Professional Documents
Culture Documents
NGUYN C
NGHIN CU VN BO M AN TON V AN
NINH H THNG THNG TIN CA CC AN TON
BC X HT NHN
CHUYN NGNH: TRUYN D LIU V MNG MY TNH
M S: 60.48.15
H NI - 2010
Phn bin 1:
Phn bin 2:
1
M U
Cng vi s pht trin rt nhanh ca cng ngh thng tin, v
c bit l s bng n ca mng Internet ton cu l mt thnh qu
to ln ca nhn loi. Chng ta s khng nhc li nhng li ch hin
nhin v to ln m Internet cng nh mi trng trc tuyn mang
li. C th ni rng, trong mi trng ton cu ha hin nay, cc c
quan ban ngnh hay cc doanh nghip, c bit l Cc An ton Bc
x, Ht nhn gn nh kh c th p ng c nhng yu cu nhim
v m ng, Nh nc giao ph v pht trin nu coi mnh l c o
v khng kt ni vi mng thng tin ton cu Internet.
Tuy nhin, vic ton cu ha cng c nhng mt tri ca n,
bn cnh nhng li th m Internet mang li, chng ta cng phi
chun b cho mnh kh nng i ph vi nhng thch thc
mi, l lm sao ha nhp vi th gii m vn bo v c mnh.
Thc t c rt nhiu hnh thc tn cng, ph hoi, ly cp thng tin,
ti nguyn trn mng, t nhiu loi i tng khc nhau, cho nhng
mc ch khc nhau...Nhng hnh ng ny ang xy ra hng ngy,
hng gi ti bt c u. Chng ta c th lin tc c c tin tc v
nhng v tn cng, xm nhp an ninh trn mng Internet do hacker
hoc virus gy ra, mc tiu b tn cng t nhng mng my tnh
c bo v ti tn nh nhng h thng my tnh ca B quc phng
M, nhng h thng thng mi trc tuyn, nhng t chc cng ty
ln nh eBay, Amazone, Microsoft... ti nhng my tnh PC kt ni
mng ca ngi dng n l..., li nhng tc hi v nh hng rt
to ln.
- Thc t cho thy mt h thng my tnh khng m bo
c tnh bo mt v an ninh thng thng s em li tc dng
ngc, cc thng tin, d liu nhy cm trn mng d dng b xp
2
nhp tri php, chin lc kinh doanh khng cn tnh b mt i vi
i th cnh tranh, cng nh nhng hnh ng ph hoi c th lm
mng b gin on hot ng, hoc hot ng khng hiu qu, u t
h tng lng ph....
- Vn m bo an ton, an ninh thng tin, m bo an
ton mng my tnh l mt vn kh rng, lin quan ti nhiu vn
, t nhng chnh sch qun l, lnh vc k thut cng ngh, ti
thi quen v thc ngi dng....
Vic m bo an ton v an ninh trn mng l mt
nhim v rt cp thit v quan trng, i hi phi u t
nghin cu mt cch ton din, khoa hc; xut nhng
phng n bo v trit , cht ch, kinh t v kh thi; ng thi cn
trin khai ng b ngay t khi trin khai h tng mng. m bo
c vai tr chc nng v nhim v m n v c giao ph.
Trong khun kh lun vn Nghin cu vn bo m An
ton v An ninh h thng thng tin ca Cc An ton Bc x v Ht
nhn tp trung ch yu n mt s ni dung c bn sau:
Chng 1: Tng quan v An ton Thng tin.
Chng 2: H thng thng tin ca Cc An ton Bc x, Ht
nhn v cc vn gp phi trong qu trnh vn hnh.
Chng 3: Cc gii php m bo an ninh v an ton thng
tin.
3
CHNG 1: TNG QUAN V AN TON THNG TIN
1.1 Tng quan v an ton thng tin
Thng tin c th tn ti di nhiu dng. N c th l nhng
bn in hoc vit tay, nhng lu tr in t, di chuyn bng th hoc
dng nhng bin php in t, hnh nh trn nhng on phim, hoc
li ni trong nhng cuc hi m. Cho d thng tin dng no i
na, hoc l nhng cch thc m n chia s hoc lu tr, th n phi
lun lun c bo v thch ng.
1.1.1. An ton Thng tin:
- An ton thng tin ngha l thng tin c bo v, cc h
thng v nhng dch v c kh nng chng li nhng tai ho, li v
s tc ng khng mong i, cc thay i tc ng n an ton
ca h thng l nh nht.
- H thng c mt trong cc c im sau l khng an ton:
Cc thng tin d liu trong h thng b ngi khng c quyn truy
nhp tm cch ly v s dng (thng tin b r r). Cc thng tin trong
h thng b thay th hoc sa i lm sai lch ni dung (thng tin b
xo trn)...
- Thng tin ch c gi tr cao khi m bo tnh chnh xc v
kp thi, h thng ch c th cung cp cc thng tin c gi tr thc s
khi cc chc nng ca h thng m bo hot ng ng n.
- Mc tiu ca an ton bo mt trong cng ngh thng tin l
a ra mt s tiu chun an ton. ng dng cc tiu chun an ton
ny vo u loi tr hoc gim bt cc nguy him. Do k thut
truyn nhn v x l thng tin ngy cng pht trin p ng cc yu
cu ngy cng cao nn h thng ch c th t ti an ton no .
4
Qun l an ton v s ri ro c gn cht vi qun l cht lng.
