Linh HHHH

Bi 1:
GII THIU V BO MT
Mc tiu bi hc
M t nhng thch thc ca vic bo mt thng tin
nh ngha bo mt thng tin v gii thch c l do
khin bo mt thng tin tr nn quan trng
Nhn din cc dng tn cng ph bin hin nay
Lit k cc bc c bn ca mt cuc tn cng
M t nm nguyn tc phng th c bn
Bi 1 - Gii thiu v bo mt
Nhng th thch
i vi bo mt thng tin
Nhngs liu ni bt v bo mt trn th gii trong th
k 21
Bo mt c nhn
Bo mt thng tin
Bo mt thng tin
Khng c gii php n gin
Nhiu dng tn cng khc nhau
Vic phng th chng li cc cuc tn cng thng kh
khn
Cc cuc tn cng hin nay

Sc mnh tnh ton ngy cng c nng cao
Gip cho vic ph mt khu d dng
Nhng l hng phn mm thng khng c v

Cc in thoi thng minh tr thnh mc tiu tn cng
mi
Cc cuc tn cng
vo bo mt hin nay (tip tc)
Cc v d v nhng cuc tn cng gn y
Phn mm dit virus gi mo
c qung co bi nhng k ly trm th tn dng
Cc v tn cng ngn hng trc tuyn

Cuc tranh lun Hi ngh v Tin tc
V la o l ph tinh vi mang s hiu 419 Nigeria
Mt kiu la o qua Internet hng u
nh cp danh tnh nh s dng Firesheep

Phn mm c hi
Cc thit b USB b ly nhim
Cc v nh cp thng tin in hnh

trong vng mt thng
T chc
M t cch thng tin b nh cp
Seacoast
Radiology, NH
Thng tin c nhn b tit l bi mt v vi

phm bo mt
DeviantART,
Silverpop Systems
Inc., CA
Nhng k tn cng tit l thng tin ca 13.000.000

ton b ngi dng trong c s d liu.
Trng i hc
tng hp bang
Ohio, OH
Mt s c nhn ng nhp tri php v truy

cp thng tin v sinh vin v cc thnh vin
ca trng.
750.000
Gawker, NY
K tn cng truy cp vo c s d liu, ly

c mt khu + e-mail ca ngi dng v
nhn vin.
1.300.000
SL danh
tnh b l
231.400
Nhng kh khn trong vic

phng th chng li cc v tn cng
Cc thit b kt ni ton cu
S gia tng tc ca cc v tn cng
Cc cuc tn cng ngy cng tinh vi hn
Cc cng c tn cng ngy cng n gin v sn dng
Cc l hng c pht hin nhanh hn
V li chm
Vic cung cp cc bn v cn yu km
Cc v tn cng phn tn
Ngi dng b bi ri
Bo mt thng tin l g?
Trc khi c th phng th, bn cn hiu:
Bo mt thng tin l g?
Ti sao n quan trng?
Nhng k tn cng l ai?
nh ngha bo mt thng tin

Bo mt (security)
Cc bc bo v ngi hoc ti sn khi mi nguy hi
Mi nguy hi c th do ch hoc v
Phi hy sinh s tin li i ly s an ton
Bo mt thng tin (information security)

Bo v cc thng tin dng s ha:
Thng tin cung cp gi tr cho con ngi v cho t chc

(tip)
Ba hnh thc bo mt thng tin: thng gi l CIA
S cn mt (Confidentiality)
Ch nhng c nhn c php mi c th truy cp thng tin
S ton vn (Integrity)
m bo thng tin chnh xc v khng b thay i
S sn sng (Availability)
Nhng ngi c quyn u c th truy cp c thng tin
10

(tip)
Cc bin php cn thc hin bo mt thng tin
S xc thc (authentication)
m bo mt c nhn ng nh nhng g h khai bo
S y quyn (authorization)
Cp php truy cp thng tin
Ghi chp (accounting)

Cung cp kh nng theo di cc s kin
11
Hnh 1-3 Cc thnh phn bo mt thng tin

Cengage Learning 2012
12

(tip)
Tng
Cc sn
bo mt
M t
phm L hnh thc bo mt vt l, c th n gin
nh nhng chic kha ca, hay phc tp hn
nh cc thit b bo mt mng.
Con ngi
Nhng ngi ci t v s dng mt cch ng

n cc sn phm bo mt bo v d liu
Cc th tc, quy Cc k hoch v chnh sch do t chc thit lp

trnh
m bo rng con ngi s dng cc sn
phm mt cch chnh xc.
Bng 1-3 Cc tng bo mt thng tin
13
Cc thut ng bo mt thng tin

