FPT Bao Mat

Chng 6
Bo mt
Mc tiu bi hc
Bit to ti khon vi nhng quyn khc nhau
Qun l c ti khon ngi dng
Thit lp c tng la ngn chn nhng kt ni ngoi
mun
Thit lp ch t ng update ca Windows
Bit cc ch bo mt ca mng khng dy v cu hnh
c trn access point.
2 Slide 6 - Bo mt
Quyn ngi dng
Mt my tnh c th c nhiu ngi dng, trnh vic ngi
dng ny lm tht lc hoc thay i d liu ca ngi kia, ta
c th phn quyn thng qua to ti khon ngi dng.
Bn phi ng nhp vi quyn administrator mi c quyn
thc hin chc nng ny
Trn Windows XP, Vista, Windows7 c hai loi ti khon
3
Ti khon ngha
Administrator Qun tr vin Ton quyn
Standard user/Limited User - Gii hn quyn
Slide 6 - Bo mt
To Account phn quyn truy cp
Vi ti khon dng Administrator, bn c ton quyn s dng tt
c cc ti nguyn c trn my, bao gm c ti nguyn ca account
dng administrator khc.
Vi ti khon User (Limited/ Standard) bn ch c ton quyn
trn nhng ti nguyn do bn to ra, cn li nhng ti nguyn khc
c trn my, bn ch c quyn c (read).
to account mi, vo Control Panel chn chn Add or remove
user accounts trong mc User Accounts and Family Safety. Chn
Create a new account. t tn cho account cn to, chn kiu ti
khon (ton quyn/gii hn quyn) bng la chn Administrator
hoc Standard user/Limited, cui cng bm chn Create Account
to
Sau khi to xong ti khon, bn cng c th thit lp mt khu cho
ti khon va to bng cch chn tn ti khon v chn mc Create
a password
44 Slide 6 - Bo mt
To Account phn quyn truy cp
55 Slide 6 - Bo mt
Ngun ca xm nhp mng
Cc mi e da an ton xut pht t bn trong v bn ngoi.
e da t bn ngoi: Cc mi e da bn ngoi xut pht
t cc c nhn lm vic bn ngoi t chc. H khng c
quyn truy cp ti h thng my tnh hoc mng. Tn cng
qua Internet, Wireless hoc Dialup Access Server.
Cc e da t bn trong: xy ra khi mt ngi c quyn
truy cp ti mng qua ti khon hoc truy cp vt l ti cc
thit b mng. bit chnh sch, ngi, bit thng tin no l c
gi tr , cch ly n.
66 Slide 6 - Bo mt
Virus, Worm v Trojan Horses
Chng c th ph hng h thng, ph hy d liu, cmtruy
cp mng, h thng hoc cc dch v. Chng cng c th
chuyn tip d liu v thng tin c nhn chi tit t cc nn
nhn n cc k ti phm. Chng c th pht tn ti cc my
khc kt ni qua mng.
77 Slide 6 - Bo mt
Virus
Virus l 1 chng trnh m chy v phn tn bng cch sa
cc chng trnh hoc cc file khc.
Virus cn c kch hot. Khi kch hot chng nhn bn v
phn tn.
Virus n gin c th nhanh chng s dng b nh v lm
cho h thng dng hot ng.
Loi virus nguy himc th c lp trnh xa hoc lm
hng cc file trc khi chng pht tn.
Virus c th c truyn qua cc file attach, cc file c
download, IMhoc qua CD, USB.
88 Slide 6 - Bo mt
Worm
Worm tng t nh virus, nhng chng khng nh virus
khng cn t n cha mt chng trnh.
Worms dng mng gi v copy n n bt k my no
c kt ni.
Wormc th chy c lp v phn tn nhanh. Chng khng
cn yu cu kch hot hoc tc ng ca con ngi.
T ng phn tn cc Wormc tc ng ln hn virus n v
c th nh hng phn ln ca Internet nhanh chng.
99 Slide 6 - Bo mt
Trojan Horses
A Trojan Horses l mt chng trnh khng t ng ti to v
c vit ging nh mt chng trnh hp php, trong thc
t n s dng mt tool tn cng.
Trojan da vo giao din ca n nh la nn nhn
khi to chng trnh.
N c th v hi hoc cha cc m ngun c th ph hy ni
dung ca a cng my tnh.
Trojan c th to backdoor vo h thng cho php hackers
dnh quyn truy cp.
10 10 Slide 6 - Bo mt
Tn cng t chi dch v DoS
(Denial of Service)
DoS l tn cng cng kch vo mt my tnh hoc 1 nhm
my tnh c th vi mc ch l cm cc dch v n cc
ngi dng ang ch. DoS tn cng c th ch l h thng
ngi dng u cui, cc server, router v cc lin kt mng.
Thng thng, DoS tn cng tm :
Lm trn ngp mt h thng hoc mt mng vi cc gi tin ngn
cn cc lu lng mng ca lung.
Ph v kt ni gia client v server ngn chn truy cp cc dch v.
