
Ti nh v m c: root, system folder, recycle
bin
Bo v tin trnh: n danh sch, v hiu Task
Manager, thc thi a tin trnh
Thi hnh nhim v
Sc so my ch, nh cp d liu
Gi kt qu cho hacker, n nhn ch th
TS. Trng Minh Nht
Quang - 2011
GIAI ON PHT TN
Cng c, bm tr
V hiu cu hnh h thng: registry editings,
folder settings, task controlings
Ci thin tnh th: di a im n nu sang cc
folder b mt, to ng hnh (companion) gy
nhiu, vt cp ng nhp (limited user>admin)
Ph hoi, ly lan
Khng ch h thng, tt dch v, v hiu anti-
virus, xo d liu
Ly sang cc h thng khc
TS. Trng Minh Nht
Quang - 2011
PHT HIN M C
Nguyn tc chung:
Sm pht hin, d loi tr: pht hin m c
giai on 1 l tt nht
Phn bit ngi ngay, k gian: c qun l tt
danh sch ng dng hp thc mi pht hin
c m c
S dng tr th am hiu: cn trang b cc anti-
virus chuyn nghip, gim st vo-ra thng
xuyn
Cc v tr pht hin m c
Trong vng nh: process list, registry, auto
startup
Trn a: root, fragile folders, personal storage
media
TS. Trng Minh Nht
Quang - 2011
PHT HIN TRONG VNG
NH
Qun l tin trnh:
Task Manager: TaskMgr (c sn trong Windows)
Cng c khc: D32 Task List, Rootkit Unhooker
Qun l auto startup
System Registry: Regedit (c sn trong Windows)
Startup Programs: Start>All Programs>Startup
System Initialization: Windows\win.ini, system.ini
Qun l dch v:
System Config: MsConfig (c sn trong Windows)
System Services: Control Panel>Administrative Tools\Services
TS. Trng Minh Nht
Quang - 2011
PHT HIN TRN T CHC
A
Bc 1 - Kim tra cc ty chn hin th:
Tools> Folder Options > View
Show hidden files and folders
Show extensions for known file types
Show protected operating system files
Bc 2 - Quan st cc khu vc nhy cm:
Root: kim tra cc file exe, com, dll, inf, pif root
System folders: phng cc file thc thi n thuc nhnh C:
\Windows (system32, fonts, dllcache)
Recycle bin: cnh gic cc phn khu c hn 1 folder st rc (usb
khng c st rc)
Bc 3 xc nhn hp thc:
Offline: kim tra bng anti-virus trn my
Online: kim tra trc tuyn trn mng (Jotti, Virus Total)
TS. Trng Minh Nht
Quang - 2011
LOI TR M C
Bc 1 V hiu m c
Ngt (disconnect) lin lc mng
Khi ng trong ch an ton (safe mode)
Kt thc (finish) tin trnh m c, hoc
Dng (stop) dch v m c
Bc 2 Loi b m c
Xa file m c trn a (rename/delete/quarantine)
Xa mc kch hot (registry, auto startup, services)
Bc 3 Ti lp h thng
Loi b rc: empty recycle bin; delete cookies, histories,favorites,
temporary internet files
Khi ng li h thng
TS. Trng Minh Nht
Quang - 2011
LOGO
Chng 4
TS. Trng Minh Nht Quang
Ts. Trng Minh Nht
Quang - 2011
*/28
3/2011
t

