TRUYN V BO MT THNG TIN

Cu 1: Trnh by mt s nguy c v him ha i vi h thng thng tin. Tr li (ci ny l ca P t son. Cc bn c th lm theo gio trnh trang 6 ) - Nguy c do thm ho bt ng: Ha hon, Lt li, ng t, Bo ln, Khng b tn cng, Bo lon, t l, Tuyt l, Tai nn lao ng - Nguy c do s c my tnh v c thit b phn cng: S c ngun in, Hng phn cng, S c Mng my tnh- Cc thit b ni Mng, hng H thng iu khin mi trng vn hnh thit b hng - Nguy c do con ngi: o V ph hoi: Nhng ngi thiu hiu bit v h thng thng tin, v tnh vc ph. o C ph hoi: Hacker, cracker, ti phm my tnh, tnh bo cng ngh cao, gin ip c chnh ph u, ti tr, khai thc da trn s quen bit, quan h vi ngi trong t chc. Cao hn l dng cc k thut nh la, nhm ly cc ti khon h thng. nhng nhn vin khng hiu bit r v h thng thng tin thng rt d b khai thc, nhn vin bt mn hin thi, nhn vin c c him khch, bt mn, khng b cng nh cao, pht ng cc cuc chin trn khng gian o, nhn vin khng trung thc (l nn nhn hoc nhn t lt bn thng tin, tit l thng tin), xm nhp trc tip vo h thng thng tin di ng. Cu 2: Khi bn gi mt bc th vi nhng ni dung nhy cm cho bn ca bn, c nhng vn g v bo mt thng tin cn c xt n. Tr li - Bc th b hacker chp c trn qu trnh l thng trn ng truyn v b sa i ni dung thng tin trong l th. - Bc th b v tnh b gn virus vo (bn thn ngi gi khng nh km Virus nhng do my tnh gi b nhim hoc do hacker chp c v gn thm virus) - Tnh chng t chi gc, chng t chi ca ngi gi. Cu 3: Trong xc thc HTTP c mt l hng gi l man in the middle (MITM). MITM l vn ln i vi nhiu th tc v thut ton m ho. tng chnh ca MITM l k tn cng ngi gia client v server. Anh ta theo di hoc sa cc cuc trao i gia h. Trong xc thc HTTP k tn cng c th l proxy th ch hoc tho hip. Vn chnh y l xc thc, mi bn c th tng ang ni chuyn vi bn kia, trong khi thc t ang ni chuyn vi k tn cng. Trong th tc http client v server cn phi tha thun v cc thut ton xc thc m hai bn dng. Hy phn tch lm th no k tn cng c th vt qua c th tc xc thc Tr li: - K thut tn cng Man In The Middle hay c s dng l: o Gi mo gi ARP o Gi mo DNS a. Gi mo ARP Trong c ch tn cng ny cc attacker s tin hnh Spoofing ARP Address ca cc my tnh tham gia truyn thng bt ly cc gi tin truyn trn mng. V d khi mt my tnh mun truy cp Mail Server bn ngai Internet cn phi gi thng tin xc thc n my ch mail thng qua h thng default gateway trn mng. Lc ny cc hacker computer s gi mo a ch ARP ca default gateway nh la client gi nhng
Page 1

thng tin xc thc cho mnh, sau mi chuyn chng n default gateway thc s v gi ra ngoi internet cho Mail Server. Nh vy cc hacker bt c cc d liu ring t ca ngi dng m khng b gy qu trnh truyn thng.

b. Gi Mo DNS Mi truy vn DNS c gi qua mng u c cha mt s nhn dng duy nht, mc ch ca s nhn dng ny l phn bit cc truy vn v p tr chng. iu ny c ngha rng nu mt my tnh ang tn cng ca Attacker c th chn mt truy vn DNS no c gi i t mt thit b c th, th tt c nhng g attacker cn thc hin l to mt gi gi mo c cha s nhn dng gi d liu c chp nhn bi mc tiu. Attacker s hon tt qu trnh ny bng cch thc hin hai bc vi mt cng c n gin. u tin, Attacker gi mo ARP cache thit b mc tiu nh tuyn li lu lng ca n qua host ang tn cng ca mnh, t c th chn yu cu DNS v gi i gi d liu gi mo. Mc ch ca kch bn ny l la ngi dng trong mng mc tiu truy cp vo website c thay v website m h ang c gng truy cp. C nhiu cng c khc nhau c th c s dng thc hin hnh ng gi mo DNS. r hn bn c th tham kho thm hnh tn cng bn di.