11
C 2 loi tn cng DoS l:
SYN (synchronous) Flooding
Ping of death
11 Slide 6 - Bo mt
Distributed Denial of Service (DDoS)
DDoS phc tp v nguy c ph hi hn DoS. N c thit k
tn cng tp trung v lmtrn ngp lin kt mng.
DDoS hot ng phmvi ln hn so vi DoS. Thng thng
hng trmhoc hng nghn imtn cng c gng tn cng
ch ng thi.
Cc imtn cng ny c th l cc my tnh khng b tnh
nghi m b ly nhimm c DDoS.
Spyware
Spyware l bt c chng trnh m thu nhn thng tin t my
ca bn khng cn s cho php v kin thc ca bn. Thng
tin ny c gi ti nh qung co hoc n ngi khc trn
Internet v c th bao gmmt khu v s ti khon.
Spyware thng thng c ci khi bn download 1 file, ci
t mt chng trnh khc hoc click vo popup. N c th
lm chm my tnh v thay i cc thit lp bn trong vic
ny to ra kh nng d b tn cng cho cc mi him ha
khc.
Chnh sch an ninh
h thng mng m bo an ninh phi s dng t hp
nhiu bin php:
Cp nht v v li cc phn mm.
S dng tng la (Firewall)
Phn mm qut virus.
Phn mm qut Spyware.
Ngn nga Spam /Pop-up
Cp nht bn v li & update
Mt trong cc phng php ph bin m hacker s dng truy
cp n my tnh hoc mng l qua l hng ca phn mm.
Quan trng gi cc phn mm ng dng theo kp cc bn v li
bo mt v cp nht gip ngn cn him ha.
Patch l mt on code m sa li c th no .
Phn mm Anti-virus
Phn mm Anti-Virus c th c s dng nh c hai tool
ngn nga v tool phn ng li virus. N ngn cn s ly
nhim v pht hin, v loi b, virus, worms v Trojan
Horses.
Cc c imbn trong phn mmAnti-Virus l:
Kimtra Email: Qut cng vo v cng ra email, pht hin cc file kmvirus.
Qut thng tr ng (Resident dynamic scanning): Kimtra cc file thi hnh v
cc ti liu khi chng c truy cp.
Lp lch qut: C th lp lch chy mt thi imv kimtra cc a cng
hay ton my tnh.
T ng cp nht: Kimtra, download v bit cc mu virus.
Phn mm Anti-Spyware
Phn mm gin ip v phn mm qung co cng c th
gy ra triu chng nh l virus.
Thm vo chng thu thp cc thng tin khng c
quyn, Chng c th s dng cc ti nguyn quan trng ca
my tnh v nh hng n hiu nng h thng.
Phn mmAnti-Spyware pht hin v xa cc ng dng gin
ip, cng nh ngn cn vic ci t xy ra trong tng lai.
Nhiu phn mm cng pht hin v xa cookies v adware.
Vi gi Anti-virus bao gmchc nng anti-spyware.
S dng tng la (Firewall)
bo v cc my tnh c nhn v cc Server gn vi mng, quan
trng kimsot cc gi tin n v ra khi mng.
Tng la l mt phng php bo mt hiu qu nht cho vic bo
v mng bn trong t cc mi nguy hi t bn ngoi. Tng la
kimsot cc gi tin gia cc mng nh l gip ngn cn truy cp
bt hp php. Cc sn phmtng la s dng rt nhiu k thut
khc nhau cho vic quyt nh ci g l c php hoc b cmtruy
cp n mng.
Lc gi tin (Packet Filtering): Ngn chn hoc cho php truy cp da trn i ch
IP hoc a ch MAC.
Lc ng dng (Application Filtering): Ngn chn hoc cho php truy cp cc ng
dng c th da vo s hiu cng (Port Number).
Lc URL (URL Filtering): Ngn chn hoc cho php truy cp Website da vo
URL c th hoc t kha
Stateful Packet Inspection - SPI: Cc gi tin n phi c tr li hp l ti cc
yu cu t cc host bn trong. Cc gi tin khng yu cu b kha ngoi tr cho
php c bit. SPI nhn dng v loi b tn cng nh DoS.
S dng tng la
Appliance-based firewalls: L tng la c xy dng ti 1
thit b chuyn nghip nh l thit b an ninh.
Server-based firewalls: bao gm tng la ng dng m chy
trn h iu hnh mng nh l UNIX, Windows hoc Novell.
Integrated Firewalls c ci t bng cch thm cc chc
nng tng la n cc thit b ang tn ti nh l router.
Personal firewalls: Nmtrn cc my tnh v khng c thit k
cho LAN. Chng c th sn c mc nh t h iu hnh hoc c
th ci t t cc hang khc.
S dng tng la
Bng cch t tng la gia mng bn trong (intranet) v Internet
nh l thit b bin, tt c cc gi tin n v t Internet c th b
gimst v iu khin.
