Professional Documents
Culture Documents
Giáo trình Bảo mật thông tin
Giáo trình Bảo mật thông tin
BO MT THNG TIN
H ni 8-2013
M u
Gn y, mn hc An ton v bo mt thng tin c a vo ging dy ti
hu ht cc Khoa Cng ngh Thng tin ca cc trng i hc v cao ng. Do cc
ng dng trn mng Internet ngy cc pht trin v m rng, nn an ton thng tin
trn mng tr thnh nhu cu bt buc cho mi h thng ng dng. p ng
yu cu hc tp v t tm hiu ca sinh vin cc chuyn ngnh Cng ngh Thng tin,
nhm ging vin ph trch mn Bo mt ca khoa Cng ngh thng tin, trng H
Kinh doanh v Cng ngh H Ni t chc bin son gio trnh ny. Ni dung ca
n c da trn mt s ti liu, nhng ch yu l cun sch ca Gio s William
Stallings Cryptography and Network Security: Principles and Practice. Bn dch
chng ti tham kho bi ging ca TS. Trn Vn Dng khoa CNTT, H Giao
Thng vn ti H Ni. Cun sch trn c dng lm ti liu ging dy ti nhiu
trng i hc. Vi mc ch trang b cc kin thc c s va v gip cho sinh
vin hiu c bn cht ca cc kha cnh an ninh trn mng, trong gio trnh c
gng trnh by tm tt cc phn l thuyt c bn v a ra cc ng dng thc t.
Gio trnh gm 7 chng. Chng u nu tng quan v bo mt, chng 2 tm tt
s lc v m c in, chng 3 trnh by nhng khi nim c bn v s hc, chng
4 gii thiu v M khi v chun m d liu, chng 5 nu v m cng khai v RSA,
chng 6 gii thiu ng dng v an ton Web v IP v cui cng chng 7 tm tt v
K xm nhp v bin php phng chng bc tng la
MC LC
CHNG 1. TNG QUAN V BO MT......................................................................5
1.1 Gii thiu chung v bo mt thng tin...........................................................................5
1.2 Dch v, c ch, tn cng...............................................................................................7
1.3 M hnh an ton mng...................................................................................................8
1.4 Bo mt thng tin trong h c s d liu......................................................................10
Cu hi v bi tp...............................................................................................................13
CHNG 2. M C IN..............................................................................................14
2.1 M i xng..................................................................................................................14
2.2 Cc m th c in thay th..........................................................................................17
2.3 Cc m th c in hon v...........................................................................................23
2.4 Mt s vn khc......................................................................................................24
Cu hi v bi tp...............................................................................................................25
CHNG 3. C S TON HC....................................................................................27
3.1 S hc trn Modulo......................................................................................................27
3.2. Mt s thut ton trn Zn.............................................................................................30
3.3 Gii thiu l thuyt s..................................................................................................33
Cu hi v bi tp...............................................................................................................37
CHNG 4. CHUN M D LIU (DES) V CHUN M NNG CAO (AES)...39
4.1 Chun m d liu (DES)...............................................................................................39
4.3. Double DES v Triple DES.........................................................................................47
4.4 Chun m nng cao (AES)...........................................................................................48
Cu hi v bi tp...............................................................................................................49
CHNG 5. M CNG KHAI V QUN L KHO................................................50
5.1 M kho cng khai........................................................................................................50
5.2 H mt m RSA............................................................................................................52
5.3 Qun l kho.................................................................................................................55
5.4 Trao i kho Diffie Hellman.......................................................................................58
Cu hi v bi tp...............................................................................................................59
CHNG 6. AN TON IP V WEB...............................................................................61
6.1 An ton IP.....................................................................................................................61
6.2 An ton Web..................................................................................................................63
6.3 Thanh ton in t an ton...........................................................................................67
6.4 An ton th in t.......................................................................................................70
Cu hi v bi tp...............................................................................................................74
CHNG 7. K XM NHP, PHN MM C HI V BC TNG LA........75
7.1 K xm nhp.................................................................................................................75
7.2 Phn mm c hi..........................................................................................................78
7.3 Trn b m..................................................................................................................83
7.4 Bc tng la...............................................................................................................90
Cu hi v bi tp...............................................................................................................95
DANH MC CC K HIU, CC CH VIT TT...................................................96
DANH SCH CC TI THO LUN.....................................................................98
TI LIU THAM KHO.................................................................................................99
Cc khi nim:
An ton my tnh: tp hp cc cng c c thit k bo v d liu v
chng hacker.
An ton mng: cc phng tin bo v d liu khi truyn chng.
An ton Internet: cc phng tin bo v d liu khi truyn chng trn tp cc
mng lin kt vi nhau.
Mc ch ca mn hc l tp trung vo an ton Internet gm cc phng tin bo
v, chng, pht hin, v hiu chnh cc ph hoi an ton khi truyn v lu tr thng
tin.
1.1.2 Nguy c v him ha i vi h thng thng tin
Cc him ha i vi h thng c th c phn loi thnh him ha v tnh hay c
, ch ng hay th ng.
- Him ha v tnh: khi ngi dng khi ng li h thng ch c quyn,
h c th ty chnh sa h thng. Nhng sau khi hon thnh cng vic h
khng chuyn h thng sang ch thng thng, v tnh k xu li dng.
- Him ha c : nh c tnh truy nhp h thng tri php.
- Him ha th ng: l him ha nhng cha hoc khng tc ng trc tip ln
h thng, nh nghe trm cc gi tin trn ng truyn.
- Him ha ch ng: l vic sa i thng tin, thay i tnh trng hoc hot
ng ca h thng.
i vi mi h thng thng tin mi e da v hu qu tim n l rt ln, n c th
xut pht t nhng nguyn nhn nh sau:
- T pha ngi s dng: xm nhp bt hp php, n cp ti sn c gi tr
- Trong kin trc h thng thng tin: t chc h thng k thut khng c cu
trc hoc khng mnh bo v thng tin.
- Ngay trong chnh sch bo mt an ton thng tin: khng chp hnh cc chun
an ton, khng xc nh r cc quyn trong vn hnh h thng.
- Thng tin trong h thng my tnh cng s d b xm nhp nu khng c cng
c qun l, kim tra v iu khin h thng.
- Nguy c nm ngay trong cu trc phn cng ca cc thit b tin hc v trong
phn mm h thng v ng dng do hng sn xut ci sn cc loi 'rp' in t
theo nh trc, gi l 'bom in t'.
- Nguy him nht i vi mng my tnh m l tin tc, t pha bn ti phm.
10
M hnh bng o
Cc truy xut d liu n bng gc s c thay th bng truy xut n bng o.
Bng o c to ra m phng d liu trong bng gc. Khi thc thi lnh select,
d liu s c gii m cho bng o t bng gc ( c m ha). Khi thc thi lnh
Insert, Update, instead of trigger s c thi hnh v m ha d liu xung bng
gc.
