AnToanAnNinhThongTin CIO QuangNinh Th08 2012

An ton an ninh thng tin
08/2012
AN TON AN NINH THNG TIN

Chng trnh kha o to Bi dng nng cao nng lc cho lnh o thng tin trong doanh nghip (CIO) do B Thng tin Truyn thng v Ngn hng Th gii t chc ti Thnh ph H Long, Qung Ninh t 21-24/08/2012
Ngi trnh by: L Trung Ngha Vn phng Phi hp Pht trin Mi trng Khoa hc Cng ngh, B Khoa hc & Cng ngh Email: letrungnghia.foss@gmail.com Blogs: http://vn.myblog.yahoo.com/ltnghia http://vnfoss.blogspot.com/ Trang web CLB PMTDNM Vit Nam: http://vfossa.vn/vi/ HanoiLUG wiki: http://wiki.hanoilug.org/ ng k tham gia HanoiLUG: http://lists.hanoilug.org/mailman/listinfo/hanoilug/
Mc lc
A. Tng quan tnh hnh an ton an ninh thng tin.....................................................................................2 1. Mt s trch dn quan trng ng lu ............................................................................................2 2. L do v mc ch tn cng..............................................................................................................3 3. Cng c c s dng tn cng...................................................................................................4 4. Tn sut v phm vi tn cng............................................................................................................6 5. i ph ca cc quc gia..................................................................................................................6 6. Bi hc cho Vit Nam........................................................................................................................7 B. Gii thiu mt s tiu chun v an ton an ninh thng tin....................................................................8 1. Mt s tiu chun v h thng qun l an ninh thng tin ISMS ......................................................8 2. Mt s tiu chun cho in ton m my......................................................................................10 3. Mt s tiu chun theo m hnh kin trc an ninh d liu..............................................................14 C. Cc gii php, cng c v cc l hng thng gp.............................................................................16 1. Kin trc h thng thng tin truyn thng (CNTT TT)................................................................16 2. An ninh h tng h thng CNTT-TT...............................................................................................17 3. An ninh ng dng............................................................................................................................20 4. An ninh in ton m my (TM).............................................................................................20 5. An ninh thng tin d liu.................................................................................................................24 6. Chun ha nh mt bin php tng cng an ninh thng tin d liu.............................................24 7. Chun m l mt bin php m bo an ninh thng tin d liu......................................................25 8. M hnh chn an ninh khng gian mng.....................................................................................27 9. Ngun ca cc mi e da v dng cc l hng thng gp v an ninh ........................................29 10. Cc cng c an ninh......................................................................................................................33
Vn phng Phi hp Pht trin Mi trng Khoa hc v Cng ngh, B Khoa hc & Cng ngh
Trang 1/47
08/2012
A. Tng quan tnh hnh an ton an ninh thng tin

1. Mt s trch dn quan trng ng lu
1. Barack Obama, ngy 29/05/2009: S thnh vng v kinh t ca nc M trong th k 21 s ph thuc vo an ninh c hiu qu ca khng gian mng, vic m bo an ninh cho khng gian mng l xng sng m n lm nn vng chc cho mt nn kinh t thnh vng, mt qun i v mt chnh ph m, mnh v hiu qu. Trong th gii ngy nay, cc hnh ng khng b c th ti khng ch t mt t nhng k cc oan nh bom t st, m cn t mt vi ci g bn phm trn my tnh mt v kh hu dit hng lot. Vn bn gc ting Anh. Video. 2. Trch t ti liu An ninh khng gian mng (ANKGM): Cu hi gy tranh ci i vi cc qui nh ton cu, Chng trnh Ngh s v An ninh v Phng th (SDA), xut bn thng 02/2012: Isaac Ben-Israel, c vn ANKGM cho Th tng Benjamin Netanyahu, Israel: Nu bn mun nh mt quc gia mt cch khc lit th bn hy nh vo cung cp in v nc ca n. Cng ngh KGM c th lm iu ny m khng cn phi bn mt vin n no. Phyllis Schneck, Gim c cng ngh cho Khu vc Cng ti McAfee: Cng ngh mi by gi c tp trung bn di cc h iu hnh. N giao tip trc tip vi phn cng my tnh v cc con chip nhn bit c hnh vi c hi v s thng minh khng cho php hnh vi c hi ... y l lp mi nht v su nht v, cng vi nhiu tri thc hn trong cc lp khc, l mt phn ch cht ca tng lai ANKGM. Giao tip vi phn cng l hong hu ca bn c - n c th dng k ch hu nh ngay lp tc hoc kim sot cuc chi di hn. Cch no th chng ta cng s thng. Thng ip: ANKGM c quan h mt thit vi an ninh v s sng cn ca mt quc gia, v n ph thuc vo phn mm v phn cng to nn h thng thng tin c s dng trong cc h tng sng cn ca mt quc gia. Ni mt cch khc, an ninh ca h thng thng tin ph thuc trc ht vo kin trc ca h thng thng tin. 3. Trend Macro: Nn cng nghip chng virus la di ngi s dng 20 nm nay. Kh nng chng virus hu nh l khng th vi s lng khng l cc virus hin nay; Nm 2010, c mi giy c 2 phn mm c hi mi c sinh ra, trong khi thi gian nhanh nht c c mt bn v li l 3 gi ng h. 4. McAfee: s lng cc cuc tn cng bng phn mm c hi thm nhp hoc gy hi cho mt h thng my tnh tng 500% trong nm 2008 tng ng vi tng cng ca 5 nm trc cng li. Trong 80% tt c cc cuc tn cng bng phn mm c hi c ng lc l ti chnh, vi nhng k tn cng c n cp thng tin d liu c nhn v li nhun; 20% cc cuc tn cng cn li c cc mc ch lin quan ti tn gio, gin ip, khng b hoc chnh tr. Mt vi t liu video: 1. V v mng GhostNet: Video ca Symantec; Cyberspies China GhostNet Exposed III; Global Computer Espionage Network Uncovered; China Cyberspy GhostNet targets governments; 2. Tn cng li in M - China & Russia Infiltrate US Power Grid-Cyber Spies Hack The Grid; 3. Tn cng mng ca Lu 5 gc - Chinese Military Hacks Pentagon's computer system; Chinese hackers: No site is safe; 4. Tn cng cc mng truyn thng, ngn hng, in... ca M - China Cyber Attack on America;
Trang 2/47
08/2012
5. Kch bn s dng b cng c to cc Zeus botnet phc v cho vic n cp tin trong cc ti khon ngn hng ca cc doanh nghip. 6. Kch bn tn cng ca Stuxnet.
2. L do v mc ch tn cng
1. V chnh tr: khng ch gin ip thu thp thng tin, m cn ph hoi c s h tng. a) Xung t gia cc quc gia: Israel Syria, Israel Palestine, Nga Estonia, Nga Georgia (tr thnh tiu chun), M cng lin qun Iraq, M cng Hn Quc - Bc Triu Tin, tranh chp du kh Venezuela nm 2002, M-Israel vi Iran. b) TQ v cc quc gia khc - 09/10/2009: hng chc v, nhiu quc gia, tn sut gia tng. V mng gin ip thng tin ln nht th gii t trc ti nay GhostNet: 103 quc gia, 1295 my tnh b ly nhim, ko di t 05/2007 n 03/2009. c) Tn cng vo hu nh tt c cc h thng mng ca cc lc lng v trang, nh mng dnh ring cho 2 cuc chin tranh m M hin ang tham chin, CIA, MI6, NATO, Hi qun n ; Cnh st Anh, d) Cc t chc c cho l mc an ninh an ton h thng cao nht b tn cng nh Thng vin M, Th tng c, c quan chng thc Israel, Qu tin t Quc t IMF, Chnh ph Canada, y ban Thng mi Lin bang M FTC, B T php M, C quan V tr Nht Bn, Phng Thng mi M, Lin hip quc, cc v tinh quan st ca M, e) Nm 2009 c d on thi gian chuyn t gin ip thng tin sang ph hoi: t 3-8 nm, trn thc t din ra nhanh hn th. Ngy 13/07/2010, su Windows Stuxnet c pht hin, da vo 4 li ngy s 0 trong Windows v cc li trong h thng kim sot gim st v thu thp d liu SCADA ca Siemens, lm hng hng ngn my li tm uranium trong cc c s ht nhn ca Iran, lm chm chng trnh ht nhn ca nc ny ti 2 nm. f) Cnh bo c vic ph hoi h tng c s: Cc h thng mng ti M: li in ([1], [2]), giao thng, ngn hng, pht thanh truyn hnh, ng st, cp thot nc ti Illinois v Texas, cung cp du kh, cng nghip ha cht. Thm nhp cc thit b kim sot cng nghip ti M tng t ngt, t 9 v nm 2009 ln 198 v nm 2011 vi 17 v nghim trng; Cc nc khc: li in c, li in Brazil, y t Anh g) Stuxnet - Duqu Flame: V kh khng th kim sot, cc phn mm dit virus bt lc khng d tm ra c chng; h) WikiLeaks. V ni ting v a ra hng lot cc ti liu mt ca B Quc phng v B Ngoi giao M lin quan ti hng lot cc quc gia trn th gii. 2. V kinh t: Gin ip thu thp thng tin, n cp thng tin s hu tr tu, n cp tin. a) Cc tp on ln: Sony, Honda, cc cng ty du kh, Lockheed Martin, Citibank, nh mng SK Communications - Hn Quc, Mitsubishi Heavy Industries - nh thu ca B Quc phng Nht Bn, v Aurora cui nm 2009 tn cng vo Google v hng chc hng ln khc ca M... b) Thng 08/2012, Kaspersky Lab pht hin mt virus mi do nh nc bo tr, Gauss, c lin quan ti Stuxnet-Duqu-Flame, chuyn theo di cc giao dch, d tm v n cp cc y quyn ng nhp v thng tin - d liu ngn hng trc tuyn, xut hin trong hng lot cc ngn hng ti Li bng, Israel v cc vng lnh th ca Palestine.
Trang 3/47
08/2012
c) Khu vc ngn hng - th tn dng: Global Payments vi 1.5 triu th, n cp tin t cc ti khon ngn hng ca cc doanh nghip va v nh 40 triu USD n thng 9/2009, 100 triu USD n thng 10/2009, v Citibank hng chc triu USD, th trng chng khon NASDAQ, n cp tin thng qua cc tr chi trc tuyn Trung Quc. d) Cc c quan chng thc s CA: Codomo, Diginotar, GlobalSign, StartSSL, lm Diginotar ph sn, e) Cc cng ty an ninh v t vn an ninh: Stratfor, Symantec... f) La o bn phn mm an ninh gi mo hay tn cng bng tnh dc tng tin... 3. Cc v lin quan ti Vit Nam: a) Thng 02/2012, BKAV b tn cng, nhiu d liu b ly cp. Trong khong t thng 11/2010 n thng 11/2011, Vietnamnet b tn cng lin tc, ly v xa i nhiu d liu, khng tm ra th phm. b) Cuc chin gia cc tin tc Vit Nam - Trung Quc ln th nht , 02-07/06/2011, hng trm (hng ngn) cc website ca c 2 bn b bi xu, nh sp, trong c cc website ca chnh ph. Chng no cn xung t Bin ng, chng cn chin tranh khng gian mng Vit Nam! c) Vit Nam phi ht sc cnh gic vi chin tranh khng gian mng, c bit i vi cc cuc tn cng vo cc c s h tng cng nghip sng cn kiu Stuxnet, c th t Trung Quc. d) GhostNet (s 2/103 nc trn th gii, ch sau i Loan, trn c M v n ), vi 130/1295 my tnh chy Windows b ly nhim (Symantec lm video m phng li cuc tn cng), mc ch gin ip thng tin chng li cc chnh ph, nhng g lin quan ti v ny???, Hin nay ra sao???; e) Conficker (Vit Nam ng s 1 th gii vi 13% s my b ly nhim theo OpenDNS); Botnet Windows nhim Conficker (c A+B ln C) ca cc ISP Vit Nam c ln nht th gii vi hn 5% khng gian a ch IP b ly nhim v vn ang t ly nhim. Trong Top500 th gii: VNN(2), Viettel(18), FPT(20), CMCTI (244), ETC(279), SCTV(302), SPT(398), VNPT(407) theo s liu thng 04/2012. f) Vit Nam c tn 5 trong s 10 botnet ln nht th gii vo nm 2009. Vit Nam xp v tr s 1 4 trong 5 botnet (theo mt bo co vo thng 06/2010). g) Ti Vit Nam c b cng t Zeus to ra cc botnet c hi. h) Nhy chut gi mo - s 1 th gii; i) Mua bn cc my tnh b ly nhim trong cc botnet trn th trng ti phm mng th gii, Vit Nam c gi mua vo 5 USD/1000 my v gi bn ra 25 USD/1000 my. j) Mn hnh en (Ti M, WGA [Windows Genuine Advantage] b a ra ta v b coi nh mt phn mm gin ip); Nay WGA c i tn l WAT (Windows Activation Technology).
3. Cng c c s dng tn cng