Khi nh gi an ton thng tin cn phi da trn phn tch cc ri
ro, tng s an ton bng cch gim ti thiu ri ro. Cc nh gi cn
hi ho vi c tnh, cu trc h thng v qu trnh kim tra cht
lng.
- Cc yu cu an ton bo mt thng tin
Hin nay cc bin php tn cng cng ngy cng tinh vi, s
e do ti an ton thng tin c th n t nhiu ni theo nhiu
cch chng ta nn a ra cc chnh sch v phng php phng
cn thit. Mc ch cui cng ca an ton bo mt l bo v cc
thng tin v ti nguyn theo cc yu cu sau:
m bo tnh tin cy (Confidentiality): Thng tin khng
th b truy nhp tri php bi nhng ngi khng c thm quyn.
m bo tnh nguyn vn (Integrity): Thng tin khng th
b sa i, b lm gi bi nhng ngi khng c thm quyn.
m bo tnh sn sng (Availability): Thng tin lun sn
sng p ng s dng cho ngi c thm quyn.
m bo tnh khng th t chi (Non-repudiation): Thng
tin c cam kt v mt php lut ca ngi cung cp
- Mt s bin php kim tra h thng ca bn c trin khai
cc bin php an ninh c bn hay khng? iu kin cn kim tra
vic trin khai cc bin php an ninh c bn ca mt h thng nh
sau:
1. Chnh sch an ninh chung (Security Policy)
2. T chc an ton thng tin (Organizing Information
Security)
3. Qun l s c an ton thng tin (Information Security
Incident Management)
5
4. Xc nh, phn cp v qun l ti nguyn (Asset
Management)
5. An ninh nhn s (Human Resources Security)
6. An ninh vt l v mi trng (Physical and Environmental
Security)
7. Qun tr CNTT v mng (Communication and Operations
Management)
8. Qun l truy cp (Access Control)
9. Pht trin v duy tr h thng (Informations System
Acquisition, Development and Maintenance)
10. Qun l tnh lin tc kinh doanh (Business Continuity
Management)
11. Yu t tun th lut php (Compliance)
Tiu chun xy dng mi kim sot theo cu trc sau:
Mc tiu ca phn kim sot:
Nu ra tiu ch cn t c ca kim sot
Kim sot:
nh ngha v m t kim sot
Hng dn thi hnh:
Cung cp nhng thng tin nhm h tr vic thi hnh kim
sot v t c mc tiu ra. Mt s hng dn c th khng ph
hp trong mi trng hp v v vy, nhng cch thi hnh khc c th
ph hp hn.
1.1.1.1. Chnh sch an ninh chung:
Chnh sch an ninh chung cp n s h tr ca cp qun
l, cam kt v nh hng trong vic t c cc mc tiu v an
ton thng tin, bao gm hai phn chnh:
6
Vn bn chnh sch an ton thng tin c nh ngha l
mt vn bn mang tnh khi nim, khng c th v phng thc thi
hnh, bao gm cc tiu ch an ton thng tin ca mt t chc.
Xem xt cp nht chnh sch an ton thng tin Chnh sch
an ton thng tin cn c quy trch nhim v giao quyn qun l
cho mt ch th. Ch th ny s chu trch nhim pht trin, xem xt
cp nht v nh gi chnh sch an ton thng tin.
1.1.1.2. T chc an ton thng tin:
T chc an ton thng tin cp n nhu cu thit lp mt
c cu qun l nhm xng v kim sot vic thi hnh an ton
thng tin trong mt t chc, bao gm:
Din n qun l an ton thng tin cung cp mt hi ng
a cp nhm tho lun cc vn v an ton thng tin xuyn sut t
chc.
Gim c an ton thng tin (ISSO) ng vai tr l trung
tm lin lc cho cc vn , nh hng v quyt nh lin quan n
an ton thng tin.
Trch nhim an ton thng tin trch nhim lin quan n
an ton thng tin c vch ra v m t c th trong bng m t cng
vic.
Quy trnh kim sot thm quyn m bo nhng yu t v
bo mt c xt n v cc vn lin quan n h thng mi hoc
sa i h thng thng tin c thng qua.
Ngun chuyn gia m bo cc mi quan h vi cc
chuyn gia c lp nhm c th lin h cc ngun lc khng sn c
trong ni b t chc.
Phi hp t chc Duy tr quan h vi nhng i tc chia s
thng tin v nhng c quan lut php c thm quyn.
7
Xem xt c lp c ch cho php thm nh c lp s
hiu qu v mt an ton thng tin
1.1.1.3. Qun l s c an ton thng tin:
Mc tiu ca kim sot ny l nhm m bo tt c cc s c
v nhng im yu lin quan n h thng thng tin phi c lin
lc, thng bo kp thi n cc b phn c thm quyn, cho php
khong thi gian phn hi khc phc s c.
Quy trnh bo co s c v tng trnh ln cp cao hn phi
c son tho k lng v thng bo n tt c nhn vin trong t
chc.
1.1.1.4. Xc nh, phn cp v qun l ti nguyn:
Mc tiu ca vic xc nh, phn cp v qun l ti nguyn
l nhm bo v ti nguyn thng tin ca mt ca t chc, quy trnh
ngh bao gm:
Kim k, thng k ti sn c ch nhm duy tr chnh xc
bng lit k ti sn, v thit lp ch s hu ca tt c ti sn.
Phn loi c ch nhm phn loi ti sn da trn mc
nh hng kinh doanh.
X l thit lp nhng tiu chun x l, bao gm cc quy
trnh lin quan n vic to ra, di chuyn, chuyn giao, hy b cc ti
sn thng tin, da trn phn loi ti sn.
