Professional Documents
Culture Documents
Ring 2/2006, thit hi ca cc v tn cng qua mng internet (TG) khong 80 t USD Vit Nam, 1 tun thit hi khong 2,8 triu USD tng ng 45 t VN (Ngun: VNCERT 2006)
2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
10/11/2007 11:17 PM
Cc t chc lin tc b tn cng bi nhng k c kinh nghim t bn trong v bn ngoi Cc loi tn cng ti cc t chc rt a dng S mt mt ti chnh t cc v tn cng c th l rt ln C th s dng kt hp nhiu cng ngh chng li cc v tn cng ny
(Nghin cu ca Computer Security Institute v FBI)
Website truy cp l xc thc v hp php Cc trang web v cc mu khai thng tin khng cha ng cc on m nguy him trong Thng tin c nhn c m bo b mt My ch, ni dung v cc dch v cung cp trn website khng b ph v Hot ng kinh doanh din ra u n, khng b lm gin on Thng tin trao i gia ngi s dng v t chc, khng b bn th ba nghe trm Thng tin trao i gia hai bn khng b bin i
T pha t chc
T hai pha
Tnh ton vn
D liu/thng tin khng b thay i khi lu tr hoc chuyn pht.
Khng ph nh
Cc bn tham gia giao dch khng ph nhn cc hnh ng trc tuyn m h thc hin
Tnh xc thc
Kh nng nhn bit cc i tc tham gia giao dch trc tuyn
Cp php
Xc nh quyn truy cp cc ti nguyn ca t chc
2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
10/11/2007 11:17 PM
Kim sot
Tp hp thng tin v qu trnh truy cp ca ngi s dng
Tnh tin cy
Ngoi nhng ngi c quyn, khng ai c th xem cc thng ip v truy cp nhng d liu c gi tr
Tnh ring t
Kh nng kim sot vic s dng cc thng tin c nhn ca khch hng
Tnh ch li
Cc chc nng ca mt website thng mi in t c thc hin ng nh mong i
Web server
Lu tr (CSDL)
Tn cng k thut
Ch yu li dng s nh d c tin, km hiu bit hoc gy sc p tm l i vi ngi s dng Tn cng cc p lc x hi: loi tn cng khng s dng cng ngh m s dng cc p lc x hi la ngi s dng thc hin cc vic c hi n mng my tnh hoc tn hi quyn li c nhn
2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
10/11/2007 11:17 PM
S tn cng s dng phn mm v cc h thng tri thc hay kinh nghim chuyn mn tn cng vo cc h thng
Virus
Mt on m phn mm t xm nhp vo mt my ch, bao gm c h iu hnh, nhn ln; n yu cu cc chng trnh ca my ch khi chy phi kch hot n
Su my tnh (worm)
Mt chng trnh phn mm c chy mt cch c lp, chi phi nhiu ti nguyn ca my ch cho n v n c kh nng nhn ging ti cc my khc
2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
10/11/2007 11:17 PM
Hacker l ngi xm nhp bt hp php vo mt website hay h thng cng ngh thng tin m h c th xc nh r
Hacker m trng Hacker m en Hacker m xanh/samurai Hacker m xm hay m nu
Tc hi do tin tc gy ra
Mt nim tin ca khch hng cng vi danh ting bao nhiu nm gy dng, v tt nhin nh hng ti thu nhp, li nhun. Mt kh nng chp nhn mt kiu phng tin thanh ton no nh VISA, Mastercard. Thu nhp v li nhun gim t cc giao dch gi mo v thi gian cht ca nhn vin. Thi gian cht ca website khi phi ng ca mt trong cc knh bn hng quan trng sau v tn cng. Chi ph sa cha cc phn b ph hoi v xy dng k hoch phng bt trc cho website, ng dng web... Cc trn chin php l v nhiu vn lin quan t v tn cng vi mc bo mt lng lo, cc khon tin pht v tin bi thng phi tr cho nn nhn.
