Professional Documents
Culture Documents
08/2012
Mc lc
A. Tng quan tnh hnh an ton an ninh thng tin.....................................................................................2 1. Mt s trch dn quan trng ng lu ............................................................................................2 2. L do v mc ch tn cng..............................................................................................................3 3. Cng c c s dng tn cng...................................................................................................4 4. Tn sut v phm vi tn cng............................................................................................................6 5. i ph ca cc quc gia..................................................................................................................6 6. Bi hc cho Vit Nam........................................................................................................................7 B. Gii thiu mt s tiu chun v an ton an ninh thng tin....................................................................8 1. Mt s tiu chun v h thng qun l an ninh thng tin ISMS ......................................................8 2. Mt s tiu chun cho in ton m my......................................................................................10 3. Mt s tiu chun theo m hnh kin trc an ninh d liu..............................................................14 C. Cc gii php, cng c v cc l hng thng gp.............................................................................16 1. Kin trc h thng thng tin truyn thng (CNTT TT)................................................................16 2. An ninh h tng h thng CNTT-TT...............................................................................................17 3. An ninh ng dng............................................................................................................................20 4. An ninh in ton m my (TM).............................................................................................20 5. An ninh thng tin d liu.................................................................................................................24 6. Chun ha nh mt bin php tng cng an ninh thng tin d liu.............................................24 7. Chun m l mt bin php m bo an ninh thng tin d liu......................................................25 8. M hnh chn an ninh khng gian mng.....................................................................................27 9. Ngun ca cc mi e da v dng cc l hng thng gp v an ninh ........................................29 10. Cc cng c an ninh......................................................................................................................33
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 1/47
08/2012
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 2/47
08/2012
5. Kch bn s dng b cng c to cc Zeus botnet phc v cho vic n cp tin trong cc ti khon ngn hng ca cc doanh nghip. 6. Kch bn tn cng ca Stuxnet.
2. L do v mc ch tn cng
1. V chnh tr: khng ch gin ip thu thp thng tin, m cn ph hoi c s h tng. a) Xung t gia cc quc gia: Israel Syria, Israel Palestine, Nga Estonia, Nga Georgia (tr thnh tiu chun), M cng lin qun Iraq, M cng Hn Quc - Bc Triu Tin, tranh chp du kh Venezuela nm 2002, M-Israel vi Iran. b) TQ v cc quc gia khc - 09/10/2009: hng chc v, nhiu quc gia, tn sut gia tng. V mng gin ip thng tin ln nht th gii t trc ti nay GhostNet: 103 quc gia, 1295 my tnh b ly nhim, ko di t 05/2007 n 03/2009. c) Tn cng vo hu nh tt c cc h thng mng ca cc lc lng v trang, nh mng dnh ring cho 2 cuc chin tranh m M hin ang tham chin, CIA, MI6, NATO, Hi qun n ; Cnh st Anh, d) Cc t chc c cho l mc an ninh an ton h thng cao nht b tn cng nh Thng vin M, Th tng c, c quan chng thc Israel, Qu tin t Quc t IMF, Chnh ph Canada, y ban Thng mi Lin bang M FTC, B T php M, C quan V tr Nht Bn, Phng Thng mi M, Lin hip quc, cc v tinh quan st ca M, e) Nm 2009 c d on thi gian chuyn t gin ip thng tin sang ph hoi: t 3-8 nm, trn thc t din ra nhanh hn th. Ngy 13/07/2010, su Windows Stuxnet c pht hin, da vo 4 li ngy s 0 trong Windows v cc li trong h thng kim sot gim st v thu thp d liu SCADA ca Siemens, lm hng hng ngn my li tm uranium trong cc c s ht nhn ca Iran, lm chm chng trnh ht nhn ca nc ny ti 2 nm. f) Cnh bo c vic ph hoi h tng c s: Cc h thng mng ti M: li in ([1], [2]), giao thng, ngn hng, pht thanh truyn hnh, ng st, cp thot nc ti Illinois v Texas, cung cp du kh, cng nghip ha cht. Thm nhp cc thit b kim sot cng nghip ti M tng t ngt, t 9 v nm 2009 ln 198 v nm 2011 vi 17 v nghim trng; Cc nc khc: li in c, li in Brazil, y t Anh g) Stuxnet - Duqu Flame: V kh khng th kim sot, cc phn mm dit virus bt lc khng d tm ra c chng; h) WikiLeaks. V ni ting v a ra hng lot cc ti liu mt ca B Quc phng v B Ngoi giao M lin quan ti hng lot cc quc gia trn th gii. 2. V kinh t: Gin ip thu thp thng tin, n cp thng tin s hu tr tu, n cp tin. a) Cc tp on ln: Sony, Honda, cc cng ty du kh, Lockheed Martin, Citibank, nh mng SK Communications - Hn Quc, Mitsubishi Heavy Industries - nh thu ca B Quc phng Nht Bn, v Aurora cui nm 2009 tn cng vo Google v hng chc hng ln khc ca M... b) Thng 08/2012, Kaspersky Lab pht hin mt virus mi do nh nc bo tr, Gauss, c lin quan ti Stuxnet-Duqu-Flame, chuyn theo di cc giao dch, d tm v n cp cc y quyn ng nhp v thng tin - d liu ngn hng trc tuyn, xut hin trong hng lot cc ngn hng ti Li bng, Israel v cc vng lnh th ca Palestine.
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 3/47
08/2012
c) Khu vc ngn hng - th tn dng: Global Payments vi 1.5 triu th, n cp tin t cc ti khon ngn hng ca cc doanh nghip va v nh 40 triu USD n thng 9/2009, 100 triu USD n thng 10/2009, v Citibank hng chc triu USD, th trng chng khon NASDAQ, n cp tin thng qua cc tr chi trc tuyn Trung Quc. d) Cc c quan chng thc s CA: Codomo, Diginotar, GlobalSign, StartSSL, lm Diginotar ph sn, e) Cc cng ty an ninh v t vn an ninh: Stratfor, Symantec... f) La o bn phn mm an ninh gi mo hay tn cng bng tnh dc tng tin... 3. Cc v lin quan ti Vit Nam: a) Thng 02/2012, BKAV b tn cng, nhiu d liu b ly cp. Trong khong t thng 11/2010 n thng 11/2011, Vietnamnet b tn cng lin tc, ly v xa i nhiu d liu, khng tm ra th phm. b) Cuc chin gia cc tin tc Vit Nam - Trung Quc ln th nht , 02-07/06/2011, hng trm (hng ngn) cc website ca c 2 bn b bi xu, nh sp, trong c cc website ca chnh ph. Chng no cn xung t Bin ng, chng cn chin tranh khng gian mng Vit Nam! c) Vit Nam phi ht sc cnh gic vi chin tranh khng gian mng, c bit i vi cc cuc tn cng vo cc c s h tng cng nghip sng cn kiu Stuxnet, c th t Trung Quc. d) GhostNet (s 2/103 nc trn th gii, ch sau i Loan, trn c M v n ), vi 130/1295 my tnh chy Windows b ly nhim (Symantec lm video m phng li cuc tn cng), mc ch gin ip thng tin chng li cc chnh ph, nhng g lin quan ti v ny???, Hin nay ra sao???; e) Conficker (Vit Nam ng s 1 th gii vi 13% s my b ly nhim theo OpenDNS); Botnet Windows nhim Conficker (c A+B ln C) ca cc ISP Vit Nam c ln nht th gii vi hn 5% khng gian a ch IP b ly nhim v vn ang t ly nhim. Trong Top500 th gii: VNN(2), Viettel(18), FPT(20), CMCTI (244), ETC(279), SCTV(302), SPT(398), VNPT(407) theo s liu thng 04/2012. f) Vit Nam c tn 5 trong s 10 botnet ln nht th gii vo nm 2009. Vit Nam xp v tr s 1 4 trong 5 botnet (theo mt bo co vo thng 06/2010). g) Ti Vit Nam c b cng t Zeus to ra cc botnet c hi. h) Nhy chut gi mo - s 1 th gii; i) Mua bn cc my tnh b ly nhim trong cc botnet trn th trng ti phm mng th gii, Vit Nam c gi mua vo 5 USD/1000 my v gi bn ra 25 USD/1000 my. j) Mn hnh en (Ti M, WGA [Windows Genuine Advantage] b a ra ta v b coi nh mt phn mm gin ip); Nay WGA c i tn l WAT (Windows Activation Technology).
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 4/47
08/2012
tnh), ly d liu kha an ninh t DRAM (Cold Boot). S dng cc phn mm c hi no vt RAM, nghe bn phm, ly nhim virus cho cc USB ly thng tin. b) Thit b vin thng: v thu thit b vin thng Anh, mi quan ngi ca M, Anh, n i vi cc thit b vin thng t cng ty Hoa V (Huwei) hay ZTE ca Trung Quc. c) Cc h thng nhng: cc my photocopy a chc nng ca Canon, Ricoh, Xerox, cc thit b ca CISCO, cc my in ca HP (Bom my in lm cho in ht giy, thm nhp mng qua my in) d) Cc thit b di ng: phn mm c hi ang gia tng nhanh. e) Th v u c th thng minh: B Quc phng M. 2. Phn mm
Xc sut li
a) Xc xut li c tnh theo: (1) H iu hnh, (2) Phn mm trung gian (Middleware), (3) Gii php; (4) Phn mm ng dng. V d, trong phn mm ngun m th li h iu hnh l t nht v tng dn theo cc con s trn (vi RHEL4.0 v 5.0 th li mang tnh sng cn l bng 0), cn lng ngi s dng h iu hnh l ln nht ri gim dn theo cc con s trn. (Xem bi H tr ngun m trn tp ch Tin hc v i sng, s thng 11/2009). Nhn ca h iu hnh ngun m GNU/Linux c ci tin, sng to lin tc vi tc khng th tng tng c cng l mt im rt quan trng. b) Ca hu c gi trong Windows v mt s h iu hnh thng mi khc v/hoc trong phn mm th in t Lotus Notes. c) Cc loi phn mm c hi vit cho Windows chim ti 99.4% - 99.5% tng s cc phn mm c hi c vit ra trn th gii, theo G-DATA. d) Tin tc tn dng khim khuyt ca cc phn mm ca Microsoft tn cng cc h thng mng trn khp th gii Windows, Exchange Server, Office, Wordpad, Internet Explorer... Cc phn mm khc cng b li dng tn cng, ph bin l ca Adobe Acrobat Reader, Adobe Flash, Quicktime, Firefox, AutoCAD, cc chng trnh SCADA v ICS trn Windows, chng trnh cp nht Windows, ...., cc mng x hi nh Facebook, Twitter...