v
Chng 4
T
n
h

h
n
h

l
y

n
h
i
m
Cc phn mm h tr
C
c

g
i
i

p
h
p
NI DUNG CHNG 4
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Hin trng s dng cc phng my
Internet:
S lng t 20 n 40 my vi tnh ni mng
cc b
S dng h iu hnh Windows XP v cc
phn mm qun l phng my chuyn dng
Cho php s dng USB flash drive
Khai thc Internet: chat, email, forum,
games online...
Nguy c ly lan virus my tnh - su
mng, nh hng an ton d liu v
an ninh h thng
T VN
t vn | Tnh hnh ly nhim virus | Cc phn mm h tr | Cc gii php
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Bc 1
Nghin cu,
phn tch c
tnh, k thut
ly nhim ca
cc loi virus -
su mng ph
bin hin nay
Bc 2
Kho st mt s
phn mm ph
bin, nghin cu
vn dng trong
cng tc bo v
an ton d liu
cho phng my
Bc 3
xut mt s
gii php phng
chng virus,
m bo an ton
d liu v an
ninh thng tin
cho phng my
PHNG PHP TIP CN
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Trong thi i CNTT, tnh hnh ly nhim
virus my tnh/m c din bin ngy
cng phc tp
Hnh thc pht tn online:
Ngun: Internet (cc trang web c hi), th rc in t (tp
tin nh km)...
ch: t chc lu tr (a) thi hnh (b nh) ca my ch
Hnh thc pht tn offline:
Khi cm USB sch vo my nhim, virus t chp vo USB
Khi cm USB nhim vo my sch, virus s vo thng tr
trong b nh, t sao chp vo a cng v ly vo cc USB
sch khc...
TNH HNH LY NHIM VIRUS
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Cc t chc thi hnh m lnh: .exe, .com, .
pif, .scr, .bat...
Cu trc lu tr: th mc gc (C:\, D:\,...),
th mc h thng ('C:\Windows), st rc (E:
\Recycler)...
Cc t chc qun l thi hnh t ng:
Windows Registry, Windows Startup, System
Service...
Cc trnh iu khin thit b nh bn phm,
chut ( kch hot m c khi ngi dng
chm vo thit b)
CC V TR TR N CA M C
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Cc kch bn ly nhim offline
Kch bn 1 - thay folder h thng bng tp
tin virus:
Chn icon ca virus ging icon folder ca h thng
To cc .exe cha virus c phn tn ging vi tn folder
Che ui .exe: Hide extensions for known file types
t thuc tnh n cho cc folder b gi mo
n cc folder: Do not show hidden files and folders
V hiu cc lnh thit lp thng s h thng
Khi ngi dng m cc folder b gi mo,
tp .exe cha virus s c kch hot v m
li folder thc s cho ngi dng
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Kch bn 2 to c hi thi hnh bng link,
shortcut
Chn/to th mc b mt lu m c
Thay i/hiu chnh/chn/ghp a ch ng
dng m link/shortcut bng a ch tr n
folder cha m c
Thay i hnh thc th hin ca link/shortcut
iu khin/k tha chc nng ca link/shortcut
c
Khi user m link/shortcut (My Documents,
My Favorites, My Pictures) m c s
c kch hot, thc thi nhim v v m li
ng dng iu khin link tht s
Cc kch bn ly nhim
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Kch bn 3 - t thi hnh bng phng
thc autorun:
To tp autorun.inf root cha lin kt thc thi virus:
[Autorun]
Command=Path\VirusFile.exe
Khi to Path (root, system folder, recycler, sub-folder...)
Chp virus vo Path, n nu (ging kch bn 1)
ng k autorun cho cc thit b cm thm
Khi ngi dng cm USB vo my,
phng thc autorun s kch hot tp tin
.exe cha virus
Cc kch bn ly nhim
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
NS
Cc phn mm Net School
DF
Cc phn mm ng bng
VM
Cc phn mm to my o
Cc phn mm h tr
AV
Cc phn mm qut virus
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Chc nng: canh phng virus xm nhp,
bo v an ton d liu, an ninh h thng
Nguyn tc hot ng: nhn dng loi tr
m c da vo tp m c trng cp nht
nh k
K hiu, phn loi s dng:
Home: chc nng ti thiu, dnh cho c nhn v gia nh
Professional: trang b nhiu tnh nng chuyn nghip
SME (Small & Medium Enterprise): dnh cho DN nh v va
Enterprise: dnh cho doanh nghip ln
Nh cung cp:
Sn phm Vit Nam: BKAV, CMC, D32
Sn phm nc ngoi: Avira, Kaspersky, Panda, Norton
Cc phn mm qut virus
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Phn h my trm
Qut kim tra, canh
phng virus xm nhp
Cp nht c s d
liu t my ch
Bo co tnh hnh an
ninh my trm
Qut virus
mng LAN
Phn h my ch
Qut kim tra, canh
phng virus xm nhp
my ch
Qun tr, iu khin
an ninh h thng
Cp nht, ng b
c s d liu h thng
H qut virus mng LAN
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Chc nng: h tr cng tc qun l thc
hnh trn mng cc b