Website chodientu.com mt website TMT hp php lin tc b tn cng cp tn min v i giao din (9/2006)
This site was hacked again i din cho cng ng IT Vit Nam chng ti xin tuyn b. i vi Nguyn Ha Bnh: Nu mt ngy Nguyn Ha Bnh cha ng ra xin li th ngy chodientu sng khng c cht cng khng xong. Nu bo ch v cc c quan chc nng khng vo cuc, thanh tra nhng hot ng m m ca PS cng nh Nguyn Ha Bnh hacker s vo cuc.
V la o ca o Anh Tun tin hnh qua mng chim ot gn 20 triu ng ca cc thnh vin trn din n trc tuyn TTVNOL. ng dy lm gi th ATM do Nguyn Anh Tun cm u rt c s tin khong 2,6 t ng 235 website ca Vit Nam (.vn) b hacker nc ngoi tn cng. Trong c web ca B Thng mi - mot.gov.vn, B Ti nguyn Mi trngciren.gov.vn, B Khoa hc Cng ngh - oss.gov.vn
2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
10/11/2007 11:17 PM
Web site ca Ban Qun l d n DSM/EE - Cc iu tit in lc B Cng Thng hin vn ang b hacker tn cng
Loi tn cng bng cch gi mt s lng ln truy vn thng tin ti my ch khin mt h thng my tnh hoc mt mng b qu ti, dn ti khng th cung cp dch v hoc phi dng hot ng khng th (hoc kh c th) truy cp t bn ngoi
Gi yu cu http://www...
Tin tc
C nhn
Doanh nghip
CQ nh nc
Trng hc
Vin nghin cu
Nh cung cp DV
ng lot tn cng
H thng mc tiu
2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
10/11/2007 11:17 PM
K trm trn mng Mt dng ca chng trnh nghe trm, gim st s di chuyn ca thng tin trn mng Tn cng t bn trong doanh nghip Nhng mi e do bt ngun t chnh nhng thnh vin lm vic trong doanh nghip
Mt qu trnh x l c h thng xc nh cc loi ri ro an ninh c th xy ra v xc nh cc hot ng cn thit bo v hay gim bt cc tn cng ny 4 pha ca qu trnh qun tr an ton TMT
nh gi Ln k hoch Thc hin Theo di/ Kt lun
nh gi cc ri ro Xc nh cc e da no c th xy ra, e bng cc xc nh da no l khng cc ti sn, cc im d b tn thng ca h thng Xc nh mc ca cc bin php i ph v nhng e da i vi cho ph hp cc im ny
Cc cng ngh c chn i ph vi cc e do c u tin cao u tin la chn cc loi cng ngh c u tin cao
Loi no m bo/khng m bo v cn thay i Cc mi e do mi Trnh cng ngh hin ti B sung thm danh mc cc h thng cn bo v
2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
10/11/2007 11:17 PM
Cc k thut m ho
M ho Ch k in t Chng thc in t
H thng nhn dng cc bn tham gia l hp php thc hin giao dch, xc nh cc hnh ng ca h l c php thc hin v hn ch nhng hot ng ca h, ch cho nhng giao dch cn thit c khi to v hon thnh
H thng nhn dng xc nhn mt ngi bng cch nh gi ,so snh cc c tnh sinh hc nh du vn tay, mch mu mt, c im mt, ging ni hoc hnh vi Nhn dng vn tay
S khng lin tc ca du vn tay mt ngi, c chuyn i thnh dng s v lu tr nh cc mu dng nhn dng xc thc
Theo di nh bn phm: phn tch p lc, tc v nhp iu ca cc t c nh, chuyn thnh dng s v lu tr nh cc mu dng nhn dng xc thc (cch ny cha thc s pht trin)
2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
10/11/2007 11:17 PM
M ho l qu trnh xo trn (m ha) mt tin nhn, vn bn hay cc ti liu thnh vn bn, ti liu di dng mt m bt c ai, ngoi ngi gi v ngi nhn, u khng th hoc kh c th c
Cc khi nim
Bn gc hay bn r (Plaintext)
Mt mu tin/vn bn khng m ha v con ngi c th c
Bn m ho hay bn m (Ciphertext)
Mt bn gc sau khi m ha ch my tnh mi c th c
Kha (Key)
on m b mt dng m ha v gii m mt vn bn/mu tin
Mc ch ca k thut m ho
m bo an ton cho cc thng tin c lu gi, v m bo an ton cho thng tin khi truyn pht trn mng.