1.1.1.5. An ninh nhn s:
Mc ch ca an ninh nhn s nhm n kh nng ca mt
t chc trong vic gim thiu ri ro lin quan n vn con ngi,
bao gm:
8
Kim tra nhn s - nhng chnh sch nhn s cn m bo
trnh v tnh thch hp ca tt c nhn s c quyn truy cp vo
ti sn thng tin ca t chc.
Trch nhim bo mt nhn vin cn hiu r trch nhim
bo mt thng tin ca mi c nhn,
iu khon v iu kin lao ng nhn vin cn hiu r
trch nhim bo mt thng tin nh l mt iu kin tin quyt trong
iu khon lao ng.
o to: Mt chng trnh o to an ton thng tin cn
c tin hnh cho tt c nhn vin, bao gm nhng ngi ang lm
v nhng ngi mi vo.
Gii quyt vi phm mt quy trnh chnh thc c thit lp
gii quyt nhng vi phm cc iu khon trong chnh sch an ton
thng tin.
1.1.1.6. An ninh vt l v mi trng:
Kim sot bo mt vt l v mi trng cp n ri ro
trong mi trng vt l, bao gm:
a im
Bo mt chu vi vt l:
Kim sot ra vo.
Ti sn
1.1.1.7. Qun tr CNTT v mng:
Kim sot qun tr CNTT v mng cp n kh nng ca
mt t chc trong vic m bo quy trnh vn hnh ca h thng
CNTT ni chung v h thng h tng mng ni ring.
Quy trnh vn hnh.
9
Kim sot thay i.
Qun tr s c.
Nguyn tc tch quyn.
Hach nh kh nng.
Qun l m ngun l.
Quy ch bo tr.
Qun l mng.
Qun l phng tin lu tr d liu.
1.1.1.8. Qun l truy cp:
Kim sot truy cp cung cp cc c ch nhm qun l, kim
sot truy cp n ngun ti nguyn thng tin da trn cc yu cu c
th v kinh doanh v bo mt, bao gm:
Yu cu kinh doanh.
Qun l ngi dng:
ng k v xa ti khon truy cp
Kim sot v xem xt quyn truy cp
Qun l mt khu
Trch nhim ca ngi s dng.
Kim sot quyn truy cp mng:
- Xc thc my u cui mng
- Xc thc ngi s dng pha ngoi
- Xc nh s nh tuyn an ton
- Kim sot an ninh cho cc thit b mng
- Duy tr tnh tch ri ca cc phn vng mng
- Kim sot kt ni mng
- Duy tr an ninh cho cc dch v mng
Kim sot truy cp my c nhn:
10
- T ng nhn dng my u cui
- C ch xc thc an ton
- Xc thc ngi s dng
- Qun l mt khu
- Bo mt nhng cng c h thng
- m bo an ton cho phin truy cp, c ch t ng thot
khi khng c hot ng truy cp.
- Kim sot truy cp ng dng.
- Theo di truy cp
- in ton di ng.
1.1.1.9. Pht trin v duy tr h thng:
Kim sot v duy tr v pht trin h thng cp n nhng
kim sot cn c xy dng nhm m bo:
Yu cu bo mt h thng.
Yu cu bo mt ng dng.
Yu cu mt m.
Tnh ton vn h thng
An ninh trong qu trnh pht trin.
1.1.1.10. Qun l tnh lin tc kinh doanh:
Qun l tnh lin tc kinh doanh kim sot kh nng ca mt
t chc nhm m bo tnh lin tc trong hot ng kinh doanh, bao
gm:
Hoch nh lin tc kinh doanh.
Th nghim tnh lin tc kinh doanh.
Duy tr tnh lin tc kinh doanh.
11
1.1.1.11. Yu t tun th lut php:
Kim sot ny nhm m bo t chc c cc c ch m bo
cc yu cu v lut php, tun th cc lut nh trong ngnh, bao
gm:
o Quyn s hu tr tu
o Bo v cc thng tin t chc
o Bo v d liu khch hng v i tc
o Chng li vic s dng sai nguyn tc
o Cc lut l v m ha
o Thu thp chng c
1.2 Cc An ton Bc x Ht nhn
Cc An ton bc x v ht nhn (c vit tt l Cc
ATBXHN) l c quan trc thuc B Khoa hc v Cng ngh c
nhim v gip B trng thc hin chc nng qun l nh nc v
an ton bc x, an ton ht nhn; an ninh ngun phng x, vt liu
ht nhn, c s ht nhn; kim sot ht nhn v thc hin cc hot
ng s nghip nhm bo m thc hin cc chc nng trn.
Tn giao dch quc t ca Cc An ton bc x v ht nhn l
Vietnam Agency for Radiation and Nuclear Safety (c vit tt l
VARANS).
Cc An ton bc x v ht nhn c t cch php nhn, c
con du ring v c m ti khon ni t, ngoi t ti Kho bc nh
nc v Ngn hng.
Tr s chnh ca Cc An ton bc x v ht nhn t ti
Thnh ph H Ni.