Page 2

Hnh 4: Tn cng gi mo DNS bng phng php gi mo DNS ID

Page 3

Cu 4: Nu cc kha cnh ca an ton thng tin, cho v d c th. Tr li: (cu ny mi ngi phn tch mi . C ra th lm cho n khc ti nha b con) - Con ngi: khi ni n kha cnh ny la ni n trnh v thc ca con ngi v vn an ton thng tin. Cho d cng ngh c h tr nhiu cng v nhiu gii php bo mt cao cp n u nhng bn thn ca mi ngi khng thc c tm quan trng ca bo mt v an ton thng tin th cng bng khng. V d: Mng Wifi ca cng ty A s dng cng ngh m ho WPA2 bo mt. Ch cho php nhng nhn vin cng ty vo. Nu nh cc nhn vin thc c vic bo mt th s gi kn c SharedKey (hay gi nm na l PassWifi). Nhng nu khng thc c th gp ai hi cng s cho ngi bit PassWifi th mi c gng bo mt tr thnh con s 0. Hoc bn mua mt thit b Accesspoint hng hiu cung cp tnh nng bo mt cc tt (v d Linksys by Cisco chng hn. Qu giu c.khakhaka) nhng bn li khng bit cch thit lp ch bo mt th cng nh khng. - Cng ngh: khi ni v kha cnh ny th phi bn n 2 yu t phn cng v phn mn v c 2 yu t ny gp li cng c th xem nh l c s h tng ca mt h thng thng tin. V mun xy dng mt h thng an ton v bo mt th i hi c 2 yu t ny phi h tr tt ln nhau. V 2 yu t h tr rt nhiu cho vic bo mt v an ton thng tin trong h thng. 2 vn ny cng c mi lin h kh cht ch vi nhau. V d: Cng ty A c hng phn mn Microsoft gii thiu tnh nng o ho trong Windows Server 2008 rt hay v rt bo mt nhng mun s dng c phin bn windows ny th i hi cu hnh phn cng kh cao v CPU phi c cng ngh o ho. Nhng cng ty A li s hu mt dn Server c cu hnh thp khng th s dng phin bn windows ny th cng nh chu. Ngc li nu c mt h thng phn cng mnh nhng li s dng nhng phin bn phn mn c khng khai thc c ht cng sut v tnh nng ca h thng phn cng th cng khng th lm cho h thng tr nn mnh, an ton, bo mt hn c V vy c c mt h thng mnh, an ton, bo mt th cn phi bit kt hp ph hp gia h thng phn cng v phn mn. - V qua ta cng thy c l 2 kha cnh va phn tch trn ng mt vai tr rt quan trng trong vn an toan thng tin. 2 yu t ny b sung v h tr cho nhau.

Page 4

Cu 5: Phn bit gia nh danh trn mng v c ch xc thc trn mng. Tr li: (cu ny li l tui t lm t dch. Ai lm theo th lm. Theo tui hiu th l vy nhng theo thy th ch c thy mi bit. KhaKakha) Identification: (nh danh) Qu trnh chng ta ng k mt ti khon trn mt website, mt ngn hng trc tuyn hay mt forums l thao tc chng ta nh danh chng ta trn mng. Cng ging nh nh danh mt my tnh hoc mt website trn mng th ngi ta s dng a ch IP hoc s dng Domain tham chiu n IP ca server cha website hay nh danh mt thu bao di ng th nh cung cp dch v s dng mt s in thoi (s thu bao). V qu trnh chng ta s dng thng tin Username & Password logon vo mt h thng no (Website, Forums, Domain, ngn hng trc tuyn.) l hon tt qu trnh nh danh trn h thng . Authentication: (Xc thc) l mt qu trnh xc nhn c im nhn bit ca ngi dng (Username v Password) qua quyt nh quyn truy nhp c s d liu v kh nng thc hin cc giao dch ca ngi . Vic xc thc thng thng qua tn truy nhp v mt khu(Username v Password) hay cc phng php phc tp hn nh chng thc s, ch k s... V d khi bn ng nhp vo mt forums th tin trnh xc thc din ra khi bn nhp vo ti khan bao gm username v password mn hnh ng nhp. V khi vo forums bn s c mt s c quyn nht nh i vi ti khon (vd: Admin, mod, user) Cu 6: Bn hy xut cc gii php cn thit m bo an ton cho th in t. - Tnh bo mt ni dung tin gi, xc thc ngi gi mu tin, tnh tan vn ca mu tin, hn na bo v khi b sa, tnh chng t chi gc, chng t chi ca ngi gi. Tr li: - bo m an ton cho th in t ta c th s dng mt s gii php sau: S dng ch k in t xc thc bc th in t gia ngi gi v ngi nhn. S dng cc thut ton m ho m ho ni dung bc th gi i nhm bo ton tnh ton vn v ni dung. Nu s dng cc chng trnh h tr gi v nhn mail nh MS. Outlook hay OutlookExpress th c gng s dng cc Secure Ports nh: POP3S 995, IMAPS 993, SMTPS 465 thay th cho cc ports km bo mt hn nh l: POP3 110, IMAP 143, SMTP 25 S dng Exiscan Scan SMTP time Anti-virus Anti-spam File extension blocking Regular expression blocking Exiscan h tr rt nhiu cng c ca cc hng bn ngoi khc nh: SpamAssassin, Sophos/sophie, Kaspersky, ClamAV, Brightmail, generic. Gii php ny nhm mc ch bo v cc bc th khng c Virus v khng nh km c cc file c phn m rng khng an ton nh *.exe hay *.msi

Page 5

Cu 7: Nu cc yu cu bo mt, xc thc, ch k in t ca h thng th n t. (cu ny khng chc lm. Bit sao th lm vy thi. L sai ng c m heheheh) Yu cu: Xc thc thng bo s bo v hai thnh vin (trao i cc thng bo qua thnh vin th ba). Tuy nhin, hai thnh vin khng bo v ln nhau. V d, gi thit A gi mt thng bo c xc thc cho B. C th xy ra mt s dng tranh chp gia hai thnh vin nh sau: B c th lm gi mt thng bo khc v tuyn b rng thng bo ny c ngun gc t A. Mary c th to ra mt thng bo v gn m xc thc mt cch n gin bng kho chung ca h. A c th chi b gi thng bo. V B c th lm gi thng bo v v vy khng c cch no chng minh A gi thng bo. Cc tranh chp xy ra do gia ngi gi v ngi nhn khng c s tin cy tuyt i. Gii php hiu qu nht cho vn ny l ch k s. Ch k s tng t nh ch k bng tay. N phi c mt s tnh cht nh sau:

C kh nng xc thc tc gi v thi gian k. C kh nng xc thc cc ni dung ti thi im k. Cc thnh vin th ba c th kim tra ch k gii quyt cc tranh chp.

V vy, chc nng ch k s bao hm c chc nng xc thc. Da vo cc tnh cht c bn ny, chng ta c th a ra cc yu cu sau y i vi mt ch k s:

Ch k phi l mt mu bit ph thuc vo thng bo c k. Ch k phi s dng mt thng tin duy nht no t ngi gi, nhm ngn chn tnh trng lm gi v chi b. To ra ch k s d dng. D dng nhn ra v kim tra ch k s. Kh c th lm gi ch k s bng cch to ra mt thng bo mi cho mt ch k s hin c, hoc to ra mt ch k s gi cho mt thng bo cho trc. Trong thc t, cn phi lu gi mt bn sao ca ch k s.