Qun l phn quyn truy cp n cc ct s c qun l cc bng o. Ngoi cc
quyn c bn do CSDL cung cp, hai quyn truy cp mi c nh ngha:
1. Ngi s dng ch c quyn c d liu dng m ha. Quyn ny ph hp vi
nhng i tng cn qun l CSDL m khng cn c ni dung d liu.
2. Ngi s dng c quyn c d liu dng gii m.
1.4.3 S lc kin trc ca 1 h bo mt CSDL
Triggers: cc trigger c s dng ly d liu n t cc cu lnh INSERT,
UPDATE ( m ha).
Views: cc view c s dng ly d liu n t cc cu lnh SELECT ( gii
m).
Extended Stored Procedures: c gi t cc Trigger hoc View dng kch hot
cc dch v c cung cp bi Modulo DBPEM t trong mi trng ca h qun tri
CSDL.
DBPEM (Database Policy Enforcing Modulo): cung cp cc dch v m ha/gii m
d liu gi n t cc Extended Stored Procedures v thc hin vic kim tra quyn
truy xut ca ngi dng (da trn cc chnh sch bo mt c lu tr trong CSDL
v quyn bo mt).
11
Cu hi v bi tp
1.
2.
3.
4.
5.
6.
7.
8.
12
CHNG 2. M C IN
M ho c in l phng php m ho n gin nht xut hin u tin trong lch s
ngnh m ho. Thut ton n gin v d hiu. Nhng phng php m ho ny l c
s cho vic nghin cu v pht trin thut ton m ho i xng c s dng ngy
nay. Trong m ho c in c hai phng php ni bt l:
- M ho thay th
- M ho hon v
Mi m c in u l m i xng m chng ta s xt trong phn sau.
2.1 M i xng.
2.1.1 Cc khi nim c bn
Mt m i xng s dng cng mt kha cho vic m ha v gii m. C th ni m
i xng l m mt kho hay m kha ring hay m kho tha thun.
y ngi gi v ngi nhn chia s kho chung K, m h c th trao i b mt
vi nhau. Ta xt hai hm ngc nhau: E l hm bin i bn r thnh bn m v D l
hm bin i bn m tr v bn r. Gi s X l vn bn cn m ha v Y l dng vn
bn c thay i qua vic m ha. Khi ta k hiu:
Y = EK(X)
X = DK(Y)
13
2.1.2 Cc yu cu.
Mt m i xng c cc c trng l cch x l thng tin ca thut ton m, gii m,
tc ng ca kha vo bn m, di ca kha. Mi lin h gia bn r, kha v bn
m cng phc tp cng tt, nu tc tnh ton l chp nhn c. C th h ai yu
cu s dng an ton m kho i xng l
1. Thut ton m ho mnh. C c s ton hc vng chc m bo rng mc d
cng khai thut ton, mi ngi u bit, nhng vic thm m l rt kh khn
v phc tp nu khng bit kha.
2. Kho mt ch c ngi gi v ngi nhn bit. C knh an ton phn phi
kho gia cc ngi s dng chia s kha. Mi lin h gia kha v bn m l
khng nhn bit c.
2.1.3 Mt m
H mt m c c trng bi cc yu t sau
- Kiu ca thao tc m ho c s dng trn bn r:
1. Php th - thay th cc k t trn bn r bng cc k t khc
2. Hon v - thay i v tr cc k t trong bn r, tc l thc hin hon
v cc k t ca bn r.
3. Tch ca chng, tc l kt hp c hai kiu thay th v hon v cc k t
ca bn r.
- S kho c s dng khi m ha: mt kho duy nht - kho ring hoc hai kho
- kho cng khai. Ngoi ra cn xem xt s kha c dng c nhiu khng.
- Mt c trng ca m na l cch m bn r c x l, theo:
1. Khi - d liu c chia thnh tng khi c kch thc xc nh v p
dng thut ton m ha vi tham s kha cho tng khi.
2. Dng - tng phn t u vo c x l lin tc to phn t u ra
tng ng.
3.
14
2.1.4 Thm m.
C hai cch tip cn tn cng m i xng.
1. Tn cng thm m da trn thut ton v mt s thng tin v cc c
trng chung v bn r hoc mt s mu bn r/bn m. Kiu tn cng
ny nhm khai ph cc c trng ca thut ton tm bn r c th
hoc tm kha. Nu tm c kha th l tai ha ln.
2. Tn cng duyt ton b: k tn cng tm cch th mi kha c th trn
bn m cho n khi nhn c bn r. Trung bnh cn phi th mt na
s kha mi tm c.
Cc kiu tn cng thm m.
- Ch dng bn m: bit thut ton v bn m, dng phng php thng k, xc
nh bn r.
- Bit bn r: bit thut ton, bit c bn m/bn r tn cng tm kha.
- Chn bn r: chn bn r v nhn c bn m, bit thut ton tn cng tm
kha.
- Chn bn m: chn bn m v c c bn r tng ng, bit thut ton tn
cng tm kha.
- Chn bn tin: chn c bn r hoc m v m hoc gii m tung ng, tn
cng tm kha.
2.1.5 Tm duyt tng th (Brute-Force)
V mt l thuyt phng php duyt tng th l lun thc hin c, do c th tin
hnh th tng kho, m s kho l hu hn. Phn ln cng sc ca cc tn cng u
t l thun vi kch thc kho. Kha cng di thi gian tm kim cng lu v thng
tng theo hm m. Ta c th gi thit l k thm m c th da vo bi cnh bit
hoc nhn bit c bn r.
Sau y l mt s thng k v mi lin h gia di kha, kch thc khng gian
kha, tc x l v thi gian tm duyt tng th. Chng ta nhn thy vi di
kha t 128 bit tr ln, thi gian yu cu l rt ln, ln n hng t nm, nh vy c
th coi phng php duyt tng th l khng hin thc.
Key
(bits)
Size Number
of Time required at 1 encryption/
Alternative Keys s
32
223 = 43 x 109
231 s = 35.8 minutes
56
256=7.2 x 1016
255 s = 1142 years
128
2128 = 7.2 x 1038 2127 s = 5.4 x 1024 years
168
2168 = 3.7 x 1050 2167 s = 5.9 x 1036 years
26 characters 26! = 4 x 1026
2 x 1026 s = 6.4 x 1012 years
Time required at
106 encryptions/ s
2.15 miniseconds
10.01 hours
5.4 x 1018 years
5.9 x 1030 years
6.4 x 106 years
(permution)
2.1.6 an ton.
C th phn lai an ton thnh hai kiu nh sau:
- An ton khng iu kin: y khng quan trng my tnh mnh nh th no, c
th thc hin c bao nhiu php ton trong mt giy, m ho khng th b b, v
bn m khng cung cp thng tin xc nh duy nht bn r. Vic dng b m
ngu nhin mt ln m dng cho d liu m ta s xt cui bi ny c coi l an
15
2.2 Cc m th c in thay th
C hai loi m c in l m thay th v m hon v (hay cn gi l dch chuyn).