Cc An ton bc x v ht nhn c cc nhim v v quyn
hn ch yu sau y:
12
1. Xy dng, tham gia xy dng d tho, trnh ban hnh theo
thm quyn cc vn bn quy phm php lut, tiu chun, quy chun
k thut, hng dn v an ton bc x, an ton ht nhn (sau y gi
tt l an ton), an ninh ngun phng x, vt liu ht nhn, c s ht
nhn (sau y gi tt l an ninh) v kim sot ht nhn; ch tr hoc
tham gia t chc thc hin, kim tra vic thc hin cc vn bn
c ban hnh; tham gia xy dng ch , chnh sch cho nhn vin
bc x;
2. Xy dng, trnh B Khoa hc v Cng ngh nh hng
pht trin, chng trnh, k hoch 5 nm v hng nm v nhim v
bo m an ton, an ninh v kim sot ht nhn; ch o, hng dn,
t chc v kim tra vic thc hin chng trnh, k hoch c
ph duyt;
3. T chc vic khai bo cht phng x, thit b bc x, vt
liu ht nhn, thit b ht nhn v vic cp, gia hn, sa i, thu hi
giy php tin hnh cng vic bc x, chng ch v an ton cho nhn
vin bc x;
4. Thm nh v t chc thm nh an ton i vi cng vic
bc x; thm nh v t chc thm nh an ninh i vi ngun phng
x, vt liu ht nhn v c s ht nhn;
5. Kim tra, thanh tra, x l vi phm v gii quyt khiu ni,
t co v an ton v an ninh theo thm quyn;
6. T chc thc hin cc hot ng kim sot ht nhn theo
quy nh ca php lut;
7. Thc hin qun l nh nc v cht thi phng x, quan
trc phng x mi trng, kim sot chiu x ngh nghip, chiu x
dn chng v chiu x y t;
13
8. Hng dn lp v kim tra vic thc hin k hoch ng
ph s c bc x, s c ht nhn; tham gia ng ph s c theo thm
quyn;
9. Xy dng v cp nht h thng thng tin quc gia v an
ton, an ninh; xy dng v qun l h thng k ton v kim sot ht
nhn;
10. T chc v phi hp t chc o to, bi dng, hng
dn chuyn mn, nghip v v an ton, an ninh v kim sot ht
nhn;
11. T chc v phi hp t chc tuyn truyn, ph bin cc
vn bn quy phm php lut, cc kin thc v an ton, an ninh v
kim sot ht nhn;
12. Hng dn, ch o v phi hp vi cc S Khoa hc v
Cng ngh, cc c quan, n v c lin quan thc hin qun l nh
nc v an ton, an ninh v kim sot ht nhn;
13. H tr k thut cho cng tc qun l nh nc v an
ton, an ninh; t chc nghin cu p dng tin b khoa hc - cng
ngh v trin khai thc hin cc dch v an ton, an ninh;
14. T chc thc hin cc hot ng hp tc quc t v an
ton, an ninh v kim sot ht nhn; nghin cu, xut vic k, gia
nhp cc iu c, tha thun quc t v an ton, an ninh v kim
sot ht nhn; tham gia thc hin cc iu c, tha thun quc t
m Vit Nam l thnh vin;
15. Qun l cn b, ti sn, h s v ti liu ca Cc An ton
bc x v ht nhn theo phn cp v quy nh ca B Khoa hc v
Cng ngh;
16. Thc hin cc nhim v khc do B trng B Khoa hc
v Cng ngh giao.
14
H thng thng tin ca Cc c cn b thng tin ca Cc
kt hp vi cc chuyn gia nc ngoi xy dng t nhng nm 2008
2009 vi mc bo mt v an ton c tnh c lp v cha cao v
ch tp trung vo mt s h thng c th nh RAISVN v
TRACKER. V y chnh l mt phn l hng ca h thng nu nh
c s tn cng t nhng im yu trong h thng nh mng LAN
hay tn cng vo Mail v Web ca Cc. T nhng Server ny Virus
hoc Hacker rt c th s dng lm bn p tn cng ton b h
thng.
1.3 Kt lun chng:
1.3.1 Tng quan
Chng m u ca lun vn ny gii thiu tng quan v
an ton thng tin. cc bin php kim tra h thng thng tin trin
khai cc bin php an ninh, an ton thng tin hay cha. Nh Chnh
sch an ninh chung (Security Policy); T chc an ton thng tin
(Organizing Information Security); Qun l s c an ton thng tin
(Information Security Incident Management); Xc nh, phn cp v
qun l ti nguyn (Asset Management); An ninh nhn s (Human
Resources Security); An ninh vt l v mi trng (Physical and
Environmental Security); Qun tr CNTT v mng (Communication
and Operations Management); Qun l truy cp (Access Control)
Tm hiu nhim v, quyn hn v h thng thng tin ca Cc
An ton Bc x, Ht nhn t thy c vn cn thit phi
c mt h thng thng tin an ton hn hot ng hiu qu hn. Trong
chng tip theo, ta s i vo nghin cu h thng thng tin ca Cc
An ton Bc x, Ht nhn v cc vn gp phi trong qu trnh vn
hnh.
15
CHNG 2: H THNG THNG TIN CA CC ATBXHN
V CC VN GP PHI TRONG QU TRNH VN
HNH
2.1 Cc yu t lm mt an ton thng tin ca mng my tnh:
Khi nim cc yu t lm mt an ton thng tin c hiu l
s c tnh hoc mt c khai thc im yu hoc tnh trng, m thc
c th v tnh khi to (nh thc) mt im yu.
S mt an ton thng tin l mi e da, l mc , kh nng
m mt trong cc nguyn nhn lm mt an ton thng tin s thc
hin (v tnh hay hu ) khai thc mt hay nhiu im yu ca h
thng thng tin ni chung.