Ti sn (Asset)
L phn t c gi tr
Mi e da (Threat)
L cc hnh ng hoc s kin c kh nng gy nguy hi
Tc nhn e da (Threat agent)

Ngi hoc phn t c sc mnh gy ra mi e da
14
Cc ti sn cng ngh thng tin

Tn thnh phn V d
C l ti sn quan trng?
Thng tin
C s d liu khch hng, nhn vin, C: Cc k kh thay th

sn xut, bn hng, tip th, v ti
chnh
Phn mm ng
dng
ng dng giao dch n hng

chuyn dng, b x l vn bn ph
dng
C: L phn ty chnh dnh

ring cho t chc
Khng: Phn mm ph dng
Phn mm h
thng
H iu hnh
Khng: C th thay th d
dng
Cc phn t vt
l
Server, b nh tuyn [router], a

DVD, b cp ngun
dng
Cc dch v
Dch v truyn m thanh v d liu
dng
15

(tip tc)
L hng (vulnerability)
L nhng thiu st hay yu im
Tc nhn e da c th li dng vt qua s bo mt
Ri ro (risk)
Kh nng tc nhn e da khai thc l hng
Khng th c loi b hon ton
Chi ph s qu cao
Mt qu nhiu thi gian thc hin
Mt s cp ri ro phi c gi nh
16
Hnh 1-4 Minh ha cc thnh phn bo mt thng tin

17

(tip tc)
Cc la chn i ph vi ri ro
Chp nhn ri ro
Cn bit rng mt mt c th xy ra
Lm gim ri ro
Thc hin cc bin php phng nga
Hu ht cc ri ro bo mt thng tin u c th c phng
nga
Chuyn ri ro sang mt ngi khc

V d: mua bo him
18
Hiu r tm quan trng

ca bo mt thng tin
Phng nga nh cp d liu
Bo mt thng i i vi vic phng nga nh cp d
liu
nh cp d liu kinh doanh
Thng tin v quyn s hu
nh cp d liu c nhn
M s th tn dng
19
Hiu r tm quan trng

ca bo mt thng tin (tip)
Cn tr vic nh cp danh tnh
S dng tri php thng tin ca ngi khc
Thng nhm mc ch thu li v ti chnh
V d:
nh cp SSN c nhn
To mt ti khon tn dng mi
S dng ti khon mua hng
li cc khon n cha thanh ton
20
Hiu r tm quan trng

Trnh cc hu qu lin quan ti php lut
Lut php bo v quyn ring t i vi d liu in t
o lut trch nhim gii trnh v tnh kh chuyn trong bo
him sc khe nm 1996 (HIPAA)
o lut Sarbanes-Oxley nm 2002 (Sarbox)
o lut Gramm-Leach-Bliley (GLBA)
o lut khai bo vi phm bo mt c s d liu ca bang
California (2003)
21
Hiu r tm quan trng

Duy tr sn xut
Vic khc phc hu qu sau khi b tn cng lm lng ph
cc ti nguyn
Thi gian v tin bc
Bng 1-6 Chi ph ca cc cuc tn cng

22
Hiu r tm quan trng

y lui ch ngha khng b tin hc (cyberterrorism)
Mc tiu: thng tin, h thng my tnh, d liu
Mc ch nhm:
Gy hong lon tinh thn
Kch ng bo lc
Gy ra thm ha ti chnh
23
Hiu r tm quan trng

Nhng mc tiu tn cng ca khng b tin hc
Ngn hng
Qun i
Nng lng (cc nh my in)
Giao thng (cc trung tm iu khin hng khng)
Cc h thng cp nc
24
Nhng k tn cng l ai?

Phn loi nhng k tn cng
Hacker (tin tc)
K vit kch bn non tay (Script kiddie)
Gin ip (Spy)
Ni gin (Insider)
Ti phm my tnh (Cybercriminal)
Nhng k khng b tin hc (Cyberterrorist)
25
Hacker
Hacker (tin tc)
Nhng ngi s dng k nng my tnh tn cng cc
my tnh
Thut ng khng ph bin trong cng ng bo mt
Hacker m trng (white hat hacker)

Mc ch ch ra cc l hng bo mt
Khng nh cp hoc lm hng d liu
Hacker m en (black hat hacker)