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 5/47
08/2012
e) To ra cc botnet vi cc kch c t nh ti khng l, t hng trm cho ti hng chc triu my tnh b ly nhim chun b cho cc cuc tn cng qui m ln sau ny. f) Cc cng c m ha, cc chng thc s, cc phn mm dit virus b m m ngun. 3. Th trng mua bn cng c to m c, botnet a) Mua bn cc trung tm d liu, mua bn cc b cc cng c to m c hi, m ngun, xy dng cc botnet, phn mm an ninh gi mo; phn mm da nt (phishing) a ngi s dng vo by mua phn mm chng virus gi mo; b) Mua bn my tnh b ly nhim trong cc botnet theo vng a l vi cc thng tin b n cp i km, gi mua vo t 5-100 USD/1000 my b ly nhim cng d liu b n cp, gi bn ra t 25-100 USD. 4. S dng khng ng cch dn ti mt an ninh, mt d liu: v Sidekick. 5. Php nhn tin hnh tn cng: loi, mc cao nht l nhiu quc gia tham gia vo chin tranh KGM nh M, Israel, Trung Quc, Nga, Anh, ... lm bt dy cuc chy ua v trang cc v kh KGM trn ton cu, c kh nng bin KGM thnh vng chin s nng bng.
5. i ph ca cc quc gia
1. V ng li chnh sch: a) Hc thuyt chin tranh thng tin , c phng th ln tn cng, bt k v kh g, k c ht nhn; Chin lc v ANKGM (M, Anh v nhiu nc khc); K hoch phn ng (M). Din tp v ANKGM. Hip c cm ph bin v kh khng gian mng? b) T ch v cng ngh li. D n sn xut Chip (Trung Quc, n ), chy ua cc d n
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 6/47
08/2012
OS tng cng an ninh nh M (cho Android, Linux, Ethos), Trung Quc, chu u, c, hoc xy dng mi OS an ninh cho quc gia mnh (n , Nga, Brazil, Venezuela, Cuba ). Tt c cc OS u da trn GNU/Linux/Unix. c) Ngun m an ninh hn ngun ng v c l thuyt ln thc t do m ngun cng cp hn v c c s r sot lin tc ca cng ng cc lp trnh vin ton th gii. Linus Torvalds: Ni th t gi tr, hy ch cho ti m ngun. Hng lot chnh ph cc quc gia c nhng chnh sch s dng cng ngh m nh M (Chnh ph M), Canada, Anh, H Lan, an Mch, New Zealand, Malaysia, , Nga, Trung Quc, Brazil, n , Indonesia, Thailand, Philippine... Trn th gii, cc quc gia mnh nht v ng dng v pht trin PMTDNM l M, c, Php, Ty Ban Nha v c. Nm 2011: Th tng Nga Putin ra lnh cho cc c quan chnh ph Nga chuyn ht sang PMTDNM vo qu III/2014; Chnh ph Anh a ra Chin lc cng ngh thng tin v truyn thng ca Chnh ph, bt buc s dng cc tiu chun m, tng cng s dng PMTDNM bt k ni no c th; B Quc phng M a ra ti liu Pht trin cng ngh m. Nhng bi hc hc c, trong nhn mnh cc phn mm/h thng trong qun i v chnh ph s khng tn ti phn mm s hu c quyn ch ph thuc vo mt nh cung cp, ch c 2 loi l PMTDNM v PMNM chnh ph. Phng chm ca pht trin cng ngh m l: (1) Cng ng trc, cng ngh sau; (2) M l mc nh, ng ch khi cn thit; (3) Chng trnh ca bn khng phi l c bit, thm ch l trong cc d n phn mm/h thng qun s v CNTT. d) u t ln vo cc nghin cu v an ninh KGM. Sn xut cc v kh mi cho chin tranh khng gian mng: bom logic, cc thit b sng cc ngn t cc my tnh trong mng t xa; to cc botnet... 2. V t chc: B nhim lnh o ANKGM (M), cng c v xy dng lc lng chuyn mn (M, Anh, Hn Quc, Singapore), cc n v ng cu khn cp (CERT) quc gia, hp tc cc CERT v tham gia din tp gia cc quc gia, tng cng nhn lc v u t cho cc c quan chuyn trch (B An ninh Quc ni - DHS, Cc Tnh bo Trung ng - CIA, ...). 3. V nhn lc: Huy ng thanh nin, hc sinh, sinh vin. M t chc thi ly 10,000 nhn ti, Anh cng bc theo, B An ninh Quc ni M tuyn 1,000 nhn vin lm v an ninh khng gian mng. Trung Quc c "Qun i xanh", phong tro thanh nin Nga... Bn khng b cng tuyn ngi cho chin trang khng gian mng. 4. V thc tin trin khai khu vc dn s m bo an ninh cao a) Chuyn sang s dng cc h thng da trn GNU/Linux (Th trng chng khon New York, Tokyo, Lun n, ) b) Khng s dng Windows khi thc hin cc giao dch ngn hng trc tuyn (khuyn co ca Vin Cng ngh SAN, chnh quyn New South Wale c, chuyn gia an ninh mng ca t The Washington Post).v.v. c) Hng chc cng c an ninh t cc phn mm t do ngun m ([01], [02]). d) Khuyn co s dng PMTDNM, nhng nu buc phi s dng Windows, th hy tun th 10 li khuyn v an ninh.
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 7/47
08/2012
2.
3.
4.
5.
6. 7.
a) Khng cn c tip xc vt l ti cc mc tiu tn cng khi tn cng trn KGM. b) Cng ngh cho php cc hot ng din ra d dng xuyn bin gii nhiu nc. c) C th tn cng mt cch t ng, tc cao, s lng ln cc nn nhn cng mt lc. d) Nhng k tn cng d dng du mt. Nguy c ph thuc, mt kim sot hon ton: Vit Nam hin ang b ph thuc hon ton vo phn cng, h iu hnh, phn mm ng dng, c th s ph thuc nt c d liu. Hin vn cn c hi, d rt nh, thot??? a) Trc mt: Chun m v h iu hnh ngun m (Viettel, Google) l mc tiu s 1?. Cch chng virus tt nht l s dng h iu hnh GNU/Linux. Hin ti cc doanh nghip Vit Nam ng th 75/75 v cc hot ng lin quan ti ngun m theo nghin cu ca RedHat-Georgia thng 04/2009. b) Tng lai: H iu hnh, chip, cc thit b vin thng... Cn lm ch c CNTT. Cc lnh vc an ninh KGM cn tp trung quan tm a) y mnh phn tch KGM v cc kh nng cnh bo. b) Ci thin an ninh KGM mng cc h thng kim sot h tng. c) Tng cng kh nng ca cc c quan chuyn trch gip phc hi t ph hoi Internet. d) Gim thiu s khng hiu qu v t chc. e) Xc nh y cc hnh ng qua thc tin v an ninh KGM. f) Pht trin cc k hoch c th cho tng khu vc vi cc tiu ch v an ninh KGM. g) m bo an ninh cc h thng thng tin ni b. Tun th kin trc phn vng mng, tun th kim sot truy cp cc vng mng, tun th cc yu cu c bn m bo an ninh mng. Tun th chun an ninh mng, ng dng, nh b cc chun ISO/IEC 27K, trong c ISO/IEC 27032: Cc ch dn cho an ninh khng gian mng. Nhanh chng p dng cng ngh m. V chnh sch, chin lc: a) R sot li chnh sch v cc chun s dng trong cc HTTT nh nc, kin quyt s dng cc chun m; hng ti h iu hnh ngun m cng ng. b) R sot li chnh sch mua sm ca chnh ph, tip tc trin khai chnh sch v ng dng phn mm t do ngun m, a ra chnh sch ring cho an ninh KGM. c) Quy hoch an ton v an ninh s quc gia Quyt nh s 63/2010/Q-TTg V t chc v xy dng lc lng: a) Xy dng v cng c b my ph hp i ph vi an ninh KGM. b) Hc tp cc kinh nghim v an ninh KGM vn dng trong thc t ca Vit Nam. c) u t mnh m cho gio dc chun b nhn lc cho tng lai t hc sinh - sinh vin, vi cc k nng mi da trn cng ngh m, phn mm t do ngun m, cc sng kin bin cc tr chi in t thnh cc bi hc v an ninh. Phng nga cho bn thn, c bit vi cc my tnh xch tay, k c khi m ha c cng. Nng cao nhn thc cho ton x hi, cuc chin ca ton dn, cc CIO phi i u lm gng.
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 8/47
08/2012
1. ISO/IEC 27000:2009. Cc ISMS (Information Security Management System) - Cc nguyn l c bn v thut ng. 2. ISO/IEC 27001:2005. c t v ISMS. c TCVN ISO/IEC 27001:2009. 3. ISO/IEC 27002:2005. M thc hnh i vi Qun l An ninh Thng tin. 4. ISO/IEC 27003:2010. Ch dn trin khai ISMS. 5. ISO/IEC 27004:2009. Qun l an ninh thng tin - o lng. 6. ISO/IEC 27005:2008. Qun l ri ro an ninh thng tin. 7. ISO/IEC 27006:2007. Cc yu cu i vi cc c quan cung cp kim ton v chng ch cc ISMS. 8. ISO 27799:2008. Cng ngh thng tin trong y t - Qun l an ninh thng tin trong y t bng vic s dng ISO/IEC 27002. 9. ISO/IEC 27007:2011. Cc ch dn v vic kim ton ISMS. 10. ISO/IEC TR 27008:2011. Ch dn cho cc nh kim ton v kim sot ISMS. 11. ISO/IEC 27010:2012. Qun l an ninh thng tin i vi truyn thng lin lnh vc, lin t chc.