M thay th l phng php m tng k t (nhm k t) trong bn r c thay th
bng mt k t (mt nhm k t) khc to ra bn m. Bn nhn ch cn thay th
ngc li trn bn m c c bn r ban u.
Trong phng php m hon v, cc k t trong bn r vn c gi nguyn, chng
ch c sp xp li v tr to ra bn m. Tc l cc k t trong bn r hon ton
khng b thay i bng k t khc m ch o ch ca chng to thnh bn m.
Trc ht ta xt cc m c in s dng php thay th cc ch ca bn r bng cc
ch khc ca bng ch to thnh bn m.
- y cc ch ca bn r c thay bng cc ch hoc cc s hoc cc k t
khc.
- Hoc nu xem bn r nh mt dy bt, th php th thay cc mu bt bn r bng
cc mu bt bn m.
2.2.1 M Ceasar
y l m th c bit sm nht, c sng to bi Julius Ceasar. Ln u tin c
s dng trong qun s. Vic m ho c thc hin n gin l thay mi ch trong
bn r bng ch th ba tip theo trong bng ch ci.
V d:
o Meet me after the toga party
o PHHW PH DIWHU WKH WRJD SDUWB
y thay ch m bng ch ng th 3 sau m l p (m, n, o, p); thay ch e bng ch
ng th 3 sau e l h (e, f, g, h).
C th nh ngha vic m ho trn qua nh x trn bng ch ci sau: cc ch
dng di l m ca cc ch tng ng dng trn:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
V ton hc, nu ta gn s th t cho mi ch trong bng ch ci. Cc ch
dng trn c s th t tng ng l s dng di:
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25
th m Ceasar c nh ngha qua php tnh tin cc ch nh sau:
16
17
18
19
2.2.4 Cc m a bng
Mt hng khc lm tng an ton cho m trn bng ch l s dng nhiu bng ch
m. Ta s gi chng l cc m th a bng. y mi ch c th c m bng
bt k ch no trong bn m ty thuc vo ng cnh khi m ho. Lm nh vy tri
bng tn sut cc ch xut hin trong bn m. Do lm mt bt cu trc ca bn r
c th hin trn bn m v lm cho thm m a bng kh hn. Ta s dng t kho
ch r chn bng no c dng cho tng ch trong bn tin. S dng ln lt cc
bng theo t kha v lp li t u sau khi kt thc t kho. di kho l chu k
lp ca cc bng ch. di cng ln v nhiu ch khc nhau c s dng trong t
kho th cng kh thm m.
2.2.5 M Vigenere
M th a bng n gin nht l m Vigenere. Thc cht qu trnh m ho Vigenere l
vic tin hnh ng thi dng nhiu m Ceasar cng mt lc trn bn r vi nhiu
kho khc nhau. Kho cho mi ch dng m ph thuc vo v tr ca ch trong
bn r v c ly trong t kho theo th t tng ng.
Gi s kho l mt ch c di d c vit dng K = K 1K2Kd, trong Ki nhn
gi tr nguyn t 0 n 25. Khi ta chia bn r thnh cc khi gm d ch. Mi ch
th i trong khi ch nh dng bng ch th i vi tnh tin l K i ging nh trong m
Ceasar. Trn thc t khi m ta c th s dng ln lt cc bng ch v lp li t u
sau d ch ca bn r. V c nhiu bng ch khac nhau, nn cng mt ch cc v tr
khc nhau s c cc bc nhy khc nhau, lm cho tn sut cc ch trong bn m dn
tng i u.
Gii m n gin l qu trnh lm ngc li. Ngha l dng bn m v t kho vi cc
bng ch tng ng, nhng vi mi ch s dng bc nhy lui li v u.
V d: s dng m Vigenere vi t kha v bn r cho trc ta c th lm nh
sau:
- Vit bn r ra
- Vit t kho lp nhiu ln pha trn tng ng ca n
- S dng mi ch ca t kho nh kho ca m Ceasar
- M ch tng ng ca bn r vi bc nhy tng ng.
- Chng hn s dng t kho deceptive
key:
deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGL
20
ABCDEFGHIJKLMNOPQRSTUVWXYZ
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
ABCDEFGHIJKLMNOPQRSTUVWXYZ
BCDEFGHIJKLMNOPQRSTUVWXYZA
CDEFGHIJKLMNOPQRSTUVWXYZAB
DEFGHIJKLMNOPQRSTUVWXYZABC
EFGHIJKLMNOPQRSTUVWXYZABCD
FGHIJKLMNOPQRSTUVWXYZABCDE
GHIJKLMNOPQRSTUVWXYZABCDEF
HIJKLMNOPQRSTUVWXYZABCDEFG
IJKLMNOPQRSTUVWXYZABCDEFGH
JKLMNOPQRSTUVWXYZABCDEFGHI
KLMNOPQRSTUVWXYZABCDEFGHIJ
LMNOPQRSTUVWXYZABCDEFGHIJK
MNOPQRSTUVWXYZABCDEFGHIJKL
NOPQRSTUVWXYZABCDEFGHIJKLM
OPQRSTUVWXYZABCDEFGHIJKLMN
PQRSTUVWXYZABCDEFGHIJKLMNO
QRSTUVWXYZABCDEFGHIJKLMNOP
RSTUVWXYZABCDEFGHIJKLMNOPQ
STUVWXYZABCDEFGHIJKLMNOPQR
TUVWXYZABCDEFGHIJKLMNOPQRS
UVWXYZABCDEFGHIJKLMNOPQRST
VWXYZABCDEFGHIJKLMNOPQRSTU
WXYZABCDEFGHIJKLMNOPQRSTUV
XYZABCDEFGHIJKLMNOPQRSTUVW
YZABCDEFGHIJKLMNOPQRSTUVWX
ZABCDEFGHIJKLMNOPQRSTUVWXY
Bng Saint Cyr
21
2.3 Cc m th c in hon v
Trong cc mc trc chng ta xt mt s m thay th, cc ch ca bn r
c thay th bng cc ch khc ca bn m. By gi chng ta xt n loi m khc,
m hon v, cc ch trong bn r khng c thay th bng cc ch khc m ch thay
i v tr, tc l vic m ho ch dch chuyn v tr tng i gia cc ch trong bn
r. Nh vy, n du bn r bng cch thay i th t cc ch, n khng thay i cc
ch thc t c dng. Do bn m c cng phn b tn sut xut hin cc ch nh
bn gc. Nh vy c th thm m pht hin c.
2.3.1 M Rail Fence
y l m hon v n gin. Vit cc ch ca bn r theo ng cho trn mt s
dng. Sau c cc ch theo theo tng dng s nhn c bn m. S dng chnh l
kho ca m. V khi bit s dng ta s tnh c s ch trn mi dng v li vit bn
m theo cc dng sau ly bn r bng cch vit li theo cc ct.