1. Phn cng v thit b: a) Chip my tnh, cy phn mm c hi hoc phn mm gin ip vo Bios my tnh (Stoned Boot - tt c cc phin bn Windows t XP ti 7, Microsoft lm vic vi cc OEM a ACPI [Advanced Configuration and Power Interface] vo cc my tnh - c th b li dng cy Trojan vo ngay c khi a cng hon ton c m ha - bootkit s khi ng trc v t n n mnh - chim quyn kim sot ton b my tnh - phi c truy cp vt l ti my
Trang 4/47
08/2012
tnh), ly d liu kha an ninh t DRAM (Cold Boot). S dng cc phn mm c hi no vt RAM, nghe bn phm, ly nhim virus cho cc USB ly thng tin. b) Thit b vin thng: v thu thit b vin thng Anh, mi quan ngi ca M, Anh, n i vi cc thit b vin thng t cng ty Hoa V (Huwei) hay ZTE ca Trung Quc. c) Cc h thng nhng: cc my photocopy a chc nng ca Canon, Ricoh, Xerox, cc thit b ca CISCO, cc my in ca HP (Bom my in lm cho in ht giy, thm nhp mng qua my in) d) Cc thit b di ng: phn mm c hi ang gia tng nhanh. e) Th v u c th thng minh: B Quc phng M. 2. Phn mm
Lp ng dng Lng ngi s dng v trng thnh
Xc sut li
a) Xc xut li c tnh theo: (1) H iu hnh, (2) Phn mm trung gian (Middleware), (3) Gii php; (4) Phn mm ng dng. V d, trong phn mm ngun m th li h iu hnh l t nht v tng dn theo cc con s trn (vi RHEL4.0 v 5.0 th li mang tnh sng cn l bng 0), cn lng ngi s dng h iu hnh l ln nht ri gim dn theo cc con s trn. (Xem bi H tr ngun m trn tp ch Tin hc v i sng, s thng 11/2009). Nhn ca h iu hnh ngun m GNU/Linux c ci tin, sng to lin tc vi tc khng th tng tng c cng l mt im rt quan trng. b) Ca hu c gi trong Windows v mt s h iu hnh thng mi khc v/hoc trong phn mm th in t Lotus Notes. c) Cc loi phn mm c hi vit cho Windows chim ti 99.4% - 99.5% tng s cc phn mm c hi c vit ra trn th gii, theo G-DATA. d) Tin tc tn dng khim khuyt ca cc phn mm ca Microsoft tn cng cc h thng mng trn khp th gii Windows, Exchange Server, Office, Wordpad, Internet Explorer... Cc phn mm khc cng b li dng tn cng, ph bin l ca Adobe Acrobat Reader, Adobe Flash, Quicktime, Firefox, AutoCAD, cc chng trnh SCADA v ICS trn Windows, chng trnh cp nht Windows, ...., cc mng x hi nh Facebook, Twitter...
Trang 5/47
08/2012
e) To ra cc botnet vi cc kch c t nh ti khng l, t hng trm cho ti hng chc triu my tnh b ly nhim chun b cho cc cuc tn cng qui m ln sau ny. f) Cc cng c m ha, cc chng thc s, cc phn mm dit virus b m m ngun. 3. Th trng mua bn cng c to m c, botnet a) Mua bn cc trung tm d liu, mua bn cc b cc cng c to m c hi, m ngun, xy dng cc botnet, phn mm an ninh gi mo; phn mm da nt (phishing) a ngi s dng vo by mua phn mm chng virus gi mo; b) Mua bn my tnh b ly nhim trong cc botnet theo vng a l vi cc thng tin b n cp i km, gi mua vo t 5-100 USD/1000 my b ly nhim cng d liu b n cp, gi bn ra t 25-100 USD. 4. S dng khng ng cch dn ti mt an ninh, mt d liu: v Sidekick. 5. Php nhn tin hnh tn cng: loi, mc cao nht l nhiu quc gia tham gia vo chin tranh KGM nh M, Israel, Trung Quc, Nga, Anh, ... lm bt dy cuc chy ua v trang cc v kh KGM trn ton cu, c kh nng bin KGM thnh vng chin s nng bng.
4. Tn sut v phm vi tn cng

1. Tn sut ln khng l a) Mng qun i M b qut hng ngn ln mi ngy. b) Thng 03/2009, c 128 "hnh ng thm nhp khng gian mng" trong 1 pht vo cc h thng mng ca nc M. c) Nm 2010 mi giy c 2 phn mm c hi mi c sinh ra, trong khi nhanh nht phi cn ti 3 gi ng h c c mt bn v. 2. Phm vi rng khp a) V GhostNet tn cng vo 103 quc gia, 1295 my tnh b ly nhim. Ti liu 53 trang, video m t li cuc tn cng. b) Cc quc gia mnh v CNTT cng b tn cng: M, Anh, Php, c, Hn Quc... c) Khp cc lnh vc nh v tr, hng khng, qun s, ti chnh, ngoi giao, ... 3. Nhiu loi su, b, virus, phn mm c hi tham gia cc botnet. C loi chuyn n cp tin (Zeus, Clampi), c loi tinh vi phc tp (Conficker), c loi tn ti t nhiu nm trc nay hot ng tr li d c hng chc bn v li ca Windows (MyDoom). 4. Thit hi ln a) Stuxnet y li chng trnh ht nhn ca Iran 2 nm m khng tn vin n no. b) M b tin tc ly i hng terabyte d liu t h thng mng ca cc B Quc phng, Ngoi giao, Thng mi, Nng lng v C quan Hng khng V tr NASA. c) Obama: Ring M, trong 2008-2009 thit hi do ti phm khng gian mng l 8 t USD. d) Conficker - c tnh 9.1 t USD ch trong na nm (ti thng 6/2009).
5. i ph ca cc quc gia
1. V ng li chnh sch: a) Hc thuyt chin tranh thng tin , c phng th ln tn cng, bt k v kh g, k c ht nhn; Chin lc v ANKGM (M, Anh v nhiu nc khc); K hoch phn ng (M). Din tp v ANKGM. Hip c cm ph bin v kh khng gian mng? b) T ch v cng ngh li. D n sn xut Chip (Trung Quc, n ), chy ua cc d n
Trang 6/47
08/2012
OS tng cng an ninh nh M (cho Android, Linux, Ethos), Trung Quc, chu u, c, hoc xy dng mi OS an ninh cho quc gia mnh (n , Nga, Brazil, Venezuela, Cuba ). Tt c cc OS u da trn GNU/Linux/Unix. c) Ngun m an ninh hn ngun ng v c l thuyt ln thc t do m ngun cng cp hn v c c s r sot lin tc ca cng ng cc lp trnh vin ton th gii. Linus Torvalds: Ni th t gi tr, hy ch cho ti m ngun. Hng lot chnh ph cc quc gia c nhng chnh sch s dng cng ngh m nh M (Chnh ph M), Canada, Anh, H Lan, an Mch, New Zealand, Malaysia, , Nga, Trung Quc, Brazil, n , Indonesia, Thailand, Philippine... Trn th gii, cc quc gia mnh nht v ng dng v pht trin PMTDNM l M, c, Php, Ty Ban Nha v c. Nm 2011: Th tng Nga Putin ra lnh cho cc c quan chnh ph Nga chuyn ht sang PMTDNM vo qu III/2014; Chnh ph Anh a ra Chin lc cng ngh thng tin v truyn thng ca Chnh ph, bt buc s dng cc tiu chun m, tng cng s dng PMTDNM bt k ni no c th; B Quc phng M a ra ti liu Pht trin cng ngh m. Nhng bi hc hc c, trong nhn mnh cc phn mm/h thng trong qun i v chnh ph s khng tn ti phn mm s hu c quyn ch ph thuc vo mt nh cung cp, ch c 2 loi l PMTDNM v PMNM chnh ph. Phng chm ca pht trin cng ngh m l: (1) Cng ng trc, cng ngh sau; (2) M l mc nh, ng ch khi cn thit; (3) Chng trnh ca bn khng phi l c bit, thm ch l trong cc d n phn mm/h thng qun s v CNTT. d) u t ln vo cc nghin cu v an ninh KGM. Sn xut cc v kh mi cho chin tranh khng gian mng: bom logic, cc thit b sng cc ngn t cc my tnh trong mng t xa; to cc botnet... 2. V t chc: B nhim lnh o ANKGM (M), cng c v xy dng lc lng chuyn mn (M, Anh, Hn Quc, Singapore), cc n v ng cu khn cp (CERT) quc gia, hp tc cc CERT v tham gia din tp gia cc quc gia, tng cng nhn lc v u t cho cc c quan chuyn trch (B An ninh Quc ni - DHS, Cc Tnh bo Trung ng - CIA, ...). 3. V nhn lc: Huy ng thanh nin, hc sinh, sinh vin. M t chc thi ly 10,000 nhn ti, Anh cng bc theo, B An ninh Quc ni M tuyn 1,000 nhn vin lm v an ninh khng gian mng. Trung Quc c "Qun i xanh", phong tro thanh nin Nga... Bn khng b cng tuyn ngi cho chin trang khng gian mng. 4. V thc tin trin khai khu vc dn s m bo an ninh cao a) Chuyn sang s dng cc h thng da trn GNU/Linux (Th trng chng khon New York, Tokyo, Lun n, ) b) Khng s dng Windows khi thc hin cc giao dch ngn hng trc tuyn (khuyn co ca Vin Cng ngh SAN, chnh quyn New South Wale c, chuyn gia an ninh mng ca t The Washington Post).v.v. c) Hng chc cng c an ninh t cc phn mm t do ngun m ([01], [02]). d) Khuyn co s dng PMTDNM, nhng nu buc phi s dng Windows, th hy tun th 10 li khuyn v an ninh.
6. Bi hc cho Vit Nam

1. Cc c quan, doanh nghip i mt vi cc mi e da an ninh khng gian mng (KGM) vi cc c tnh cha tng c trc y:
Trang 7/47
08/2012
2.
3.
4.
5.
6. 7.
a) Khng cn c tip xc vt l ti cc mc tiu tn cng khi tn cng trn KGM. b) Cng ngh cho php cc hot ng din ra d dng xuyn bin gii nhiu nc. c) C th tn cng mt cch t ng, tc cao, s lng ln cc nn nhn cng mt lc. d) Nhng k tn cng d dng du mt. Nguy c ph thuc, mt kim sot hon ton: Vit Nam hin ang b ph thuc hon ton vo phn cng, h iu hnh, phn mm ng dng, c th s ph thuc nt c d liu. Hin vn cn c hi, d rt nh, thot??? a) Trc mt: Chun m v h iu hnh ngun m (Viettel, Google) l mc tiu s 1?. Cch chng virus tt nht l s dng h iu hnh GNU/Linux. Hin ti cc doanh nghip Vit Nam ng th 75/75 v cc hot ng lin quan ti ngun m theo nghin cu ca RedHat-Georgia thng 04/2009. b) Tng lai: H iu hnh, chip, cc thit b vin thng... Cn lm ch c CNTT. Cc lnh vc an ninh KGM cn tp trung quan tm a) y mnh phn tch KGM v cc kh nng cnh bo. b) Ci thin an ninh KGM mng cc h thng kim sot h tng. c) Tng cng kh nng ca cc c quan chuyn trch gip phc hi t ph hoi Internet. d) Gim thiu s khng hiu qu v t chc. e) Xc nh y cc hnh ng qua thc tin v an ninh KGM. f) Pht trin cc k hoch c th cho tng khu vc vi cc tiu ch v an ninh KGM. g) m bo an ninh cc h thng thng tin ni b. Tun th kin trc phn vng mng, tun th kim sot truy cp cc vng mng, tun th cc yu cu c bn m bo an ninh mng. Tun th chun an ninh mng, ng dng, nh b cc chun ISO/IEC 27K, trong c ISO/IEC 27032: Cc ch dn cho an ninh khng gian mng. Nhanh chng p dng cng ngh m. V chnh sch, chin lc: a) R sot li chnh sch v cc chun s dng trong cc HTTT nh nc, kin quyt s dng cc chun m; hng ti h iu hnh ngun m cng ng. b) R sot li chnh sch mua sm ca chnh ph, tip tc trin khai chnh sch v ng dng phn mm t do ngun m, a ra chnh sch ring cho an ninh KGM. c) Quy hoch an ton v an ninh s quc gia Quyt nh s 63/2010/Q-TTg V t chc v xy dng lc lng: a) Xy dng v cng c b my ph hp i ph vi an ninh KGM. b) Hc tp cc kinh nghim v an ninh KGM vn dng trong thc t ca Vit Nam. c) u t mnh m cho gio dc chun b nhn lc cho tng lai t hc sinh - sinh vin, vi cc k nng mi da trn cng ngh m, phn mm t do ngun m, cc sng kin bin cc tr chi in t thnh cc bi hc v an ninh. Phng nga cho bn thn, c bit vi cc my tnh xch tay, k c khi m ha c cng. Nng cao nhn thc cho ton x hi, cuc chin ca ton dn, cc CIO phi i u lm gng.
Trang 8/47
08/2012
B. Gii thiu mt s tiu chun v an ton an ninh thng tin

1. Mt s tiu chun v h thng qun l an ninh thng tin ISMS
Hin ti, trn th gii hin ang tn ti mt h cc tiu chun 27K ca C quan tiu chun ha quc t ISO, gm khong 30 tiu chun, trong s c
Cc tiu chun c ban hnh
1. ISO/IEC 27000:2009. Cc ISMS (Information Security Management System) - Cc nguyn l c bn v thut ng. 2. ISO/IEC 27001:2005. c t v ISMS. c TCVN ISO/IEC 27001:2009. 3. ISO/IEC 27002:2005. M thc hnh i vi Qun l An ninh Thng tin. 4. ISO/IEC 27003:2010. Ch dn trin khai ISMS. 5. ISO/IEC 27004:2009. Qun l an ninh thng tin - o lng. 6. ISO/IEC 27005:2008. Qun l ri ro an ninh thng tin. 7. ISO/IEC 27006:2007. Cc yu cu i vi cc c quan cung cp kim ton v chng ch cc ISMS. 8. ISO 27799:2008. Cng ngh thng tin trong y t - Qun l an ninh thng tin trong y t bng vic s dng ISO/IEC 27002. 9. ISO/IEC 27007:2011. Cc ch dn v vic kim ton ISMS. 10. ISO/IEC TR 27008:2011. Ch dn cho cc nh kim ton v kim sot ISMS. 11. ISO/IEC 27010:2012. Qun l an ninh thng tin i vi truyn thng lin lnh vc, lin t chc.
Cc tiu chun s c ban hnh trong thi gian ti
12. ISO/IEC 27013. Ch dn v trin khai tch hp cc ISO/IEC 20000-1 v ISO/IEC 27001 (d tho). 13. ISO/IEC 27014. Khung cng vic ch ng an ninh thng tin (d tho). 14. ISO/IEC 27015. Cc ch dn ca cc ISMS cho khu vc ti chnh v bo him (d tho). 15. ISO/IEC 27017. An ninh trong in ton m my (d tho). 16. ISO/IEC 27018. Quy phm cho cc kim sot bo v d liu i vi cc dch v in ton m my cng cng (d tho). 17. ISO/IEC 27031. Cc ch dn v tnh sn sng v ICT cho tnh lin tc ca cng vic (bn tho cui). 18. ISO/IEC 27032. Cc ch dn cho an ninh khng gian mng (CD). 19. ISO/IEC 27033. An ninh mng (d tho). 20. ISO/IEC 27034. An ninh cc ng dng (d tho). 21. ISO/IEC 27035. Qun l s c an ninh (d tho). 22. ISO/IEC 27036. Cc ch dn v an ninh thu ngoi lm (d tho). 23. ISO/IEC 27037. Cc ch dn v nhn din, thu thp v/hoc thu c v gn gi bng chng s (d tho).
Trang 9/47
08/2012
24. ISO/IEC 27039. La chn, trin khai v vn hnh cc h thng d tm thm nhp tri php - IDPS (Intrusion Detection [and Prevention] System) (d tho). 25. ISO/IEC 27040. An ninh lu gi (d tho). 26. ISO/IEC 27041. Ch dn cho vic m bo tnh bn vng v y ca cc phng php iu tra (d tho). 27. ISO/IEC 27042. Ch dn cho vic phn tch v gii ngha bng chng s (d tho). 28. ISO/IEC 27043. Cc nguyn tc v qui trnh iu tra bng chng s (d tho).
Cha c nhiu doanh nghip trn th gii c chng ch tun th cc chun ISO/IEC 27K v ISMS v rt tn km c th t c chng (c th ln ti hng trm ngn USD). Xem http://www.iso27001security.com/html/iso27000.html bit chi tit hn v h cc tiu chun ISO/IEC 27K.
2. Mt s tiu chun cho in ton m my

V TM l mi, nn cn thiu nhiu tiu chun, k c v an ninh, tnh tng hp, tnh kh chuyn v tnh ring t.
2.1. Tiu chun v an ninh