C rt nhiu hng tip cn c xut cho ch k s. Cc hng tip cn ny chia thnh 2 loi: ch k s trc tip v ch k s ca thnh vin th ba. a. Qu trnh m ho th in t (tham kho nha. L c hi th chp vo.bit u thy khng hi my cu thy cho m hi vn lin quan n th e.. hehehe)

Page 6

Hnh 10.15 th hin quy trnh m ha th in t. Gi s A mun gi mt thng ip in t b mt cho B v gi s A c c kha cng cng ca B (c th do B trao i trc tip cho A hay thng qua chng nhn kha cng cng ca B). o Giai on 1 M ha thng ip bng mt phng php m ha i xng an ton: My tnh ca A s pht sinh ngu nhin kha b mt K c s dng m ha ton b thng ip cn gi n cho B bng phng php m ha i xng an ton c chn. o Giai on 2 M ha kha b mt K bng mt phng php m ha bt i xng s dng kha cng cng ca B. o Ni dung thng ip sau khi m ha giai on 1 cng vi kha b mt K c m ha giai on 2 s c gi cho B di dng mt bc th in t. b. Qu trnh gii m th in t(tham kho nha. L c hi th chp vo.bit u thy khng hi my cu thy cho m hi vn lin quan n th e.. hehehe)

Page 7

Hnh 10.16 th hin quy trnh gii m th in t. o Giai on 1 Gii m kha b mt K: B s dng kha ring ca mnh gii m kha b mt K bng phng php m ha bt i xng m A dng m ha kha K. o Giai on 2 Gii m thng ip ca A: B s dng kha b mt K gii m ton b thng ip ca A bng phng php m ha i xng m A dng. c. Nhn xt nh gi S dng k thut trn y, ngi gi th c th yn tm rng bc th ca mnh ch c th c gii m bi ngi nhn hp l, bi v ch c ngi ny mi c c m kha ring gii m c kha b mt K v t gii m c ni dung ca thng ip. Cu 8: Phn tch mt s k thut xm nhp h thng v cch phng nga. (make by me, if it's wrong, I'm not responsible) a. Xm nhp vo my tnh c nhn: - Khi bn mun xm nhp vo mt my tnh no th lun gp mt s tr ngi nh cn phi ng nhp bng Username v password ca windows, password BIOS, hoc mt s password ca mt s phn mm bo mt khc. Vi Active Password Changer, bn hon ton c th b gy Password ca Windows mt cch d dng. B gy Password BIOS: * Loi b password BIOS bng chng trnh hp ng trong Debug T du nhc lnh ca mn hnh DOS, nhp ch Debug, sau nhp vo on m sau:

Page 8

Debug -A mov ax,0 mov ax,cx out 70,al mov ax,0 out 71,al inc cx tb 103 int 20 q ( thot khi debug). b. K thut MITM (Man in the midle) K thut gi mo ARP : Nguyn tc v k thut: (ging cu 3) Phng chng gi mo ARP: M ha ARP Cache: Mt cch c th bo v chng li vn khng an ton vn c trong cc ARP request v ARP reply l thc hin mt qu trnh km ng hn. y l mt ty chn v cc my tnh Windows cho php bn c th b sung cc entry tnh vo ARP cache. Bn c th xem ARP cache ca my tnh Windows bng cch m nhc lnh v nh vo lnh arp a. C th thm cc entry vo danh sch ny bng cch s dng lnh arp s <IP ADDRESS> <MAC ADDRESS>. Trong cc trng hp, ni cu hnh mng ca bn khng my khi thay i, bn hon ton c th to mt danh sch cc entry ARP tnh v s dng chng cho cc client thng qua mt kch bn t ng. iu ny s bo m c cc thit b s lun da vo ARP cache ni b ca chng thay v cc ARP request v ARP reply.

Kim tra lu lng ARP vi chng trnh ca hng th ba: Ty chn cui cng cho vic phng chng li hin tng gi mo ARP cache l phng php phn ng c lin quan n vic kim tra lu lng mng ca cc thit b. Bn c th thc hin iu ny vi mt vi h thng pht hin xm phm (chng hn nh Snort) hoc thng qua cc tin ch c thit k c bit cho mc ch ny (nh xARP). iu ny c th kh
Page 9

thi khi bn ch quan tm n mt thit b no , tuy nhin n vn kh cng knh v vng mc trong vic gii quyt vi ton b on mng. c. K thut nh la Social Engineering: Gii thiu: k thut nh la Social Engineering l mt th thut c c nhiu hacker s dng cho cc cuc tn cng v xm nhp vo cc h thng mng v my tnh. y l mt phng php kh ph dng v tnh n gin m hiu qu ca n. N thng c dng ly cp mt khu thng tin, tn cng vo v ph hu h thng. K thut: cc hacker s dng cc mnh kho la o chm ly thng tin ti khon v mt khu ca ngi dng, sau s dng n tn cng vo h thng. V d: Chng hn mt ngy no bn nhn c mt c in thoi. V bn kia u dy l mt ging ni cc k d thng thng bo dch v m bn ang s dng ti cng ty h ang gp trc trc vi ti khon ca bn v yu cu bn cung cp mt khu khc phc. Cch la ny tuy c v n gin v th thin nhng li rt c hiu qu c bit l i vi ngi dng Vit Nam (my bn nam d b zu lm n.khakhakha) Mt k thut la o khc cng kh ph dng l: Fake Email Login. V nguyn tc mi khi ng nhp vo hp th th chng ta phi in thng tin ti khon ca mnh gm Username v Password. Li dng iu ny cc hacker thit k mt trang Login ging ht nh trang login m bn hay s dng (yahoo, gmail, hotmail). Tuy nhin ch l trang web gi mo (Phishing) v tt c thng tin bn dng ng nhp vo h thng s c gi n hacker. (th l die ri.khakhakha) Bin php phng chng : Khng nn cung cp bt c thng tin ti khon ca mnh cho mt ai. Nu vic trao thng tin ti khon tht s cn thit th phi xc nh c ngi l ai, c ng tin hay khng Khi ang nhp vo cc trang webs hoc mailserver th nn cn thn xem k li ti thanh Address xem ng a ch cha (c th hacker s s dng mt da ch gn ging vi a ch tht vi d: gmail.org thay v gmail.com). Nn s dng cc giao thc bo mt khi duyt web: HTTPs Khi bn chat vi mt ngi no . H gi cho bn mt trang Web v ni vi bn l hy ng nhp vo y bng ti khon mail hay mt ti khon no ca bn th bn khng nn ng nhp khi cha xc minh c trang web c ang tin hay khng. V n c th l mt chiu cc hacker ly thng tin ca bn. (Be carefull! Khng l)