V d. Vit bn tin meet me after the toga party ln lt trn hai dng nh sau
m e m a t r h t g p r y
e t e f e t e o a a t
Sau ghp cc ch dng th nht vi cc ch dng th hai cho bn m:
MEMATRHTGPRYETEFETEOAAT
2.3.2 M dch chuyn dng
M c s phc tp hn. Vit cc ch ca bn tin theo cc dng vi s ct xc nh.
Sau thay i th t cc ct theo mt dy s kho cho truc, ri c li chng theo
cc ct nhn c bn m. Qu trnh gii m c thc hin ngc li.
V d:
Key:
431 25 6 7
Plaintext: a t t a c k p
o s t po n e
d u n t i l t
wo amxy z
Ta c theo th t cc ct t 1 n 7 nhn c bn m:
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
2.3.2 M tch
M dng hon v hoc dch chuyn khng an ton v cc c trng tn xut ca ngn
ng khng thay i. C th s dng mt s m lin tip nhau s lm cho m kh hn.
M c in ch s dng mt trong hai phng php thay th hoc hon v. Ngi ta
22
2.4 Mt s vn khc.
2.4.1 My quay
Trc khi c m hin i, my quay l m tch thng dng nht. Chng c s dng
rng ri trong chin tranh th gii th hai: c, ng minh v Nht. My quay to
nn m thay th rt a dng v phc tp. Trong my c s dng mt s li hnh tr,
mi li ng vi mt php th, khi quay s thay th mi ch bng mt ch khc tng
ng. Vi 3 hnh tr khc nhau, ta c 26 x 26 x 26 = 17576 bng ch.
2.4.2 Du tin
Mt trong nhng k thut khc m bo tnh bo mt ca thng tin c gi l
du tin. y l mt s la chn dng kt hp hoc ng thi vi m. Du tin l du
s tn ti ca bn tin cn bo mt trong mt thng tin khc nh: trong bn tin di ch
dng mt tp con cc ch/t c nh du bng cch no ; s dng mc khng
nhn thy; du tin trong cc file m thanh hoc hnh nh. Cc k thut ny gn y
cng c quan tm nghin cu. Tuy nhin n c nhc im l ch du c lng
thng tin nh cc bt.
23
24
Cu hi v bi tp
Cu hi
1. Nu thut ton dng bng Saint Cyr m ha v gii m Vigenere khi bit t kha. p
dng thut ton m ha bn r sau: Network Security is very important for software
development vi t kha l COMPUTER SCIENCE
2. C bao nhiu kha Playfair khc nhau.
3. Gi s dng m dch chuyn dng vi 8 ct. Hi c bao nhiu kha khc nhau. Nu thut
ton gii m vi t kha cho trc.
Bi tp:
Bi t p 1: Cho bin an m sau dng m Ceasar
"GCUA VQ DTGCM"
Suy lun tm bn r (s dng bng ch ci ting Anh).
Bi t p 2: S dng k thut thm m bng ch n, lp bng tn sut cc ch, b ch i,
b ch ba ca an m sau:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIVUEPHZHMDZSH
ZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOUDTMOHMQ
Lp lun v cho bit nh x ca bng ch n v a ra bn r ph hp
Bi t p 3: Tm bn m ca bn r We are studying cryptography this year s dng m
Playfair vi t kha information technology.
Bi t p 4: M ha bn r Chung toi se la nhung ky su cong nghe thong tin gioi trong mot
vai nam nua s dng t kha 631425 bng phng php Vigenere.
Bi t p 5: Cho h m Vigenere c M = 6, K = CIPHER.
a) Hy thc hi n m ha xu P = THIS IS MY TEST.
b) Hy thc hi n gii m xu M = EICJIC RTPUEI GBGLEK CBDUGV.
Bi t p
6: Cho h m Vigenere c M = 6. M ha xu P = THIS IS MY TEST ngi ta
thu c bn m l LLKJML ECVVWM.
a) Hy tm kha m ha dng ca h m trn.
b) Dng kha tm c phn trn hy gii m bn m C = KLGZWT OMBRVW.
Bi t p 7: Cho h m Vigenere c M = 6. M ha xu P = SPIRIT ngi ta thu c bn
m l OXHRZW.
a) Hy tm kha m ha dng ca h m trn.
b) Dng kha tm c phn trn hy gii m bn m C = BQETYH HMBEEW.
Bi t p 8: Cho h m Vigenere c M = 6. Gii m xu C = RANJLV ngi ta thu c
bn r l CIPHER.
a) Tm kha s dng ca h m trn.
b) Dng kha tm c phn trn hy hy gii m xu M = PLDKCI DUJQJO.
Bi t p 9: Phng php m ha thay th n gin
on vn bn sau c m ha bng cch s dng m t phng php m ha thay th n
gin. Bn r l m t phn ca m t vn bn ting Anh vit hoa, b qua cc du cu. Hy s
dng bng thng k tn sut xut hi n ca cc ch ci trong ting Anh gii m bn m
cho.
25
26
CHNG 3. C S TON HC
M u
S nguyn t, s hc ng d l c s ton hc ca l thuyt mt m, c vai tr
rt quan trng trong l thuyt mt m. Chng ny trnh by tm tt mt s kin
thc v s nguyn t v s hc ng d.
27
o V d: 1, 2, 3, 4, 6, 8, 12, 24 l cc c s ca 24
3.1.2 Cc php ton s hc trn Modulo
Cho trc mt s n. Ta mun thc hin cc php ton theo Modulo ca n. Ta
c th thc hin cc php ton trn cc s nguyn nh cc php cng, nhn cc
s nguyn thng thng sau rt gn li bng php ly Modulo hoc cng c
th va tnh ton, kt hp vi rt gn ti bt c thi im no:
(a+b) mod n = [a mod n + b mod n] mod n (*)
(a.b) mod n = [a mod n . b mod n] mod n (**)
Nh vy khi thc hin cc php ton ta c th thay cc s bng cc s tng
ng theo Modulo n hoc n gin hn c th thc hin cc php ton
trn cc i din ca n: Zn = { 0, 1, 2, 3, , n-1 }.
o Cc ch v tnh cht rt gn:
nu (a+b)(a+c) mod n, th bc mod n
Nhng (ab)(ac) mod n, th bc mod n ch khi nu a l nguyn t
cng nhau vi n
V d. p dng cc tnh cht ca modulo:
17
(11*19 + 10 ) mod 7 =
17
((11*19) mod 7 + 10 mod 7) mod 7 =
17
((11 mod 7* 19 mod 7) mod 7 + (10 mod 7) mod 7) mod 7=
2222
((4.(-2)) mod 7 + (((3 ) ) ) * 3 mod 7)mod 7=
222
((-1) mod 7 + ((2 ) ) * 3 mod 7)mod 7 =
(-1 + 5) mod 7 = 4
V d: Bng Modulo 8 vi php cng
28
RA
: CLN ca a v b.
(1)
While b 0 do
r a mod b , a b , b r
(2)
Return (a).