Nguyn tc: hot ng theo m hnh
client-server
Cc phn h chnh:
Teacher: ci trn my ch dnh cho gio
vin
Student: ci trn my trm dnh cho hc
sinh
Cc phn mm tiu biu:
NetOp School
NetSupport School
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Cc hot ng trn my ch
Kim sot hot ng my trm
Qun l cu trc a my trm
Phn phi d liu cho my trm
Thu hi d liu t my trm
Yu cu my trm thc thi lnh
Phn h
Teacher
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Theo di th hin ca virus, quan st mn hnh my trm, lu
cc ca s bt ln, cc cnh bo an ninh...
Nm bt tnh hnh ly nhim, kho st cu trc a my trm, ch
cc tp tin thc thi (.exe, .scr, .pif, .com) l th mc h thng
v th mc gc cc a my trm
Thu nhn cc tp thc thi nghi ng m c t my trm v my
ch kho st
Phn phi tp kch bn dit tr su mng cho cc my trm
Thc thi tp kch bn dit tr virus cho cc my trm
Khi ng li my trm sau khi chy tp kch bn ti lp tnh
trng ban u cho h thng
Kim sot an ninh mng t my ch
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Chc nng: khi phc h thng v trng
thi ban u sau khi my tnh khi ng li
Nguyn tc hot ng: System Restore,
Check Point
u im: bo v h thng, loi tr virus
my tnh
Nhc im:
Khng bo ton d liu ngi dng
Chim dng ti nguyn, lm chm my
H thng km linh hot
Cc phn mm tiu biu:
DF (Deep Freeze) ca Faronics
GoBack ca Symantec
Cc phn mm ng bng
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
My o (VM-Virtual Machine) l mi trng
phn mm cho php nhiu h iu hnh v
ng dng cng hot ng trn mt my tnh
u im: d liu my tht lun c bo
ton
Nhc im:
Ch thch hp cho my c cu hnh mnh
Cc ng dng ln hot ng khng tt nh khi ci trn my tht
Tim n nguy c virus ly lan qua c ch giao tip d liu gia
my o v my tht ( a chia s, th mc chia s)
Cc phn mm tiu biu:
Virtual Box: Sun Microsystems
Virtual PC: Microsoft
VMware: VMware Inc.
Cc phn mm my o
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Quy c chia a cng thnh 2 phn khu:
Phn khu C lu h iu hnh v cc ng dng
Phn khu D lu d liu ngi dng
Ci t h iu hnh my ch, my trm
Thit lp chnh sch lin lc mng, cp
quyn s dng...
Ci t cc phn h Net School (Teacher,
Student)
To cc folder C:\Autorun.inf v D:\Autorun.
inf
Ci anti-virus chy thng trc trn tt c
cc my
Chun b h thng
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Cc gii php an ton d liu
Phi hp DF v VM
Gii php my o VM
Gii php ng bng DF
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
i vi my trm:
Bin tp kch bn C:\Autorun.inf\DelFiles.
bat:
Attrib r s h +a D:\*.* /s /d
Del D:\*.* /s /q
ng bng C bng DF
i vi my ch:
S dng module Teacher theo di an ninh
my trm
Khi ng my trm, chy kch bn DelFiles
dit virus cho my trm
Gii php 1: ng bng (DF)
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
u im:
n gin, d ci t
Phn khu h thng lun c bo ton
m bo loi tr trit virus my tnh
Thch hp cho my tnh cu hnh trung bnh
Nhc im:
Khng bo ton d liu ngi dng khi my
treo hoc mt in
Khi cn ci t thm phn mm, phi g
ng bng
Phn tch gii php 1
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
i vi my trm:
To ti khon ngi dng hn ch, login
trc tip
Ci my o, h iu hnh, cc phn mm
vo my o
Lu snapshot my o d phng
Lp chnh sch chia s d liu D
Ngi dng thao tc trn my o, lu d
liu vo chia s
Bin tp, lu kch bn DelFiles.bat (xem gii
php 1)
i vi my ch: ging gii php 1
Gii php 2: my o (VM)
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
u im:
Khc phc ri ro mt d liu ngi dng ca
gii php 1
Ch cn ci t ng dng trn my o cho 1
my ri cp nht snapshot cho c mng
Nhc im:
Ch thch hp cho cc ng dng khng cn
cu hnh my mnh
Tim n nguy c virus lu tr folder ngi
dng ca h iu hnh my tht
Phn tch gii php 2
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
i vi my trm:
Ci t my o, ci h iu hnh v ng dng
cho my o
Thit lp cu hnh my o t snapshot v
virtual disk image trn D
ng bng C bng DF
i vi my ch: thc hin ging gii php
1 v 2
Gii php 3: phi hp DF v VM
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
u im:
Khc phc ri ro mt d liu tm ca gii
php 1.
Khc phc nguy c virus tim n trong phn
khu h thng ca gii php 2
Ci t b sung phn mm d dng
Nhc im:
Yu cu cu hnh my mnh (CPU P4, RAM
1GB, HDD 80GB)
Khng thch hp cho cc phn mm i hi
phn cng (b iu hp video, b nh,
khng gian lu tr)
Phn tch gii php 3
Ts. Trng Minh Nht
Quang 3/2011