Cu hi t ra l nhng i tng no c kh nng gy nh
hng n an ninh mng? Thc t, cc i tng ny cng a dng
khng km g ng c hay phng thc tn cng ca h. H c th
l bt c ai - l ngi tr tui, ngi gi, nam gii, n gii, nhn
vin trong hay ngi ngoi t chc. H c im chung l c kh
nng tc ng, c kh nng nh cp, ph hoi thng tin nhy cm
ca cng nhm phc vc cho nhng mc ch khc nhau ca h.
Vic nhn dng i tng, bit r bn cht, tm sinh l, quy lut hot
ng l ht sc cn thit c k hoch i ph thch hp.
Di y l mt s i tng chnh c tc ng n an ninh
mng, v thc t nh ni, cc i tng tn cng, ng c v
phng php tn cng th nhiu v k, khng th lit k ht c.
2.1.1.
Con ngi:
V con ngi: c thc hin hoc c cho php bi con
16
Cn lu lu nhng nhn vin thi vic hoc chuyn cng
tc, cc i tc, cc hng cung cp,cng phi c lu tm bi h
cng c quyn v c kh nng truy cp thng tin trong c s d liu
thng tin ca chng ta. Cn phi c nhng chnh sch qun l ngi
dng thch hp phng trng hp c kh nng r r thng tin
ny.
2.1.2 i th cnh tranh:
i th cnh tranh:
2.1.3. Gin ip:
Gin ip (Spy):
2.1.4. Hacker:
Hacker:
2.1.5. Ngi t m (Explorer):
Ngi t m (Explorer):
2.1.6. Script Kiddie:
Script Kiddie:.
2.1.7. K trm:
K trm:.
Ngoi cc tc nhn trn, cc yu t khc cng t nhiu c tc
ng n an ton thng tin, tc ng chnh ca cc yu t ny ln an
ninh mng l v mt vt l.
+ T nhin: L lt, ng t, l t, sm st
+ Mi trng: mt in, nhim, cc tc nhn ha hc, r r
nhin liu
+ Chy n, ha ha, chin tranh, khng b
Tm li, i tng v yu t c kh nng nh hng n an
ton thng tin mng rt a dng, phong ph. C th ni, bt c ai c
17
nh, c kh nng tip cn vi thng tin ca t chc u c kh
nng tc ng nguy him n an ton thng tin t chc .
2.2 Hin trng c s h tng h thng thng tin ti Cc
ATBXHN
Cc An ton bc x v ht nhn (ATBXHN) l c quan trc
thuc B Khoa hc v Cng ngh (KHCN) c nhim v gip B
trng thc hin chc nng qun l nh nc v an ton bc x, an
ton ht nhn; an ninh ngun phng x, vt liu ht nhn, c s ht
nhn; kim sot ht nhn v thc hin cc hot ng s nghip nhm
bo m thc hin cc chc nng trn; Cc ATBXNH c tr s ti
70 Trn Hng o, ni y l a im lm vic ca ton b khi
lnh o ca Cc; hin trng h tng CNTT c m t nh sau:
Hin ti c h thng cp mng ang hot ng phc v
kt ni mng trong to nh;
c h thng mng Wifi phc v cc kt ni khng dy;
chng thc bng Key v cha c c ch m ho mnh nhm m bo
an ton thng tin truyn qua mi trng khng kh;
03 my ch HP Proliant ML 370 lm nhim v Web,
Database v Backup;
02 my ch HP Proliant ML 350G4P cha s dng
Firewall ASA 5520
Cha trin khai cc dch v CNTT: qun l User, Email,
Portal, VPN, CA
Phn tch nh gi nhu cu xy dng.
i vi mi n v hnh chnh s nghip khi yu cu u t
xy dng mt h thng CNTT, u c cc yu cu c bn bao gm:
18
ph hp mc tiu qun l nh nc, nng cao hiu nng cng vic,
m bo thng tin an ton v khai thc thun tin.
Xut pht t nhu cu cng vic, hin trng ca Cc
ATBXHN cn thit phi c l trnh u t cc hng mc CNTT nh
sau:
Bc 1: u t xy dng h tng mng ti thiu, bao gm
cc dch v h tng mng; dch v v cc phn mm ti thiu cn c
trong mng. Cc bc thc hin
Trang b mng ni b ( thc hin)
Trang b v xy dng h thng dch v h tng CNTT (l cc
dch v nn tng, to tin trin khai cc ng dng nng cao khc)
bao gm: Dch v qun l ngi dng, phn gii tn min, cp a
ch IP t ng, chng thc ngi dng Wifi, cp chng ch s ni
b.
Trin khai cc dch v s dng chung nh Email, Kt ni
mng ring o, Truy nhp Internet, C s d liu, Website;
Bc 2: Tu vo nhu cu qun l v quy m ca Cc, bc
2 c th trin khai cc ng dng qun l: qun l ti sn, qun l ti
chnh k ton, qun l cng vn, h tr gip quyt nh, Nng cp
v hon thin cung cp cc bi ton p ng cc yu cu qun l ca
Cc ATBXHN; quy hoch ton b h thng m bo s n nh v
thng nht trong ton b Cc ATBXHN v s dng cc phn mm
qun l iu hnh v cc phn mm dng chung. Dch v Hi ngh
truyn hnh kt ni xung cc n v trong Cc v vi B KHCN.