Bng di y nh x cc tiu chun cho cc chng loi an ninh trong Nguyn tc phn loi TM ca NIST v a ra tnh trng v chn ca tiu chun. Mt s trong s cc tiu chun c lit k p dng cho hn mt chng loi v v th c lit k hn mt ln.
Chng loi Cc tiu chun v SDO sn sng Tnh trng
Xc thc RFC 5246: Secure Sockets Layer (SSL)/ Transport Layer Tiu chun c ph chun & y Security (TLS); IETF Chp nhn ca th trng quyn RFC 3820: X.509 Public Key Infrastructure (PKI) Proxy Tiu chun c ph chun Certificate Profile; IETF RFC5280:Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile; IETF X.509 | ISO/IEC 9594-8: Information technology Open Tiu chun c ph chun systems interconnection The Directory: Public-key and Chp nhn ca th trng attribute certificate frameworks, ITU-T RFC 5849: Oauth (Open Authorization Protocol); IETF Tiu chun c ph chun Chp nhn ca th trng Chp nhn ca th trng Tiu chun c ph chun Chp nhn ca th trng
Trang 10/47
08/2012
Chng loi
Cc tiu chun v SDO sn sng
Tnh trng
OpenID Authentication; OpenID
Tiu chun c ph chun Chp nhn ca th trng
eXtensible Access Control Markup Language (XACML); Tiu chun c ph chun OASIS Chp nhn ca th trng Security Assertion Markup Language (SAML); OASIS Tiu chun c ph chun Chp nhn ca th trng FIPS 181: Automated Password Generator; NIST Tiu chun c ph chun Chp nhn ca th trng FIPS 190: Guideline for the Use of Advanced Authentication Technology Alternatives; NIST FIPS 196: Entity Authentication Using Public Key Cryptography; NIST Tnh mt Tiu chun c ph chun Chp nhn ca th trng Tiu chun c ph chun Chp nhn ca th trng
b RFC 5246: Secure Sockets Layer (SSL)/ Transport Layer Tiu chun c ph chun Security (TLS); IETF Chp nhn ca th trng
Key Management Interoperability Protocol (KMIP); Tiu chun c ph chun OASIS Chp nhn ca th trng XML Encryption Syntax and Processing; W3C Tiu chun c ph chun Chp nhn ca th trng FIPS 140-2: Security Requirements for Cryptographic Modules; NIST FIPS 185: Escrowed Encryption Standard (EES); NIST Tiu chun c ph chun Chp nhn ca th trng Tiu chun c ph chun Chp nhn ca th trng FIPS 197: Advanced Encryption Standard (AES); NIST Tiu chun c ph chun Chp nhn ca th trng FIPS 188: Standard Security Label for Information Transfer; NIST Tiu chun c ph chun Chp nhn ca th trng
Trang 11/47
08/2012
Chng loi
Tnh trng
Tnh ton XML signature (XMLDSig); W3C vn FIPS 180-3: Secure Hash Standard (SHS); NIST
Tiu chun c ph chun Chp nhn ca th trng Tiu chun c ph chun Chp nhn ca th trng
FIPS 186-3: Digital Signature Standard (DSS); NIST
FIPS 198-1: The Keyed-Hash Message Authentication Code (HMAC); NIST Qun l Service Provisioning Markup nhn din WSFederation and WS-Trust Language
(SPML); Tiu chun c ph chun
X.idmcc Requirement of IdM in Cloud Computing, ang pht trin ITU-T Security Assertion Markup Language (SAML); OASIS Tiu chun c ph chun Chp nhn ca th trng OpenID Authentication, OpenID Foundation Tiu chun c ph chun Chp nhn ca th trng FIPS 201-1: Personal Identity Verification (PIV) of Federal Employees and Contractors, NIST An ninh NIST SP 800-126: Security Content Automation Protocol (SCAP), NIST NIST SP 800-61 Computer Security Incident Handling Guide, NIST X.1500 Cybersecurity information exchange techniques, ITU-T X.1520: Common vulnerabilities and exposures; ITU-T X.1521; Common Vulnerability Scoring System; ITU-T Tiu chun c ph chun Chp nhn ca th trng Tiu chun c ph chun Tiu chun c ph chun Tiu chun c ph chun Chp nhn ca th trng Tiu chun c ph chun Chp nhn ca th trng Tiu chun c ph chun
Trang 12/47
08/2012
Chng loi
Tnh trng
PCI Data Security Standard; PCI
FIPS 191: Guideline for the Analysis of Local Area Network Security; NIST Qun l eXtensible Access Control Markup Language chnh (XACML); OASIS sch an ninh FIPS 199: Standards for Security Categorization of Federal Information and Information Systems; NIST FIPS 200: Minimum Security Requirements for Federal Information and Information Systems; NIST
Tiu chun c ph chun Chp nhn ca th trng Tiu chun c ph chun Chp nhn ca th trng Tiu chun c ph chun Chp nhn ca th trng Tiu chun c ph chun Chp nhn ca th trng
Tnh sn Availability ISO/PAS 22399:2007 Guidelines for incident Chp nhn ca th trng sng preparedness and operational continuity management, ISO Bng 1 - An ninh: Phn loi
2.2. Tiu chun v tnh tng hp

Tnh tng hp ca cc dch v m my c th c phn loi theo cc giao din qun l v chc nng ca cc dch v m my. Nhiu tiu chun CNTT ang tn ti ng gp cho tnh tng hp gia cc ng dng m my ca ngi s dng v dch v m my, v gia bn thn cc dch v m my. C nhng n lc tiu chun ha c bit c khi xng gii quyt nhng vn v tnh tng hp trong m my. Nhng tiu chun m my c bit ny c lit k trong Bng sau.
Tnh Open Cloud Computing Interface (OCCI); Open Grid Tiu chun c ph chun tng Forum hp dch Cloud Data Management Interface (CDMI); Storage Tiu chun c ph chun v Networking Industry Association, SNIA IEEE P2301, Draft Guide for Cloud Portability and Interoperability Profiles (CPIP), IEEE ang pht trin
Trang 13/47
08/2012
Chng loi
Tnh trng
IEEE P2302, Draft Standard for Intercloud Interoperability and Federation (SIIF), IEEE Bng 2 - Tnh tng hp: Phn loi
ang pht trin
2.3. Tiu chun v tnh kh chuyn

Cc vn v tnh kh chuyn trong m my bao gm tnh kh chuyn v ti cng vic v cc d liu. Trong khi mt s vn v tnh kh chuyn ca ti cng vic m my l mi, th nhiu tiu chun cho d liu v siu d liu hin ang tn ti c pht trin trc k nguyn m my. Bng sau y tp trung vo cc tiu chun v tnh kh chuyn c th ca m my.
Tnh kh Cloud Data Management Interface (CDMI); SNIA chuyn v d liu Tnh kh Open Virtualization Format (OVF); DMTF chuyn v h thng IEEE P2301, Draft Guide for Cloud Portability and Interoperability Profiles (CPIP), IEEE Bng 3 - Tnh kh chuyn: Phn loi
Tiu chun chun Tiu chun chun
ph
ph
Chp nhn ca th trng ang pht trin
Chi tit hn v cc tiu chun trong TM, xem: L trnh tiu chun in ton m my ca NIST v1.0, Vin Tiu chun v Cng ngh Quc gia, M - NIST. Thng 07/2011. 76 trang. Cc tc gi: Michael Hogan, Fang Liu, Annie Sokol, Jin Tong. URL: http://ubuntuone.com/3n18xI3STBrnAZ3VnjrCrp
3. Mt s tiu chun theo m hnh kin trc an ninh d liu

Cn c mt s qui nh chnh thc ca Chnh ph v h thng qun l an ninh thng tin ca ring mnh, c th da vo tiu chun ISO/IEC 27001 c chuyn sang TCVN lm c s cho cc vn v khi nim c lin quan v c cc bn tham gia lin tc ng gp kin phn hi trong qu trnh trin khai thc t. Di y l mt vi tiu chun theo kin trc v m hnh cho cc chun an ninh d liu c tnh gi : 1. Trin khai khi nim an ninh: c t Tnh tng hp Ch k Cng nghip - MailTrusT (ISISMTT) v1.1. Ti liu gc ca c t ISIS-MTT cu to t 8 phn vi cc ni dung sau:
Trang 14/47
08/2012
Vic thit lp cc chng thc kha cng khai, cc chng thc thuc tnh v cc danh sch thu hi chng thc Thit lp v gi cc yu cu cho c quan chng thc (PKCS#10) v nhng tr li t c quan chng thc (PKCS#7) Thit lp cc thng ip c m ha v c k Cc yu cu cho cc chng thc kha cng khai, cc chng thc thuc tnh v cc danh sch thu hi chng thc c s dng LDAP, OCSP 1, FTP hoc HTTP; thit lp cc cu hi v p v t cc n v ng du thi gian. Kim tra tnh hp l cho cc chng thc kha cng khai v cc chng thc thuc tnh Cc thut ton c ph chun cho cc hm bm, cc ch k, m ha, xc thc cc thng ip ti v t c quan chng thc; cc thut ton c ph chun cho Ch k XML v M ha XML. M t Giao din th Token Mt m (PKCS#11) vi cc dng v chc nng ca d liu Lp h s v m rng cc ch k XML v m ha XML
2. Phng php m ha khng i xng: RSA 3. Phng php m ha i xng: Tiu chun m ha tin tin AES (Advanced Encryption Standard). 4. D liu bm: Thut ton bm an ninh: (SHA) - 256 (Secure Hash Algorithm). 5. Qun l kha: c t Qun l Kha XML (XKMS) v2 (XML Key Management Specification) 6. Th thng minh tip xc: Cc th nhn din - Cc th mch tch hp (Identification Cards Integrated circuit cards). 7. Th thng minh khng tip xc: Cc th Nhn din - Cc th mch tch hp khng tip xc (Identification Cards - Contactless Integrated Circuit Cards). Chi tit hn, xem: Chun v kin trc cho cc ng dng CPT, phin bn 4.0, B Ni v Cng ha Lin bang c phi hp vi Vin Fraunhofer v phn mm v k thut h thng (ISST) xut bn, thng 03/2008.
OCSP = Giao thc Tnh trng Chng thc Trc tuyn (Online Certificate Status Protocol)
Trang 15/47
08/2012
C. Cc gii php, cng c v cc l hng thng gp

Mt h thng thng tin c cu to t phn cng, cc thit b vin thng, phn mm v cc d liu trong h thng . m bo an ton an ninh cho h thng, t nht, cn hiu v lm ch c ton b kin trc ca h thng . Bn cnh , cn cn hiu nhng vn khc c lin quan ti an ton an ninh h thng, v d nh cc cch thc qun l, iu hnh v/hoc nhng c th ca h thng . Di y trnh by v d v kin trc tng th ca mt h thng thng tin v cc thnh phn ca n.
1. Kin trc h thng thng tin truyn thng (CNTT TT)

Kin trc mt h thng cng ngh thng tin v truyn thng (CNTT-TT), da vo n m mt h thng CNTT-TT c xy dng thng bao gm nhng lp c bn l: lp nghip v, lp thng tin, lp h tng, lp ng dng v lp cng ngh.
Cc bin php m bo an ninh h thng v thng tin, d liu c tin hnh thc hin xuyn sut tt c cc lp. Tng t, vic chun ha d liu cng c tin hnh thc hin theo tt c cc lp.
Trang 16/47
08/2012
2. An ninh h tng h thng CNTT-TT

1. An ninh h thng v thng tin, d liu c quan h cht ch vi vic chun ha, chn cc b chun v ngc li. 2. H tng cng ngh thng tin v truyn thng an ninh v n nh l iu kin c bn tin quyt cho vic vn hnh mt cch tin cy cc ng dng ca mt h thng thng tin. 3. Bn cnh vic phi m bo h tng vt l ca h thng mng th nguyn l xy dng h tng CNTT-TT an ninh v n nh nm vic phn vng chc nng v m bo an ninh cho vic truy cp cc vng chc nng .
H tng vt l ca h thng CNTT-TT

H tng vt l ca h thng CNTT-TT cn c m bo: 1. Thit lp cc h thng CNTT trong cc phng ph hp 2. Kim sot truy cp ti cc phng ny 3. Cc h thng bo v phng v cha chy ph hp 4. Cc h thng cung cp in ph hp 5. Cc h thng iu ho khng kh ph hp 6. Sao lu d liu theo khi nim sao lu d liu lin quan
Kin trc h tng v vic m bo an ninh truy cp cc vng
Trang 17/47
08/2012
Vng v cc mi giao tip

Cc h thng bn trong trung tm my tnh c t trong cc vng khc nhau c xc nh trn c s cc yu cu v an ninh ph hp cho cc dch v v d liu ca cc vng tng ng . t nht nhng vng c m t di y phi c trin khai trong h tng ca mt trung tm my tnh. C th i hi cc vng b sung khi cn. Cc vng ny phi c tch bit hon ton vi nhau v vt l. iu ny c th c ngha l: Mi thnh phn mng (b nh tuyn router, b chuyn mch switch, b chia hub, ...) ch c th c s dng nh l giao din gia vng ny vi vng khc, sao cho mi thnh phn mng ch truyn d liu lin quan hoc d liu gc qua 2 vng kt ni trc tip vi n. iu ny trnh c mi s trn ln cc lung d liu trong trng hp c li hoc b tn cng c ch tm. Mt h thng my ch c th cha cc h thng ca ch mt vng duy nht. iu ny c ngha l cc ng dng phn tn phi chy trn cc h thng my ch trong cc vng khc nhau. Mt h thng my ch vi cc ng dng i hi cc kt ni giao tip ti mt vi vng phi bao gm mt s lng tng ng cc kt ni mng c tch bit nhau c v mt logic ln v mt vt l (v d, nhiu card mng). H thng ny s loi tr c s truyn t mt vng ny sang mt vng khc. 1. Vng thng tin v dch v a) Vng thng tin v cc dch v bao trm mt phn mng nm gia vng Internet v cc vng khc ca mng. Vng ny cha cc my ch c th truy cp c bi cc mng bn ngoi hoc s dng cc dch v ca cc mng bn ngoi. Cc vng thng tin tip sau phi c thit lp nu cc h thng vi cc mc an ninh khc nhau c vn hnh. b) Vic giao tip gia cc h thng ca vng thng tin v dch v cng nh cc h thng ca vng x l v logic phi c bo v bng cc knh giao tip c m ho. 2. Vng x l v logic: Cc h thng ca vng ny x l d liu t vng d liu v lm cho cc d liu nh vy sn sng phc v ngi s dng thng qua cc h thng ca vng thng tin v cc dch v. Giao tip trc tip gia cc mng bn ngoi nh Internet chng hn v vng x l v logic l khng c php. 3. Vng d liu: Vng d liu l ni m cc d liu uc lu tr v sn sng trong mt khong thi gian di. Vic truy cp ti vng ny ch c cho php t vng x l v vng qun tr. Vic truy cp t cc mng bn ngoi l khng c php trong mi tnh hung. Hn na, ch c vng qun tr mi c th truy cp mt cch tch cc c ti vng ny. 4. Vng qun tr a) Vng qun tr c tt c cc h thng cn thit cho cc mc ch qun tr hoc cc h thng gim st trong cc vng khc. Hn na, vng ny cng c th cha cc dch v ng nhp hoc qun tr ngi s dng mt cch tp trung. Truy cp t vng qun tr ti cc vng khc v ngc li v th l c php. b) Truy cp t cc mng bn ngoi ti vng qun tr khng c php di mi hnh thc. 5. Vng sao lu d liu: Mi vng phi cha cc thnh phn sao lu d liu ca chnh vng . D liu ca cc vng thng tin phi c sao lu thng qua cc knh giao tip c bo v. Chun cho s tun th an ninh mng: ISO/IEC 27033: An ninh mng (d tho).
Trang 18/47
08/2012
Truy cp mng v kim sot truy cp