Page 10

Cu 9: Mc ch yu cu ca vic xy dng bc tng la. C nhng loi bc tng la no. Tr li: (cu ny t son. Dich t sch ting anh ra. Trong gio trnh ca thy a cng c, trang 117 122 ai mun dng ci no th dng cn p th p t tin vo chnh mnh. Tai cu ny mnh son nn ni cho qu m. khakhakha) - Mc ch ca vic xy dng bc tng la l: Ngn chn vic truy nhp tri php t bn ngoi vo mng nhm bo v ngun thng tin ni b, ti nguyn ca h thng v hn ch xm nhp. Yu cu: 1. Tt c cc kt ni t mng bn trong ra bn ngoi v ngc li phi i qua tng la 2. Ch nhng kt ni c thm nh (xc thc thng qua chnh sch an ton thng tin) th mi c i qua tng la 3. Bn thn h thng c min cc th tc kim sot Cc loi bc tng la. Packet Filtering Firewall: loi tng la ny s dng mt b quy tc, da vo cc chnh sch an ninh, kim tra a ch ngun, a ch ch, cc cng ra vo TCP, UDP, v Internet Control Message Protocol (ICMP), tiu ca gi tin ang c gi gia cc mng quyt inh l chuyn hoc kho cc gi tin. Proxy Firewall: c bit nh l mt application inspection server (ng dng thanh tra). Proxy server l mt phn mn ng dng c th cung cp vic chng thc chuyn tip cc gi tin gia mng ni b v mng bn ngoi. i vi mi dich v yu cu, n tp trung vo cng m dch v s s dng v do b lc lu lng cng s da vo cng m n s dng. Mt ci ProxyFirewall hot ng bng cch u tin chn mt yu cu t mt host (my) trn mang ni b sau chuyn n n ch - thng l mng internet. Nhng trc khi chuyn gi tin n ch th Proxy kim tra tiu v d liu ca mi gi tin tng phn vi chnh sch bo mt, thay th a ch IP ngun trong gi tin bng a ch IP ca chnh n v sau vt qua n i ra ngoi (mng Internet). Khi nhn c mt gi tin t mng bn ngoi proxy s kim tra gi tin, sau thay th a ch IP ch ca gi tin (chnh l a ch IP ca Proxy) bng a ch IP ca mt my trong mng ni b. V my ni b s khng nghi ng l ci gi tin c chuyn n t Proxy.

Page 11

Small Offce or Home (SOHO) Firewalls: Thng thng nh cung cp dch v Internet (ISP) cung cp (Router) thit b nh tuyn c bao gm lun tnh nng tng la (firewall). Tuy nhin, SOHO Firewall khc vi bc tng la m ISP cung cp. SOHO Firewall l tng i nh v nhiu ln khng tch bit vi router modem ca chnh n N kt ni mt vi my tnh c nhn trong nh hoc vn phng nh thng qua mt Hub, Switch, bridge, thm ch mt Router mt bn v kt ni vi mt modem bng thng rng. Chng rt d thit lp

Bn cch 3 loi tng la ni trn cn c mt s loi tng la khc m chng ta cn quan tm ti chng: Network Address Translation (NAT) Firewalls
Page 12

Dual-Homed.Firewall

Screened Host Firewalls

Page 13

Page 14

Cu 10: Phn bit Trojan / worm / virus / logicbomb l ci g ? Cho v d mi loi.

Trojan Trojan horse khng t nhn bn tuy nhin n ly vo h thng thng qua cc phn mn m n bm vo vi biu hin rt n ho nhng thc cht bn trong c n cha cc on m vi mc ch gy hi. Khi xm nhp thnh cng vo h thng Trojan c th la chn mt trong 3 phng thc gy hi: Tip tc thc thi cc chc nng ca chng trnh m n bm vo, bn cnh thc thi cc hot ng gy hi mt cch ring bit (v d nh gi mt tr chi d cho ngi dng s dng, bn cnh l mt chng trnh nh cp password) Tip tc thc thi cc chc nng ca chng trnh m n bm vo, nhng sa i mt s chc nng gy tn hi (v d nh mt trojan gi lp mt ca s login ly password) hoc che du cc hnh ng ph hoi khac (v d nh trojan che du cho cc tin trnh c hi khc bng cch tt cc hin th ca h thng) Thc thi lun mt chng trnh gy hi bng cch np di danh mt chng trnh khng c hi (v d nh mt trojan c gii thiu nh l mt ch chi hoc mt tool trn mng, ngi dng ch cn kch hot file ny l lp tc d liu trn PC s b xo ht) V d: Trojan horse, FTP trojan Worm L cc chng trnh c lp c kh nng t nhn bn, t tm cch lan truyn qua h thng mng (thng l qua h thng th in t). im cn lu y, ngoi tc hi thng ln my b nhim, nhim v chnh ca worm l ph cc mng (network) thng tin, lm gim kh nng hot ng hay ngay c hy hoi cc mng ny. Nhiu nh phn tch cho rng worm khc vi virus, h nhn mnh vo c tnh ph hoi mng nhng y worm c l mt loi virus c bit. V d: Worm ni ting nht c to bi Robert Morris vo nm 1988. N c th lm hng bt k h iu hnh UNIX no trn Internet. Virus L mt chng trnh my tnh c kh nng t sao chp chnh n t i tng ly nhim ny sang i tng khc(File, thit b lu tr, phn mn) v a s cc virus my tnh u mang tnh ph hoi v phc v cho cc mc nh su. Virus my tnh c nhiu cch ph hoi khc nhau: lm chm my tnh, xo cc d liu trn cng,. Logicbomb L chng trnh gi mt lc nhiu gi d liu cho cng mt a ch , lm ngp lt h thng , tt nghn ng truyn ( trn server ) hoc dng lm cng c khng b i phng V d: bom Mail