Cc tiu chun s c ban hnh trong thi gian ti
12. ISO/IEC 27013. Ch dn v trin khai tch hp cc ISO/IEC 20000-1 v ISO/IEC 27001 (d tho). 13. ISO/IEC 27014. Khung cng vic ch ng an ninh thng tin (d tho). 14. ISO/IEC 27015. Cc ch dn ca cc ISMS cho khu vc ti chnh v bo him (d tho). 15. ISO/IEC 27017. An ninh trong in ton m my (d tho). 16. ISO/IEC 27018. Quy phm cho cc kim sot bo v d liu i vi cc dch v in ton m my cng cng (d tho). 17. ISO/IEC 27031. Cc ch dn v tnh sn sng v ICT cho tnh lin tc ca cng vic (bn tho cui). 18. ISO/IEC 27032. Cc ch dn cho an ninh khng gian mng (CD). 19. ISO/IEC 27033. An ninh mng (d tho). 20. ISO/IEC 27034. An ninh cc ng dng (d tho). 21. ISO/IEC 27035. Qun l s c an ninh (d tho). 22. ISO/IEC 27036. Cc ch dn v an ninh thu ngoi lm (d tho). 23. ISO/IEC 27037. Cc ch dn v nhn din, thu thp v/hoc thu c v gn gi bng chng s (d tho).
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 9/47
08/2012
24. ISO/IEC 27039. La chn, trin khai v vn hnh cc h thng d tm thm nhp tri php - IDPS (Intrusion Detection [and Prevention] System) (d tho). 25. ISO/IEC 27040. An ninh lu gi (d tho). 26. ISO/IEC 27041. Ch dn cho vic m bo tnh bn vng v y ca cc phng php iu tra (d tho). 27. ISO/IEC 27042. Ch dn cho vic phn tch v gii ngha bng chng s (d tho). 28. ISO/IEC 27043. Cc nguyn tc v qui trnh iu tra bng chng s (d tho).
Cha c nhiu doanh nghip trn th gii c chng ch tun th cc chun ISO/IEC 27K v ISMS v rt tn km c th t c chng (c th ln ti hng trm ngn USD). Xem http://www.iso27001security.com/html/iso27000.html bit chi tit hn v h cc tiu chun ISO/IEC 27K.
Xc thc RFC 5246: Secure Sockets Layer (SSL)/ Transport Layer Tiu chun c ph chun & y Security (TLS); IETF Chp nhn ca th trng quyn RFC 3820: X.509 Public Key Infrastructure (PKI) Proxy Tiu chun c ph chun Certificate Profile; IETF RFC5280:Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile; IETF X.509 | ISO/IEC 9594-8: Information technology Open Tiu chun c ph chun systems interconnection The Directory: Public-key and Chp nhn ca th trng attribute certificate frameworks, ITU-T RFC 5849: Oauth (Open Authorization Protocol); IETF Tiu chun c ph chun Chp nhn ca th trng Chp nhn ca th trng Tiu chun c ph chun Chp nhn ca th trng
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 10/47
08/2012
Chng loi
Tnh trng
eXtensible Access Control Markup Language (XACML); Tiu chun c ph chun OASIS Chp nhn ca th trng Security Assertion Markup Language (SAML); OASIS Tiu chun c ph chun Chp nhn ca th trng FIPS 181: Automated Password Generator; NIST Tiu chun c ph chun Chp nhn ca th trng FIPS 190: Guideline for the Use of Advanced Authentication Technology Alternatives; NIST FIPS 196: Entity Authentication Using Public Key Cryptography; NIST Tnh mt Tiu chun c ph chun Chp nhn ca th trng Tiu chun c ph chun Chp nhn ca th trng
b RFC 5246: Secure Sockets Layer (SSL)/ Transport Layer Tiu chun c ph chun Security (TLS); IETF Chp nhn ca th trng
Key Management Interoperability Protocol (KMIP); Tiu chun c ph chun OASIS Chp nhn ca th trng XML Encryption Syntax and Processing; W3C Tiu chun c ph chun Chp nhn ca th trng FIPS 140-2: Security Requirements for Cryptographic Modules; NIST FIPS 185: Escrowed Encryption Standard (EES); NIST Tiu chun c ph chun Chp nhn ca th trng Tiu chun c ph chun Chp nhn ca th trng FIPS 197: Advanced Encryption Standard (AES); NIST Tiu chun c ph chun Chp nhn ca th trng FIPS 188: Standard Security Label for Information Transfer; NIST Tiu chun c ph chun Chp nhn ca th trng
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 11/47
08/2012
Chng loi
Tnh trng
Tnh ton XML signature (XMLDSig); W3C vn FIPS 180-3: Secure Hash Standard (SHS); NIST
Tiu chun c ph chun Chp nhn ca th trng Tiu chun c ph chun Chp nhn ca th trng
FIPS 198-1: The Keyed-Hash Message Authentication Code (HMAC); NIST Qun l Service Provisioning Markup nhn din WSFederation and WS-Trust Language
X.idmcc Requirement of IdM in Cloud Computing, ang pht trin ITU-T Security Assertion Markup Language (SAML); OASIS Tiu chun c ph chun Chp nhn ca th trng OpenID Authentication, OpenID Foundation Tiu chun c ph chun Chp nhn ca th trng FIPS 201-1: Personal Identity Verification (PIV) of Federal Employees and Contractors, NIST An ninh NIST SP 800-126: Security Content Automation Protocol (SCAP), NIST NIST SP 800-61 Computer Security Incident Handling Guide, NIST X.1500 Cybersecurity information exchange techniques, ITU-T X.1520: Common vulnerabilities and exposures; ITU-T X.1521; Common Vulnerability Scoring System; ITU-T Tiu chun c ph chun Chp nhn ca th trng Tiu chun c ph chun Tiu chun c ph chun Tiu chun c ph chun Chp nhn ca th trng Tiu chun c ph chun Chp nhn ca th trng Tiu chun c ph chun
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 12/47
08/2012
Chng loi
Tnh trng
FIPS 191: Guideline for the Analysis of Local Area Network Security; NIST Qun l eXtensible Access Control Markup Language chnh (XACML); OASIS sch an ninh FIPS 199: Standards for Security Categorization of Federal Information and Information Systems; NIST FIPS 200: Minimum Security Requirements for Federal Information and Information Systems; NIST
Tiu chun c ph chun Chp nhn ca th trng Tiu chun c ph chun Chp nhn ca th trng Tiu chun c ph chun Chp nhn ca th trng Tiu chun c ph chun Chp nhn ca th trng
Tnh sn Availability ISO/PAS 22399:2007 Guidelines for incident Chp nhn ca th trng sng preparedness and operational continuity management, ISO Bng 1 - An ninh: Phn loi
Tnh Open Cloud Computing Interface (OCCI); Open Grid Tiu chun c ph chun tng Forum hp dch Cloud Data Management Interface (CDMI); Storage Tiu chun c ph chun v Networking Industry Association, SNIA IEEE P2301, Draft Guide for Cloud Portability and Interoperability Profiles (CPIP), IEEE ang pht trin
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 13/47
08/2012
Chng loi
Tnh trng
IEEE P2302, Draft Standard for Intercloud Interoperability and Federation (SIIF), IEEE Bng 2 - Tnh tng hp: Phn loi
Tnh kh Cloud Data Management Interface (CDMI); SNIA chuyn v d liu Tnh kh Open Virtualization Format (OVF); DMTF chuyn v h thng IEEE P2301, Draft Guide for Cloud Portability and Interoperability Profiles (CPIP), IEEE Bng 3 - Tnh kh chuyn: Phn loi
ph
ph
Chi tit hn v cc tiu chun trong TM, xem: L trnh tiu chun in ton m my ca NIST v1.0, Vin Tiu chun v Cng ngh Quc gia, M - NIST. Thng 07/2011. 76 trang. Cc tc gi: Michael Hogan, Fang Liu, Annie Sokol, Jin Tong. URL: http://ubuntuone.com/3n18xI3STBrnAZ3VnjrCrp
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 14/47
08/2012
Vic thit lp cc chng thc kha cng khai, cc chng thc thuc tnh v cc danh sch thu hi chng thc Thit lp v gi cc yu cu cho c quan chng thc (PKCS#10) v nhng tr li t c quan chng thc (PKCS#7) Thit lp cc thng ip c m ha v c k Cc yu cu cho cc chng thc kha cng khai, cc chng thc thuc tnh v cc danh sch thu hi chng thc c s dng LDAP, OCSP 1, FTP hoc HTTP; thit lp cc cu hi v p v t cc n v ng du thi gian. Kim tra tnh hp l cho cc chng thc kha cng khai v cc chng thc thuc tnh Cc thut ton c ph chun cho cc hm bm, cc ch k, m ha, xc thc cc thng ip ti v t c quan chng thc; cc thut ton c ph chun cho Ch k XML v M ha XML. M t Giao din th Token Mt m (PKCS#11) vi cc dng v chc nng ca d liu Lp h s v m rng cc ch k XML v m ha XML
2. Phng php m ha khng i xng: RSA 3. Phng php m ha i xng: Tiu chun m ha tin tin AES (Advanced Encryption Standard). 4. D liu bm: Thut ton bm an ninh: (SHA) - 256 (Secure Hash Algorithm). 5. Qun l kha: c t Qun l Kha XML (XKMS) v2 (XML Key Management Specification) 6. Th thng minh tip xc: Cc th nhn din - Cc th mch tch hp (Identification Cards Integrated circuit cards). 7. Th thng minh khng tip xc: Cc th Nhn din - Cc th mch tch hp khng tip xc (Identification Cards - Contactless Integrated Circuit Cards). Chi tit hn, xem: Chun v kin trc cho cc ng dng CPT, phin bn 4.0, B Ni v Cng ha Lin bang c phi hp vi Vin Fraunhofer v phn mm v k thut h thng (ISST) xut bn, thng 03/2008.