LOGO
Ts. Trng Minh Nht
Quang - 2011
LOGO
HI THO NG DNG CNTT TRONG QUN L V GING DY
NGNH GIO DC TP CN TH NM 2010-2011
tmnquang@dhtcct.edu.vn
Ths. Nguyn Hong Thun
hoangthuan1610@dhtcct.edu.vn
Trung tm HTC Cn Th
256 Nguyn Vn C, Cn Th
Cn Th, 3-2011
Ts. Trng Minh Nht
Quang - 2011
*/28
3/2011
NI DUNG TRNH BY
Gii thiu
Tnh hnh ly nhim virus
Cc phn mm h tr
Kt lun
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Hin nay cc c s gio dc u trang b
cc phng my thc hnh tin hc:
S lng t 20 n 40 my vi tnh ni mng
cc b
S dng h iu hnh Windows XP v cc
phn mm qun l phng my chuyn dng
Cho php hc sinh s dng USB flash drive
Mt s phng my c ni kt Internet
Nguy c ly lan virus my tnh - su
mng, nh hng an ton d liu v
an ninh h thng
HIN TRNG
Gii thiu | Tnh hnh ly nhim virus | Cc phn mm h tr | Cc gii php | Kt lun
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Bc 1
Nghin cu,
phn tch c
tnh, k thut
ly nhim ca
cc loi virus -
su mng ph
bin hin nay
Bc 2
Kho st mt s
phn mm ph
bin, nghin cu
vn dng trong
cng tc bo v
an ton d liu
cho phng my
Bc 3
xut mt s
gii php phng
chng virus,
m bo an ton
d liu v an
ninh thng tin
cho phng my
PHNG PHP TIP CN
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Virus my tnh l cc m lnh/tp thc thi
c kh nng lan truyn trong h thng
thng tin
Hnh thc pht tn online:
Ngun: Internet (cc trang web c hi), th rc in t (tp
tin nh km)...
ch: t chc lu tr (a) thi hnh (b nh) ca my ch
Hnh thc pht tn offline:
Khi cm USB sch vo my nhim, virus t chp vo USB
Khi cm USB nhim vo my sch, virus s vo thng tr
trong b nh, t sao chp vo a cng v ly vo cc USB
sch khc...
TNH HNH LY NHIM VIRUS
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Cc t chc thi hnh m lnh: .exe, .com, .
pif, .scr, .bat...
Cu trc lu tr: th mc gc (C:\, D:\,...),
th mc h thng ('C:\Windows), st rc (E:
\Recycler)...
Cc t chc qun l thi hnh t ng:
Windows Registry, Windows Startup, System
Service...
Cc trnh iu khin thit b nh bn phm,
chut c kch hot khi ngi dng
chm vo thit b
CC V TR TR N TRN MY CH
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Cc kch bn ly nhim
Kch bn 1 - thay folder h thng bng tp
tin virus:
Chn icon ca virus ging icon folder ca h thng
To cc .exe cha virus c phn tn ging vi tn folder
Che ui .exe: Hide extensions for known file types
t thuc tnh n cho cc folder b gi mo
n cc folder: Do not show hidden files and folders
V hiu cc lnh thit lp thng s h thng
Khi ngi dng m cc folder b gi mo,
tp .exe cha virus s c kch hot v m
li folder thc s cho ngi dng
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Kch bn 2 - t thi hnh bng phng
thc autorun:
To tp autorun.inf root cha lin kt thc thi virus:
[Autorun]
Command=Path\VirusFile.exe
Khi to Path (root, system folder, recycler, sub-folder...)
Chp virus vo Path, n nu (ging kch bn 1)
ng k autorun cho cc thit b cm thm
Khi ngi dng cm USB vo my,
phng thc autorun s kch hot tp tin
.exe cha virus
Cc kch bn ly nhim
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
NS
DF
Cc phn mm ng bng
VM
Cc phn mm to my o
Cc phn mm h tr
AV
Cc phn mm qut virus
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Chc nng: canh phng virus xm nhp,
bo v an ton d liu, an ninh h thng
Nguyn tc hot ng: nhn dng loi tr
m c da vo tp m c trng cp nht
nh k
K hiu, phn loi s dng:
Home: chc nng ti thiu, dnh cho c nhn v gia nh
Professional: trang b nhiu tnh nng chuyn nghip