1. Cc h thng kim sot truy cp s kim sot s tch bit ca cc vng ring r bn trong trung tm my tnh cng nh vic truy cp t v/hoc ti cc mng bn ngoi. Cc cng ngh khc nhau c th c s dng cho cc mc ch ny. 2. Giao din gia vng thng tin v cc dch v v cc mng bn ngoi l im an ninh sng cn nht v v th c bo v bi mt t hp a c ch an ninh (multiple securrity mechnism). Cc phn on mng v cc vng a ch khc nhau c tch bit nhau y trn mc giao thc mng. Cc a ch mng bn trong c nh mt n (mask) theo cc mng da trn giao thc TCP/IP trn c s giao thc dch a ch mng NAT (Network Address Translation), v v th khng c xut bn trong cc mng bn ngoi. 3. Hn na, cc c ch lc sn c c a vo m bo l vic truy cp t cc mng bn ngoi b hn ch i vi cc dch v xc nh trong vng thng tin v cc dch v. Cc qui nh lc thng c trin khai trn cc tng la hoc cc b nh tuyn ca tng la m chng kim tra thng tin trong cc u (header) ca cc gi d liu n trn c s cc b lc gi v t chi cc cuc tn cng truy cp khng c xc thc cho php. 4. Hn na, cc cng (gateway) vo cc ng dng c th c s dng cch ly hon ton cc giao tip, kim tra tnh ng n ca cc dng d liu mc ng dng v khi cn thit s trin khai vic ti sinh li mt cch ph hp vi giao thc ca cc yu cu. 5. Quan h giao tip gia cc vng bn trong cng phi tun theo cc h thng kim sot truy cp. kim sot mt cch thch ng vic truy cp ti cc vng nhy cm ca vng x l v logic cng nh vng d liu, cc tng la phi c s dng v chng c nhng la chn lc hn hp. Cc tng la ny lm vic trn c s cc b lc gi ng (kim sot theo trng thi) v c kh nng gim st khng ch cc gi n l, m cn c cc dng giao tip lin quan ti nhiu gi. Cc b lc gi ng cho php kim tra tnh hp l ca cc kt ni mng khng ch trn c s cc qui tc khng thay i m cn c trn c s cc quan h giao tip c tnh lch s. 6. Nh vic qun tr n gin v mm do, cng ngh VLAN l h thng c chn cho vic kim sot truy cp ti cc h thng trong vng qun tr. V mc ch ny, tt c cc h thng i hi truy cp ti mt dch v trong vng qun tr c tng hp to ra mt phn mng o (VLAN). trnh giao tip khng mong mun gia cc vng ring bit thng qua cc VLAN ca vng qun tr, tt c cc h thng c lp t mt giao din mng th hai m giao din ny c th khng c s dng cho bt k mc ch no khc ngoi mc ch qun tr v n c lp vi mt b lc gi. 7. Vic s dng cng ngh VLAN cho vic kt ni mi vng ngoi tr qun tr khng c khuyn co v cc l do an ninh.
Mng, ngi s dng v cc dch v bn ngoi

1. Mc mng l kt ni gia cc h thng ca h tng trung tm my tnh v cc dch v bn ngoi cng nh nhng ngi s dng cc ng dng CPT. Mc ny bao gm c Internet, mng din rng chnh ph (CPNET) v cc mng extranet khc. Cc mng intranet ni b cng to nn mt phn ca mc mng. Hin nay c th tn ti nhiu cng ngh khc nhau ang c s dng. V lu di, nn la chn cc giao thc c kh nng lm cho h thng c tnh tng hp. 2. Tuy nhin, t quan im h tng i vi mt ng dng CPT, giao tip an ton v thc thi vi Internet, th CPNET hoc extranet ng mt vai tr quan trng m bo vic truy cp tin cy i vi ngi s dng v cc dch v bn ngoi. Khi thit k cc ng dng CPT, rng bng thng
Trang 19/47
08/2012
cn thit c th vn hnh v truy cp d dng c cc ng dng, dch v cn c lu tm ti.
3. An ninh ng dng
Kin trc ng dng theo m hnh a tng Cc ng dng cn c xy dng theo kin trc phn tng sao cho c s tch bit nhau gia cc tng nn tng/ph tr (h iu hnh, h qun tr c s d liu, ...), tng trung gian (qui trnh nghip v v cc thnh phn tch hp), tng trnh din (trnh by thng tin, d liu), tng my trm (cc cng c ca my trm gip cho vic truy cp/hin th/x l thng tin, d liu ca ng dng). Bng cch ny, vic m bo an ninh cng c thc hin theo cc tng tng ng. Chun v an ninh ng dng ISO/IEC 27034: An ninh ng dng (d tho).
4. An ninh in ton m my (TM)

An ninh TM (an ninh m my) l mt lnh vc tin ha ca an ninh my tnh, an ninh mng v, mc rng ln hn, an ninh thng tin. N tham chiu ti mt tp hp ln cc chnh sch, cc cng ngh, v nhng kim sot c trin khai bo v cc d liu, cc ng dng v h tng c lin quan ti TM. Phm vi nh hng ca an ninh TM l trong vi lnh vc chung nh: (1) An ninh v Tnh ring t; (2) S tun th; (3) Php l hoc Hp ng. Kin trc ca TM gm 3 lp: H tng (IaaS) - Nn tng (PaaS) Phn mm (SaaS) - nh mt dch v: IaaS cha ton b cc ti nguyn h tng trang thit b v phn cng, cc ti nguyn o ha (nu c), phn phi cc kt ni vt l v logic cho cc ti nguyn ny, cung cp mt tp hp cc APIs cho php qun l v to nn s tng tc vi h tng ca ngi s dng. N l nn tng ca tt c cc dch v M, PaaS v SaaS c xy ln lt trn n, tha hng mi ri ro an ninh ca n. PaaS, so vi IaaS, b sung thm lp tch hp xy dng cc ng dng trn nn tng c sn: PM trung gian, ngn ng & cng c lp trnh. SaaS a ra mi trng iu hnh phn phi cho ngi s dng ni dung, cch trnh by, cc ng dng v kh nng qun l.
Trang 20/47
08/2012
Ngoi vn v kin trc ra, mt lot cc lnh vc khc m cc bn tham gia phi quan tm nh: 5 lnh vc v qun l v nhng ch dn thc hin: (1) Qun l ri ro ca doanh nghip v chnh ph; (2) Qun l lin quan ti vic l v in t v php l; (3) Qun l s tun th v kim ton; (4) Qun l vng i thng tin, d liu t khi to cho ti khi xa; (5) Tnh kh chuyn v tnh tng hp m ch c th gii quyt c bng cc chun m; 7 lnh vc hot ng v nhng ch dn thc hin: (1) An ninh truyn thng, tnh lin tc, phc hi thm ha; (2) Vn hnh trung tm d liu; (3) Phn ng, thng bo, x l tnh hung; (4) An ninh ng dng; (5) M ha v qun l kha; (6) Nhn dng v qun l truy cp; (7) o ha. Ngi s dng phi lun nh gi cc ri ro c th khi a d liu, ng dng - chc nng - qui trnh ra bn ngoi v t ra cc cu hi dng nh: Nu c s c mt hoc l thng tin - d liu th ai chu trch nhim bi thng v nh th no? hoc Nu kt thc hp ng th vic chuyn cc d liu hoc ng dng tr v vi ngi s dng hoc chuyn sang nh cung cp m my khc nh th no? Hiu khi qut v kin trc, cng vi 12 lnh vc trng tm sng cn, s cung cp mt nn tng vng chc cho vic nh gi, vn hnh, qun l v ch ng an ninh trong cc mi trng TM. p dng chun ISO/IEC 27036. Cc ch dn v an ninh thu ngoi lm (d tho). An ton an ninh trong TM c s phn chia trch nhim gia ngi s dng v nh cung cp dch v. Vi SaaS th nh cung cp kim sot hu nh mi th, trong khi vi IaaS th trch nhim ln v kim sot an ton an ninh thuc v ngi s dng.
Phm vi kim sot c phn chia gia nh cung cp v ngi s dng
Trang 21/47
08/2012
M hnh tham chiu khi nim kt hp: s tch hp ca cc thnh phn h thng, t chc v qui trnh trong TM Nhiu tc nhn tham gia trong TM. V vy rt cn xem xt ti mi quan h ca ngi s dng vi cc bn lin quan. Tc nhn nh ngha
Ngi s dng Mt ngi hoc t chc duy tr mt mi quan h nghip v vi, v s dng dch v m my t, cc nh cung cp m my. Nh cung m my cp Mt ngi, t chc hoc thc th c trch nhim lm cho mt dch v sn sng cho cc bn c quan tm.
Nh kim ton Mt bn c th tin hnh nh gi c lp v cc dch v m my, cc hot ng m my h thng thng tin, hiu nng v an ninh ca trin khai m my. Nh mi m my gii Mt thc th qun l s dng, hiu nng v phn phi cc dch v m my, v thng tho cc mi quan h gia cc nh cung cp m my v nhng ngi s dng m my.
Nh vn chuyn Mt ngi trung gian cung cp kt ni v giao thng ca cc dch v m my t m my cc nh cung cp m my cho nhng ngi s dng m my. Cc tng tc ca ngi s dng vi cc tc nhn khc trong TM to ra cc kch bn tng tc khc nhau, c nh hng ti an ton an ninh cc dch v TM.
Trang 22/47
08/2012
An ninh chui cung ng - thu ngoi khi c nhiu bn tham gia. Ngi s dng phi lun nh gi ri ro i vi cc d liu ca mnh khi t ln m my. Ngi s dng lun phi t cu hi: Liu c rt c cc d liu ca mnh ra khi m my ny chuyn sang m my khc c khng, cho d cc m my khc nhau ca cc nh cung cp khc nhau vi cc cng ngh c s dng khc nhau.
SLA: Tha thun mc dch v (Service Level Agreement).
Trang 23/47
08/2012
c thm thng tin v trch nhim ca tng tc nhn khi tham gia vo TM, xem Kin trc tham chiu in ton m my ca NIST. Nhng khuyn co ca Vin Tiu chun v Cng ngh Quc gia. Vin Tiu chun v Cng ngh Quc gia, M - NIST. Thng 09/2011. 35 trang. Cc tc gi: Fang Liu, Jin Tong, Jian Mao, Robert Bohn, John Messina, Lee Badger v Dawn Leaf. URL: http://ubuntuone.com/0rqn2j5SyfKVKF6ZuEwYHC
5. An ninh thng tin d liu

m bo an ninh cho h tng h thng, cho cc ng dng... khng ngoi mc tiu cui cng l m bo an ninh cho thng tin d liu (TTDL) v dng lun chuyn, lu tr ca chng. Mt v d v thnh phn c bn an ninh d liu DSC (Data Security Component) bao gm nhim v m bo an ninh cho: 1. Cc giao tip truyn thng da trn web (my trm/my ch) 2. Cc giao tip bng th in t. 3. Cc chc nng v an ninh cho h thng ph tr (backend). DSC m bo cc mc tiu v an ninh sau y: 1. Tnh b mt ca TTDL, c c truyn v c lu tr. 2. Tnh ton vn ca TTDL, c c truyn v c lu tr. 3. Rng buc tnh xc thc v c th chng minh c. 4. Xc thc - h tr cc ng dng da trn web v khc vi cc phng php xc thc khc nhau. M hnh cho cc chun an ninh thng tin d liu Trn thc t, ty vo mc ch bo v, mc bo v v nhiu yu t khc, mt m hnh cho cc chun an ninh c thit lp. Da vo m hnh ny tin hnh cc cch thc bo v an ninh ph hp.
6. Chun ha nh mt bin php tng cng an ninh thng tin d liu

Vic chun ha c tin hnh theo tt c cc lp kin trc ca h thng thng tin. 1. Lp nghip v: Chun ha qui trnh nghip v, chun ha cc th tc hnh chnh thng qua vic m hnh ha chng bng cc cng c tiu chun UML (Unified Modeling Language). 2. Lp thng tin: M hnh ha d liu v chun ha d liu. a) C 2 m hnh d liu: m hnh d liu chung (c s dng li trong nhiu lnh vc ng dng khc nhau) v m hnh d liu c th (thng c s dng ch trong mt lnh vc),
Trang 24/47
08/2012
s dng UML m hnh ha d liu. b) Tnh tng hp bao gm tnh tng hp v t chc, v k thut v v ng ngha. Chun ha d liu t c tnh tng hp. S dng ngn ng nh du siu vn bn m rng XML (Extensible Markup Language) chun ha vic trao i v s dng cc d liu trao i . Chun ha cc m hnh d liu c th phi l u tin trong chnh ph in t (CPT). Tuy vy, vic s dng XML lm chun cho vic trao i d liu l khng m bo cho tnh tng hp, nht l tnh tng hp v t chc. Tnh tng hp v t chc trc tin xc nh khi no v v sao cc d liu no c trao i. Trong tnh tng hp v t chc, cc qui trnh l kt qu ca vic trao i cc d liu c phi hp cng vi khung php l tham chiu (nh vic xy dng lut v cc qui nh). 3. Lp h tng: m bo cho dng thng tin chuyn ng trong h thng c an ton v thng sut. H tng mng my tnh c thit k theo cc vng v vic qun l an ninh truy cp gia cc vng c t ln hng u. Nhiu phn chun ha v an ninh c thc hin cho lp ny. 4. Lp ng dng: Cc module thnh phn, cc ng dng - dch v dng chung, kin trc phn mm tham chiu nh cc m hnh kin trc thnh phn, SOA, SaaS, in ton m my... 4ng vi mi m hnh kin trc, s c nhng khc bit nht nh c trng cho kin trc . a) Vic chun ha y c th lin quan ti hu ht cc lnh vc c th hin trong mt GIF (Government Interoperability Framework), thng c chia thnh cc lnh vc nh: (1) kt ni ni b, (2) tch hp d liu, (3) truy cp d liu v trnh din, (4) an ninh, (5) cc dch v web, (6) siu d liu, c th c thm (7) khu vc cc nghip v... b) Vic chun ha cng c th c thc hin thng qua vic kt hp vi kin trc tng th thng thy trong cc NEA (National Enterprise Architecture). Theo cch ny th cc chun c phn loi theo cc kin trc phn tng. 5. Lp cng ngh: Chun cho cc loi cng ngh - m hnh kin trc phn mm tham chiu c la chn (thnh phn, SOA, SaaS, m my...) nhm m bo cho tnh tng hp, tnh s dng li c, tnh m, an ninh, m rng theo phm vi, tnh ring t, h tr th trng... a ra b chun la chn theo vng i ca chun cho: a) Kin trc ng dng, dch v c v khng c phn mm trung gian b) Phn mm my trm - truy cp thng tin da trn web/my tnh/in thoi di ng/PDA/t cc h thng bn ngoi c) Vic trnh din, x l thng tin i vi cc loi thit b nu trn. d) Giao tip: chn cc giao thc cho phn mm trung gian, mng, ng dng, dch v th mc, dch v a l. e) Kt ni ti backend. f) Cc chun v an ninh d liu - m hnh cho cc chun an ninh thng tin d liu. Vng i ca cc chun thng c s dng cc chun c lin tc cp nht theo s tin ha ca cng ngh v hin trng nn CNTT-TT ca ni p dng. V vy cc chun thng c phn loi theo cc tnh trng dng nh: bt buc s dng, khuyn co s dng v ang c theo di.
7. Chun m l mt bin php m bo an ninh thng tin d liu