iu ny to nn mt ng phng th gia mng bn trong v
mng bn ngoi.
Tuy nhin c th c mt vi khch hng bn ngoi yu cu truy cp
cc ti nguyn bn trong.
S dng tng la
Thut ng DMZ (khu vc qun s) c mn t qun s.
DMZ c thit k khu vc gia hai quyn hn cc hot
ng ca qun s l khng c php.
Trong mng my tnh, DMZthamchiu ti mt khu vc mng
m n c th c truy cp ti c hai ngi dng bn trong
v ngi dng bn ngoi.
N an ton hn mng bn ngoi nhng khng an ton nh
mng bn trong.
N c to bi mt hoc nhiu tng la phn tch bn
trong, DMZv cc mng bn ngoi.
Cc Web server cho truy cp public thng xuyn t ti
DMZ.
Cu hnh mt tng la
Mt tng la n c 3 khu vc, mt cho mng bn ngoi,
mt cho mng bn trong v DMZ.
Tt c cc gi tin c gi t mng bn ngoi n Firewall.
FW c yu cu gim st gi tin v quyt nh xem
nhng gi tin no c chuyn ti DMZ, gi tin no c
chuyn ti mng bn trong, gi tin no b t chi hon ton.
Cu hnh hai tng la
Trong cu hnh hai tng la, c mt tng la bn trong v
c tng la bn ngoi vi DMZt gia chng.
Tng la bn ngoi l t hn ch v cho php cc ngi
dng Internet truy cp cc dch v ti DMZ nh l cho php
gi tin m bt c ngi dng bn trong yu cu chuyn qua.
Tng la bn trong hn ch v bo v mng bn trong tt
hn t cc truy cp tri php.
Thch hp hn cho mng ln, phc tp iu khin nhiu gi
tin hn.
Phn tch im yu h thng mng
C rt nhiu cng c phn tch imyu cho my v an ninh
mng. l cc phn mmqut an ton, v c th gip ta
xc nh khu vc m c th xy ra tn cng v cung cp cc
hng dn.
Mt s c trng:
S my trn mng.
Cc dch v mng ang cung cp.
H iu hnh v phin bn ca host.
Lc cc gi tin v tng la c s dng.
Tng la c nhn Windows
Tng la l mt chc nng ngn chn nhng truy nhp tri
php vo h thng my tnh ca bn thng qua vic lc b
nhng a ch khng hp l. Tng la thng c t ti
cng ra vo gia hai h thng mng nh t mng LAN ny ti
mng LAN khc hoc t my tnh ti Internet.
thit lp tng la vo Start g firewall trong tm kim,
bn s thy kt qu hin th cc mc lin quan n firewall,
chn mc Windows Firewall, trong ca s firewall chn mc
Turn Windows Firewall on or off v chn Turn on
Tng la c nhn Windows
Tng la
Ngoi chc nng c sn ca Windows, bn c th s dng
cc phn mmkhc c chc nng firewall hoc nhng thit b
phn cng c chc nng firewall nh b Access Point pht
sng khng dy
Ngoi ra bn c th thit lp mt mng ring o (Virtual
Private Network) trao i d liu an ton hn
Bo mt mng khng dy
thit lp bo mt cho mng khng dy, bn phi ng
nhp vo thit b v cu hnh vi nhng ch sau:
28
Ch ngha
WEP Kha c nh, di m ha 64, 128,
152 bit
WPA/WPA-PSK M ha cao hn WEP, kha thay i
dng cho doanh nghip hoc gia nh
WPA2/WPA2-PSK S dng chun m ha cao cp hn
WPA, kha thay i c th dng cho
doanh nghip hoc gia nh
Mixed WPA2/WPA Dng cho doanh nghip, c hai ch
Mixed WPA2/WPA-PSK Dng cho gia nh, c hai ch
28 Slide 6 - Bo mt
Bo mt mng khng dy
ch WEP, bn phi nhp mt khu vi di tng ng
5 k t hoc 10 s cho m ha 64 bit
cc ch khc, di mt khu l khng bt buc
29
29 Slide 6 - Bo mt
a ch MAC
Mi thit b in t c mt a ch duy nht phn bit gi
l a ch MAC. Trong b Access point thng h tr cho
php/chn a ch MAC ca thit b ng nhp vo h thng.
Bn c th s dng chc nng ny chn nhng thit b
khng mong mun bng chc nng MAC Filter.
30
30 Slide 6 - Bo mt
Tng kt Cu hi
Mc ch ca vic to ti khon ngi dng vi nhng quyn
khc nhau?
Ti sao phi dng tng la? Nhng h thng no c h tr
tng la? Bn bit g v phn mm Zone Alarm?
Ti sao thng xuyn update h iu hnh l mt vic nn
lm?
Bo mt sng Wi-Fi c nhng kiu m ha no? Hin nay kiu
m ha no l an ton nht? Ti sao?
Phn bit kiu m ha s dng chc nng RADIUS v chc
nng PSK (Pre-Shared Key)?
Slide 6 - Bo mt 31

FPT Bao Mat

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FPT Bao Mat

Uploaded by

Copyright:

Available Formats

Chng 6

You might also like