OCSP = Giao thc Tnh trng Chng thc Trc tuyn (Online Certificate Status Protocol)
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 15/47
08/2012
Cc bin php m bo an ninh h thng v thng tin, d liu c tin hnh thc hin xuyn sut tt c cc lp. Tng t, vic chun ha d liu cng c tin hnh thc hin theo tt c cc lp.
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 16/47
08/2012
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 17/47
08/2012
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 18/47
08/2012
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 19/47
08/2012
3. An ninh ng dng
Kin trc ng dng theo m hnh a tng Cc ng dng cn c xy dng theo kin trc phn tng sao cho c s tch bit nhau gia cc tng nn tng/ph tr (h iu hnh, h qun tr c s d liu, ...), tng trung gian (qui trnh nghip v v cc thnh phn tch hp), tng trnh din (trnh by thng tin, d liu), tng my trm (cc cng c ca my trm gip cho vic truy cp/hin th/x l thng tin, d liu ca ng dng). Bng cch ny, vic m bo an ninh cng c thc hin theo cc tng tng ng. Chun v an ninh ng dng ISO/IEC 27034: An ninh ng dng (d tho).
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 20/47
08/2012
Ngoi vn v kin trc ra, mt lot cc lnh vc khc m cc bn tham gia phi quan tm nh: 5 lnh vc v qun l v nhng ch dn thc hin: (1) Qun l ri ro ca doanh nghip v chnh ph; (2) Qun l lin quan ti vic l v in t v php l; (3) Qun l s tun th v kim ton; (4) Qun l vng i thng tin, d liu t khi to cho ti khi xa; (5) Tnh kh chuyn v tnh tng hp m ch c th gii quyt c bng cc chun m; 7 lnh vc hot ng v nhng ch dn thc hin: (1) An ninh truyn thng, tnh lin tc, phc hi thm ha; (2) Vn hnh trung tm d liu; (3) Phn ng, thng bo, x l tnh hung; (4) An ninh ng dng; (5) M ha v qun l kha; (6) Nhn dng v qun l truy cp; (7) o ha. Ngi s dng phi lun nh gi cc ri ro c th khi a d liu, ng dng - chc nng - qui trnh ra bn ngoi v t ra cc cu hi dng nh: Nu c s c mt hoc l thng tin - d liu th ai chu trch nhim bi thng v nh th no? hoc Nu kt thc hp ng th vic chuyn cc d liu hoc ng dng tr v vi ngi s dng hoc chuyn sang nh cung cp m my khc nh th no? Hiu khi qut v kin trc, cng vi 12 lnh vc trng tm sng cn, s cung cp mt nn tng vng chc cho vic nh gi, vn hnh, qun l v ch ng an ninh trong cc mi trng TM. p dng chun ISO/IEC 27036. Cc ch dn v an ninh thu ngoi lm (d tho). An ton an ninh trong TM c s phn chia trch nhim gia ngi s dng v nh cung cp dch v. Vi SaaS th nh cung cp kim sot hu nh mi th, trong khi vi IaaS th trch nhim ln v kim sot an ton an ninh thuc v ngi s dng.
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 21/47
08/2012
M hnh tham chiu khi nim kt hp: s tch hp ca cc thnh phn h thng, t chc v qui trnh trong TM Nhiu tc nhn tham gia trong TM. V vy rt cn xem xt ti mi quan h ca ngi s dng vi cc bn lin quan. Tc nhn nh ngha
Ngi s dng Mt ngi hoc t chc duy tr mt mi quan h nghip v vi, v s dng dch v m my t, cc nh cung cp m my. Nh cung m my cp Mt ngi, t chc hoc thc th c trch nhim lm cho mt dch v sn sng cho cc bn c quan tm.
Nh kim ton Mt bn c th tin hnh nh gi c lp v cc dch v m my, cc hot ng m my h thng thng tin, hiu nng v an ninh ca trin khai m my. Nh mi m my gii Mt thc th qun l s dng, hiu nng v phn phi cc dch v m my, v thng tho cc mi quan h gia cc nh cung cp m my v nhng ngi s dng m my.
Nh vn chuyn Mt ngi trung gian cung cp kt ni v giao thng ca cc dch v m my t m my cc nh cung cp m my cho nhng ngi s dng m my. Cc tng tc ca ngi s dng vi cc tc nhn khc trong TM to ra cc kch bn tng tc khc nhau, c nh hng ti an ton an ninh cc dch v TM.
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 22/47
08/2012
An ninh chui cung ng - thu ngoi khi c nhiu bn tham gia. Ngi s dng phi lun nh gi ri ro i vi cc d liu ca mnh khi t ln m my. Ngi s dng lun phi t cu hi: Liu c rt c cc d liu ca mnh ra khi m my ny chuyn sang m my khc c khng, cho d cc m my khc nhau ca cc nh cung cp khc nhau vi cc cng ngh c s dng khc nhau.
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 23/47
08/2012
c thm thng tin v trch nhim ca tng tc nhn khi tham gia vo TM, xem Kin trc tham chiu in ton m my ca NIST. Nhng khuyn co ca Vin Tiu chun v Cng ngh Quc gia. Vin Tiu chun v Cng ngh Quc gia, M - NIST. Thng 09/2011. 35 trang. Cc tc gi: Fang Liu, Jin Tong, Jian Mao, Robert Bohn, John Messina, Lee Badger v Dawn Leaf. URL: http://ubuntuone.com/0rqn2j5SyfKVKF6ZuEwYHC
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 24/47
08/2012
s dng UML m hnh ha d liu. b) Tnh tng hp bao gm tnh tng hp v t chc, v k thut v v ng ngha. Chun ha d liu t c tnh tng hp. S dng ngn ng nh du siu vn bn m rng XML (Extensible Markup Language) chun ha vic trao i v s dng cc d liu trao i . Chun ha cc m hnh d liu c th phi l u tin trong chnh ph in t (CPT). Tuy vy, vic s dng XML lm chun cho vic trao i d liu l khng m bo cho tnh tng hp, nht l tnh tng hp v t chc. Tnh tng hp v t chc trc tin xc nh khi no v v sao cc d liu no c trao i. Trong tnh tng hp v t chc, cc qui trnh l kt qu ca vic trao i cc d liu c phi hp cng vi khung php l tham chiu (nh vic xy dng lut v cc qui nh). 3. Lp h tng: m bo cho dng thng tin chuyn ng trong h thng c an ton v thng sut. H tng mng my tnh c thit k theo cc vng v vic qun l an ninh truy cp gia cc vng c t ln hng u. Nhiu phn chun ha v an ninh c thc hin cho lp ny. 4. Lp ng dng: Cc module thnh phn, cc ng dng - dch v dng chung, kin trc phn mm tham chiu nh cc m hnh kin trc thnh phn, SOA, SaaS, in ton m my... 4ng vi mi m hnh kin trc, s c nhng khc bit nht nh c trng cho kin trc . a) Vic chun ha y c th lin quan ti hu ht cc lnh vc c th hin trong mt GIF (Government Interoperability Framework), thng c chia thnh cc lnh vc nh: (1) kt ni ni b, (2) tch hp d liu, (3) truy cp d liu v trnh din, (4) an ninh, (5) cc dch v web, (6) siu d liu, c th c thm (7) khu vc cc nghip v... b) Vic chun ha cng c th c thc hin thng qua vic kt hp vi kin trc tng th thng thy trong cc NEA (National Enterprise Architecture). Theo cch ny th cc chun c phn loi theo cc kin trc phn tng. 5. Lp cng ngh: Chun cho cc loi cng ngh - m hnh kin trc phn mm tham chiu c la chn (thnh phn, SOA, SaaS, m my...) nhm m bo cho tnh tng hp, tnh s dng li c, tnh m, an ninh, m rng theo phm vi, tnh ring t, h tr th trng... a ra b chun la chn theo vng i ca chun cho: a) Kin trc ng dng, dch v c v khng c phn mm trung gian b) Phn mm my trm - truy cp thng tin da trn web/my tnh/in thoi di ng/PDA/t cc h thng bn ngoi c) Vic trnh din, x l thng tin i vi cc loi thit b nu trn. d) Giao tip: chn cc giao thc cho phn mm trung gian, mng, ng dng, dch v th mc, dch v a l. e) Kt ni ti backend. f) Cc chun v an ninh d liu - m hnh cho cc chun an ninh thng tin d liu. Vng i ca cc chun thng c s dng cc chun c lin tc cp nht theo s tin ha ca cng ngh v hin trng nn CNTT-TT ca ni p dng. V vy cc chun thng c phn loi theo cc tnh trng dng nh: bt buc s dng, khuyn co s dng v ang c theo di.
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 25/47
08/2012
hnh ca n din ra trn c s ca mt th tc ra quyt nh m, sn sng cho tt c cc bn c quan tm (quyt nh ng thun hoc theo s ng...). b) Tiu chun c xut bn v ti liu c t ca chun l sn sng hoc mt cch t do hoc vi mt ph tng trng. Tt c mi ngi phi c php sao chp, phn phi v s dng n m khng mt ph hoc vi mt ph tng trng. c) S hu tr tu - ngha l, cc bng sng ch c th l c - i vi (cc phn) tiu chun v c lm cho sn sng khng th hy b c trn c s khng c ph bn quyn. d) Khng c bt k rng buc no trong vic s dng li tiu chun . 2. V sao an ninh c m bo tt hn khi s dng cc chun m? a) Khng b kha tri vo nh cung cp c bit no b) Bo ton TTDL cho lu di c) m bo tnh tng hp lin thng ca TTDL trong cc h thng d) D dng chuyn TTDL t h thng ny sang h thng khc e) Khuyn khch i mi sng to, tng sc cnh tranh, lm h gi thnh sn phm... 3. Tnh tng hp (tnh tng thch lin thng) l yu t sng cn cho CPT a) nh ngha: Tnh tng hp, ngha rng, l kh nng cc bn tham gia lm vic c vi nhau. V kha cnh k thut, y l kh nng ca 2 hoc nhiu h thng hoc thnh phn CNTT-TT trao i thng tin v s dng cc thng tin c trao i nhm mc ch ci thin vic iu hnh v qun l ca chnh ph. V c im v t chc ca mt chnh ph lun c to nn t nhiu b, ngnh, tnh m ti mi ni ny u c nhng h thng thng tin ca mnh nn tnh tng hp l mt trong nhng yu t quan trng mang tnh sng cn trong vic xy dng CPT.