29
RA
(1)
Nu b 0 th t d a , x 1 , y 0 v return d, x , y
(2)
t x 2 1 , x1 0 , y 2 0 , y1 1
(3)
While b 0 do
x2 qx1 ,
y
y2 qy1
3.2. a b , b r , x 2 x1 , x1 x , y 2 y1 , y1 y
(4)
t d a , x x 2 , y y 2 v return d, x , y
V d:
a 4864 v b 3458
Q
1
2
2
5
1
2
1406
646
114
76
38
0
1
2
5
27
32
91
1
3
7
38
45
128
a
4864
3458
1406
646
114
76
38
b
3458
1406
646
114
76
38
0
x2
1
0
1
2
5
27
32
x1
0
1
2
5
27
32
91
y2
0
1
1
3
7
38
45
y1
1
1
3
7
38
45
128
a x 1 mod n
: a Zn
RA
ax ny d trong d a , n .
30
31
V d 1: n=101, a=25
V d 2: n=173, a=1024
c 2 *c
f (f * f) mod n
if bi = 1
then c c + 1
f (f*a) mod n
return f
32
bi
17
35
70
140
280
560
49
157
526
160
241
298
166
67
Gi tr f cui cng 1 l p s cn tm
a p
pP
V d: 91=713; 3600=243252
Thng thng tm phn tch trn, ta phi kim tra tnh chia ht cho cc s nguyn
t t nh n ln v thc hin php chia lin tip cho cc s nguyn t, ri gp thnh
ly tha ca cc s nguyn t.
3.3.3 Cc s nguyn t cng nhau v GCD
Hai s nguyn dng a v b khng c c chung no ngoi 1, c gi l nguyn t
cng nhau.
V d: 8 v 15 l nguyn t cng nhau, v c ca 8 l 1, 2, 4, 8, cn c ca 15 l 1,
3, 5, 15. Ch c 1 l c chung ca 8 v 15.
33
(s.t) = (s).(t)
Vi d.
(37) = 37 1 = 36
(21) = (31)(71) = 26 = 12
(72) = (8.9) = (8). (9) = (23).(32) =
= (23-22)(32-31) = 4.6 = 24
3.3.6 nh l Ole
nh l Ole l tng qut ho ca nh l Ferma
a(n)mod n = 1
vi mi cp s nguyn dng nguyn t cng nhau a v n: gcd(a,n)=1.
V d.
a = 3; n = 10; (10)=4;
V vy 34 = 81 = 1 mod 10
a = 2; n =11; (11)=10;
Do 210 = 1024 = 1 mod 11
35
ci M i M i1 mod mi , 1 i k
- Tnh
Sau s dng cng thc
a c mod M
i 1
i i
36
Cu hi v bi tp.
1. Tnh gi tr cc biu thc theo modulo sau:
8 mod 9 + 7 mod 9
8 mod 9 * 7 mod 9
5 mod 11 9 mod 11
53 mod 7
520 mod 7
5/6 mod 7
2. Tnh gi tr cc biu thc theo modulo sau
(-546) mod 13 - 347 mod 11
(1234 + 2345) mod 17
(213 * 345) mod 19
15-1 mod 101
41-1 mod 100
1435 mod 11
(235*126/13) mod 19
31130 mod 23
(23525 /17 + 12619. 397 /13) mod 29
37
38
Trong :
l php loi tr ca hai xu bit
f l mt hm s c m t sau
k1, k2, , k16 l cc xu bit c di 48 c tnh nh 1
hm ca kha k (ki chnh l mt php chn hon v bit
trong k).
Mt vng ca php m ha c m t nh sau:
39
(0 r 3)
40
41
Tm hp S:
Ct
[0]
[1]
[2]
[3]
[0]
[1]
[2]
[3]
[0]
[1]
[2]
[3]
[0]
[1]
[2]
[3]
[0]
[1]
[2]
[3]
[0]
[1]
[2]
Hng
[0] [1] [2] [3] [4] [5] [6] [7] [8] [9]
S1
14 4
13 1
2
15 11 8
3
10
0
15 7
4
14 2
13 1
10 6
4
1
14 8
13 6
2
11 15 12
15 12 8
2
4
9
1
7
5
11
S2
15 1
8
14 6
11 3
4
9
7
3
13 4
7
15 2
8
14 12 0
0
14 7
11 10 4
13 1
5
8
13 8
10 1
3
15 4
2
11 6
S3
10 0
9
14 6
3
15 5
1
13
13 7
0
9
3
4
6
10 2
8
13 6
4
9
8
15 3
0
11 1
1
10 13 0
6
9
8
7
4
15
S4
7
13 14 3
0
6
9
10 1
2
13 8
11 5
6
15 0
3
4
7
10 6
9
0
12 11 7
13 15 1
3
15 0
6
10 1
13 8
9
4
S5
2
12 4
1
7
10 11 6
8
5
14 11 2
12 4
7
13 1
5
0
4
2
1
11 10 13 7
8
15 9
11 8
12 7
1
14 2
13 6
15
S6
12 1
10 15 9
2
6
8
0
13
10 15 4
2
7
12 9
5
6
1
9
14 15 5
2
8
12 3
7
0
42
12
11
7
14
5
9
3
10
9
5
10
0
0
3
5
6
7
8
0
13
2
1
12
7
13
10
6
12
12
6
9
0
0
9
3
5
5
11
2
14
10
5
15
9
12
5
2
14
7
14
12
3
11
12
5
11
4
11
10
5
2
15
14
2
8
1
7
12
8
2
3
5
5
12
14
11
11
1
5
12
12
10
2
7
4
14
8
2
15
9
4
14
3
15
12
0
15
10
5
9
13
3
6
10
0
9
3
4
14
8
0
5
9
6
14
3
3
13
4
4
14
10
14
0
1
7
11
13
5
3
11
11
8
6
[3]
12
15
10
[0]
[1]
[2]
[3]
4
13
1
6
11
0
4
11
2
11
11
13
14
7
13
8
15
4
12
1
0
9
3
4
8
1
7
10
13
10
14
7
[0]
[1]
[2]
[3]
13
1
7
2
2
15
11
1
8
13
4
14
4
8
1
7
6
10
9
4
15
3
12
10
11
7
14
8
1
4
2
13
11
S7
3
14
10
9
S8
10.
12
0
15
14
13
12
3
15
5
9
5
6
0
7
12
8
15
5
2
0
14
10
15
5
2
6
8
9
3
1
6
2
12
9
5
6
12
3
6
10
9
14
11
13
0
5
0
15
3
0
14
3
5
12
9
5
6
7
2
8
11
Php hon v P:
..
Kho ban u nhp vo l mt chui 64 bit, trong vng u tin kho 64 bit
c cho qua hp PC-1(Permuted Choice) hon v c la chn thnh kho
56 bit.
Hp PC-1.
Kho i qua PC-2 th bit th 14 tr thnh bit u tin, cc bit th 17, 11, 24,
l cc bit tip theo, bit th 32 l bit cui cng ca kho con.