V d: Virus Boot Sector Virus file, W32.VomoC.PE

Page 15

Cu 11: Hy trnh by cc khi nim lin quan n Proxy (cu ny trong sch bo mt ca tui ghi sao tui g vo chng th. Khng bit ung khng na. tht l chn qua i m!) a. Khi nimProxy: - Proxy cung cp cho ngi s dng truy xut internet vi nhng host n. Nhng proxy server phc v nhng nghi thc t bit hoc mt tp nhng nghi thc thc thi trn dual_homed host hoc basion host. Nhng chng trnh client ca ngi s dung s qua trung gian proxy server thay th cho server tht s m ngi s dng cn giao tip. Proxy server xc nh nhng yu cu t client v quyt nh p ng hay khng p ng, nu yu cu c p ng, proxy server s kt ni vi server tht thay cho client v tip tc chuyn tip n nhng yu cu t clientn server, cng nh p ng nhng yu cu ca server n client. V vy proxy server ging cu ni trung gian gia server v client. b. Cc dng Proxy system Dng kt ni trc tip: Phng php u tin c s dng trong k thut Proxy l cho ngi dng kt ni trc tip n firewall proxy. Sau , proxy hi user i n a ch host hng n. l 1 phng php brute force s dng bi firewall 1 cch d dng v cng l nguyn nhn lm cho phng php ny khng c ph dng my. Trc ht, yu cu user phi bit a ch ca firewall. K tip , n yu cu user nhp vo hai a ch cho mi kt ni: a ch firewall v a ch ch hng n. Cui cng, n ngn cn nhng ng dng hoc nhng nguyn bn trn my tnh ca user. iu to s kt ni cho user. Bi v chng khng bit nh th no iu khin nhng yu cu c bit cho s truyn thng vi proxy. Dng thay i client: Phng php k tip s dng proxy setup phi thm vo nhng ng dng ti my tnh ca user. User thc thi nhng ng dng c bit vi vic to ra nhng kt ni thng qua firewall. User ng vi ng dng hnh ng ch nh nhng ng dng khng sa i. User cho a ch ca host hng ti. Nhng ng dng thm vo bit a ch firewall t files config cc b setup s kt ni n ng dng proxy trn firewall v truyn cho n a ch cung cp bi ngi s dng. Phng php ny rt kh hiu qu v c kh nng che du ngi s dng. Tuy nhin, cn c 1 ng dng client thm vo cho mi dch v mng l 1 c tnh tr ngi. Proxy v hnh: Mt phng php pht trin gn y cho php truy xut n proxy trong vi h thng firewall c gi l proxy v hnh. Trong m hnh ny khng cn c nhng ng dng thm vo vi user v khng kt ni trc tip n firewall. N s dng s iu khin ng i c bn, tt c s kt ni n mng bn ngoi c ch ng thng qua firewall. Nh nhng packet nhp vo firewall, t ng chng c i hng n firewall ang ch. Theo hng ny firewall thc hin rt tt vic gi nh host ch. Khi kt ni to ra firewall proxy, ng dng client ngh rng n c kt ni n firewall tht. Nu c php, proxy application sau thc hin hm proxy chun trong vic to kt ni th hai n server tht. Proxy lp ng dng c thc thi ti lp ng dng. N cung cp cho tng dch v ring v tng thch nhng dng lnh trong nghi thc . Mt circuit_level proxy to nn 1 circuit gia server v client khng cn phi interpret nhng nghi thc ny. Ni chung, proxy lp ng dng s dng modified client. to ra kt ni proxy, bn phi bit v tr no mun kt ni n. Mt cng hybrid n gin c th chn ng kt ni, nhng mt proxy host ch c th nht kt ni m ngh vi n, v phi ch ra v tr mun kt ni. Mt proxy cp ng dng c th nhn thng tin theo tng nghi thc ring. Mt proxy mc circuit khng th tng thch theo tng nghi thc m cn phi c thng tin h tr cho n thng qua mt cch thc no .
Page 16