Tnh tng hp cc b Intraoperability Chng ta nn trnh - Kha tri vo nh cung cp b) Tn ti tnh tng hp v t chc, cng ngh v ng ngha. c) Trong thc t, tn ti 2 khi nim: tnh tng hp cc b v tnh tng hp thc s. d) Chun m l yu t quan trng trong bt k khung tng hp GIF no. Chun m l xng sng ca mt tip cn da trn dch v cho tnh tng hp CPT. 4. V d ni bt v chun m chnh l giao thc TCP/IP ca Internet, c xut x t mng ARPANET ca B quc phng M.
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 26/47
08/2012
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 27/47
08/2012
hc thuyt v lm cch tt nht h c th dp tt la. D. p dng tng phn cc cng c v cng ngh h tr mi ngi i ph c nhanh hn vi cc cuc TCKGM. C. H thng c tch hp vi trng tm hng vo tnh tng hp v cc tiu chun trao i d liu v nhn thc tnh hung bo an thng tin. B. Lanh l v d on trc c cc tnh hung lin quan ti ANKGM v cc cuc TCKGM, a ra chnh sch nhanh chng v chuyn nghip, lm sng t cc s kin v gip nhng ngi vn hnh tm, sa v nhm vo vic i ph li. A. D on trc c cc tnh hung v tp trung vo nhim v, c lp c v chu ng c thit hi nu c, m bo an ninh cho cc chui cung ng v bo v cc h tng sng cn ch cht vn hnh qua c cc cuc TCKGM. Xp hng theo m hnh chn ANKGM ca 23 quc gia c kho st thng 0-2/2012 im Quc gia Hc thuyt/ C CERT* Tham gia Ch huy Din tp ti a l Chin lc quc gia cng ng ANKGM ANKGM 5 ANKGM CERT* quc gia Phn Lan 4.5/5 Israel Thy in an Mch Estonia Php c H Lan Ty Ban Nha 4.0/5 Anh M c o Canada 3.5/5 Nht Trung Quc Balan 3.0/5 Nga C C C C C - 2011 C - 2011 C - 2009 C C C C C C C C C C C C C C C C C C - 2008 C - 2011 C - 2011 C - 2011 C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 28/47
08/2012
im ti a l 5 2.5/5
Quc gia
Din tp ANKGM
Brazil n Rumani
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 29/47
08/2012
khng b...
Ngi trong
bn Ngi bn trong t chc bt mn l mt ngun c bn ca ti phm my tnh. Nhng ngi bn trong c th khng cn nhiu hiu bit v nhng thm nhp tri php ca my tnh v hiu bit ca h v mt h thng ch thng cho php h ginh c s truy cp khng gii hn gy thit hi cho h thng hoc n cp cc d liu h thng. Mi e da ca ngi bn trong cng bao gm cc nh thu c t chc thu, cng nh cc nhn vin m ngu nhin a phn mm c hi vo trong h thng.
Cc quc gia Cc quc gia s dng cc cng c khng gian mng nh mt phn ca cc hot ng thu thp v gin ip thng tin v/hoc ph hoi ca h. Mt s quc gia ang lm vic tch cc pht trin hc thuyt, cc chng trnh v cc kh nng ca chin tranh thng tin. Nhng kh nng nh vy cho php mt thc th n nht c c tc ng ng k v nghim tc bng vic ph hoi cc h tng cung ng, truyn thng v kinh t m chng h tr cho sc mnh qun s nhng tc ng m c th nh hng cho nhng cuc sng hng ngy ca cc cng dn trn khp t nc. Cc su c bit nguy him do nh nc ti tr nh Stuxnet, Duqu, Flame... khng ch c chc nng
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 30/47
08/2012
Mi e da
Nhng ngi Cc c nhn, hoc cc nhm nh, thc hin cc k hoch phishing vi mong mun n nh phishing cp cc nhn dng hoc thng tin ly tin. Nhng ngi nh phishing cng c th s dng spam v cc phn mm gin ip/phn mm c hi hon thnh cc mc tiu ca h. Nhng ngi Cc c nhn hoc cc t chc phn phi th in t khng theo yu cu vi nhng nh spam thng tin n hoc sai bn cc sn phm, tin hnh cc k hoch phishing, phn phi cc phn mm gin ip/phn mm c hi, hoc tn cng cc t chc (nh, tn cng t chi dch v). Cc tc gi ca phn mm gin ip/phn mm c hi Cc c nhn hoc t chc vi d nh c hi trin khai cc cuc tn cng chng li nhng ngi s dng bng vic sn xut v phn phi cc phn mm gin ip v phn mm c hi. Mt s virus v su my tnh c tnh ph hoi lm hng cc tp v cc a cng, bao gm c Melissa Macro Virus, su Explore.Zip, CIH (Chernobyl) Virus, Nimda, Code Red, Slammer, v Blaster...
Nhng k Nhng k khng b tm ph hy, v hiu ha, hoc khai thc cc h tng sng cn khng b e da an ninh quc gia, gy ra nhng thit hi hng lot, lm yu i nn kinh t, v gy thit hi v o c v s tin cy vo nh nc. Nhng k khng b c th s dng cc k hoch phishing hoc phn mm gin ip/phn mm c hi lm tin hoc thu thp nhng thng tin nhy cm. Cc ngun: Cc phn tch ca Vn phng Kim ton Lin bang M (GAO) trn cc d liu t Gim c Tnh bo Quc gia, B T php, Vn phng iu tra Lin bang M FBI, C quan Tnh bo Trung ng M CIA, v Trung tm iu phi CERT ca Vin K thut Phn mm. Cc dng khc nhau v cc mi e da khng gian mng c th s dng mt lot cc khai thc khng gian mng c kh nng nh hng bt li cho cc my tnh, phn mm, mng, cc hot ng ca c quan, ca nn cng nghip, hoc ca bn thn Internet (xem Bng bn di). Cc nhm hoc cc c nhn c th trin khai mt cch c ch nhng khai thc khng gian mng nhm vo mt ti sn khng gian mng c th no hoc tn cng thng qua Internet c s dng virus, su, hoc phn mm c hi m khng c mc tiu c th no.
9.2. Mt s dng khai thc l hng an ninh khng gian mng thng gp
Dng khai thc M t
T chi Mt phng php tn cng t mt ngun n nht m t chi s truy cp h thng i dch v vi nhng ngi s dng hp php bng vic gy trn ngp my tnh ch vi cc thng ip v cn tr giao thng hp php. N c th ngn cn mt h thng n khng c kh nng trao i cc d liu vi cc h thng khc hoc s dng Internet. T chi Mt bin th ca tn cng t chi dch v c s dng mt cuc tn cng c phi hp
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 31/47
08/2012
M t
dch v t mt h thng cc my tnh phn tn hn l t mt ngun n nht. N thng s dng phn tn cc su lan truyn ra nhiu my tnh cc my tnh ny sau tn cng mc tiu. Cng c Cc cng c c sn mt cch cng khai v tinh vi phc tp m nhng k thm nhp tri khai thc php vi cc mc v k nng khc nhau c th s dng xc nh nhng ch b tn thng v thm nhp vo cc h thng mc tiu. Bom Logic Mt dng ph hoi trong mt lp trnh vin chn m v m ny lm cho chng trnh thc thi mt hnh ng ph hoi khi mt s s kin kch hot xy ra, nh vic kt thc vic lm ca lp trnh vin. Phishing Vic to v s dng cc th in t v cc website c thit k trng ging nh cc doanh nghip, cc c quan ti chnh v cc c quan chnh ph hp php ni ting la di nhng ngi s dng Internet phi cc d liu c nhn ca h ra, nh cc thng tin v cc mt khu ti khon ti chnh v ngn hng. Nhng k nh phishing sau s dng cc thng tin ny cho nhng mc ch ti phm, nh n trm v la gt.
K ht gi ng ngha vi k ht cc gi. Mt chng trnh chn cc d liu c nh tuyn v (Sniffer) kim tra tng gi tm cc thng tin c bit, nh cc mt khu c truyn dng cc vn bn r rng. Nga Trojan Virus Mt chng trnh my tnh giu m c hi. Mt nga Trojan thng ngy trang nh mt chng trnh hu dng m ngi s dng c th mong mun chy. Mt chng trnh ly nhim cho cc tp my tnh, thng l cc chng trnh c th chy c, bng vic chn mt bn sao ca chnh n vo tp . Cc bn sao thng chy c khi tp b ly nhim c ti vo b nh, cho php virus ly nhim cc tp khc. Khng ging nh mt su my tnh, mt virus i hi s lin quan ca con ngi (thng khng c ch tm) nhn ging. Phng php ca phishing da trn cng ngh ca giao thc ting ni qua Internet (VoIP) v phn mm ca trung tm gi ngun m m lm cho n thnh khng t gi cho nhng k mu bt lng thit lp cc trung tm gi in thoi v bn ti phm gi i cc thng ip th in t v vn bn ti cc nn nhn tim nng, ni c mt vn v an ninh, v h cn gi cho ngn hng ca h kch hot li mt th tn dng hoc th n, hoc gi cc thng ip vn bn ti cc my tnh cm tay, ra lnh cho nhng nn nhn tim nng lin h vi cc ngn hng trc tuyn gi mo thay mi li cc ti khon ca h.