44
45
mi 1 mi 1 mi'1
'
m i-1 f (mi , K i ) mi-1
f (mi' , K i )
=mi-1
46
1
1
Gii m: M DESK1 DESK 2 C
47
1
M ha: C DESK1 DESK 2 DESK1 M
1
1
Gii m: M DESK1 DESK 2 DESK1 C
5,1923.1033
php tnh
48
49
o
o
o
o
Cu hi v bi tp
1. Lp s khi m ho DES. Nu cc c trng ca DES.
2. Lp s khi m ho AES. Nu cc c trng ca AES.
3.. M t cc c trng m khi, chun m DES, chun m nng cao
AES.
50
51
52
5.2 H mt m RSA
RSA l m cng khai c sng to bi Rivest, Shamir & Adleman MIT (Trng
i hc Cng ngh Massachusetts) vo nm 1977. RSA
l m cng khai c bit n nhiu nht v s dng rng ri nht hin nay. N da
trn cc php ton ly tha trong trng hu hn cc s nguyn theo modulo nguyn
t. C th, m ho hay gii m l cc php ton lu tha theo modulo s rt ln. Vic
thm m, tc l tm kho ring khi bit kho cng khai, da trn bi ton kh l phn
tch mt s rt ln ra tha s nguyn t. Nu khng c thng tin g, th ta phi ln
lt kim tra tnh chia ht ca s cho tt c cc s nguyn t nh hn cn ca n.
y l vic lm khng kh thi.
Ngi ta chng minh c rng, php ly tha cn O((log n)3) php ton, nn c
th coi ly tha l bi ton d.
Cn ch rng y ta s dng
cc s rt ln khong 1024 bit, tc l c 10 350. Tnh an ton da vo kh ca bi
ton phn tch ra tha s cc s ln. Bi ton phn tch ra tha s yu cu O(e log n
log log n) php ton, y l bi ton kh.
5.2.1 Khi to kho RSA
Mi ngi s dng to mt cp kho cng khai ring nh sau:
Chn ngu nhin 2 s nguyn t ln p v q
Tnh s lm modulo ca h thng: N = p.q
o Ta bit N)=(p-1)(q-1)
o V c th dng nh l Trung Hoa gim bt tnh ton
Chn ngu nhin kho m e
o Trong 1<e< N), gcd(e,(N))=1
53
54
55
56
57
58
59
60
(Bob)
Cu hi v bi tp
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
61
6.1 An ton IP
C kh nhiu c ch an ton ng dng chuyn bit nh: S/MIME, PGP, Kerberos,
SSL/HTTPS. Tuy nhin c nhng c ch an ton m xuyn sut nhiu tng ng
dng nh l c ch an ton IP c ci t trn mng cho mi ng dng.
6.1.1 IPSec
IPSec l c ch an ton IP tng quan. N cung cp: xc thc, bo mt v qun tr
kho. IPSec c dng trn mng LAN, mng WAN ring v chung v trn c
mng Internet.
Li ch ca IPSec
IPSec trn bc tng la/router cung cp an ton mnh cho mi vic truyn qua
vnh ai. N chng li vic i vng qua bc tng la/router.
IPSec nm tng vn chuyn bn di nn trong sut vi mi ng dng v c th
trong sut vi ngi s dng u cui. N c th cung cp an ton cho ngi s
dng ring bit v bo v kin trc r nhnh.
6.1.2 Kin trc an ton IP
c t an ton IP rt phc tp, c nh ngha qua mt s chun (RFC): bao gm
RFC 2401/2402/2406/2408 v c nhiu chun khc c nhm theo loi. iu
ny l bt buc i vi IP6 v tu chn vi IP4. C hai m rng an ton cho phn
u:
Phn u xc thc (AH Authentication Header)
Ti trng an ton ng gi (ESP Encapsulating Security Payload)
1. Dch v IPSec
IPSec nhm t cc mc ch sau: kim sot truy cp, ton vn khng kt ni, xc
thc ngun gc d liu, t chi ti li gi (y l mt dng ca ton vn lin kt
tng phn), bo mt (m ho), bo mt lung vn chuyn c gii hn.
2. Lin kt an ton
Quan h mt chiu gia ngi gi v ngi nhn m cung cp s an ton cho
lung vn chuyn v c xc nh bi 3 tham s
o Ch s tham s an ton
o a ch IP ch
o Tn ca th tc an ton
Ngoi ra c mt s cc tham s khc nh: ch s dy (sequence number), thng tin
v phn u xc thc v phn u m rng AH & EH, thi gian sng. C lu tr
c s d liu ca cc lin kt an ton.
3. Phn u xc thc (Authentication Header - AH)
AH cung cp s h tr cho an ton d liu v xc thc ca cc gi IP:
o H thng u cui/chuyn mch c th xc thc ngi s dng/ng dng
o Ngn tn cng theo di a ch bng vic theo di cc ch s dy.
AH da trn s dng MAC: HMACMD596 hoc HMAC SHA -1-96
Mun vy cc bn cn chia s kho mt.
62
63
y kt ni SSL l:
o Tm thi, u cui n u cui, lin kt trao i
o Gn cht vi 1 phin SSL
V phin SSL:
o Lin kt gia ngi s dng v my ch
o c to bi th tc HandShake Protocol
o Xc nh mt tp cc tham s m ho
o C th chia s bi kt ni SSL lp
1. Dch v th tc bn ghi SSL
64
65
66
67
68
69
70
6.4 An ton th in t
Th in t l mt trong nhng dch v mng c coi trng v ng dng rng ri
nht. ng thi ni dung ca cc mu tin khng an ton. C th b quan st trn
ng truyn hoc bi nhng ngi c thm quyn thch hp h thng u cui.
Nng cao an ton th in t l mc ch quan trng ca mi h thng trao i th.
y phi m bo cc yu cu sau: tnh bo mt ni dung tin gi, xc thc ngi gi
mu tin, tnh ton vn ca mu tin, hn na bo v khi b sa, tnh chng t chi
gc, chng t chi ca ngi gi.
6.4.1 Dch v PGP.
PGP (Pretty Good Privacy) l mt dch v v bo mt v xc thc c s dng rng
ri cho chun an ton th in t. PGP c pht trin bi Phil Zimmermann. y
la chn cc thut ton m ho tt nht dng, tch hp thnh mt chng trnh
thng nht, c th chy trn Unix, PC, Macintosh v cc h thng khc. Ban u l
mien ph, by gi c cc phin bn thng mi. Sau y chng ta xem xt hot ng
ca PGP
Thao tc PGP xc thc
Ngi gi to mu tin, s dng SHA-1 sinh Hash 160 bit ca mu tin, k hash vi
RSA s dng kho ring ca ngi gi v nh km vo mu tin.
Ngi nhn s dng RSA vi kho cng khai ca ngi gi gii m v khi phc
bn hash. Ngi nhn kim tra mu tin nhn s dng bn hash ca n v so snh vi
bn hash c gii m.