Mc ch gy hi v hy dit
26
K vit kch bn non tay

K vit kch bn non tay (script kiddie)
Mc ch: b kha my tnh ph hoi
L nhng ngi dng khng c k nng
Ti v cc phn mm tn cng t ng (m kch bn)
S dng nhng phn mm thc hin cc hnh vi nguy
hi
Cc phn mm tn cng hin nay a s u c h thng

menu
Vic tn cng tr nn d dng hn vi nhng ngi dng
khng c k nng
40% cc v tn cng c thc hin bi nhng k vit

kch bn non tay
27
Gin ip
Gin ip my tnh (spy)
Ngi c thu b kha my tnh
Mc ch nh cp thng tin
c thu tn cng mt my tnh hoc mt h thng

c th:
Cha cc thng tin nhy cm
Mc ch: nh cp thng tin m khng gy ra s ch

i vi cc hnh ng ca h
H c k nng my tnh rt xut sc:
tn cng v che y du vt
28
Ni gin
Ni gin (insider)
Nhn vin, nh thu, v cc i tc kinh doanh
48% hnh vi vi phm l do ni gin gy ra
V d v cc v tn cng do ni gin gy ra
Nhn vin chm sc sc khe tit l thng tin v sc khe
ca nhng ngi ni ting.
Do bt mn v sp b ui vic
Nhn vin chnh ph pht tn m kch bn c hi

Nh u t chng khon che giu cc khon l thng qua
cc giao dch gi mo
Bnh nh trong qun i M tip cn cc ti liu nhy cm
29
Ti phm my tnh
Ti phm my tnh (Cybercriminal)
Mng li gm nhng k tn cng, nh cp danh tnh,
gi th rc, v la o ti chnh
Nhng im khc bit so vi nhng k tn cng thng

thng
ng c cao hn
Sn sng chp nhn ri ro nhiu hn
Kim li nhiu hn
Ngoan c hn
Mc ch: thu li ti chnh
30
Ti phm my tnh (tip)

Ti c my tnh (cybercrime)
Mc tiu tn cng nhm vo cc mng ti chnh
Truy cp tri php thng tin
nh cp thng tin c nhn
Ti phm ti chnh mng (Financial Cybercriminal)

Bun bn th tn dng v thng tin ti chnh
S dng th rc thc hin la o
31
Nhng k khng b tin hc

Nhng k khng b tin hc (cyberterrorist)
ng c lin quan ti h t tng
Tn cng do cc nguyn tc v cc tn ngng
Mc ch tn cng:
Hy hoi thng tin in t
Pht tn thng tin tht thit v tuyn truyn
Ngn cn cc dch v dnh cho nhng ngi dng my

tnh hp php
Thc hin cc v xm nhp tri php
Hu qu: lm t lit hot ng ca cc c s h tng ch
cht; lm sai hng cc thng tin quan trng
32
Tn cng v phng th
C rt nhiu v tn cng
S dng chung cc bc c bn
bo v my tnh khi b tn cng:

Lm theo nm nguyn tc bo mt c bn
33
Cc bc ca mt v tn cng
Chng nghim thng tin
V d nh loi phn cng hoc phn mm c s dng
Thm nhp cc tuyn phng th

Bt u tn cng
Sa i cc thit lp bo mt
Cho php k tn cng xm nhp tr li h thng b hi
mt cch d dng
Vng sang cc h thng khc

S dng cc cng c tng t tn cng sang cc h
thng khc
Lm t lit cc mng v thit b

34
Hnh 1-6 Cc bc thc hin mt v tn cng

35
Phng th chng li
cc cuc tn cng
Cc nguyn tc bo mt c bn
Phn tng
Gii hn
a dng
Gy kh hiu
n gin
36
Phn tng
Bo mt thng tin phi to thnh cc tng
C ch phng v n l c th b vt qua mt cch d
dng
K tn cng s kh khn hn khi phi vt qua tt c cc
tng phng th
Phng php bo mt phn tng

Rt hu dng chng li nhiu kiu tn cng khc nhau
Mang li s bo v ton din
37
Gii hn
Gii hn truy cp thng tin
Gim mi e da i vi thng tin
Ch nhng ngi cn s dng thng tin mi c cp

php truy cp
Khi lng truy cp b hn ch, ngi dng ch c truy
cp nhng g cn bit
Cc phng php gii hn truy cp

Cng ngh
Quyn truy cp file
p dng th tc
Cm xa ti liu khi kho ti sn
38
a dng
Lin quan mt thit ti vic phn tng
Cc tng phi khc nhau (a dng)
Nu k tn cng vt qua mt tng:

Nhng k thut tng t s khng thnh cng xuyn
ph cc tng khc
Vic vi phm mt tng bo mt khng lm nh hng

ti ton b h thng
V d v s a dng
S dng cc sn phm bo mt ca cc hng sn xut
khc nhau
39
Gy kh hiu
Lm kh hiu cc chi tit bn trong i vi th gii bn
ngoi
V d: khng tit l thng tin chi tit
Kiu my tnh
Phin bn h iu hnh
Nhn hiu phn mm s dng
Nhng k tn cng s kh khn hn c th thc hin

tn cng nu khng bit thng tin chi tit v h thng
40
n gin
Bn cht ca bo mt thng tin rt phc tp
Cc h thng bo mt phc tp
Gy kh hiu v kh khc phc s c
Thng c tha hip nhng ngi dng c tin cy
d s dng
H thng bo mt nn n gin:
nhng ngi trong ni b c th hiu v s dng
n gin vi bn trong
Phc tp i vi bn ngoi
41
Tng kt
Cc v tn cng vo bo mt thng tin ang gia tng
theo hm m trong nhng nm gn y
C mt s l do khin cho vic phng th chng li cc
v tn cng hin nay gp kh khn
Bo mt thng tin: bo v tnh ton vn, tnh cn mt v
tnh sn sng ca thng tin:
Trn cc thit b lu tr, x l v truyn ti thng tin
S dng cc sn phm, con ngi v cc th tc
42
Tng kt (tip)
Mc ch ca bo mt thng tin
Ngn chn nh cp d liu
Ngn chn nh cp danh tnh
Trnh cc hu qu lin quan ti lut php do vic khng
bo mt thng tin
Duy tr sn xut
y li ch ngha khng b tin hc
Nhng k tn cng my tnh thuc nhiu thnh phn

khc nhau, vi nhng ng c khc nhau
Mt v tn cng c nm bc c bn
43

Linh HHHH

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Linh HHHH

Uploaded by

Copyright:

Available Formats

Bi 1:

Cc cuc tn cng hin nay

Nhng l hng phn mm thng khng c v

Cc v tn cng ngn hng trc tuyn

nh cp danh tnh nh s dng Firesheep

Cc v nh cp thng tin in hnh

M t cch thng tin b nh cp

Thng tin c nhn b tit l bi mt v vi

Nhng k tn cng tit l thng tin ca 13.000.000

Mt s c nhn ng nhp tri php v truy

K tn cng truy cp vo c s d liu, ly

Nhng kh khn trong vic

nh ngha bo mt thng tin

Phi hy sinh s tin li i ly s an ton

Bo mt thng tin (information security)

nh ngha bo mt thng tin

nh ngha bo mt thng tin

Ghi chp (accounting)

Hnh 1-3 Cc thnh phn bo mt thng tin

nh ngha bo mt thng tin

Nhng ngi ci t v s dng mt cch ng

Cc th tc, quy Cc k hoch v chnh sch do t chc thit lp

Cc thut ng bo mt thng tin

Tc nhn e da (Threat agent)

Cc ti sn cng ngh thng tin

C s d liu khch hng, nhn vin, C: Cc k kh thay th

ng dng giao dch n hng

C: L phn ty chnh dnh

Server, b nh tuyn [router], a

Dch v truyn m thanh v d liu

Cc thut ng bo mt thng tin

Hnh 1-4 Minh ha cc thnh phn bo mt thng tin

Cc thut ng bo mt thng tin

Chuyn ri ro sang mt ngi khc

Hiu r tm quan trng

Hiu r tm quan trng

Hiu r tm quan trng

Hiu r tm quan trng

Bng 1-6 Chi ph ca cc cuc tn cng

Hiu r tm quan trng

Hiu r tm quan trng

Nhng k tn cng l ai?

Hacker m trng (white hat hacker)

Hacker m en (black hat hacker)

K vit kch bn non tay

Cc phn mm tn cng hin nay a s u c h thng

40% cc v tn cng c thc hin bi nhng k vit

c thu tn cng mt my tnh hoc mt h thng

Mc ch: nh cp thng tin m khng gy ra s ch

Nhn vin chnh ph pht tn m kch bn c hi

Nhng im khc bit so vi nhng k tn cng thng

Ti phm my tnh (tip)

Ti phm ti chnh mng (Financial Cybercriminal)

Nhng k khng b tin hc

Ngn cn cc dch v dnh cho nhng ngi dng my

bo v my tnh khi b tn cng:

Thm nhp cc tuyn phng th

Vng sang cc h thng khc

Lm t lit cc mng v thit b

Hnh 1-6 Cc bc thc hin mt v tn cng

Cengage Learning 2012

Phng php bo mt phn tng

Ch nhng ngi cn s dng thng tin mi c cp