Vishing
Li chin Phng php thm nhp vo cc mng my tnh khng dy bng vic s dng mt my tranh (War tnh xch tay, ng ten, v b adapter ca mng khng dy lin quan ti vic tun tra cc driving) v tr ginh c s thm nhp tri php. Su (Worm) Mt chng trnh my tnh c lp m n ti sinh bng vic t sao chp n t h thng ny sang h thng khc qua mng. Khng ging nh nhng virus my tnh, cc su khng i hi s lin quan ca con ngi nhn ging.
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 32/47
08/2012
M t
Khai thc Mi e da khng gian mng tn dng mt ch b tn thng v an ninh trong cng ngy ngy s 0 m ch b tn thng c bit i vi cng chng ni chung v i vi n th cn (Zero-day) cha c bn sa li no c sn. Cc ngun: Cc phn tch d liu ca Vn phng Kim ton Lin bang M (GAO) v t cc bo co ca gii cng nghip.
10. Cc cng c an ninh 10.1. Danh sch 65 s thay th ca ngun m cho cc phn mm an ninh
Cc ng dng ngun m c kh nng thay th cc ng dng ngun ng cho vic chng virus, chng spam, lm tng la, m ha v cc vn khc c lin quan ti an ninh cc h thng thng tin. Loi Tn phn mm Thay th cho M t Chng Spam ASSP Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway T gii thiu nh l v kh chng SPAM tt nht tuyt i m th gii bit t trc ti ny, ASSP nm trong cc my ch SMTP ca bn dng cc spam v qut virus. Cc tnh nng bao gm thit lp da vo trnh duyt, h tr cho hu ht cc my ch SMTP, cc danh sch trng t ng, kim tra hp l ngi gi sm, lc Bayesian v nhiu hn th. H iu hnh: Khng ph thuc OS. c ti v hn 1.3 triu ln t nhng ngi s dng ti 225 quc gia, MailScanner l mt gi an ninh th in t t do cho cc my ch th in t. N kt hp vi SpamAssassin, ClamAV v mt s cng c khc kha spam v phn mm c hi. H iu hnh: c lp vi OS.
MailScanner
SpamAssassin
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 33/47
08/2012
Loi
Tn phn mm
Thay th cho and Virus Firewall, SpamHero, Abaca Email Protection Gateway
M t dng phn tch vn bn v u , lc Bayesian, cc danh sch kha DNS, cc c s d liu lc cng tc v cc k thut khc kha spam. D n ny c Qu Apache qun l, v c kt hp vo mt s sn phm ngun m v thng mi khc. H iu hnh: ban u l Linux v OS X, d cc phin bn cho Windows vn c. Nh bn c th on t ci tn, d n ny a ra mt nhm cc b lc Bayesian cho vic kha spam. Site ny bao gm cc phin bn cho Outlook, Outlook Express, Windows Live Mail, IncrediMail, Thunderbird, Gmail, Yahoo Mail v cc trnh th khcs. H iu hnh: c lp vi OS Nixory loi b v kha cc cookies theo di c hi (phn mm gin ip) t my ca bn. N h tr cho Mozilla Firefox, Internet Explorer v Google Chrome, v n s khng lm chm my ca bn trong khi bn lt web. H iu hnh: c lp vi OS. y l my chng virus ph bin nht c kt hp vo trong v s cc sn phm an ninh v t gi n l tiu chun de facto cho vic qut cc cng gateway th. Phin bn ngun m chy trn cc my ch th UNIX hoc Linux, nhng website cng a ra mt phin bn gi l Immunet cho cc my tnh c nhn PC Windows. H iu hnh: Linux. ClamTK lm cho ClamAV d dng hn mt cht s dng bng vic cung cp mt giao din ha cho my chng virus. Ging nh bn gc, n chy trn Linux v qut theo yu cu. H iu hnh: Linux. Da vo ClamAV, ClamWin bo v hn 600.000 PC khi cc virus v phn mm c hi. Lu rng khng ging nh hu ht cc gi chng virus thng mi, ClamWin khng a ra mt my qut thi gian thc khi truy cp; qut cc tp n, bn s cn lu chng v sau chy mt lt qut bng tay trc khi m hoc chy cc tp. H iu hnh: Windows. Vi P3Scan, bn c th thit lp mt my ch y quyn proxy trong sut m a ra c s bo v chng virus
SpamBayes
Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway SpyBot Search and Destroy, AdAware
Nixory
Avast! Linux Edition, VirusScan Enterprise for Linux Kaspersky AntiVirus, McAfee AntiVirus Plus, Norton AntiVirus
P3Scan
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 34/47
08/2012
Loi
Tn phn mm
Sao lu Amanda
Bo v hn 500.000 my trn th gii, Amanda ni l phn mm sao lu v phc hi ngun m ph bin nht trn th gii. B sung thm vo phin bn cng ng, n cng c sn h tr phin bn doanh nghip hoc l mt thit b. H iu hnh: Windows, Linux, OS X. Nhm vo cho mt s cn bng gia n gin v a dng, Areca a ra mt giao din ha d dng vi nhiu la chn cho vic to v tng tc vi cc tp lu tr. Cc tnh nng chnh bao gm nn, m ha, h tr sao lu delta, trn lu tr v hn th na. H iu hnh: Windows, Linux. c thit k cho nhng ngi s dng doanh nghip, Bacula sao lu nhiu h thng khp mt mng. H tr v cc dch v thng mi cho sn phm ph bin l sn sng thng qua Bacula Systems. H iu hnh: Windows, Linux, OS X. c to ra nh mt la chn thay th cho Ghost, Clonezilla c th bt chc cc h thng n hoc a rt nhanh. N c 2 phin bn: Clonezilla Live cho cc my n v Clonezilla SE cho cc mng ln. H iu hnh: Windows, Linux, OS X. Partimage c th to mt nh hon chnh my ca bn, m l hu dng nu bn cn phc hi t mt s hng my hon ton hoc nu bn mun cu hnh cho nhiu h thng vi chnh xc cc phn mm y ht. N cng c th to mt phn vng phc hi trn a ca bn. H iu hnh: Linux. T gi mnh l Gii php phc hi thm ha hon chnh nht, d nht sn c, Redo a ra cc kh nng sao lu, phc hi v phc hi bare-metal. Thm ch trong cc trng hp khn cp khc nghit nht khi bn phi thay th mt cng hon ton, th Redo ni n c th lm cho bn sao lu v chy c vi tt c cc chng trnh ca bn v cc tp ch trong 10 pht. H iu hnh: Linux. Phin bn ngun m ca Google Chrome, Chromium c
Areca Backup
Bacula
Clonezilla
Partimage
Norton Ghost, NovaBackup, McAfee Online Backup, Carbonite.com Norton Ghost, NovaBackup, McAfee Online Backup, Carbonite.com
Redo
Trnh
Chromium
Microsoft
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 35/47
08/2012
Loi duyt
Tn phn mm
Thay th cho
M t
Internet Explorer xu hng s nhanh hn v an ninh hn so vi cc trnh duyt cnh tranh. Cc c tnh an ninh ch cht bao gm sandboxing, t ng cp nht, SafeBrowsing v hn th na. H iu hnh: Windows, Linux, OS X. Dooble Microsoft Cc lp trnh vin Dooble to ra trnh duyt mi hn Internet Explorer ny vi mt s quan tm v an ton v d s dng. Khng ging nh hu ht cc trnh duyt khc, n t ng m ha tt c cc giao thng cho tnh ring t v an ninh ln hn. H iu hnh: Windows, Linux, OS X. Microsoft Tor bo v s nhn din ca bn bng vic cung cp tnh Internet Explorer nc danh trong khi bn duyt Web. c cc phng vin, cc nh hot ng x hi v nhng ngi khc s dng vi quan tm rng ai c th n cp trong cc hot ng trc tuyn ca h. H iu hnh: Windows, Linux, OS X. McAfee c ti v hn 33 triu ln, trnh b sung ph bin ny SiteAdvisor Plus cho Firefox, Internet Explorer, Chrome, Safari hoc Opera cho php nhng ngi s dng bit khi no h b lc trong cc website ng ng hoc khng an ninh. N s dng vic xp hng ngi s dng nhn din cc site lun c nhng c hi, thu thp thng tin c nhn hoc a vo cc ni dung khng ph hp, v n xp hng chng vi mt h thng phn loi xanh-vng-. H iu hnh: Windows, Linux, OS X. Vic lun lun s dng cng mt mt khu s t bn vo ri ro, nhng nhiu ngi vn lm th v kh nh c nhiu mt khu khc nhau. Trnh b sung cho trnh duyt ny a ra mt gii php tt hn cho vn ny bng vic to nhng mt khu duy nht cho tng site m bn ving thm v lu tr chng trong mt tp c m ha m bn truy cp vi mt vn mt khu duy nht. H iu hnh: Windows, Linux, OS X. Tin ch hu dng ny lm sch my ch bn bo v tnh ring t v ci thin hiu nng. N gii phng khng gian a bng vic lm sch rc t hn 90 ng dng, xa cc tp tm thi, xa b nh tm v lch s duyt, v nghin vn cc tp khng mong mun. H iu hnh: Windows, Linux. Ging nh BleachBit, Eraser nghin vn cc tp b
Tor
Eraser
BCWipe
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 36/47
08/2012
Loi
Tn phn mm