Cu 12: Trnh by mt s l hng bo mt ca mng khng dy. - Ngi thit t mng khng thc hin m ho bo v mng khng dy. V vy ch cn my c card bt sng th c th gia nhp vo mng c. - Vn chnh ca mng khng dy l d liu c truyn trong mi trng khng kh dng sng radio. Trong mi trng ny, mi d liu truyn trn mng u c th b hacker thu nhn c. - Thut ton m ho WEP li thi v khng cn an ton na. Vic Hack d tm WEP Key ch tnh bng pht. (Khong 20 pht l mt ngi c kin thc v BackTrack c th Hack c WEP Key). - Cc cng ty thng t SSID l tn ca cng ty, t chc. iu ny gip cho Hacker c th d dng bit c mng no l mng ca cng ty, t chc m Hack mun hack ly thng tin. Cu 13: Nu mt s bin php thit lp an ninh cho mng khng dy. - Bo mt d liu trn ng truyn bng cc thut ton m ho. WPA2 (AES ) l phng php m ho tt nht hin nay , tip theo l WPA2 (TKIP) , WPA (AES) , WPA (TKIP) v cui cng l WEP. - Hin nay cc AccessPoint u h tr cc chc nng lc MAC Address ca cc thit b bt song Wireless. V vy nn dng cc chc nng ny cm hay cho php cc thit b kt ni v truy cp vo mng. - S dng c ch chng thc RADIUS xc thc cc client c v khng c quyn truy cp vo mng - n SSID hoc Disable DHCP server (gii php ny khng kh quan so vi tnh hnh thc t) Cu 14: Miu t ngn gn cc vai tr m k thut mt m ca m ho/gii m, ng du, ch k s ng trong vic cung cp cc dch v an ton sau y Tnh tin cy Tnh vn ton d liu Xc thc ngun gc d liu Kim sot truy cp; v S cng nhn cc bng chng v ngun gc Tr li 1: (ci ny bc Qun nh ta lm. Tui cha kim tra tnh ng n, nhng theo bn Qun th l ng ri. Ai lm th lm. Ai c ci khc ng hn th share. LIFE IS SHARED) a) Mt ch k k thut s hoc phng n ch k s l mt chng trnh ton hc chng minh tnh xc thc ca mu tin k thut s hoc ti liu s. Mt ch k s hp l l mt l do tin rng ngi nhn tin nhn nhn c tin to ra bi mt ngi gi c bit n, v rng n khng b thay i. Ch k k thut s thng c s dng phn phi phn mm, giao dch ti chnh, v trong cc trng hp khc m iu quan trng l pht hin gi mo v sa cha. Ch k k thut s s dng mt loi mt m bt i xng. i vi tin nhn c gi thng qua mt knh khng an ton, mt ch k k thut s l l do tin tin nhn c gi bi ngi gi. Ch k s rt kh lm gi hn loi vit tay. b) C hai bn tham gia vo qu trnh thng tin u c th tin tng l vn bn khng b sa i trong khi truyn v nu vn bn b thay i th hm bm cng s thay i v lp tc b pht hin.

Page 17

Qu trnh m ha s n ni dung ca gi tin i vi bn th 3 nhng khng ngn cn c vic thay i ni dung ca n. c) Trong giao dch, mt bn c th t chi nhn mt vn bn no l do mnh gi. ngn nga kh nng ny, bn nhn c th yu cu bn gi phi gi km ch k s vi vn bn. Khi c tranh chp, bn nhn s dng ch k ny nh mt chng c bn th ba gii quyt. Tuy nhin, kha b mt vn c th b l v tnh khng th ph nhn cng khng th t c hon ton. e) chng thc kha cng khai (cn gi l chng thc s / chng thc in t) l mt chng thc s dng ch k s gn mt kha cng khai vi mt thc th (c nhn, my ch hoc cng ty...). Mt chng thc kha cng khai tiu biu thng bao gm kha cng khai v cc thng tin (tn, a ch...) v thc th s hu kha . Chng thc in t c th c s dng kim tra mt kha cng khai no thuc v ai. cc nh cung cp dch v chng thc ch k s (t chc CA). y l t chc cung cp cc cp kha cng khai v b mt, xc minh tnh chnh xc, an ton ca ngi s dng, m bo tnh xc thc ca ngi gi, tnh ton din (khng b thay i) ca thng ip c gi. Tr li 2: (Tham kho t nhm khc. Nu tin tng bc Qun th lm cch trn cn khng thi lm theo cch di. Tu cc bc nha,) Tnh tin cy: s tin cy tt l RSA (thut ton m cng khai) s bo tr di ca chng trong tng lai trn thc t l s gia tng rt nh trong kch c ca cc mun a ra dn n s gia tng mnh trong yu cu phn tch tha s ca n ( khi quy tc ngn tay ci, vi cc thut ton phn t ch tha s hin ti , tng kch c ca cc mun bng ba k s gp i s phc tp phn tch tha s ca n). Gi s, v d chng ta xut mt cht v cng ngh Manasse v Lenstra v gi nh rng mt mun 150- k s c th c phn tch tha s trong mt thng . Nu chng ta to mt s m rng cc c mun tng i va phi cho 200 hoc 250 k s, thi gian yu cu thc hin s phn tch thnh tha s ging vi cng ngh c trnh by trong bng 4-1. N c th c xem nh l s pht trin gp mi, gp trm, hoc thm ch gp nghn ln trong cng ngh m c th d dng m c bi mt s gi tng n thun trong c ca mun.V vy, RSA c an ton, by gi hoc tng li, mt cch n gin l to mt la chn nhy cho kch c mun. *Tnh ven ton d liu v/hoc s xc nhn ngun gc d liu: cc thng tin c th c cung cp nh sau. Ngi sng to tin nhn pht sinh, s dng tt c cc bit d liu trong ni dung tin nhn, mt ph lc c truyn theo tin nhn . Ngi nhn tin nhn kim tra ni dung tin nhn nhn v ph lc tn ti trc khi nhn ni dung tin nhn khi ang xc thc. *kim sot truy nhp: +Thng xuyn phn tch v kim tra cc log file,t liu ha h thng v qun l cu hnh, lm sch h thng + Ti u ha cu hnh thit b v mng, ng cc dch v khng s dng + sao lu thng k k c cu hnh phn cng, phc v qu trnh sao lu phc hi sau tn cng + s dng cc cng c kim sot truy cp (IDS) chuyn nghip (VD CISCO ID4210 hoc IS) Tnh khng th ph nhn Trong giao dch, mt bn c th t chi nhn mt vn bn no l do mnh gi. ngn nga kh nng ny, bn nhn c th yu cu bn gi phi gi km ch k s vi vn bn. Khi c tranh chp, bn nhn s dng ch k ny nh mt chng c bn th ba gii quyt. Tuy nhin, kha b mt vn c th b l v tnh khng th ph nhn cng khng th t c hon ton.