Thao tc PGP bo mt
Ngi gi to mu tin v s ngu nhin 128 bit nh kho phin cho n, m ho mu
tin s dng CAST-128/IDEA /3DES trong ch CBC vi kho phiien . Kho
phin c m s dng RSA vi kho cng khai ngi nhn v nh km vi mu tin.
Ngi nhn s dng RSA vi kho ring gii m v khi phc kho phin. Kho
phin c s dng gii m mu tin.
Thao tc PGP - Bo mt v xc thc
C th s dng c hai dch v trn cng mt mu tin. To ch k v nh vo mu tin,
sau m c mu tin v ch k. nh kho phin c m ho RSA/ElGamal.
Thao tc PGP nn
Theo mc nh PGP nn mu tin sau khi k nhng trc khi m. Nh vy cn lu
mu tin cha nn v ch k kim chng v sau. V rng nn l khng duy nht.
y s dng thut ton nn ZIP.
Thao tc PGP tng thch th in t
Khi s dng PGP s c d liu nh phn gi (mu tin c m). Tuy nhin th
in t c th thit k ch cho vn bn. V vy PGP cn m d liu nh phn th vo
71
72
73
S sau nu cch ngi nhn gii m, kim chng thng tin c mu tin.
74
Cu hi v bi tp
1. Nu mc ch IPSec, cc tham s, AH v ESP
2. Nu mc ch SSL v TLS. Trnh by kin trc v nhim v ca cc thnh
phn ca chng.
3. Th no l thanh ton in t an ton
4. Nu yu cu ca ch k kp v chng t ch k kp trong thanh ton in
t an ton p ng cc yu cu .
5. Nu qui trnh thanh ton in t an ton, chng t n p ng c cc yu
cu an ton ra.
6. Nu cc yu cu bo mt, xc thc, ch k in t ca h thng th n
t.
7. Trnh by gii php xut ca PGP cho h thng th in t.
8. Tm hiu xc thc c bn HTTP trong Internet Explorer.
75
76
77
78
o Passwords thng c lu tr m ho
Unix s dng DES lp
Cc h thng gn y s dng hm hash
o Cn phi bo v file passwords trong h thng
Tm hiu v mt khu
o Purdue 1992 c nhiu mt khu ngn
o Klein 1990 c nhiu mt khu on c
o Kt lun l ngi s dng thng chn cc mt khu khng tt
o Cn mt cch tip cn chng li iu
To mt khu - cn gio dc cch to mt khu
o Cn c chnh sch v gio dc ngi s dng
o Gio dc tm quan trng ca mt khu tt
o Cho nh hng mt khu tt
di ti thiu > 6
i hi trn ch hoa v ch thng, s v du chm
khng chn t trong t in
o Nhng nn chn sao cho nhiu ngi khng
To mt khu my tnh t sinh
o Cho my tnh t to mt khu
o Nu ngu nhin khng d nh, th s vit xung (hi chng nhn kh
chu)
o Ngay c pht m c cng khng nh
o C cu chuyn v vic chp nhn ca ngi s dng ti
o FIPS PUB 181 l mt trong nhng b sinh tt nht
C c m t v code v d
Sinh t vic ghp ngu nhin cc m tit pht m c
To mt khu - kim tra trc
o Cch tip cn h hn nht c th ci thin an ton mt khu
o Cho php ngi s dng chn trc mt khu ca mnh
o Nhng cho h thng kim chng xem n c chp nhn c khng
Bt buc theo qui tc n gin
So snh vi t in cc mt khu ti
S dng m hnh thut ton Markov hoc b lc chng cc
cch chn ti
7.2 Phn mm c hi
7.2.1 Cc kiu phn mm c hi khc ngoi Virus
Virus my tnh c cng b rt nhiu, l mt trong nhng phn mm c hi.
Tc ng ca n mi ngi u bit, c nu trong cc bo co, vin tng
v phim nh, gy nhiu ch hn l tn thng v c quan tm nhiu phng
chng.
1. Ca sau hoc ca sp
im vo chng trnh b mt, cho php nhng ngi bit truy cp m b qua cc
th tc an ton thng thng. K thut ny c th c s dng chung bi nhng
ngi pht trin v l mi e do khi trong chng trnh sn phm cho php
79
80
}
Cc kiu Virus
C th phn loi da trn kiu tn cng
o Virus n bm
o Virus c tr b nh
o Virus sector khi ng
o Ln lt
o Virus nhiu hnh thi
o Virus bin ho
1. Marco Virus
Marco code nh km file d liu, c dch bi chng trnh s dng file
o Nh marco ca Word/Excel
o S dng lnh t ng v lnh marco
y l on code l c lp vi nn tng, l on ngun chnh ca s lan nhim
virus. C s khc bit khng r rng gia d liu v file chng trnh, thng
thng c s tho hip truyn thng: d dng s dng v an ton. c s
ci thin an ton trong Word, khng tri hn s e do ca virus.
2. Virus email
y l loi virus lan truyn s dng email c nh km cha marco virus nh
Melissa. Thng c kch hot khi ngi s dng m file nh km hoc t khi
hn khi mail c xem s dng mt tnh cht script ca tc nhn mail. Do s
lan truyn rt nhanh, thng thng ch l tc nhn mail Microsoft Outlook hoc
ti liu Word /Excel. Cn an ton ng dng v h iu hnh tt hn
3. Su
y l chng trnh sinh lp nhng khng c tc ng, thng lan truyn trn
mng
o Nh su Internet Morris 1988
o Dn n vic to ra cc i ng cu khn cp my tnh CERT
o Dng c quyn phn tn hoc khai thc cc im yu h thng
o c s dng rng ri bi Hackers to zombie PC, ko theo s dng
cc tn cng khc, c bit t chi dich v DoS
Vn chnh l mt s an ton ca h thng kt ni thng xuyn nh PC.
Thao tc ca su
Cc giai on ca su ging nh virus:
o Nm im
o Lan truyn
Tm h thng khc tc ng
Thit lp kt ni vi h thng ch t xa
T sinh lp mnh cho h thng t xa
o Kch hot
o Thc hin
4. Su Morrris
81
82
83
7.3 Trn b m
Trn b m l c ch tn cng rt ph bin bt u t 1988 xut hin su Morris n
Code Red, Slammer, Sasser v nhiu ci khc na. Cc k thut phng chng u
bit. Tuy nhin vn cn l vn phi quan tm v di truyn t cc con rp ly lan
rng ri. V vn cn cc k thut lp trnh khng cn thn.
C s ca vic trn b nh: sinh bi do li lp trnh, cho qu nhiu d liu lu tr
hn kh nng cho php trong b m kch thc c nh. B m c th trn ngn
xp, ng, d liu tng th. Vit cc v tr nh cn k, lm hng d liu ca
84
chng trnh, truyn iu khin khng mong mun, vi phm truy cp b nh, thc
hin code ca k tn cng
7.3.1 V d trn b nh
85
86
87
88
89
90
vng d liu tng th ngu nhin v khng thc thi, dch chuyn con tr hm, cc
trang bo v.