M t xa sao cho chng khng th phc hi li c. N gip bo v nhng thng tin nhy cm bng vic ghi cc tp b xa vi ln vi cc d liu ngu nhin. H iu hnh: Windows. Wipe a ra cng chc nng nh Eraser, nhng n l cho Linux thay v cho Windows. Site ny cng a ra nhiu thng tin cho nhng ai quan tm trong vic hc nhiu hn v cch m tp nghin vn lm vic. H iu hnh: Linux. Trong khi Eraser v Wipe xa cc tp duy nht, th DBAN xa an ton ton b cc a. N rt hu dng khi tng hoc vt b mt my c. H iu hnh: c lp vi h iu hnh. OpenLDAP l mt cng c ngn chn mt d liu phn tn mnh, qun l tp trung, da vo tc nhn hoc khng tc nhn. N cho php nhng ngi qun l an ninh hoc tun th qut hng ngn h thng cng mt lc thng qua cc tc nhn hoc thc hin s phc hi d liu khng tc nhn i vi my ch MySQL hoc Microsoft SQL Server. H iu hnh: Windows. MyDLP c th kha cc s th tn dng, cc s an ninh x hi, hoc cc tp nhy cm khi truyn c qua th in t, cc my in, Web hoc cc thit b tho lp c. B sung vo phin bn cng ng t do, n cng i vi mt phin bn doanh nghip phi tr tin. H iu hnh: Windows, Linux, VMWare. Vi gn 25 triu ngi s dng ng k, AxCrypt c cho l phn mm m ha tp hng u ca ngun m i vi Windows. N tch hp vi Windows Explorer s dng n, bn n gin hy nhy chut phi m ha mt tp hoc nhy p gii m. H iu hnh: Windows. D n Gnu ny l mt trin khai dng lnh ca tiu chun m ha ph bin OpenPGP. N h tr cc thut ton m ha ElGamal, DSA, RSA, AES, 3DES, Blowfish, Twofish, CAST5, MD5, SHA-1, RIPE-MD160 v TIGER. H iu hnh: Linux. Nhng ngi s dng Mc c th ti v phin bn GPG
Wipe
BCWipe Enterprise
Kill Disk, BCWipe Total WipeOut RSA Data Loss Prevention Suite, CheckPoint DLP Software Blade, Symantec Data Loss Prevention Product Family RSA Data Loss Prevention Suite, CheckPoint DLP Software Blade, Symantec Data Loss Prevention Product Family McAfee AntiTheft, CryptoForge
MyDLP
M ha AxCrypt
GPGTools
PGP Universal
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 37/47
08/2012
Loi
Tn phn mm
M t ny cho mt cch thc thn thin hn vi ngi s dng m ha th in t v cc tp. Website ny bao gm mt t ti liu tr gip cho nhng ngi s dng mi, lm cho n thm ch cn d hn lm quen s dng ng dng ny. H iu hnh: OS X. V phin bn ny a ra GPG cho nhng ngi s dng Windows, hon ton vi mt giao din ngi s dng ha. N ci t nhanh v d dng, v n bo v c cc tp v li cc thng ip th. H iu hnh: Windows. Trong khi y thc s l mt tin ch nn ch khng phi l mt cng c m ha, th PeaZip cng a ra cc kh nng m ha mnh, m gii thch v sao chng ta a n vo phn ny ca danh sch. N cng bao gm cc kh nng xc thc 2 yu t v xa c an ninh. H iu hnh: Windows, Linux. Ch vi 44KB, Crypt l mt trong nhng tin ch nh cn nht sn sng. V v n c th m ha c 3MB gi tr d liu ch trong vng 0.7 giy, n cn l mt trong nhng tin ch nhanh nht. Tuy nhin, n khng c mt giao din ngi s dng ha, nn s cn thun tin vi dng lnh s dng n. H iu hnh: Windows. NeoCrypt h tr nhiu thut ton m ha, bao gm AES, DES, Triple-DES, IDEA, RC4, RC5, CAST-128, BlowFish, SkipJack. N chy t mt giao din ngi s dng ha d dng s dng, v n cng tch hp vi Windows Shell sao cho bn c th m ha v gii m cc tp ngy t Windows Explorer. H iu hnh: Windows.
gpg4win
Cypherus
PeaZip
WinZip
Crypt
NeoCrypt
LUKS/ cryptsetup
PGP Whole Disk Ngn gn cho Thit lp Kha Linux Thng nht, Encryption LUKS t gi n l tiu chun cho m ha a cng trong Linux. Trong khi nhiu ng dng khc trong danh sch ca chng ta m ha tng tp mt, th LUKS m ha ton b a ca bn. H iu hnh: Linux. PGP Whole Disk Ging nh LUKS, ng dng ny m ha ton b a. Encryption Vi n bn c th to v m ha cc a o trong a cng ca bn. N cng kh chuyn cao v c th chy t mt USB. OS: Windows.
FreeOTFE
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 38/47
08/2012
Loi
Tn phn mm TrueCrypt
Thay th cho
M t
PGP Whole Disk Mt trong nhng la chn m ha a ngun m ph Encryption bin, TrueCrypt c hn 22 triu bn ti v. Nh cng ngh song song ha v t ng ng, n a ra vic c v ghi thng tin m ha nhanh. H iu hnh: Windows. CuteFTP, FTP Commander Cc k ph bin, WinSCP c gii thng bao gm my trm SFTP, my trm SCP, my trm FTPS v my trm FTP. N a ra 2 giao din khc nhau v cng bao gm mt trnh son tho vn bn tch hp. H iu hnh: Windows. Trong khi WinSCP a ra ch mt phin bn my trm, th FileZilla a ra c phin bn my trm v phin bn cho php bn thit lp my ch FTP ca ring bn. N h tr cc giao thc truyn FTP, FTPS v SSH. H iu hnh: Windows, Linux, OS X. Kin trc Chim ot v Tm kim Bng chng S M, cn gi l ODESSA, a ra vi cng c khc nhau cho vic xem xt v bo co v bng chng s. y l mt d n c hn, nhng vn cn c gi tr. H iu hnh: Windows, Linux, OS X. Hai ng dng ny lm vic cng nhau: Sleuth Kit a ra cc cng c dng lnh cho vic tin hnh iu tra s, v Autospy Broser a ra mt GUI da vo trnh duyt cho vic truy cp cc cng c . D n ny by gi cng mt khung Hadoop cho phn tch d liu phm vi ln. H iu hnh: Windows, Linux, OS X. Cng ng Tng la Endian c th bin bt k PC no (bao gm c nhng PC kh c) thnh mt thit b n ninh cng gateway hon chnh vi mt tng la, cc y quyn mc ng dng vi h tr chng virus, lc virus v spam cho th in t, ni dung Web v mt mng ring o VPN. Cc phin bn c h tr cc thit b phn mm v phn cng cng sn sng trn site. H iu hnh: Linux. Tng t nh Endian, Untangle Lite cng gip nhng ngi s dng to cc thit b an ninh cng gateway ca ring h. B sung thm, Untangle a ra cc sn phm thng mi, v bn c th ti v mi trong s cc ng dng ring r c a vo trong Untangle Lite (tng
FileZilla
The Sleuth Kit/ EnCase Autopsy Forensics, XBrowser ways Forensics, AccessData Forensic Toolkit Cng Endian Firewall gatewa Community y / Thit b Qun l Mi e da Thng nht Untangle Lite Check Point Security Gateways, SonicWall, Symantec Web Gateway
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 39/47
08/2012
Loi
Tn phn mm
M t la, ngn chn thm nhp tri php, kha cc cuc tn cng, ...) mt cch tch bit. H iu hnh: Linux. ClearOS kt hp chc nng an ninh cng gateway vi cc kh nng ca mt my ch doanh nghip nh. N a ra vic kt ni mng, phn mm nhm, mt my ch th, mt my ch Web v hn th. H tr c tr tin v phn cng cng c sn. H iu hnh: Linux. Tripwire tiu chun by gi l mt d n ngun ng, nhng cng ng tip tc pht trin phin bn ngun m trong nm 2000. N gim st ni dung v cc tp v cnh bo cho nhng ngi qun l mng khi nhng tp b thay i, cnh bo cho h c nhng thm nhp tri php c kh nng. H iu hnh: Windows, Linux. B sung thm vo vic kim tra tnh ton vn ca cc tp, OSSEC cng thc hin phn tch lu k, gim st chnh sch, d tm rootkit v cnh bo thi gian thc gip ngn nga v d tm thm nhp tri php trong mng ca bn. N c ti v hn 5.000 ln mi thng v thng nhiu gii thng. H iu hnh: Windows, Linux. AFICK, ngn gn l Trnh Kim tra Tnh ton vn Tp Khc, a ra chc nng tng t nh Tripwire. N kh chuyn, nhanh v chy t GUI hoc dng lnh. H iu hnh: Windows, Linux. Vi hng triu lt ti v v hn 400.000 ngi s dng ng k, Snort c cho l Cng ngh IDS/IPS c trin khai rng ri nht th gii. H iu hnh: Windows, Linux, OS X.
ClearOS
AFICK
Tripwire
Snort
Tng la mng
IPCop
Barricuda NG Ging nh hu ht cc ng dng khc trong danh sch Firewall, Check cc Tng la ca chng ti, IPCop bin mt PC thnh Point Appliances mt tng la da vo Linux bo v mng ca bn. N c thit k cho nhng ngi s dng nh hoc SOHO, v n c mt giao din Web d s dng. H iu hnh: Linux. Barricuda NG D n ban u tng c thit k a ra chc nng Firewall, Check tng la v nh tuyn router, th Deviel - Linux cng Point Appliances cn vn hnh nh mt my ch cho nhiu ng dng, bao gm c t ch cho th. c cc nh qun tr CNTT
Devil-Linux
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 40/47
08/2012
Loi
Tn phn mm
Thay th cho
M t to ra cho cc qun tr vin CNTT, n c cc kh nng ty bin tuyt vi v an ninh hng u. H iu hnh: Linux.