Page 18

Cu 15: Miu t nhng khc nhau c bn gia h thng mt m i xng v h thng mt m kho chung. Cc h thng mt m i xng c s dng ph hp nht cho nhng mc ch no? Cc h thng mt m kho chung c s dng ph hp nht cho nhng m ch no? Tr li 1: (ci ny bc Qun nh ta lm. Tui cha kim tra tnh ng n, nhng theo bn Qun th l ng ri. Ai lm th lm. Ai c ci khc ng hn th share. LIFE IS SHARED) a. So snh H thng mt m i xng M ha i xng l tt c nhng gii thut m ha ch s dng mt kha trong vic m ha v gii m. V d: DES , 3DES , AES , RC5 , IDEA v..v. iu kin cn ca nhng gii thut ny l : 1: Khi mt ngi no c c mt hay nhiu chui bit c m ha , ngi cng khng c cch no gii m c mu tin ban u , tr khi ngi bit c "secret key" dng cho m ha. 2: Secret key phi c trao i mt cch an ton gia hai party tham gia vo qu trnh m ha. H thng mt m kho chung M ha bt i xng l nhng gii thut m ha s dng 2 kha : public key v private-key. Hai kha ny c mt mi lin h ton hc vi nhau. M ha bng kha ny th ch c th gii m bng kha kia

b. Cc h thng mt m i xng c s dng ph hp nht cho nhng mc ch no? Cc h thng mt m i xng c thi gian lp m v gii m nhanh v vy thng c s dng cho vic m ho mt khi d liu ln c. Cc h thng mt m kho chung c s dng ph hp nht cho nhng m ch no? Cc h thng mt m kho chung thng c s dng bo mt qu trnh truyn key ca mt m i xng. N cung cp bo mt cho qu trnh truyn thng tin bng Email v bng cc dch v: Authentication, Integrity, Protection, v nonrepudiation. Tr li 2: (Nhm khc lm. Tham kho thm nha. Thich chn cu tr li no th chn) Mt m kha i xng: Ch dng mt kha dng chung cho c ngi nhn v ngi gi. Gi c b mt ni dung trao i, nhng bn than mu tin khng mang thng tin xc thc ngi gi Mt m kha dng chung Dng 2 kha mt kha ring v mt kha cng khai l kha khng i xng v nhng ngi m ha v kim chng ch k khng th gii m hoc to ch k H m kha i xng:Kho phi c gi b mt trc, trong khi, v sau protocol, mt khc thng bo s khng gi an ton trong thi gian di. Tm li, h mt m i xng c mt vi vn nh sau : u kho b tn thng (do nh cp, d on ra, khm ph, hi l) th i th l ngi c N kho, anh ta c th gii m tt c thng bo vi kho . Mt iu rt quan trng l thay i kho tun t gim thiu vn ny. Nhng kho phi c tho lun b mt. Chng c th c gi tr hn bt k thng bo no c m ho, t s hiu bit v kho c ngha l hiu bit v thng bo.
Page 19

S dng kho ring bit cho mi cp ngi dng trn mng vy th tng s kho tng ln rt nhanh ging nh s tng ln ca s ngi dng. iu ny c th gii quyt bng cch gi s ngi dng mc nh, nhng iu ny khng phi l lun lun c th. H m ho s dng kho cng khai. Vi nhng s m t trn c th ngh rng thut ton i xng l an ton. Kho l s kt hp, mt vi ngi no vi s kt hp c th m s an ton ny, a thm ti liu vo, v ng n li. Mt ngi no khc vi s kt hp c th m c v ly i ti liu . h bao gm hai kho khc nhau, mt kho l cng khai v mt kho kia l kho b mt. Bt k ai vi kho cng khai cng c th m ho thng bo nhng khng th gii m n. Ch mt ngi vi kho b mt mi c th gii m c. Chng ta hy cng xem xt iu g s xy ra nu my Client mun gi thng bo m ho ti cho Server. 1. Client v Server ng s dng mt h m ha. 2. Client v Server thng nht kho vi nhau. 3. Client ly bn r v m ho s dng thut ton m ho v kho. Sau bn m c to ra. 4. Client gi bn m ti cho Server. 5. Server gii m bn m vi cng mt thut ton v kho, sau c c bn r. * Vi thut ton i xng, Client v Server c th thc hin bc 1 l cng khai, nhng phi thc hin bc 2 b mt. Kho phi c gi b mt trc, trong khi, v sau protocol, mt khc thng bo s khng gi an ton trong thi gian di. Chng ta hy cng xem xt khi my Client gi thng bo ti Server s dng h m ho cng khai. 1. Client v Server nht tr s dng h m ha cng khai. 2. Server gi cho Client kho cng khai ca Server. 3. Client ly bn r v m ho s dng kho cng khai ca Server. Sau gi bn m ti cho Server. 4. Server gii m bn m s dng kho ring ca mnh. * h thng m ho cng khai gii quyt vn chnh ca h m ho i xng, bng cch phn phi kho. Vi h thng m ho i xng qui c, Client v Server phi nht tr vi cng mt kho. Client c th chn ngu nhin mt kho, nhng n vn phi thng bo kho ti Server, iu ny gy lng ph thi gian Cu 16: S khc nhau c bn gia qun l cc kho ca cc h thng mt m i xng v qun l cc kho ca h thng mt m kho chung? Tr li 1: (Phn ny c thm trong gio trnh trang 58 59, 67 68) h thng mt m i xng Ch c duy nht mt kho (Secret Key) dng m ho v kho ny phi c gi b mt h thng mt m kho chung Bao gm 2 kho Public Key v Private Key. M ha bng kha ny th ch c th gii m bng kha kia. V Public key th mi ngi cng bit v Private key th ch c ch nhn ca n mi bit.