1. nh ngha chun m: C nhiu nh ngha khc nhau v chun m. Tuy nhin c mt s im chung nh sau: a) Tiu chun c p dng v c mt t chc phi li nhun duy tr, v s pht trin hin
Trang 25/47
08/2012
hnh ca n din ra trn c s ca mt th tc ra quyt nh m, sn sng cho tt c cc bn c quan tm (quyt nh ng thun hoc theo s ng...). b) Tiu chun c xut bn v ti liu c t ca chun l sn sng hoc mt cch t do hoc vi mt ph tng trng. Tt c mi ngi phi c php sao chp, phn phi v s dng n m khng mt ph hoc vi mt ph tng trng. c) S hu tr tu - ngha l, cc bng sng ch c th l c - i vi (cc phn) tiu chun v c lm cho sn sng khng th hy b c trn c s khng c ph bn quyn. d) Khng c bt k rng buc no trong vic s dng li tiu chun . 2. V sao an ninh c m bo tt hn khi s dng cc chun m? a) Khng b kha tri vo nh cung cp c bit no b) Bo ton TTDL cho lu di c) m bo tnh tng hp lin thng ca TTDL trong cc h thng d) D dng chuyn TTDL t h thng ny sang h thng khc e) Khuyn khch i mi sng to, tng sc cnh tranh, lm h gi thnh sn phm... 3. Tnh tng hp (tnh tng thch lin thng) l yu t sng cn cho CPT a) nh ngha: Tnh tng hp, ngha rng, l kh nng cc bn tham gia lm vic c vi nhau. V kha cnh k thut, y l kh nng ca 2 hoc nhiu h thng hoc thnh phn CNTT-TT trao i thng tin v s dng cc thng tin c trao i nhm mc ch ci thin vic iu hnh v qun l ca chnh ph. V c im v t chc ca mt chnh ph lun c to nn t nhiu b, ngnh, tnh m ti mi ni ny u c nhng h thng thng tin ca mnh nn tnh tng hp l mt trong nhng yu t quan trng mang tnh sng cn trong vic xy dng CPT.
Tnh tng hp thc s Interoperability Chng ta nn theo - sn chi cho mi ngi
Tnh tng hp cc b Intraoperability Chng ta nn trnh - Kha tri vo nh cung cp b) Tn ti tnh tng hp v t chc, cng ngh v ng ngha. c) Trong thc t, tn ti 2 khi nim: tnh tng hp cc b v tnh tng hp thc s. d) Chun m l yu t quan trng trong bt k khung tng hp GIF no. Chun m l xng sng ca mt tip cn da trn dch v cho tnh tng hp CPT. 4. V d ni bt v chun m chnh l giao thc TCP/IP ca Internet, c xut x t mng ARPANET ca B quc phng M.
Trang 26/47
08/2012
8. M hnh chn an ninh khng gian mng

Mt trong nhng m hnh c s dng ph bin hin nay nh gi tim lc tn cng v phng th v an ninh khng gian mng (ANKGM) v chin tranh khng gian mng (CTKGM) ca cc quc gia trn th gii l m hnh chn ANKGM.
8.1. c im ca cc phn mm c hi cao cp ngy nay

Ngy nay, bc tranh ca cc mi e da ANKGM khc so vi trc kia, c mt dng mi cc cuc TCKGM l cao cp, c ch ngm v da vo cc li ngy s 0 ca cc phn mm. C th m t c im ca cc phn mm c hi ngy nay so vi trc kia nh sau: V mc giu gim: T cc phn mm c hi c bit mt cch cng khai tin ti cc phn mm c hi c giu gim cao v thng c che giu ngy trang kho lo. V mc nhn bit: T cc phn mm c hi nhm vo nhng ch b tn thng c th nhn bit c m cha c v tin ti cc phn mm c hi nhm vo nhng ch b tn thng cha tng c bit, nhng li ngy s 0, nhng li phn mm cha tng c v trc . V mc rng ri: T cc phn mm c hi c mc ch chung mt cch rng ri vi cc nn nhn l nhng ngi v tnh b ri vo by tin ti cc phn mm c hi c ch ngm c th, vo mt phn mm c th, thm ch ca mt hng sn xut c th vi nhng nn nhn cn quan tm c bit. V mc thng trc: T cc phn mm c hi c to ra gy tc hi mt ln tin ti cc phn mm c hi tc ng thng trc lin tc vi m ngun ca phn mm c hi c cp nht v duy tr lin tc gy ra s dng hot ng di hn ca c h thng.
8.2. M hnh chn ANKGM

M hnh chn ANKGM vi 5 giai on hng ti s n hi chng li cc cuc TCKGM tri t cc mi e da thng thng ti mi e da thng trc cao cp, tri t vic hnh ng i ph bng tay trc cc cuc TCKGM cho ti vic m bo n hi ca ton b h thng. Gii ngha cc mc i ph vi cc cuc TCKGM E. Mi ngi da vo vic tun theo
Trang 27/47
08/2012
hc thuyt v lm cch tt nht h c th dp tt la. D. p dng tng phn cc cng c v cng ngh h tr mi ngi i ph c nhanh hn vi cc cuc TCKGM. C. H thng c tch hp vi trng tm hng vo tnh tng hp v cc tiu chun trao i d liu v nhn thc tnh hung bo an thng tin. B. Lanh l v d on trc c cc tnh hung lin quan ti ANKGM v cc cuc TCKGM, a ra chnh sch nhanh chng v chuyn nghip, lm sng t cc s kin v gip nhng ngi vn hnh tm, sa v nhm vo vic i ph li. A. D on trc c cc tnh hung v tp trung vo nhim v, c lp c v chu ng c thit hi nu c, m bo an ninh cho cc chui cung ng v bo v cc h tng sng cn ch cht vn hnh qua c cc cuc TCKGM. Xp hng theo m hnh chn ANKGM ca 23 quc gia c kho st thng 0-2/2012 im Quc gia Hc thuyt/ C CERT* Tham gia Ch huy Din tp ti a l Chin lc quc gia cng ng ANKGM ANKGM 5 ANKGM CERT* quc gia Phn Lan 4.5/5 Israel Thy in an Mch Estonia Php c H Lan Ty Ban Nha 4.0/5 Anh M c o Canada 3.5/5 Nht Trung Quc Balan 3.0/5 Nga C C C C C - 2011 C - 2011 C - 2009 C C C C C C C C C C C C C C C C C C - 2008 C - 2011 C - 2011 C - 2011 C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C
Trang 28/47
08/2012
im ti a l 5 2.5/5
Quc gia
Hc thuyt/ Chin lc ANKGM C C
C CERT* quc gia C C C
Tham gia cng ng CERT* C C
Ch huy ANKGM quc gia C
Din tp ANKGM
Brazil n Rumani
2.0/5 Mexico * CERT: i ng cu khn cp s c my tnh.
8.3. Lu quan trng t m hnh chn ANKGM

Trong mc C ca m hnh chn ANKGM nhn mnh ti tnh tng hp ca h thng thng tin v cc tiu chun trao i d liu v nhn thc tnh hung bo an thng tin. iu ny gi rng: 1. c c nhng thng tin kp thi, chnh xc nhm i ph vi s vic mt an ninh theo mt cch thng nht gia tt c cc bn tham gia trong vic m bo an ton an ninh cc h thng thng tin, th tnh tng hp v cc tiu chun da vo s trao i d liu v nhn thc tnh hung bo an thng tin l mt yu t sng cn. 2. Vic khng t c tnh tng hp da vo cc tiu chun trao i d liu v nhn thc tnh hung bo an thng tin mc C th s khng th tin ti cc mc cao hn B v A trong m hnh chn ANKGM c. Ni cch khc, nu khng t c tnh tng hp th h thng thng tin khng bao gi t c mc C trong m hnh chn ANKGM c. 3. Khi xy dng cc h thng thng tin hng ti CPT, nn kt hp vi m hnh chn ANKGM, c bit i vi cc bn c trch nhim tham gia trong vic m bo an ton an ninh cc h thng thng tin, va t c cc mc tiu v gii quyt cc vn nghip v cng nh cc mc tiu v an ninh ca ton b h thng thng qua vic m bo tnh tng hp cho cc thng tin - d liu da vo cc tiu chun m. Xem thm: Gii thiu s lc m hnh chn an ninh khng gian mng c chi tit hn v m hnh chn ANKGM
9. Ngun ca cc mi e da v dng cc l hng thng gp v an ninh

Cc ngun ca cc mi e da an ninh khng gian mng v cc dng khai thc c lin quan ti an ninh khng gian mng thng gp hin nay. Cc dng khc nhau ca nhng mi e da t nhiu ngun c th nh hng bt li cho: Cc my tnh, phn mm, mng, Cc hot ng ca mt c quan, mt nn cng nghip, hoc bn thn Internet. Cc mi e da khng gian mng c th l v tnh hoc c . Cc mi e da do v tnh c th gy ra bng vic nng cp phn mm hoc duy tr cc th tc m chng gy ngt qung mt cch v tnh cho cc h thng. Cc mi e da c gm c cc cuc tn cng c ch ch v khng c ch ch. Cc cuc tn cng c th ti t mt lot cc ngun, bao gm cc nhm ti phm, cc tin tc, v cc tn
Trang 29/47
08/2012
khng b...
9.1. Tc nhn ca cc mi e da v an ninh khng gian mng