2.2.1. Cc h thng thng tin ang qun l vn hnh:
2.2.1.1. H thng h tr ng k cp php trc tuyn cc ngun
phng x (RAISVN)
Tng quan hin trng h thng RAISVN
19
Qun l chuyn ngnh an ton bc x bng phn mm
ng dng ngun phng x v cc thit b bc x c trin khai
Vit Nam t nhng nm 20 ca Th k trc. Trong nhng nm va
qua, cc hot ng qun l v an ton v kim sot bc x c thc
hin ti Cc Kim sot v An ton bc x, ht nhn (KSATBXHN).
vic qun l c hiu qu v hi nhp vi quc t, Cc
KSATBXHN nhp vo Vit Nam Chng trnh qun l chuyn
ngnh v an ton bc x (Radiation Authority Informatic System RAIS) ca C quan Nng lng Nguyn t quc t (IAEA) nhm h
tr hot ng qun l ca mnh.
T nhng nm 2001, Ban An ton bc x v ht nhn (tin thn ca
Cc KSATBXHN) v sau l Cc tip tc tin hnh Vit ho
chng trnh RAIS thnh e-RAIS, cung cp hng dn s dng cho
cc S Khoa hc v Cng ngh trong phm vi c nc.
Hu ht cc chc nng ca RAIS c th c xem nh chun cho
mt ng dng qun l chuyn ngnh, nhng v y l mt chng
trnh do nc ngoi thit k, cng vi mt s yu cu qun l c th
ca Vit Nam, nhng ngi trin khai ng dng e-RAIS nhn thy
cn phi c nhng thay i ln i vi chng trnh.
S phn tch chc nng ca h thng RAISVN
H thng ng k cp php RAISVN thc hin hai chc nng chnh:
i) Khai bo ng k cp php trc tuyn; ii) Ph cp ti cc n v,
cc S KH&CN.
20
H thng ng
k cp php trc
tuyn RAISVN
Khai bo ng
k cp php
trc tuyn
C s d liu
quc gia
21
c s d liu quc gia v an ton bc x cn phi c m bo
tuyt i v an ton an ninh.
Hin trng h thng c s d liu quc gia v an ton bc x; c
phn tch thit k trn nn ngn ng MySQL kt ni cng h thng
RAISVN truy xut v tng hp d liu. H thng c s d liu
quc gia v an ton bc x cng c ci t trn mt my ch v
nm ng sau mt h thng tng la (Firewall) tuy nhin cc chnh
sch thit lp hin ti trn tng la cn rt lng lo v cng rt d b
tn cng, chng hn nh vic m cng 21 cho php vic chuyn vn
giao thc FTP l mt trong nhng l hng tn cng ca h thng.
2.2.1.3. H thng Thanh st ht nhn kt ni trc tip vi c quan
nng lng nguyn t Th gii (IAEA)
Cc An ton bc x v ht nhn (c vit tt l Cc ATBXHN) l
c quan trc thuc B Khoa hc v Cng ngh c nhim v gip B
trng thc hin chc nng qun l nh nc v an ton bc x, an
ton ht nhn; an ninh ngun phng x, vt liu ht nhn, c s ht
nhn; kim sot ht nhn. Mt trong nhng chc nng nhim v
quan trng m Cc phi m nhim l vic kim sot ht nhn,
chnh v chc nng nhim v ny c quan Nng lng nguyn t th
gii IAEA xy dng mt h thng thng tin kt ni trc tip vi
Cc trao i trc tip cc vn bn v cc ti liu mt lin quan.
H thng Thanh st ht nhn c xy dng trn cng ngh VPN kt
ni trc tip gia Cc v IAEA thng qua ng truyn mng ca
Viettel. Tuy l mt h thng c lp nhng cng l mt trong nhng
h thng cn phi c thit lp bo v nghim ngt nhm m bo
an ton an ninh cho cc vn bn ti liu khi x l v y l nhng ti
liu mt ht sc nhy cm v c bit quan trng ca quc gia.
22
23
24
CHNG 3: CC GII PHP M BO AN NINH V AN
TON THNG TIN
3.1. La chn phng n k thut cng ngh:
Cn c trn hin trng thc t ca vn phng Cc ATBXHN,
h thng CNTT ca vn phng Cc ATBXHN c thit k nh sau:
3.1 nh tuyn trong mng NGN
3.1.1. M hnh kin trc ca h thng CNTT
3.1.1.1. Kin trc tng th h thng CNTT
- Ti Vn phng Cc ATBXHN s cung cp cc dch v
CNTT c bn cho cc cn b ti Vn phng; kt hp vi cc phn
mm qun l iu hnh dng chung cho ton Cc ATBXHN.
- Cc cn b lm vic t xa v ti cc vn phng a im
khc bc u s lm vic thng qua h thng mng ring o (VPN)
v dn dn kt ni ng truyn gia cc a im vn phng
phc v Hi ngh truyn hnh.
3.1.1.2. Kin trc v h tng mng bao gm:
+ Thit k cu trc mng LAN, WAN
Vi m hnh v cc dch v cung cp trn, h thng mng
LAN s thit k dng mt phn on (mng phng) vi mt di IP
duy nht trong phn on mng. Cc client s truy cp n server
s dng dch v, h thng theo chun IEEE 802.3 cho mng bus s
dng phng thc truy cp CSMA/CD.