Turtle Firewall
Barricuda NG c thit k n gin v nhanh, Turtle cho php cc Firewall, Check nh qun l mng thit lp cu hnh n thng qua giao Point Appliances din Web hoc bng vic sa i cc tp XML. Website ny cng bao gm mt s thng tin gii thiu tt v bn cht t nhin ca cc tng la. H iu hnh: Linux. Barricuda NG Shorewall khng c cho l tng la Linux d s Firewall, Check dng nht, nhng n c cho l tng la mm do Point Appliances v mnh nht. Bn c th s dng n trong mt h thng vn hnh nh mt tng la chuyn dng, nh mt cng gateway/b nh tuyn router/my ch a chc nng hoc nh mt chic PC GNU/Linux ng ring r. H iu hnh: Linux. Barricuda NG Vuurmuur c thit k tr nn n gin v mnh. Firewall, Check B sung thm vo cc kh nng tng la tiu chun, n Point Appliances cng h tr vic lm sc so giao thng v a ra nhng kh nng gim st tin tin. H iu hnh: Linux. Barricuda NG Firewall Mc d n c thit k cho cc thit b v my tnh c nhn PC nhng, th m0n0wall cng c th chy c trn mt PC ng ring r chy FreeBSD. N i hi t hn 12MB khng gian a v khi ng t hn 25 giy. H iu hnh: FreeBSD.
Shorewall
Vuurmuur
m0n0wall
pfSense
Barricuda NG R nhnh ny ca m0n0wall cng da vo BSD, nhng Firewall, Check c thit k cho cc my tnh thng thng, khng Point Appliances phi phn cng nhng. N c ti v hn 1 triu ln v hin chy trn hn 100.000 mng, bao gm c cc tp on v cc trng i hc ln cng nh cc mng nh nh. H iu hnh: FreeBSD. Cisco products Phn mm Vyatta li cho php nhng ngi s dng to ra nhng thit b v cc b nh tuyn router mng/tng la ca ring h. Cng ty ny cng a ra cc phn cng v mm phi tr tin. H iu hnh: Linux. T gi mnh l Trnh phn tch giao thc mng u tin trn th gii, Wireshark lm cho d dng nm bt v phn tch giao thng mng. Cc sn phm v dch v thng mi c lin quan ti phn mm l sn sng
Vyatta
Gim st mng
Wireshark
OmniPeek, CommView
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 41/47
08/2012
Loi
Tn phn mm
Thay th cho
Tcpdump/ libpcap
OmniPeek, CommView,
Tcpdump l mt trnh phn tch gi dng dng lnh, v libpcap l mt th vin C/C++ cho nm bt giao thng mng. Lm vic cng nhau, 2 th ny cung cp mt gii php gim st mng tt, nhng, thiu mt GUI, chng khng thc s thn thin vi ngi s dng. H iu hnh: Linux. c Riverbed Technology qun l (cn c gi l Wireshark), WinDump chuyn tcpdump ti nn tng Windows. Site ny cng bao gm th vin v cc trnh iu khin WinPcap cho nm bt giao thng. H iu hnh: Windows. Cng vi thi gian, mi ngi cn phc hi li mt mt khu b mt hoc khng bit. Trnh ph mt khu ny s dng phng php cc bng cu vng phc hi cc mt khu khng biets, v n cng bao gm module p mnh th bo cho cc mt khu n gin. H iu hnh: Windows. John the Ripper l c bit tt ph cc mt khu yu, nhng s dng n, bn s cn mt danh sch cc mt khu thng c s dng. Bn c th mua cc danh sch mt khu hoc mt phin bn chuyn nghip cc phn mm t cng site ny. H iu hnh: Windows, Linux, OS X. Trnh qun l mt khu ph bin ny lu tr tt c cc mt khu ca bn trong mt c s d liu c m ha. Bn s ch cn nh mt mt khu ch, trong khi ng dng d s dng, nh ny s gip bn bo v bn khi bn n cp nhn din. H iu hnh: Windows. Nu bn s dng OS X hoc Linux, hy th r nhnh ny ca KeePass. Cng vi, n b sung mt t tnh nng khng c ban u v chy c c trong Windows. H iu hnh: Windows, Linux, OS X c ti v hn 1 triu ln, Password Safe l mt la chn ngun m ph bin khc cho vic bo v cc mt khu ca bn. Ging nh KeePass, n l nh v lu tr cc mt khu c m ha ca bn trong mt c s d liu sao cho bn ch cn nh mt mt khu ch. H iu
WinDump
OmniPeek, CommView
Ph mt Ophcrack khu
KeePassX
Password Safe
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 42/47
08/2012
Loi
Tn phn mm
Thay th cho hnh: Windows. Entrust IdentityGuard, Vasco Digipass, RSA's SecurID McAfee Family Protection, NetNanny, CyberPatrol
M t WiKID khoe v xc thc 2 yu t m khng cn yu t nhiu. B sung vo phin bn cng ng t do, n cng c mt phin bn doanh nghip c h tr m cng b sung thm chc nng. H iu hnh: c lp vi h iu hnh. B lc ni dung c gii thng ny s dng vic khp cc mnh , lc PICS, lc URL v cc phng php khc kha ni dung b phn i. Lu l phn mm ny khng chy trn cc my tnh c nhn ring r. N chy trn mt my ch OS X hoc Linux bo v phn cn li ca mng. H iu hnh: Linux, OS X.
Xa c Darik's Boot an ninh, and Nuke khi (DBAN) phc d liu, nhi li, m ha Sa v TestDisk and phc PhotoRec hi tp
Recover Lost Partition, Active@ Partition Recovery, Disk Doctors Norton Ghost, Acronis True Image, Paragon Backup & Recovery
Nhi
Clonezilla
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 43/47
08/2012
Loi a
Tn phn mm
Thay th cho
M t
Symantec Ghost Clonezilla Live l cho sao lu v phc hi cc my tnh Corporate ring r, v n chy t mt u USB khi ng c Edition hoc CD/DVD. Clonezilla SE nhi nhiu my tnh c nhn cng mt lc, v rt nhanh qua mng ca bn. Clonezilla vn hnh mc khi trn cc nn tng x86 v x86-64, nn n sao chp bt k h thng tp v h iu hnh no. PGP Whole Disk L mt trong nhng ng dng m ha lin nn tng ph Encryption bin nht, v v l do tt lnh - n d dng s dng v rt mnh. TrueCrypt chy trong Mac, Linux v Windows. Master Password cho iOS l mt trnh qun l mt khu khng tnh trng. N khng lu cc mt khu vo iPhone/Pad/Pod, cng khng lu chng trong mt vi ch u trong m my m c. N trin khai mt chin lc khc: n to ra mt mt khu mi, mnh mi ln bn cn ng nhp vo mt site. Bn ch cn nh mt mt khu duy nht. (Gi 5.99 USD) ChatSecure m ha AIM, Jabber, Google Talk, v tt c cc ng dng chat/IM apps m s dng giao thc chat XMPP. Rights Alert ch cho bn mt danh sch cc ng dng c ci t m ang yu cu cc quyn tha qu mc, c th l mt du hiu rng chng c th s khng tt, m mm v tc mch vo trong cc phn h thng ca bn ni m chng khng thuc v. D n Guardian l mt b cc ng dng ngun m bo v tnh ring t c to ra vi tng bo v cc nh hot ng chnh tr x hi m ang gp nguy him n gin bo cc s kin v chia s cc nh, v tt nhin cc ng dng lm vic cho bt k ai m c quan tm v tnh ring t ca h trn trc tuyn. Orbot mang Tor vo Android. Tor l mng cc my ch y quyn nc danh ha cc cuc du lch ca bn trn Internet Gibberbot a ra thng ip tc th v chat an ninh, vi phn thng ca s h tr ca Tor. Droidwall l mt giao din mt tin ha p cho tng la mnh v c chng minh Iptables tng l
M ha TrueCrypt
Secure Chat
Rights Alert
D n Guardian
Orbot
Gibberbot Droidwall
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 44/47
08/2012
Loi
Tn phn mm
Thay th cho
M t mt phn khng th thiu ca nhn Linux trong nhiu nm. N trao s kim sot tt i vi cc ng dng v dch v c th c s truy cp ti cc mng ca bn, v kim sot nhng g ti Droid ca bn qua mng.
M hnh pht trin phn mm t do ngun m c ngc ln dng trn. Khi s dng cc phn mm an ninh l phn mm t do ngun m, vic ty bin cc phn mm nn c thc hin theo ng m hnh pht trin ca phn mm t do ngun m m bo cc phn mm lun c cp nht nhanh chng, ng thi hn, qua m bo c an ninh cho h thng. Trnh vic ty bin m ngun ca phn mm ri em ng li, khng chuyn m ngun ty bin ngc ln dng trn v vi d n gc ca phn mm. Thng th khi khng ngc ln dng trn ng gp m ngun c ty bin tr v vi d n dng chnh thng, th ta s c cc phin bn r nhnh ca phn mm v kh hoc khng th nhn c nhng ng gp ca c cng ng d n cho bn r nhnh . Kt qu l sau mt thi gian, phn mm r nhnh c kh nng b lc hu, gy mt an ninh cho h thng. Ni nh vy khng c ngha l khng bao gi c r nhnh, m ch r nhnh khi thc s cn thit v chun b y v c nhn lc v vt lc c th duy tr kho m ngun ca phn mm r nhnh .
M hnh pht trin phn mm t do ngun m khng ngc ln dng trn - r nhnh.
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 45/47
08/2012
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 46/47
08/2012
Lin bang c xut bn. Thng 10/2006. 185 trang. Ti v. 19. Ngc ln dng trn: Tng cng cho s pht trin ngun m. Qu Linux. Thng 01/2012. 10 trang. Ti v. 20. Mua sm phn mm my tnh ca Chnh ph v Giy php Cng cng Chung GNU, B. Scott Michel, Lt. Cmdr., PhD, USN(RC), Eben Moglen, Trung tm Lut T do cho Phn mm, Mishi Choudhary, Trung tm Lut T do cho Phn mm, Dorothy Becker, Lut s v Bng sng ch, SPD ca Navy OGC. Xut bn ngy 01/10/2011, 15 trang. Ti v. Ghi ch: Mt s thng tin tham kho khc v an ninh c cp nht hng ngy c th xem y, y hoc y.
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 47/47