SME (Small & Medium Enterprise): dnh cho DN nh v va
Enterprise: dnh cho doanh nghip ln
Nh cung cp:
Sn phm Vit Nam: BKAV, CMC, D32
Sn phm nc ngoi: Avira, Kaspersky, Panda, Norton
Cc phn mm qut virus
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Phn h my trm
Qut kim tra, canh
phng virus xm nhp
Cp nht c s d
liu t my ch
Bo co tnh hnh an
ninh my trm
Qut virus
mng LAN
Phn h my ch
Qut kim tra, canh
phng virus xm nhp
my ch
Qun tr, iu khin
an ninh h thng
Cp nht, ng b
c s d liu h thng
H qut virus mng LAN
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Chc nng: h tr cng tc ging dy l
thuyt, hng dn thc hnh trn mng
cc b
Nguyn tc: hot ng theo m hnh
client-server
Cc phn h chnh:
Teacher: ci trn my ch dnh cho gio
vin
Student: ci trn my trm dnh cho hc
sinh
Cc phn mm tiu biu:
NetOp School
NetSupport School
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Cc hot ng trn my ch
Kim sot hot ng my trm
Qun l cu trc a my trm
Phn phi d liu cho my trm
Thu hi d liu t my trm
Yu cu my trm thc thi lnh
Phn h
Teacher
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Theo di th hin ca virus, quan st mn hnh my trm, lu
cc ca s bt ln, cc cnh bo an ninh...
Nm bt tnh hnh ly nhim, kho st cu trc a my trm, ch
cc tp tin thc thi (.exe, .scr, .pif, .com) l th mc h thng
v th mc gc cc a my trm
Thu nhn cc tp thc thi nghi ng m c t my trm v my
ch kho st
Phn phi tp kch bn dit tr su mng cho cc my trm
Thc thi tp kch bn dit tr virus cho cc my trm
Khi ng li my trm sau khi chy tp kch bn ti lp tnh
trng ban u cho h thng
Kim sot an ninh mng t my ch
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Chc nng: khi phc h thng v trng
thi ban u sau khi my tnh khi ng li
Nguyn tc hot ng: System Restore,
Check Point
u im: bo v h thng, loi tr virus
my tnh
Nhc im:
Khng bo ton d liu ngi dng
Chim dng ti nguyn, lm chm my
H thng km linh hot
Cc phn mm tiu biu:
DF (Deep Freeze) ca Faronics
GoBack ca Symantec
Cc phn mm ng bng
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
My o (VM-Virtual Machine) l mi trng
phn mm cho php nhiu h iu hnh v
ng dng cng hot ng trn mt my tnh
u im: d liu my tht lun c bo
ton
Nhc im:
Ch thch hp cho my c cu hnh mnh
Cc ng dng ln hot ng khng tt nh khi ci trn my tht
Tim n nguy c virus ly lan qua c ch giao tip d liu gia
my o v my tht ( a chia s, th mc chia s)
Cc phn mm tiu biu:
Virtual Box: Sun Microsystems
Virtual PC: Microsoft
VMware: VMware Inc.
Cc phn mm my o
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Quy c chia a cng thnh 2 phn khu:
Phn khu C lu h iu hnh v cc ng dng
Phn khu D lu d liu ngi dng
Ci t h iu hnh my ch, my trm
Thit lp chnh sch lin lc mng, cp
quyn s dng...
Ci t cc phn h Net School (Teacher,
Student)
To cc folder C:\Autorun.inf v D:\Autorun.
inf
Ci anti-virus chy thng trc trn tt c
cc my
Chun b h thng
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Phi hp DF v VM
Gii php my o VM
Gii php ng bng DF
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
i vi my trm:
Bin tp kch bn C:\Autorun.inf\DelFiles.
bat:
Attrib r s h +a D:\*.* /s /d
Del D:\*.* /s /q
ng bng C bng DF
i vi my ch:
S dng module Teacher theo di an ninh
my trm
Khi ng my trm, chy kch bn DelFiles
dit virus cho my trm
Gii php 1: ng bng (DF)
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
u im:
n gin, d ci t
Phn khu h thng lun c bo ton
m bo loi tr trit virus my tnh