Bng phn b IP cho Vn phng Cc ATBXHN v cc n
v thnh vin
STT
n v
Phn b IP
25
STT
n v
Phn b IP
My ch ca Cc
10.1.1.[1-20]
10.1.2.x
10.1.3.x
My in mng
10.1.x.[21-50]
Access Point
10.1.x.[51-60]
Gateway Router
10.1.x.[250-254]
10.1.x.[100-249]
10.1.x.[61-99]
My ch
Tn my
Dch v
26
DNS, DHCP, AD, File
1
My ch s 1 VARANS01
My ch s 2 VARANS02
My ch s 3 VARANS03
My ch s 4 VARANS04
C s d liu
My ch s 5 VARANS05
27
ca Microsoft nn m bo tt cho vic bo tr, bo hnh vi
cc chi ph thp hn nhiu so vi cc h iu hnh khc.
28
-
29
-
30
nht ln nhau m bo thng tin mi my l duy nht, bt k mt yu
cu truy cp no u phi thng qua xc thc account khai bo
trn domain ny.
Active Directory cung cp:
- Qun l tp trung v phn quyn qun tr xc thc khi truy cp cc
ti nguyn trn mng; s dng cng c Group Policy nhm cc i
tng d qun l v p t cc lut; Vic phn quyn cho ngi
dng truy cp s tun theo cc phm vi cng vic v yu cu trch
nhim ca tng c nhn tham gia hot ng.
- Bo mt v thit lp c ch single sign-on; mi mt ngi dng s
c mt ID/password duy nht khi truy cp mng. Ton b qu trnh
xc thc ca h thng s s dng nh danh (ID) v m kha
(password); M kho phi c di t su k t tr ln, cu to gm
cc k t s, ch v cc k t c bit khc nu h thng cho php.
Cc yu cu m kho hp l phi c kim tra t ng khi thit lp
m kho.
- Tnh d phng v phn ti trn cc server khc nhau
- Kh nng tm kim v thu nhn thng tin
- H tr chun truy nhp xc thc directory LDAPv3 v LDAPv2;
Ton b quy trnh xc thc, m ha, bo mt d liu xc thc ca
Active Directory tun theo chun LDAP.
Cc thao tc qun l vn hnh h thng; kim tra v loi b kp thi
nhng ngi s dng khng cn thm quyn lm vic trn h thng
varans.vn; nh ch tm thi quyn lm vic ca ngi s dng
c ng k trn h thng , nhng tm thi khng lm vic trn h
thng trong thi gian t 60 ngy tr ln; nh k hng tun, xem
xt nht k truy nhp h thng, pht hin v x l kp thi nhng
trng hp truy nhp bt hp php hoc thao tc vt qu gii hn
c giao ca ngi s dng u c thc hin thng qua
Active Directory. M hnh qun l tp trung ca AD trong Windows
2003
31
Tn OU
Vn phng Cc
VP
Phng Cp php
CP
PCTT
Thanh tra Cc
TT
ATHN
KSHN
Phng Hp tc quc t
HTQT
32
TT-KTAT
33
34
35
-
36
-
37
cng PoE. C 2 phng n xc thc ngi dng truy cp h thng:
qua a ch MAC v s dng username/password.
5. S dng chun 802.11g vi tc truyn ln n 54Mbps cho h
thng Wifi ca Cc.
La chn phng php chng thc PEAP-MSCHAP-v2 m bo
an ton cho mt khu v thng tin khng b nghe trm khi truyn i
trong khng kh;
3.2.11. Dch v WSUS:
S dng WSUS ca Windows, xy dng h thng cp nht cho cc
my trm ti NPT, ng b vi WSUS. My ch WSUS ca Cc s
c ng b vi Internet. Xc nh cc loi h iu hnh, phn
mm v vai tr ca cc my tnh trong mng. Cc my trm dn dn
phi c qun l di domain ca Active Directory.
C cc yu cu cp nht: i vi my trm s thc hin cp nht t
ng, cn cp nht cho my ch s c thc hin di s gim st
ca ngi qun tr.
nh k hng thng, ngi qun tr s dng cng c MSBA
(Microsoft Baseline Security Analyzer) ca Microsoft qut ton b
h thng kim tra vic cp nht ny.
Vic xc nh cc cp nht mi s do my ch ti Cc nh k truy
nhp ln server Update ca Microsoft kim tra cc bn update.
Ngi qun tr kim tra v xc nh loi ca update ny v nh gi
s tc ng n h thng. My ch cung cp dch v WSUS d kin
l my ch s 1.
M hnh thc hin:
38
39
3.2.14. o to ngi dng, o to nhn lc trin khai, vn
hnh h thng:
trin khai thnh cng hiu qu ng dng CNTT; mt yu cu rt
quan trng t ra l con ngi phi s dng hiu qu h thng CNTT
phc v cho cng vic hng ngy. Nhn s Cc ATBXHN
phi nhn thc vai tr, trch nhim ca mnh trong vic tun th thc
hin cc quy nh t ra. C 2 hnh thc o to trong giai on 1
ny:
- o to cho ngi s dng ng dng cc hot ng
CNTT trong qu trnh lm vic hng ngy, c 2 mc
o to v ni dung:
- o to hng dn s dng cc dch v mng tiu
biu
- o to hng dn s dng cc phn mm cho khi
phng ban
- o to cho qun tr mng vn hnh h thng
- Thi gian o to:
- i vi ngi s dng; o to ngay khi h thng
mng LAN xy dng xong v i vo hot ng;
o to sau khi ci t cc phn mm.
- i vi qun tr: o to khi lp t, ci t, cu
hnh v khi chuyn giao h thng.
Ni dung cc quy trnh vn hnh h thng cn c xy dng:
- Quy trnh qun l vn hnh h thng mng my tnh
- Quy trnh x l s c v phng nga thm ha
- Quy nh v ra/vo phng my ch
- Quy nh v vic tham gia s dng h thng mng
ti VARANS ca ngi dng v qun tr h thng.