7.4 Bc tng la
7.4.1 M u
Bc tng la pht trin mnh m, c ng dng trong cc cc h thng thng
tin. By gi mi ngi u mun ln Internet v cc mng lin kt vi nhau. V
vy cn quan tm thng xuyn v an ton. Khng d dng bo v tng h thng
trong t chc. Thng thng s dng bc tng la, cung cp vng bo v nh
mt phn ca chin lc an ton ton din.
Bc tng la l g
L im c chai kim sot v theo di. Cc mng lin kt vi tin cy khc
nhau, buc c hn ch trn cc dch v ca mng. Chng hn, vn chuyn phi c
giy php. Kim tra v kim sot truy cp, c th ci t cnh bo cc hnh vi bt
thng. Cung cp bng NAT v s dng theo di gim st. Ci t mng ring o
(VPN) s dng c ch an ton IPSec. C th min dch trc.
Hn ch ca bc tng la
Khng bo v c cc tn cng i vng qua n, chng hn mng ln lt, thit b
modems. N ngn cn c cc t chc tin cy v dch v tin cy (SSL/SSH).
Khng bo v chng cc mi e da t bn trong, chng hn nh nhng nhn vin
bc tc hoc thng ng vi k xu. Khng th bo v chng vic truyn cc
chng trnh hoc file nhim virus, v c phm vi rt rng cc dng file v cc h
iu hnh
7.4.2 Bc tng la cc lc gi
L thnh phn ca bc tng la nhanh nht v n gin nht, l c s ca mi h
thng tng la. N kim tra mi gi IP (khng c ng cnh) v cho php hay t
chi tu theo qui tc xc nh. Suy ra c hn ch truy cp n cc dch v v cc
cng.
Cc ng li mc nh c th
o Rng khng cho php tc l cm
o Rng khng cm tc l cho php
action
block
allow
action
block
ourhost
*
OUR-GW
ourhost
*
port
*
25
theirhost
SPIGOT
*
port
*
theirhost
*
91
port
*
*
port
*
comment
we dont trust these people
connection to our SMTP port
comment
default
action
allow
action
allow
allow
action
allow
allow
allow
ourhost
*
src
{ourhost}
*
src
{ourhost}
*
*
port
*
port
*
25
port
*
*
*
theirhost
*
dest
*
*
dest
*
*
*
port
25
*
port
*
*
>1024
port
25
flags
ACK
flags
ACK
comment
connection to their SMTP port
comment
our packets to their SMTP port
their replies
comment
our outgoing calls
replies to our calls
traffic to nonservers
Tn cng cc lc gi
a ch IP la o: gi a ch ngun lm cho tin tng, b sung b lc ln mch
chuyn ngn chn.
Tn cng mch truyn gc: k tn cng t c truyn khc vi mc nh, ngn
chn cc gi truyn gc
Tn cng cc on tin (fragment) nh. Chia thng tin phn u thnh mt s on
nh. Hoc b qua hoc sp xp li trc khi kim tra
Bc tng la cc lc gi trng thi
Lc gi truyn thng khng kim tra ng cnh ca tng cao hn, tc l snh cc
gi v vi dng chy ra. Lc gi trng thi hng n yu cu . Chng kim tra
mi gi IP trong ng cnh: gi vt theo di vi cc k client-server, kim tra tng
gi ng thuc vo mt phin. Suy ra c kh nng tt hn pht hin cc gi gi
tch khi ng cnh.
7.4.3 Bc tng la cng giao tip tng ng dng (hoc proxy)
C cng giao tip chuyn dng cho ng dng proxy (ngi c u quyn).
C truy cp y n giao thc
o Ngi s dng yu cu dch v t proxy
o Proxy kim tra cc yu cu c hp l khng
o Sau x l yu cu v tr li cho ngi s dng
o C th vo/theo di vn chuyn tng ng dng
Cn cc proxies khc nhau cho mi dch v
o Mt s dch v h tr mt cch t nhin proxy
o Nhng loi khc th cn gii quyt mt s vn
92
7.4.5 My ch Bastion
H thng my ch an ton cao. Chy cng giao tip mc ng dng v mch vng.
Hoc cung cp cc dch v truy cp bn ngoi. C tim nng th hin cc yu t
ca my ch. V an ton bn vng, nn h iu hnh nng n hn, cc dch v
chnh, b sung xc thc, proxies nh, an ton, c lp, khng c quyn.
C th h tr 2 hay nhiu hn kt ni mng v c th c tin cy p buc
chnh sch tch bch tin cy gia cc kt ni mng.
Cu hnh bc tng la (Firewall Configurations)
93
94
95
Cu hi v bi tp
1. Lit k v phn loi cc phn mm c hi v cc bin php phng chng.
2. Phn tch cc k thut xm nhp h thng v cch phng nga.
3. Nu cc bin php tng cng an ninh, bo mt my tnh c nhn da trn cc
phn mm thng dng hin c.
4. Mc ch yu cu ca vic xy dng bc tng la. C nhng loi bc tng
la no.
5. Nu cch thit lp bc tng la s dng cng c h tr trong h iu hnh.
6. Phn tch cc li trn b nh c th xy ra, nu nguyn nhn.
7. Tm hiu cc yu cu lp trnh an ton.
8. Trnh by mt s m hnh h thng my tnh tin cy.
96
K hiu
Din gii
ACL
AES
AH
CA
CERT
CRL
CSDL
C s d liu
CNTT
CSHT
C s h tng
10
CBC
11
CFB
12
DBA
13
DES
14
DNA
15
DSA
16
DSS
17
ECB
97
18
ECC
19
ESP
20
FIPS
21
IDEA
22
IPKI
23
KDC
24
LAN
25
MD
26
NAT
27
PKCS
28
PKI
29
PGP
30
RSA
31
SET
32
SHA1
33
SMTP
34
SOAP
98
35
SSL
36
TLS
37
UID
38
TTP
39
URL
40
VPN
41
WAN
42
WTLS
99
Tn ti
Phng php m bo an ninh trn b TCP/IP, IPSEC
H thng firewall
Trnh by v IDS, IPS
Tm hiu mt s h thng x l thng tin theo di, phn tch, cnh bo s c an ton
mng quc t (SIEM, threat-management-system-datasheet (TMS)
Tm hiu h thng AlientVault Open Source SIEM (OSSIM)
6.
Trnh by v cc hnh thc tn cng vo h thng thng tin doanh nghip ph bin hin
7.
nay
Trnh by v cc bin php phng chng tn cng bng phn cng c phn phi v
8.
9.
10.
11.
12.
13.
14.
15.
Trnh by v SSL
Trnh by v SET v WEP
Trnh by v cc l hng ph bin trn Website hin nay
Trnh by v virus v worm
Trnh by cc im yu trong cc h thng thng tin hin nay
Trnh by v Trojan
Trnh by v DoS, DdoS, DRDoS
16. Trnh by v nguyn tc hot ng v c ch pht hin, ngn chn ng thi gii thiu
mt s chng trnh dit Virus ph bin hin nay
100
101