Mi e da M t Nhng ngi Nhng ngi vn hnh cc botnet s dng mt mng botnet ca cc my tnh b tn vn hnh cc thng, b kim sot t xa phn phi cc cuc tn cng theo k hoch bng botnet phishing, spam, v phn mm c hi. Cc dch v ca cc mng ny i khi c lm sn trn cc th trng ngm (nh, vic mua sm mt cuc tn cng t chi dch v hoc cc my ch sp t cc cuc tn cng bng spam hoc phishing). Cc nhm ti Cc nhm ti phm tm cc h thng tn cng v ly tin. c bit, cc nhm ti phm phm c t chc s dng spam, phishing, v phn mm gin ip/phn mm c hi phm ti n trm nhn dng v gi mo trc tuyn. Bn gin ip ca cc t chc quc t v cc t chc ti phm c t chc cng t ra mi e da cho quc gia thng qua kh nng ca chng tin hnh gin ip cng nghip v phm ti n trm phm vi ln v thu hoc pht trin cc ti nng tin tc. Cc tin tc Cc tin tc t nhp vo cc mng vi mc ch nh lm rung ng thch thc, khoe khoang cc quyn trong cng ng tin tc, tr th, ln sn ui nhng ngi khc, ly tin v nhng l do khc. Trong khi ginh c s truy cp khng c php tng i hi mt s lng kh cc k nng hoc tri thc v my tnh, th cc tin tc by gi ti cc script v cc giao thc tn cng v t Internet v tung chng ra chng li cc site nn nhn. V th, khi cc cng c tn cng tr nn tinh vi phc tp hn, th chng cng tr nn d dng s dng hn. Theo Cc Tnh bo Trung ng M CIA, a s ln cc tin tc khng c c s tinh thng cn thit e da cc mc tiu kh khn nh cc mng sng cn ca quc gia. Tuy nhin, s lng cc tin tc trn th gii t ra mt mi e da kh cao i vi mt s v ngn hn v b cch ly gy ra tn tht nghim trng.
Ngi trong
bn Ngi bn trong t chc bt mn l mt ngun c bn ca ti phm my tnh. Nhng ngi bn trong c th khng cn nhiu hiu bit v nhng thm nhp tri php ca my tnh v hiu bit ca h v mt h thng ch thng cho php h ginh c s truy cp khng gii hn gy thit hi cho h thng hoc n cp cc d liu h thng. Mi e da ca ngi bn trong cng bao gm cc nh thu c t chc thu, cng nh cc nhn vin m ngu nhin a phn mm c hi vo trong h thng.
Cc quc gia Cc quc gia s dng cc cng c khng gian mng nh mt phn ca cc hot ng thu thp v gin ip thng tin v/hoc ph hoi ca h. Mt s quc gia ang lm vic tch cc pht trin hc thuyt, cc chng trnh v cc kh nng ca chin tranh thng tin. Nhng kh nng nh vy cho php mt thc th n nht c c tc ng ng k v nghim tc bng vic ph hoi cc h tng cung ng, truyn thng v kinh t m chng h tr cho sc mnh qun s nhng tc ng m c th nh hng cho nhng cuc sng hng ngy ca cc cng dn trn khp t nc. Cc su c bit nguy him do nh nc ti tr nh Stuxnet, Duqu, Flame... khng ch c chc nng
Trang 30/47
08/2012
Mi e da
M t gin ip thng tin, m cn ph hoi cc c s h tng sng cn ca mt quc gia.
Nhng ngi Cc c nhn, hoc cc nhm nh, thc hin cc k hoch phishing vi mong mun n nh phishing cp cc nhn dng hoc thng tin ly tin. Nhng ngi nh phishing cng c th s dng spam v cc phn mm gin ip/phn mm c hi hon thnh cc mc tiu ca h. Nhng ngi Cc c nhn hoc cc t chc phn phi th in t khng theo yu cu vi nhng nh spam thng tin n hoc sai bn cc sn phm, tin hnh cc k hoch phishing, phn phi cc phn mm gin ip/phn mm c hi, hoc tn cng cc t chc (nh, tn cng t chi dch v). Cc tc gi ca phn mm gin ip/phn mm c hi Cc c nhn hoc t chc vi d nh c hi trin khai cc cuc tn cng chng li nhng ngi s dng bng vic sn xut v phn phi cc phn mm gin ip v phn mm c hi. Mt s virus v su my tnh c tnh ph hoi lm hng cc tp v cc a cng, bao gm c Melissa Macro Virus, su Explore.Zip, CIH (Chernobyl) Virus, Nimda, Code Red, Slammer, v Blaster...
Nhng k Nhng k khng b tm ph hy, v hiu ha, hoc khai thc cc h tng sng cn khng b e da an ninh quc gia, gy ra nhng thit hi hng lot, lm yu i nn kinh t, v gy thit hi v o c v s tin cy vo nh nc. Nhng k khng b c th s dng cc k hoch phishing hoc phn mm gin ip/phn mm c hi lm tin hoc thu thp nhng thng tin nhy cm. Cc ngun: Cc phn tch ca Vn phng Kim ton Lin bang M (GAO) trn cc d liu t Gim c Tnh bo Quc gia, B T php, Vn phng iu tra Lin bang M FBI, C quan Tnh bo Trung ng M CIA, v Trung tm iu phi CERT ca Vin K thut Phn mm. Cc dng khc nhau v cc mi e da khng gian mng c th s dng mt lot cc khai thc khng gian mng c kh nng nh hng bt li cho cc my tnh, phn mm, mng, cc hot ng ca c quan, ca nn cng nghip, hoc ca bn thn Internet (xem Bng bn di). Cc nhm hoc cc c nhn c th trin khai mt cch c ch nhng khai thc khng gian mng nhm vo mt ti sn khng gian mng c th no hoc tn cng thng qua Internet c s dng virus, su, hoc phn mm c hi m khng c mc tiu c th no.
9.2. Mt s dng khai thc l hng an ninh khng gian mng thng gp
Dng khai thc M t
T chi Mt phng php tn cng t mt ngun n nht m t chi s truy cp h thng i dch v vi nhng ngi s dng hp php bng vic gy trn ngp my tnh ch vi cc thng ip v cn tr giao thng hp php. N c th ngn cn mt h thng n khng c kh nng trao i cc d liu vi cc h thng khc hoc s dng Internet. T chi Mt bin th ca tn cng t chi dch v c s dng mt cuc tn cng c phi hp
Trang 31/47
08/2012
Dng khai thc
M t
dch v t mt h thng cc my tnh phn tn hn l t mt ngun n nht. N thng s dng phn tn cc su lan truyn ra nhiu my tnh cc my tnh ny sau tn cng mc tiu. Cng c Cc cng c c sn mt cch cng khai v tinh vi phc tp m nhng k thm nhp tri khai thc php vi cc mc v k nng khc nhau c th s dng xc nh nhng ch b tn thng v thm nhp vo cc h thng mc tiu. Bom Logic Mt dng ph hoi trong mt lp trnh vin chn m v m ny lm cho chng trnh thc thi mt hnh ng ph hoi khi mt s s kin kch hot xy ra, nh vic kt thc vic lm ca lp trnh vin. Phishing Vic to v s dng cc th in t v cc website c thit k trng ging nh cc doanh nghip, cc c quan ti chnh v cc c quan chnh ph hp php ni ting la di nhng ngi s dng Internet phi cc d liu c nhn ca h ra, nh cc thng tin v cc mt khu ti khon ti chnh v ngn hng. Nhng k nh phishing sau s dng cc thng tin ny cho nhng mc ch ti phm, nh n trm v la gt.
K ht gi ng ngha vi k ht cc gi. Mt chng trnh chn cc d liu c nh tuyn v (Sniffer) kim tra tng gi tm cc thng tin c bit, nh cc mt khu c truyn dng cc vn bn r rng. Nga Trojan Virus Mt chng trnh my tnh giu m c hi. Mt nga Trojan thng ngy trang nh mt chng trnh hu dng m ngi s dng c th mong mun chy. Mt chng trnh ly nhim cho cc tp my tnh, thng l cc chng trnh c th chy c, bng vic chn mt bn sao ca chnh n vo tp . Cc bn sao thng chy c khi tp b ly nhim c ti vo b nh, cho php virus ly nhim cc tp khc. Khng ging nh mt su my tnh, mt virus i hi s lin quan ca con ngi (thng khng c ch tm) nhn ging. Phng php ca phishing da trn cng ngh ca giao thc ting ni qua Internet (VoIP) v phn mm ca trung tm gi ngun m m lm cho n thnh khng t gi cho nhng k mu bt lng thit lp cc trung tm gi in thoi v bn ti phm gi i cc thng ip th in t v vn bn ti cc nn nhn tim nng, ni c mt vn v an ninh, v h cn gi cho ngn hng ca h kch hot li mt th tn dng hoc th n, hoc gi cc thng ip vn bn ti cc my tnh cm tay, ra lnh cho nhng nn nhn tim nng lin h vi cc ngn hng trc tuyn gi mo thay mi li cc ti khon ca h.
Vishing
Li chin Phng php thm nhp vo cc mng my tnh khng dy bng vic s dng mt my tranh (War tnh xch tay, ng ten, v b adapter ca mng khng dy lin quan ti vic tun tra cc driving) v tr ginh c s thm nhp tri php. Su (Worm) Mt chng trnh my tnh c lp m n ti sinh bng vic t sao chp n t h thng ny sang h thng khc qua mng. Khng ging nh nhng virus my tnh, cc su khng i hi s lin quan ca con ngi nhn ging.
Trang 32/47
08/2012
Dng khai thc
M t
Khai thc Mi e da khng gian mng tn dng mt ch b tn thng v an ninh trong cng ngy ngy s 0 m ch b tn thng c bit i vi cng chng ni chung v i vi n th cn (Zero-day) cha c bn sa li no c sn. Cc ngun: Cc phn tch d liu ca Vn phng Kim ton Lin bang M (GAO) v t cc bo co ca gii cng nghip.
9.3. Nhng vn lin quan khc ti an ninh