K thut m ho m bo
Tnh ton vn ca thng ip; Chng ph nh; Tnh xc thc; Tnh b mt ca thng tin.
Cc k thut m ho c bn
M ho bng thut ton bm (hm Hash) M ho kho b mt M ho kho cng khai
Hm hash (hm bm) l hm mt chiu m nu a mt lng d liu bt k qua hm ny s cho ra mt chui c di c nh (160 bit) u ra
V d, t "Illuminatus" i qua hm SHA-1 cho kt qu E783A3AE2ACDD7DBA5E1FA0269CBC58D. Ta ch cn i "Illuminatus" thnh "Illuminati" (chuyn "us" thnh "i") kt qu s tr nn hon ton khc (nhng vn c di c nh l 160 bit) A766F44DDEA5CACC3323CE3E7D73AE82.
2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
10/11/2007 11:17 PM
ng dng ca hm hash
Chng v pht hin xm nhp: chng trnh chng xm nhp so snh gi tr hash ca mt file vi gi tr trc kim tra xem file c b ai thay i hay khng Bo v tnh ton vn ca thng ip c gi qua mng bng cch kim tra gi tr hash ca thng ip trc v sau khi gi nhm pht hin nhng thay i cho d l nh nht To cha kha t mt khu To ch k in t.
M ho kho b mt
Gi l m ho i xng hay m ho kho ring S dng mt kho cho c qu trnh m ho (thc hin bi ngi gi) v qu trnh gii m (thc hin bi ngi nhn)
M ho kho b mt
2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
10
10/11/2007 11:17 PM
Mt kho n
Mt cp kho Mt kho b mt v mt kho cng khai Yu cu cc chng thc in t v bn tin cy th ba Chm M ho n l Khi lng nh Ch k in t
Ch k in t c to lp di dng t, ch, s, k hiu, m thanh hoc cc hnh thc khc bng phng tin in t, gn lin hoc kt hp mt cch l gc vi thng ip d liu, c kh nng xc nhn ngi k thng ip d liu v xc nhn s chp thun ca ngi i vi ni dung thng ip d liu c k.
(Lut Giao dch in t)
Chc nng ca ch k in t
L iu kin cn v quy nh tnh duy nht ca vn bn in t c th; Xc nh r ngi chu trch nhim trong vic to ra vn bn ; Th hin s tn thnh i vi ni dung vn bn v trch nhim ca ngi k Bt k thay i no (v ni dung, hnh thc...) ca vn bn trong qu trnh lu chuyn u lm thay i tng quan gia phn b thay i vi ch k
Ch k in t
(1) (2) Ngi gi ng dng hm bm
(3)
Thng ip gc
Thng ip rt gn
Ch k s
Thng ip gc v ch k s
Phong b s
(6) Ngi nhn gii m s dng kha ring ca ngi nhn
Phong b s
Ch k s
(7) Ngi nhn gii m s dng kha chung ca ngi gi
Thng ip rt gn mi
(9) So snh
Thng ip rt gn
2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
11
10/11/2007 11:17 PM
1. 2. 3.
To mt thng ip gc gi i S dng hm bm (thut ton my tnh) chuyn t thng ip gc thnh thng ip rt gn. Ngi gi s dng kha ring m ha thng ip s. Thng ip rt gn sau khi c m ha gi l ch k s hay ch k in t. Khng mt ai ngoi ngi gi c th to ra ch k in t v n c to ra trn c s kha ring Ngi gi m ha c thng ip gc v ch k s s dng kha cng cng ca ngi nhn. Thng c sau khi c m ha gi l phong b s ha Ngi gi gi phong b s ha cho ngi nhn
4.
5.
6.