- Quy nh v qun l vn hnh h thng CSDL
Quy nh v cc chnh sch p dng trn h thng mng.
3.2.15. Cc hng mc thc hin:
Ni dung cc cng vic cn thc hin xy dng h thng h tng
CNTT:
STT
HNG MC
S LNG
Ci t h iu hnh cho cc my ch
40
STT
HNG MC
S LNG
Ci t v cu hnh DNS
6
7
8
9
Ci t v cu hnh DHCP
Ci t v cu hnh WSUS
Cu hnh File Server
Ci t v cu hnh CA, RADIUS
Cu hnh Access Point chng thc theo
ngi dng ti Cc
Ci t v cu hnh Proxy Server; VPN
Server
Ci t v cu hnh Exchange Server
Update cc phn mm va ci t
To ti khon / cc nhm theo danh sch
ngi dng
To hm th / cc nhm theo danh sch
ngi dng
Phn quyn trn h thng Files, truy nhp
Internet, truy nhp mng Wifi
Cu hnh Backup
Bn giao mt khu qun tr; hng dn c
bn vn hnh h thng
Cu hnh cc my trm lm vic trong
mi trng mi
1
1
1
1
10
11
12
13
14
15
16
17
18
19
5
1
1
1
1
1
1
1
41
Cn c trn nhu cu s dng ca Cc ATBXHN v tin thc
hin; Chng ti xut s lng thit b s trang b v cu hnh d
kin nh sau:
Bng : Danh mc thit b trang b
STT
TN THIT B
My ch loi 1
(WEB+Exchange+SQL)
LNG
Ghi ch
My ch loi 2 (AD)
My ch loi 3 (ISA)
7
Bng 1.6. Bng danh mc cc thit b, trang b
3.3. MC TIU D KIN CN HON THNH:
3.3.1. M hnh mng VANSVN:
42
INTERNET
FTTH
Modem
Internet: 210.245.63.120/29
VARANS03
Firewall/Proxy
192.168.1.100
VARANS01
E-Mail Server
192.168.1.2
VARANS02
Files/DNS/DHCP
192.168.1.3
Mng LAN VARANS
Cisco Firewall
192.168.1.252
BOA Network
43
vii. DNS ni b trin khai trn my
VARANS01, VARANS02
viii. Cu hnh DNS tch hp domain
ix. Cu hnh resolver cung cp dch v phn
gii tn min cho clients
DHCP
x. Trin khai dch v cung cp a ch IP t
ng cho ngi dng
xi. Dch v chy trn my ch VARANS02
3.3.3. Chia s file
a. Cc th mc chia s v phn quyn theo tng Phng/Ban
b. t Quota cho ngi dng
3.3.4. Email
* Cu hnh
xii. Ci t trn my ch VARANS01; vai tr
Mailbox, Clients Access, Hub transport.
xiii. Public cho ngi dng ni b c th truy
nhp email t mng ni b v Internet qua
a ch http://mail.varans.vn
xiv. Cu hnh gi nhn mail Internet.
3.3.5. Proxy/Firewall
a. Cu hnh
xv. Ci t trn my ch VARANS03 (My
DELL)
xvi. S dng ISA 2006 lm Proxy/Firewall
xvii. Clients s dng SecureNAT kt ni vi
Internet (trong sut vi ngi dng)
b. Chnh sch
xviii. Public cc dch v Ni b ra ngoi Internet:
Web, RAIS, Mail, DNS
xix. Cho php ngi dng ni b truy cp
Internet
xx. Cho php ngi dng t xa kt ni VPN vo
mng ni b
xxi. Ngn chn tt c cc kt ni khc.
xxii. Cc tnh nng lc virus cho web
xxiii. .
44
3.3. KT LUN CHNG:
Chng 3 a ra c:
- La chn phng n k thut cng ngh;
- Phng n xut ca giai on 1;
- D kin cn hon thnh cho h thng thng tin ca VANSVN
Ngi qun tr phi p ng c yu cu v trnh qun tr h
thng.
45
KT LUN & KHUYN NGH
Hin nay, mng vin thng th h mi NGN c trin
khai rng ri trn th gii. Vi nhng u im ni bt, mng NGN
ang dn tr thnh xu hng tt yu ca cc nh cung cp dch v
vin thng th gii. Khng nm ngoi xu hng chung , Vit Nam
cng c nhng bc pht trin mng NGN ca ring mnh. Chnh
ph Vit Nam c nhiu chnh sch khuyn khch, h tr doanh
nghip vin thng xy dng mng NGN.
VNPT l doanh nghip vin thng hng u Vit Nam i
tin phong trong vic xy dng mng NGN, mang dch v mi cho
khch hng vi nhng tri nghim hon ton mi. n nay, mng
NGN VNPT hon thin v hot ng n nh.
Ni dung ca n ny l phng php chung thit k mng
NGN, cp n nhng vn c bn v c p dng thnh
cng trong vic xy dng mng NGN ca VNPT.
Khi m rng mng NGN do nhu cu pht trin th phng
php thit k ny vn p dng c, tit kim chi ph v nhn lc.
Trn y l mt s kt qu t c ca lun vn, do nng
lc bn thn cn hn ch v thi gian thc hin ngn nn khng
trnh khi nhng thiu st knh mong cc thy c gp kin b xung
em c th tip tc hon thin nghin cu v m rng ti ny
mt cch ton din.
Em xin chn thnh cm n!