Thch hp cho my tnh cu hnh trung bnh
Nhc im:
Khng bo ton d liu ngi dng khi my
treo hoc mt in
Khi cn ci t thm phn mm, phi g
ng bng
Phn tch gii php 1
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
i vi my trm:
To ti khon ngi dng hn ch, login
trc tip
Ci my o, h iu hnh v cc phn mm
thc hnh vo my o
Lu snapshot my o d phng
Lp chnh sch chia s d liu D
Hng dn hc sinh thc hnh trn my o,
lu d liu vo chia s
Bin tp, lu kch bn DelFiles.bat (xem gii
php 1)
i vi my ch: ging gii php 1
Gii php 2: my o (VM)
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
u im:
Khc phc ri ro mt d liu ngi dng ca
gii php 1
Ch cn ci t ng dng trn my o cho 1
my ri cp nht snapshot cho c mng
Nhc im:
Ch thch hp cho cc phn mm thc hnh
khng i hi cu hnh mnh
Tim n nguy c virus lu tr folder ngi
dng ca h iu hnh my tht
Phn tch gii php 2
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
i vi my trm:
Ci t my o, ci h iu hnh v ng dng
cho my o
Thit lp cu hnh my o t snapshot v
virtual disk image trn D
ng bng C bng DF
i vi my ch: thc hin ging gii php
1 v 2
Gii php 3: phi hp DF v VM
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
u im:
Khc phc ri ro mt d liu tm ca gii
php 1.
Khc phc nguy c virus tim n trong phn
khu h thng ca gii php 2
Ci t b sung phn mm d dng
Nhc im:
Yu cu cu hnh my mnh (CPU P4, RAM
1GB, HDD 80GB)
Khng thch hp cho cc phn mm i hi
phn cng (b iu hp video, b nh,
khng gian lu tr)
Phn tch gii php 3
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
Nghin cu c im ly lan ca cc loi
virus ph bin, phn tch chc nng ca
cc phn mm chuyn dng, tham lun
xut 3 gii php m bo an ton d liu
cho cc phng my thc hnh: gii php
ng bng, gii php my o v gii php
phi hp
Tu tnh hnh s dng (cu hnh my, h
tng mng, quy m thc hnh...), cc c
s o to c th la chn gii php thch
hp trin khai cho phng my ca n
v mnh
Kt lun
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
[1]Avira Anti-virus. http://www.free-av.com
[2]BKAV. http://www.bkav.com.vn/default.
aspx
[3]CMC Anti-virus. http://www3.
cmcinfosec.com
[4]D32 Anti-virus. http://www.d32av.vn
[5] Faronics Corporation. http://www.
faronics.com/html/company.asp
[6]Joseph Rabaiotti. Counter Intrusion
Software. PhD. Thesis, Computer Science,
Cardiff University, 2007.
[7]Kaspersky Anti-virus. http://www.
kaspersky.com
[8]NetOp School. http://www.netop.
com/products/education/school.htm
Ti liu tham kho
Ts. Trng Minh Nht
Quang 3/2011

*/28
3/2011
[9] NetSupport School. http://www.netsupportschool.com
[10] Symantec Corp. http://www.symantec.com/index.jsp
[11] The National Academy of Engineering Committee on
Engineering's Grand Challenges. http://www.engineeringchallenges.
org
[12] Trng Minh Nht Quang. Tip cn my hc v h
chuyn gia nhn dng, pht hin virus my tnh. Lun n tin s.
H KHTN TP. HCM. 2009
[13] VeriSign Authentication Services. http://www.verisign.
com
[14] Virtual Box. http://www.virtualbox.org
[15] Virtual PC. http://www.microsoft.com/windows/virtual-pc
[16] VMware Inc. http://www.vmware.com
Ti liu tham kho
Ts. Trng Minh Nht
Quang 3/2011

LOGO
Trung tm HTC Cn Th
256 Nguyn Vn C, Cn Th
Ts. Trng Minh Nht
Quang - 2011

Chuyende Virus

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Chuyende Virus

Uploaded by

Copyright:

Available Formats

Virus my tnh v gii php an

Xt v t chc thi hnh, cc tp .pif, .scr, .cpl, .sys

You might also like