Mi e da v an ninh xut pht t chui cung ng sn phm - gii php, c phn cng, phn mm v cc thit b vin thng - nhng thnh phn khng th thiu ca h thng thng tin cng ang ni ln nh mt ch nng hin nay ti mt s quc gia trn th gii. Lut Yu nc ca M: Lut Yu nc ca M yu cu mt cng ty M (hoc cc chi nhnh ca n) phi truyn tay gn nh tt c cc d liu cng ty c v ngi s dng theo yu cu ca cc c quan an ninh M nh FBI, m khng cn lnh ca ta n.
10. Cc cng c an ninh 10.1. Danh sch 65 s thay th ca ngun m cho cc phn mm an ninh
Cc ng dng ngun m c kh nng thay th cc ng dng ngun ng cho vic chng virus, chng spam, lm tng la, m ha v cc vn khc c lin quan ti an ninh cc h thng thng tin. Loi Tn phn mm Thay th cho M t Chng Spam ASSP Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway T gii thiu nh l v kh chng SPAM tt nht tuyt i m th gii bit t trc ti ny, ASSP nm trong cc my ch SMTP ca bn dng cc spam v qut virus. Cc tnh nng bao gm thit lp da vo trnh duyt, h tr cho hu ht cc my ch SMTP, cc danh sch trng t ng, kim tra hp l ngi gi sm, lc Bayesian v nhiu hn th. H iu hnh: Khng ph thuc OS. c ti v hn 1.3 triu ln t nhng ngi s dng ti 225 quc gia, MailScanner l mt gi an ninh th in t t do cho cc my ch th in t. N kt hp vi SpamAssassin, ClamAV v mt s cng c khc kha spam v phn mm c hi. H iu hnh: c lp vi OS.
MailScanner
SpamAssassin
Barracuda Spam B lc spam ngun m mnh s 1, SpamAssasin s
Trang 33/47
08/2012
Loi
Tn phn mm
Thay th cho and Virus Firewall, SpamHero, Abaca Email Protection Gateway
M t dng phn tch vn bn v u , lc Bayesian, cc danh sch kha DNS, cc c s d liu lc cng tc v cc k thut khc kha spam. D n ny c Qu Apache qun l, v c kt hp vo mt s sn phm ngun m v thng mi khc. H iu hnh: ban u l Linux v OS X, d cc phin bn cho Windows vn c. Nh bn c th on t ci tn, d n ny a ra mt nhm cc b lc Bayesian cho vic kha spam. Site ny bao gm cc phin bn cho Outlook, Outlook Express, Windows Live Mail, IncrediMail, Thunderbird, Gmail, Yahoo Mail v cc trnh th khcs. H iu hnh: c lp vi OS Nixory loi b v kha cc cookies theo di c hi (phn mm gin ip) t my ca bn. N h tr cho Mozilla Firefox, Internet Explorer v Google Chrome, v n s khng lm chm my ca bn trong khi bn lt web. H iu hnh: c lp vi OS. y l my chng virus ph bin nht c kt hp vo trong v s cc sn phm an ninh v t gi n l tiu chun de facto cho vic qut cc cng gateway th. Phin bn ngun m chy trn cc my ch th UNIX hoc Linux, nhng website cng a ra mt phin bn gi l Immunet cho cc my tnh c nhn PC Windows. H iu hnh: Linux. ClamTK lm cho ClamAV d dng hn mt cht s dng bng vic cung cp mt giao din ha cho my chng virus. Ging nh bn gc, n chy trn Linux v qut theo yu cu. H iu hnh: Linux. Da vo ClamAV, ClamWin bo v hn 600.000 PC khi cc virus v phn mm c hi. Lu rng khng ging nh hu ht cc gi chng virus thng mi, ClamWin khng a ra mt my qut thi gian thc khi truy cp; qut cc tp n, bn s cn lu chng v sau chy mt lt qut bng tay trc khi m hoc chy cc tp. H iu hnh: Windows. Vi P3Scan, bn c th thit lp mt my ch y quyn proxy trong sut m a ra c s bo v chng virus
SpamBayes
Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway SpyBot Search and Destroy, AdAware
Nixory
Chng ClamAV virus / chng phn mm c hi ClamTK
Avast! Linux Edition, VirusScan Enterprise for Linux
Avast! Linux Edition, VirusScan Enterprise for Linux Kaspersky AntiVirus, McAfee AntiVirus Plus, Norton AntiVirus
ClamWin Free Antivirus
P3Scan
Avast! Linux Edition,
Trang 34/47
08/2012
Loi
Tn phn mm
Thay th cho VirusScan Enterprise for Linux
M t v chng spam. H iu hnh: Linux.
Sao lu Amanda
Simpana Backup and Recovery , NetVault, HP StorageWorks EBS NovaBackup
Bo v hn 500.000 my trn th gii, Amanda ni l phn mm sao lu v phc hi ngun m ph bin nht trn th gii. B sung thm vo phin bn cng ng, n cng c sn h tr phin bn doanh nghip hoc l mt thit b. H iu hnh: Windows, Linux, OS X. Nhm vo cho mt s cn bng gia n gin v a dng, Areca a ra mt giao din ha d dng vi nhiu la chn cho vic to v tng tc vi cc tp lu tr. Cc tnh nng chnh bao gm nn, m ha, h tr sao lu delta, trn lu tr v hn th na. H iu hnh: Windows, Linux. c thit k cho nhng ngi s dng doanh nghip, Bacula sao lu nhiu h thng khp mt mng. H tr v cc dch v thng mi cho sn phm ph bin l sn sng thng qua Bacula Systems. H iu hnh: Windows, Linux, OS X. c to ra nh mt la chn thay th cho Ghost, Clonezilla c th bt chc cc h thng n hoc a rt nhanh. N c 2 phin bn: Clonezilla Live cho cc my n v Clonezilla SE cho cc mng ln. H iu hnh: Windows, Linux, OS X. Partimage c th to mt nh hon chnh my ca bn, m l hu dng nu bn cn phc hi t mt s hng my hon ton hoc nu bn mun cu hnh cho nhiu h thng vi chnh xc cc phn mm y ht. N cng c th to mt phn vng phc hi trn a ca bn. H iu hnh: Linux. T gi mnh l Gii php phc hi thm ha hon chnh nht, d nht sn c, Redo a ra cc kh nng sao lu, phc hi v phc hi bare-metal. Thm ch trong cc trng hp khn cp khc nghit nht khi bn phi thay th mt cng hon ton, th Redo ni n c th lm cho bn sao lu v chy c vi tt c cc chng trnh ca bn v cc tp ch trong 10 pht. H iu hnh: Linux. Phin bn ngun m ca Google Chrome, Chromium c
Areca Backup
Bacula
Simpana Backup and Recovery , NetVault, HP StorageWorks EBS Norton Ghost
Clonezilla
Partimage
Norton Ghost, NovaBackup, McAfee Online Backup, Carbonite.com Norton Ghost, NovaBackup, McAfee Online Backup, Carbonite.com
Redo
Trnh
Chromium
Microsoft
Trang 35/47
08/2012
Loi duyt
Tn phn mm
Thay th cho
M t
Internet Explorer xu hng s nhanh hn v an ninh hn so vi cc trnh duyt cnh tranh. Cc c tnh an ninh ch cht bao gm sandboxing, t ng cp nht, SafeBrowsing v hn th na. H iu hnh: Windows, Linux, OS X. Dooble Microsoft Cc lp trnh vin Dooble to ra trnh duyt mi hn Internet Explorer ny vi mt s quan tm v an ton v d s dng. Khng ging nh hu ht cc trnh duyt khc, n t ng m ha tt c cc giao thng cho tnh ring t v an ninh ln hn. H iu hnh: Windows, Linux, OS X. Microsoft Tor bo v s nhn din ca bn bng vic cung cp tnh Internet Explorer nc danh trong khi bn duyt Web. c cc phng vin, cc nh hot ng x hi v nhng ngi khc s dng vi quan tm rng ai c th n cp trong cc hot ng trc tuyn ca h. H iu hnh: Windows, Linux, OS X. McAfee c ti v hn 33 triu ln, trnh b sung ph bin ny SiteAdvisor Plus cho Firefox, Internet Explorer, Chrome, Safari hoc Opera cho php nhng ngi s dng bit khi no h b lc trong cc website ng ng hoc khng an ninh. N s dng vic xp hng ngi s dng nhn din cc site lun c nhng c hi, thu thp thng tin c nhn hoc a vo cc ni dung khng ph hp, v n xp hng chng vi mt h thng phn loi xanh-vng-. H iu hnh: Windows, Linux, OS X. Vic lun lun s dng cng mt mt khu s t bn vo ri ro, nhng nhiu ngi vn lm th v kh nh c nhiu mt khu khc nhau. Trnh b sung cho trnh duyt ny a ra mt gii php tt hn cho vn ny bng vic to nhng mt khu duy nht cho tng site m bn ving thm v lu tr chng trong mt tp c m ha m bn truy cp vi mt vn mt khu duy nht. H iu hnh: Windows, Linux, OS X. Tin ch hu dng ny lm sch my ch bn bo v tnh ring t v ci thin hiu nng. N gii phng khng gian a bng vic lm sch rc t hn 90 ng dng, xa cc tp tm thi, xa b nh tm v lch s duyt, v nghin vn cc tp khng mong mun. H iu hnh: Windows, Linux. Ging nh BleachBit, Eraser nghin vn cc tp b
Tor
B sung ca trnh duyt
Web of Trust (WOT)
PasswordMaker Kaspersky Password Manager, Roboform
Loi b BleachBit d liu
Easy System Cleaner
Eraser
BCWipe
Trang 36/47
08/2012
Loi
Tn phn mm
Thay th cho Enterprise
M t xa sao cho chng khng th phc hi li c. N gip bo v nhng thng tin nhy cm bng vic ghi cc tp b xa vi ln vi cc d liu ngu nhin. H iu hnh: Windows. Wipe a ra cng chc nng nh Eraser, nhng n l cho Linux thay v cho Windows. Site ny cng a ra nhiu thng tin cho nhng ai quan tm trong vic hc nhiu hn v cch m tp nghin vn lm vic. H iu hnh: Linux. Trong khi Eraser v Wipe xa cc tp duy nht, th DBAN xa an ton ton b cc a. N rt hu dng khi tng hoc vt b mt my c. H iu hnh: c lp vi h iu hnh. OpenLDAP l mt cng c ngn chn mt d liu phn tn mnh, qun l tp trung, da vo tc nhn hoc khng tc nhn. N cho php nhng ngi qun l an ninh hoc tun th qut hng ngn h thng cng mt lc thng qua cc tc nhn hoc thc hin s phc hi d liu khng tc nhn i vi my ch MySQL hoc Microsoft SQL Server. H iu hnh: Windows. MyDLP c th kha cc s th tn dng, cc s an ninh x hi, hoc cc tp nhy cm khi truyn c qua th in t, cc my in, Web hoc cc thit b tho lp c. B sung vo phin bn cng ng t do, n cng i vi mt phin bn doanh nghip phi tr tin. H iu hnh: Windows, Linux, VMWare. Vi gn 25 triu ngi s dng ng k, AxCrypt c cho l phn mm m ha tp hng u ca ngun m i vi Windows. N tch hp vi Windows Explorer s dng n, bn n gin hy nhy chut phi m ha mt tp hoc nhy p gii m. H iu hnh: Windows. D n Gnu ny l mt trin khai dng lnh ca tiu chun m ha ph bin OpenPGP. N h tr cc thut ton m ha ElGamal, DSA, RSA, AES, 3DES, Blowfish, Twofish, CAST5, MD5, SHA-1, RIPE-MD160 v TIGER. H iu hnh: Linux. Nhng ngi s dng Mc c th ti v phin bn GPG
Wipe
BCWipe Enterprise
Darik's Boot and Nuke
Kill Disk, BCWipe Total WipeOut RSA Data Loss Prevention Suite, CheckPoint DLP Software Blade, Symantec Data Loss Prevention Product Family RSA Data Loss Prevention Suite, CheckPoint DLP Software Blade, Symantec Data Loss Prevention Product Family McAfee AntiTheft, CryptoForge
Chng OpenDLP mt d liu
MyDLP
M ha AxCrypt
Gnu Privacy Guard
PGP Universal Gateway Email Encryption
GPGTools
PGP Universal
Trang 37/47
08/2012
Loi
Tn phn mm
Thay th cho Gateway Email Encryption
M t ny cho mt cch thc thn thin hn vi ngi s dng m ha th in t v cc tp. Website ny bao gm mt t ti liu tr gip cho nhng ngi s dng mi, lm cho n thm ch cn d hn lm quen s dng ng dng ny. H iu hnh: OS X. V phin bn ny a ra GPG cho nhng ngi s dng Windows, hon ton vi mt giao din ngi s dng ha. N ci t nhanh v d dng, v n bo v c cc tp v li cc thng ip th. H iu hnh: Windows. Trong khi y thc s l mt tin ch nn ch khng phi l mt cng c m ha, th PeaZip cng a ra cc kh nng m ha mnh, m gii thch v sao chng ta a n vo phn ny ca danh sch. N cng bao gm cc kh nng xc thc 2 yu t v xa c an ninh. H iu hnh: Windows, Linux. Ch vi 44KB, Crypt l mt trong nhng tin ch nh cn nht sn sng. V v n c th m ha c 3MB gi tr d liu ch trong vng 0.7 giy, n cn l mt trong nhng tin ch nhanh nht. Tuy nhin, n khng c mt giao din ngi s dng ha, nn s cn thun tin vi dng lnh s dng n. H iu hnh: Windows. NeoCrypt h tr nhiu thut ton m ha, bao gm AES, DES, Triple-DES, IDEA, RC4, RC5, CAST-128, BlowFish, SkipJack. N chy t mt giao din ngi s dng ha d dng s dng, v n cng tch hp vi Windows Shell sao cho bn c th m ha v gii m cc tp ngy t Windows Explorer. H iu hnh: Windows.
gpg4win
Cypherus
PeaZip
WinZip
Crypt
McAfee AntiTheft, CryptoForge
NeoCrypt
McAfee AntiTheft, CryptoForge
LUKS/ cryptsetup
PGP Whole Disk Ngn gn cho Thit lp Kha Linux Thng nht, Encryption LUKS t gi n l tiu chun cho m ha a cng trong Linux. Trong khi nhiu ng dng khc trong danh sch ca chng ta m ha tng tp mt, th LUKS m ha ton b a ca bn. H iu hnh: Linux. PGP Whole Disk Ging nh LUKS, ng dng ny m ha ton b a. Encryption Vi n bn c th to v m ha cc a o trong a cng ca bn. N cng kh chuyn cao v c th chy t mt USB. OS: Windows.
FreeOTFE
Trang 38/47
08/2012
Loi
Tn phn mm TrueCrypt
Thay th cho
M t
PGP Whole Disk Mt trong nhng la chn m ha a ngun m ph Encryption bin, TrueCrypt c hn 22 triu bn ti v. Nh cng ngh song song ha v t ng ng, n a ra vic c v ghi thng tin m ha nhanh. H iu hnh: Windows. CuteFTP, FTP Commander Cc k ph bin, WinSCP c gii thng bao gm my trm SFTP, my trm SCP, my trm FTPS v my trm FTP. N a ra 2 giao din khc nhau v cng bao gm mt trnh son tho vn bn tch hp. H iu hnh: Windows. Trong khi WinSCP a ra ch mt phin bn my trm, th FileZilla a ra c phin bn my trm v phin bn cho php bn thit lp my ch FTP ca ring bn. N h tr cc giao thc truyn FTP, FTPS v SSH. H iu hnh: Windows, Linux, OS X. Kin trc Chim ot v Tm kim Bng chng S M, cn gi l ODESSA, a ra vi cng c khc nhau cho vic xem xt v bo co v bng chng s. y l mt d n c hn, nhng vn cn c gi tr. H iu hnh: Windows, Linux, OS X. Hai ng dng ny lm vic cng nhau: Sleuth Kit a ra cc cng c dng lnh cho vic tin hnh iu tra s, v Autospy Broser a ra mt GUI da vo trnh duyt cho vic truy cp cc cng c . D n ny by gi cng mt khung Hadoop cho phn tch d liu phm vi ln. H iu hnh: Windows, Linux, OS X. Cng ng Tng la Endian c th bin bt k PC no (bao gm c nhng PC kh c) thnh mt thit b n ninh cng gateway hon chnh vi mt tng la, cc y quyn mc ng dng vi h tr chng virus, lc virus v spam cho th in t, ni dung Web v mt mng ring o VPN. Cc phin bn c h tr cc thit b phn mm v phn cng cng sn sng trn site. H iu hnh: Linux. Tng t nh Endian, Untangle Lite cng gip nhng ngi s dng to cc thit b an ninh cng gateway ca ring h. B sung thm, Untangle a ra cc sn phm thng mi, v bn c th ti v mi trong s cc ng dng ring r c a vo trong Untangle Lite (tng
Truyn WinSCP tp an ninh
FileZilla
CuteFTP, FTP Commander
iu tra ODESSA php l
EnCase Forensics, Xways Forensics, AccessData Forensic Toolkit
The Sleuth Kit/ EnCase Autopsy Forensics, XBrowser ways Forensics, AccessData Forensic Toolkit Cng Endian Firewall gatewa Community y / Thit b Qun l Mi e da Thng nht Untangle Lite Check Point Security Gateways, SonicWall, Symantec Web Gateway
Check Point Security Gateways, SonicWall, Symantec Web
Trang 39/47
08/2012
Loi
Tn phn mm
Thay th cho Gateway
M t la, ngn chn thm nhp tri php, kha cc cuc tn cng, ...) mt cch tch bit. H iu hnh: Linux. ClearOS kt hp chc nng an ninh cng gateway vi cc kh nng ca mt my ch doanh nghip nh. N a ra vic kt ni mng, phn mm nhm, mt my ch th, mt my ch Web v hn th. H tr c tr tin v phn cng cng c sn. H iu hnh: Linux. Tripwire tiu chun by gi l mt d n ngun ng, nhng cng ng tip tc pht trin phin bn ngun m trong nm 2000. N gim st ni dung v cc tp v cnh bo cho nhng ngi qun l mng khi nhng tp b thay i, cnh bo cho h c nhng thm nhp tri php c kh nng. H iu hnh: Windows, Linux. B sung thm vo vic kim tra tnh ton vn ca cc tp, OSSEC cng thc hin phn tch lu k, gim st chnh sch, d tm rootkit v cnh bo thi gian thc gip ngn nga v d tm thm nhp tri php trong mng ca bn. N c ti v hn 5.000 ln mi thng v thng nhiu gii thng. H iu hnh: Windows, Linux. AFICK, ngn gn l Trnh Kim tra Tnh ton vn Tp Khc, a ra chc nng tng t nh Tripwire. N kh chuyn, nhanh v chy t GUI hoc dng lnh. H iu hnh: Windows, Linux. Vi hng triu lt ti v v hn 400.000 ngi s dng ng k, Snort c cho l Cng ngh IDS/IPS c trin khai rng ri nht th gii. H iu hnh: Windows, Linux, OS X.
ClearOS
Check Point Security Gateways, SonicWall, Symantec Web Gateway Tripwire
D tm Open Source thm Tripwire nhp tri php OSSEC
Corero IPS, HP Tipping Point IPS, Sophos HIPS
AFICK
Tripwire
Snort
Corero IPS, HP Tipping Point IPS, Sophos HIPS
Tng la mng
IPCop
Barricuda NG Ging nh hu ht cc ng dng khc trong danh sch Firewall, Check cc Tng la ca chng ti, IPCop bin mt PC thnh Point Appliances mt tng la da vo Linux bo v mng ca bn. N c thit k cho nhng ngi s dng nh hoc SOHO, v n c mt giao din Web d s dng. H iu hnh: Linux. Barricuda NG D n ban u tng c thit k a ra chc nng Firewall, Check tng la v nh tuyn router, th Deviel - Linux cng Point Appliances cn vn hnh nh mt my ch cho nhiu ng dng, bao gm c t ch cho th. c cc nh qun tr CNTT
Devil-Linux
Trang 40/47
08/2012
Loi
Tn phn mm
Thay th cho
M t to ra cho cc qun tr vin CNTT, n c cc kh nng ty bin tuyt vi v an ninh hng u. H iu hnh: Linux.
Turtle Firewall
Barricuda NG c thit k n gin v nhanh, Turtle cho php cc Firewall, Check nh qun l mng thit lp cu hnh n thng qua giao Point Appliances din Web hoc bng vic sa i cc tp XML. Website ny cng bao gm mt s thng tin gii thiu tt v bn cht t nhin ca cc tng la. H iu hnh: Linux. Barricuda NG Shorewall khng c cho l tng la Linux d s Firewall, Check dng nht, nhng n c cho l tng la mm do Point Appliances v mnh nht. Bn c th s dng n trong mt h thng vn hnh nh mt tng la chuyn dng, nh mt cng gateway/b nh tuyn router/my ch a chc nng hoc nh mt chic PC GNU/Linux ng ring r. H iu hnh: Linux. Barricuda NG Vuurmuur c thit k tr nn n gin v mnh. Firewall, Check B sung thm vo cc kh nng tng la tiu chun, n Point Appliances cng h tr vic lm sc so giao thng v a ra nhng kh nng gim st tin tin. H iu hnh: Linux. Barricuda NG Firewall Mc d n c thit k cho cc thit b v my tnh c nhn PC nhng, th m0n0wall cng c th chy c trn mt PC ng ring r chy FreeBSD. N i hi t hn 12MB khng gian a v khi ng t hn 25 giy. H iu hnh: FreeBSD.
Shorewall
Vuurmuur
m0n0wall
pfSense
Barricuda NG R nhnh ny ca m0n0wall cng da vo BSD, nhng Firewall, Check c thit k cho cc my tnh thng thng, khng Point Appliances phi phn cng nhng. N c ti v hn 1 triu ln v hin chy trn hn 100.000 mng, bao gm c cc tp on v cc trng i hc ln cng nh cc mng nh nh. H iu hnh: FreeBSD. Cisco products Phn mm Vyatta li cho php nhng ngi s dng to ra nhng thit b v cc b nh tuyn router mng/tng la ca ring h. Cng ty ny cng a ra cc phn cng v mm phi tr tin. H iu hnh: Linux. T gi mnh l Trnh phn tch giao thc mng u tin trn th gii, Wireshark lm cho d dng nm bt v phn tch giao thng mng. Cc sn phm v dch v thng mi c lin quan ti phn mm l sn sng
Vyatta
Gim st mng
Wireshark
OmniPeek, CommView
Trang 41/47
08/2012
Loi
Tn phn mm
Thay th cho
M t thng qua Riverbed Technology. H iu hnh: Windows, Linux, OS X.
Tcpdump/ libpcap
OmniPeek, CommView,
Tcpdump l mt trnh phn tch gi dng dng lnh, v libpcap l mt th vin C/C++ cho nm bt giao thng mng. Lm vic cng nhau, 2 th ny cung cp mt gii php gim st mng tt, nhng, thiu mt GUI, chng khng thc s thn thin vi ngi s dng. H iu hnh: Linux. c Riverbed Technology qun l (cn c gi l Wireshark), WinDump chuyn tcpdump ti nn tng Windows. Site ny cng bao gm th vin v cc trnh iu khin WinPcap cho nm bt giao thng. H iu hnh: Windows. Cng vi thi gian, mi ngi cn phc hi li mt mt khu b mt hoc khng bit. Trnh ph mt khu ny s dng phng php cc bng cu vng phc hi cc mt khu khng biets, v n cng bao gm module p mnh th bo cho cc mt khu n gin. H iu hnh: Windows. John the Ripper l c bit tt ph cc mt khu yu, nhng s dng n, bn s cn mt danh sch cc mt khu thng c s dng. Bn c th mua cc danh sch mt khu hoc mt phin bn chuyn nghip cc phn mm t cng site ny. H iu hnh: Windows, Linux, OS X. Trnh qun l mt khu ph bin ny lu tr tt c cc mt khu ca bn trong mt c s d liu c m ha. Bn s ch cn nh mt mt khu ch, trong khi ng dng d s dng, nh ny s gip bn bo v bn khi bn n cp nhn din. H iu hnh: Windows. Nu bn s dng OS X hoc Linux, hy th r nhnh ny ca KeePass. Cng vi, n b sung mt t tnh nng khng c ban u v chy c c trong Windows. H iu hnh: Windows, Linux, OS X c ti v hn 1 triu ln, Password Safe l mt la chn ngun m ph bin khc cho vic bo v cc mt khu ca bn. Ging nh KeePass, n l nh v lu tr cc mt khu c m ha ca bn trong mt c s d liu sao cho bn ch cn nh mt mt khu ch. H iu
WinDump
OmniPeek, CommView
Ph mt Ophcrack khu
Access Data Password Recovery Toolkit, Passware
John the Ripper Access Data Password Recovery Toolkit, Passware
Qun l KeePass mt Password Safe khu
Kaspersky Password Manager
KeePassX
Kaspersky Password Manager Kaspersky Password Manager
Password Safe
Trang 42/47
08/2012
Loi
Tn phn mm
Thay th cho hnh: Windows. Entrust IdentityGuard, Vasco Digipass, RSA's SecurID McAfee Family Protection, NetNanny, CyberPatrol
M t WiKID khoe v xc thc 2 yu t m khng cn yu t nhiu. B sung vo phin bn cng ng t do, n cng c mt phin bn doanh nghip c h tr m cng b sung thm chc nng. H iu hnh: c lp vi h iu hnh. B lc ni dung c gii thng ny s dng vic khp cc mnh , lc PICS, lc URL v cc phng php khc kha ni dung b phn i. Lu l phn mm ny khng chy trn cc my tnh c nhn ring r. N chy trn mt my ch OS X hoc Linux bo v phn cn li ca mng. H iu hnh: Linux, OS X.
Xc WiKID thc ngi s dng Lc Web DansGuardian
10.2. Danh sch 12 phn mm t do ngun m s dng trong an ninh