Khi nhn c phong b s ha ngi nhn s dng kha ring ca mnh gii m ni dung ca phong b s ha v nhn c mt bn sao ca thng ip gc v ch k s ca ngi gi Ngi nhn s dng kha chung ca ngi gi gii m ch k s v nhn c mt bn sao ca thng ip rt gn gc (do ngi gi to ra, s c s dng i chng) Ngi nhn s dng hm bm chuyn thng ip gc thnh thng ip rt gn nh bc 2 ngi gi lm v to ra thng ip rt gn mi Ngi nhn so snh thng ip rt gn mi v bn copy ca thng ip rt gn gc nhn c bc 7; Nu hai thng ip rt gn trng nhau, c th kt lun ch k in t l xc thc v ni dung thng ip gc khng b thay i sau khi k
7.
8.
9.
Mt loi chng nhn do c quan chng nhn (Certification Authority - CA) (hay bn tin cy th ba) cp; l cn c xc thc cc bn tham gia giao dch; l c s m bo tin cy i vi cc giao dch thng mi in t
2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
12
10/11/2007 11:17 PM
Tng quan
Giao thc bo mt kt ni gia client v server Cung cp 1 ng hm vng chc d liu i qua. Tr thnh mt chun an ton truy cp d liu c h tr bi hu ht cc browser.
M hnh
L 1 giao thc vn chuyn c bit thm vo gia tng ng dng v tng giao vn Bo m tnh ring t v ton vn ca tt c d liu c truyn gia 2 hoc nhiu hn cc my tnh khi n trong mng
Lpdng kha ring v kha cng khai m ha v chng thc d liu S khe cm an ton (SSL)
Nhc im
Khng m bo ngi mua c xc thc vi ngi bn, nguy c ngi mua ph nhn giao dch. Thng tin ti khon ca ngi mua phi c gi ti ngi bn, nguy c l ti khon
2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
13
10/11/2007 11:17 PM
Tng quan
SET - giao thc c thit kt cung cp an ninh giao dch th tn dng trc tuyn cho c khch hng v doanh nghip Mt tp cc giao thc v nh dng bo mt cho php ngi dng s dng nn tng thanh ton bng th tn dng trn mt mng m nh Internet
Bn my tnh ngi gi
Message
Message Digest
+
Message
+ +
Senders Certificate
Receivers Certificate
Encrypt Receivers Key E - xchange Key Prentice Hall, 2000 Digital Envelope
Message
Message Digest
+ +
Senders Certificate
compare
Decrypt Digital Signature Senders Public Signature Key Prentice Hall, 2000 Message Digest
2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
14
10/11/2007 11:17 PM
Nhc im
Yu cu thay i ln trong nn tng thanh ton hin ti. Yu cu thay i trong phn mm, phn cng t tin. Yu cu ny c th chp nhn c i vi cc cng ty, ngn hng pht hnh th tn dng, song kh chp nhn i vi khch hng cng nh cc ca hng. Yu cu mt h tng PKI da trn s c mt ca CA. Cc t chc ti chnh phi tr thm chi ph ci t v duy tr PKI phi c tr cho CA. Cc gii thut trn PKI l phc tp, tn km, tc chm (ngn hng yu cu 750 giao dch/giy trong khi SET mi ch t 1 giao dch/giy. Tc c th c ci thin vi vic s dng phn cng ->gi thnh tng cao.) Ch cp ti cc giao dch da trn thanh tan th (tn dng hoc n). Cc giao dch da trn ti khan vd: sc in t (e-check) khng c h tr trong SET L mt giao thc bo mt rt ton din nhng cng rt phc tp, SET cn c n gin ha c chp nhn bi mi t chc lin quan
Mt phn mm hoc phn cng tch bit mt mng ring vi mng cng cng cho php nhng ngi s dng mng my tnh ca mt t chc c th truy cp ti nguyn ca cc mng khc (v d, mng Internet), nhng ng thi ngn cm nhng ngi s dng khc, khng c php, t bn ngoi truy cp vo mng my tnh ca t chc
c im ca bc tng la
Tt c giao thng t bn trong mng my tnh ca t chc v ngc li u phi i qua ; Ch cc giao thng c php, theo qui nh v an ton mng my tnh ca t chc, mi c php i qua;
Khng c php thm nhp vo chnh h thng ny.
2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
15
10/11/2007 11:17 PM
Bc tng la (Firewall)
Q&A
2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
16