Page 20

Phn loi kho Thng thng kho phn loi nh sau: Kho phin (section key): o Kho tm thi. o Dng m ho d liu gia nhm ngi s dng. o Cho mt phin logic v sau b i. Kho chnh (master key): o Dng m cc kho phin. o Chia s gia ngi s dng v trung tm phn phi kho. Vn phn phi kho i vi mng ln i hi phn cp Trung tm phn phi kho KDC, nhng cn phi to tin cy cho nhau, gia ngi s dng vi Trung tm v cc Trung tm vi nhau. Thi gian sng ca kho b phn cn c hn ch cho an ton hn. S dng phn phi kho t ng thay mt ngi dng, nhng phi c h thng tin cy, cc kho cp pht c sinh ra cng ngu nhin cng tt. Cn phi c h thng phn phi kho phn tn v phn cp. ng thi cn h tr kim sot mc ch s dng kho.

Khng cn to mt knh an ton trao i kho. Vic qun l v chng nhn kho phi thng qua c quan c thm quyn

Phn phi kho M kho cng khai gip gii bi ton phn phi kho, y l nhu cu cp bch cn phi to ra mt c ch chia s kho trong mi trng thng xuyn trao i thng tin v thng xuyn thay i kho. N bao gm hai kha cnh sau: o Phn phi kho mt cch cng khai nhng m bo c b mt. o S dng m kho cng khai phn phi kho mt (cn kho mt dng m ho thng tin).

Tr li 2: (Nhm khc lm. Tham kho thm nha. Thich chn cu tr li no th chn) H thng mt m kha chung (m kha bt i xng, m cng khai) M kho cng khai gip gii bi ton phn phi kho, y l nhu cu cp bch cn phi to ra mt c ch chia s kho trong mi trng thng xuyn trao i thng tin v thng xuyn thay i kho. N bao gm hai kha cnh sau: o Phn phi kho mt cch cng khai nhng m bo c b mt. S dng m kho cng khai phn phi kho mt (cn kho mt dng m ho thng tin). Phn phi kho cng khai C th xem xt c s dng vo mt trong nhng vic sau: o Thng bo cng khai kho ca ngi s dng. o Th mc truy cp cng cng cho mi ngi. o Ch quyn kho cng khai, ngi nm gi kho cng khai. o Chng nhn kho cng khai, kho cng khai ca ngi s dng c ni c thm quyn chng nhn. H thng mt m i xng Phn phi kho S i xng i hi c hai i tc chia s kho b mt chung. Vn t ra l lm sao phn phi kho mt ny nh th no. Thng thng cc h mt thng b sp v b b kho trong s phn phi kho. i vi hai i tc A v B cho trc c mt s cch phn phi kho khc nhau:
Page 21

1. 2. 3. 4.

A la chn kho v truyn tay cho B i tc th ba c th chn kho v phn phi cho A v B A v B trao i trc c th dng kho trc m kho mi A v B trao i mt vi i tc th 3 l C, C chuyn tip gia A v B

Biu 5. Bng so snh tnh cht ca hai cng ngh m ho (phn ny tham kho thm l c r cu so snh gia 2 h thng m ny th lm.) Loi m M i xng M kho cng khai Cc yu cu Qu trnh m ho v gii m s dng cng Mt thut ton s dng mt cp kho khi khi s dng mt thut ton vi cng mt kho. m ho v gii m, mt kho c s dng khi m ha, kho cn li c s dng khi gii m. Ngi gi v ngi nhn phi s dng chung thut ton v kho. Cc yu cu Kha phi c gi b mt an ton Khng th gii m c thng bo nu khng c cc thng tin c gi tr khc. Cc thng tin v thut ton, cc mu bn m khng xc nh kho. Ngi gi v ngi nhn, mi ngi c mt kho trong cp kho. Mt trong hai kha phi c gi b mt. Khng th gii m c thng bo nu khng c cc thng tin c gi tr khc. Cc thng tin v thut ton, mt trong cc kho v cc mu bn m khng xc nh kho cn li.

Page 22

Cu 17. Ngi B mun s dng mt kho chung ca ngi A kim tra ch k tin nhn t ngi A. Xc thc c thm quyn duy nht m ngi B tin l Z. Kha chung ca ngi A do cp c thm quyn X cng nhn. Xc thc c thm quyn Y chun b chng nhn kho chung ca X, v Z c th chng nhn kho chung ca Y. Ngi B s cn chng nhn g? Ngi B nn thc hin s kim tra no i vi nhng giy chng nhn ny? Tr li: (ci ny tham kho tham kho t nhm khc. Khng phai tui son. hehehe) Chng nhn kho cng khai Chng nhn cho php trao i kho khng cn truy cp thi gian thc n Ch quyn th mc kho cng khai. lm vic chng nhn tri danh tnh ca ngi s dng vi kho cng khai ca anh ta v ng du v giy chng nhn trnh gi mo. Cc thng tin i km thng thng l chu k kim nh, quyn s dng, thi hn, Ni dung trn c k bi kho ring tin cy ca Ch quyn chng nhn (CA, Certificate Authority). Do kho cng khai ca CA c thng bo rng ri, nn chng nhn c th c kim chng bi mt ngi no bit kho cng khai ca Ch quyn chng nhn. Ch quyn kho cng khai y l bc ci thin tnh an ton bng kim sot cht ch tp trung vic phn phi kho t Th mc. N bao gm cc tnh cht ca mt Th mc nh nu phn trc v i hi ngi dng bit kho cng khai ca Th mc . Sau ngi dng nhn c bt k kho cng khai mong mun no mt cch an ton, bng cch truy cp thi gian thc n Th mc khi cn n kho. Tuy nhin yu cu truy cp thi gian thc l mt nhc im ca cch phn phi kho ny.(suy ngh vit thm)

Page 23