Lot bi ca Carla Schroder v 12 phn mm t do ngun m tuyt vi trong lnh vc an ninh m bn c th s dng thay th cc ng dng s hu c quyn. Xem cc phn [01], [02], [03], [04], [05]. Loi Tn phn mm Thay th cho BCWipe Total WipeOut, Secure Erase, HDShredder M t DBAN l h iu hnh c lp v lm vic trong cc cng IDE, SCSI v SATA trn cc h thng x86 v PowerPC. DBAN d s dng: ti v v sao chp vo vt trung gian khi ng c nh a mm 3.5'', CD/DVD, u USB hoc PXE khi ng qua mt mng - chy n v n lm. Bn c th qut sch tt c cc a cng trong mt h thng, hoc ch nhng th c chn. Bn c th ci t chng ln hu nh bt k h iu hnh no (Mac, Linux, Windows, BSD v cc Unix khc), nhng cch tt nht chy chng l t vt trung gian khi ng c. TestDisk v PhotoRec c a vo trong mt s lng ln cc pht tn cu h thng da vo Linux nh GParted LiveCD v Knoppix. ddrescue thc hin cc bo sao mc khi bloc, nn khng l vn g i vi h thng tp hoc h iu hnh ang trong vt trung gian. N nhanh v n sao chp ch cc khi cn tt v b qua cc khi hng, v n l t ng nn bn khng phi chm sc g. Thit b bn ang sao chp ti, nh mt a USB hoc a cng ni b th 2, nn rng ln hn 50% so vi a gc.
Xa c Darik's Boot an ninh, and Nuke khi (DBAN) phc d liu, nhi li, m ha Sa v TestDisk and phc PhotoRec hi tp
Recover Lost Partition, Active@ Partition Recovery, Disk Doctors Norton Ghost, Acronis True Image, Paragon Backup & Recovery
Cu GNU ddrescue cc a hng
Nhi
Clonezilla
Norton Ghost v C 2 phin bn: Clonezilla Live v Clonezilla SE.
Trang 43/47
08/2012
Loi a
Tn phn mm
Thay th cho
M t
Symantec Ghost Clonezilla Live l cho sao lu v phc hi cc my tnh Corporate ring r, v n chy t mt u USB khi ng c Edition hoc CD/DVD. Clonezilla SE nhi nhiu my tnh c nhn cng mt lc, v rt nhanh qua mng ca bn. Clonezilla vn hnh mc khi trn cc nn tng x86 v x86-64, nn n sao chp bt k h thng tp v h iu hnh no. PGP Whole Disk L mt trong nhng ng dng m ha lin nn tng ph Encryption bin nht, v v l do tt lnh - n d dng s dng v rt mnh. TrueCrypt chy trong Mac, Linux v Windows. Master Password cho iOS l mt trnh qun l mt khu khng tnh trng. N khng lu cc mt khu vo iPhone/Pad/Pod, cng khng lu chng trong mt vi ch u trong m my m c. N trin khai mt chin lc khc: n to ra mt mt khu mi, mnh mi ln bn cn ng nhp vo mt site. Bn ch cn nh mt mt khu duy nht. (Gi 5.99 USD) ChatSecure m ha AIM, Jabber, Google Talk, v tt c cc ng dng chat/IM apps m s dng giao thc chat XMPP. Rights Alert ch cho bn mt danh sch cc ng dng c ci t m ang yu cu cc quyn tha qu mc, c th l mt du hiu rng chng c th s khng tt, m mm v tc mch vo trong cc phn h thng ca bn ni m chng khng thuc v. D n Guardian l mt b cc ng dng ngun m bo v tnh ring t c to ra vi tng bo v cc nh hot ng chnh tr x hi m ang gp nguy him n gin bo cc s kin v chia s cc nh, v tt nhin cc ng dng lm vic cho bt k ai m c quan tm v tnh ring t ca h trn trc tuyn. Orbot mang Tor vo Android. Tor l mng cc my ch y quyn nc danh ha cc cuc du lch ca bn trn Internet Gibberbot a ra thng ip tc th v chat an ninh, vi phn thng ca s h tr ca Tor. Droidwall l mt giao din mt tin ha p cho tng la mnh v c chng minh Iptables tng l
M ha TrueCrypt
An Master Password Safe ninh di Password (iOS) ng
Secure Chat
Rights Alert
D n Guardian
Orbot
Gibberbot Droidwall
Trang 44/47
08/2012
Loi
Tn phn mm
Thay th cho
M t mt phn khng th thiu ca nhn Linux trong nhiu nm. N trao s kim sot tt i vi cc ng dng v dch v c th c s truy cp ti cc mng ca bn, v kim sot nhng g ti Droid ca bn qua mng.
10.3. Tun th m hnh pht trin cng ng cho phn mm ngun m
M hnh pht trin phn mm t do ngun m c ngc ln dng trn. Khi s dng cc phn mm an ninh l phn mm t do ngun m, vic ty bin cc phn mm nn c thc hin theo ng m hnh pht trin ca phn mm t do ngun m m bo cc phn mm lun c cp nht nhanh chng, ng thi hn, qua m bo c an ninh cho h thng. Trnh vic ty bin m ngun ca phn mm ri em ng li, khng chuyn m ngun ty bin ngc ln dng trn v vi d n gc ca phn mm. Thng th khi khng ngc ln dng trn ng gp m ngun c ty bin tr v vi d n dng chnh thng, th ta s c cc phin bn r nhnh ca phn mm v kh hoc khng th nhn c nhng ng gp ca c cng ng d n cho bn r nhnh . Kt qu l sau mt thi gian, phn mm r nhnh c kh nng b lc hu, gy mt an ninh cho h thng. Ni nh vy khng c ngha l khng bao gi c r nhnh, m ch r nhnh khi thc s cn thit v chun b y v c nhn lc v vt lc c th duy tr kho m ngun ca phn mm r nhnh .
M hnh pht trin phn mm t do ngun m khng ngc ln dng trn - r nhnh.
Trang 45/47
08/2012
Cc ti liu tham kho:

1. An ninh khng gian mng - Cu hi gy tranh ci i vi cc quan h ton cu. Mt bo co c lp v s chun b sn sng v khng gian mng trn th gii. Chng trnh ngh s v An ninh & Phng th (SDA) xut bn thng 02/1012, 94 trang. Ti v. 2. Pht trin cng ngh m. Nhng bi hc hc c v nhng thc tin tt nht cho cc phn mm qun s, phin bn 1.0. B Quc phng M. Xut bn 16/05/2011. 73 trang. Ti v. 3. K hoch l trnh pht trin cng ngh m, phin bn 3.1. B Quc phng M. Thng 07/2006. 59 trang. Ti v. 4. Cc tc chin thng tin. Hc thuyt v tc chin thng tin ca M v Lin qun. B Quc phng M. Xut bn 13/02/2006. 119 trang.Ti v. 5. Kh nng ca Cng ha Nhn dn Trung hoa tin hnh chin tranh khng gian mng v khai thc mng my tnh. Tp on Northrop Grumman xut bn ngy 09/10/2009. 75 trang.Ti v. 6. Nga, M v ngoi giao khng gian mng - Cc cnh ca cn ng. Vin ng - Ty xut bn nm 2010. 32 trang.Ti v. 7. Bo co thng nin cho Quc hi - Din bin v qun s v an ninh lin quan ti Cng ha Nhn dn Trung Hoa 2011, Vn phng B trng Quc phng M, B Quc phng M. Xut bn 06/05/2011. 94 trang.Ti v. 8. Nhng thch thc trong khng gian mng, Vin v Phn tch Quc phng (IDA), B Quc phng M, xut bn ma h nm 2011. 24 trang.Ti v. 9. Chin lc v tc chin trong khng gian mng, B Quc phng M xut bn thng 07/2011. 19 trang.Ti v. 10. Chin lc An ninh Khng gian mng ca nc Anh, Bo v v thc y nc Anh trong th gii s, thng 11/2011, Vn phng Ni cc Chnh ph Anh, 43 trang.Ti v. 11. Nhng mi e da khng gian mng ang ni ln v quan im ca Nga v chin tranh thng tin v tc chin thng tin. C quan Nghin cu Quc phng FOI, Thy in, 2010. 70 trang. Ti v. 12. Ch dn v an ninh cho cc lnh vc trng tm sng cn trong TM v2.1 ca Lin minh An ninh m my CSA, xut bn thng 12/2009, 72 trang. Ti v. 13. L trnh Cng ngh in ton m my ca Chnh ph M, Tp 1, phin bn 1.0 (D tho). Cc yu cu u tin cao p dng hn na in ton m my ca cc c quan Chnh ph M. Chng trnh in ton m my, Phng Th nghim Cng ngh Thng tin, Vin Tiu chun v Cng ngh Quc gia M - NIST. Thng 11/2011. 32 trang.Ti v. 14. Kin trc tham chiu in ton m my ca NIST. Nhng khuyn co ca Vin Tiu chun v Cng ngh Quc gia. Vin Tiu chun v Cng ngh Quc gia, M - NIST. Thng 09/2011. 35 trang. Ti v. 15. L trnh tiu chun in ton m my ca NIST v1.0. Vin Tiu chun v Cng ngh Quc gia, M - NIST. Thng 07/2011. 76 trang. Ti v. 16. Bn ghi nh cho cc gim c thng tin - y quyn an ninh ca cc h thng thng tin trong cc mi trng in ton m my. Steven VanRoekel, Gim c Thng tin Lin bang M, Vn phng iu hnh ca Tng thng M, xut bn ngy 08/12/2011. 7 trang. Ti v. 17. Chun v Kin trc cho cc ng dng chnh ph in t, phin bn v2.0. B Ni v Cng ha Lin bang c xut bn. Thng 12/2003. 179 trang. Ti v. 18. Chun v Kin trc cho cc ng dng chnh ph in t, phin bn v3.0. B Ni v Cng ha
Trang 46/47
08/2012
Lin bang c xut bn. Thng 10/2006. 185 trang. Ti v. 19. Ngc ln dng trn: Tng cng cho s pht trin ngun m. Qu Linux. Thng 01/2012. 10 trang. Ti v. 20. Mua sm phn mm my tnh ca Chnh ph v Giy php Cng cng Chung GNU, B. Scott Michel, Lt. Cmdr., PhD, USN(RC), Eben Moglen, Trung tm Lut T do cho Phn mm, Mishi Choudhary, Trung tm Lut T do cho Phn mm, Dorothy Becker, Lut s v Bng sng ch, SPD ca Navy OGC. Xut bn ngy 01/10/2011, 15 trang. Ti v. Ghi ch: Mt s thng tin tham kho khc v an ninh c cp nht hng ngy c th xem y, y hoc y.
Trang 47/47

AnToanAnNinhThongTin CIO QuangNinh Th08 2012

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AnToanAnNinhThongTin CIO QuangNinh Th08 2012

Uploaded by

Copyright:

Available Formats

An ton an ninh thng tin

AN TON AN NINH THNG TIN

An ton an ninh thng tin

A. Tng quan tnh hnh an ton an ninh thng tin

An ton an ninh thng tin

An ton an ninh thng tin

3. Cng c c s dng tn cng

An ton an ninh thng tin

Lp ng dng Lng ngi s dng v trng thnh

An ton an ninh thng tin

4. Tn sut v phm vi tn cng

An ton an ninh thng tin

6. Bi hc cho Vit Nam

An ton an ninh thng tin

An ton an ninh thng tin

B. Gii thiu mt s tiu chun v an ton an ninh thng tin

An ton an ninh thng tin

2. Mt s tiu chun cho in ton m my

2.1. Tiu chun v an ninh

An ton an ninh thng tin

Cc tiu chun v SDO sn sng

OpenID Authentication; OpenID

Tiu chun c ph chun Chp nhn ca th trng

An ton an ninh thng tin

Cc tiu chun v SDO sn sng

FIPS 186-3: Digital Signature Standard (DSS); NIST

Tiu chun c ph chun Chp nhn ca th trng

Tiu chun c ph chun Chp nhn ca th trng

(SPML); Tiu chun c ph chun

An ton an ninh thng tin

Cc tiu chun v SDO sn sng

PCI Data Security Standard; PCI

Tiu chun c ph chun Chp nhn ca th trng

2.2. Tiu chun v tnh tng hp

An ton an ninh thng tin

Cc tiu chun v SDO sn sng

ang pht trin

2.3. Tiu chun v tnh kh chuyn

Tiu chun chun Tiu chun chun

Chp nhn ca th trng ang pht trin

3. Mt s tiu chun theo m hnh kin trc an ninh d liu

An ton an ninh thng tin

An ton an ninh thng tin

C. Cc gii php, cng c v cc l hng thng gp

1. Kin trc h thng thng tin truyn thng (CNTT TT)

An ton an ninh thng tin

2. An ninh h tng h thng CNTT-TT

H tng vt l ca h thng CNTT-TT

Kin trc h tng v vic m bo an ninh truy cp cc vng

An ton an ninh thng tin

Vng v cc mi giao tip

An ton an ninh thng tin

Truy cp mng v kim sot truy cp

Mng, ngi s dng v cc dch v bn ngoi

An ton an ninh thng tin

cn thit c th vn hnh v truy cp d dng c cc ng dng, dch v cn c lu tm ti.

4. An ninh in ton m my (TM)

An ton an ninh thng tin

Phm vi kim sot c phn chia gia nh cung cp v ngi s dng

An ton an ninh thng tin

An ton an ninh thng tin

SLA: Tha thun mc dch v (Service Level Agreement).

An ton an ninh thng tin

5. An ninh thng tin d liu