Professional Documents
Culture Documents
BI 12.
CC H THNG PHNG CHNG
V NGN CHN TN CNG
Bi Trng Tng,
Vin Cng ngh thng tin v Truyn thng,
i hc Bch khoa H Ni
Ni dung
1
04/01/2017
1. T VN
Bi Trng Tng,
Vin Cng ngh thng tin v Truyn thng,
i hc Bch khoa H Ni
2
04/01/2017
Mt v d
Gi s website ca cng ty FooCorp cung cp mt dch
v thng qua URL:
http://foocorp.com/amazeme.exe?profile=info/luser.txt
Dch v cho php hin th h s c nhn ca mt nhn
vin no trong cng ty
Kch bn truy cp
2. GET /amazeme.exe?profile=xxx
Internet
FooCorp
FooCorps Servers
border router
3. GET /amazeme.exe?profile=xxx
3
04/01/2017
Kch bn truy cp
8. 200 OK
Output of bin/amazeme
Internet
FooCorp
FooCorps Servers
border router
7. 200 OK
Output of bin/amazeme
Kt qu tr v
cha cc thng tin
nhy cm
4
04/01/2017
Lm th no pht hin?
8. 200 OK
Output of bin/amazeme
Internet
Monitor sees a copy
FooCorp
FooCorps of incoming/outgoing
HTTP traffic Servers
border router
bin/amazeme -p xxx
10
5
04/01/2017
Lm th no pht hin?
11
Internet
FooCorp
FooCorps Servers
border router
12
6
04/01/2017
Lm th no pht hin?
Gii php 3: s dng cc tin ch qut nh k file nht k
(log file) ca h thng
u im
Nhc im
Gii php 4: gim st cc li gi h thng t web server
u im
Nhc im
Nhn xt chung v cc gii php: gp 1 trong 2 vn
ln
Chnh xc
Kp thi
13
Gii php tt hn
Thay v pht hin tn cng, hy tm cch ngn chn
Qut l hng: thc hin cc tn cng ln chnh ti nguyn
cn bo v, qua pht hin cc l hng ATBM tn ti
trn h thng
u im?
Nhc im?
14
7
04/01/2017
15
Khi nim c bn
16
8
04/01/2017
17
9
04/01/2017
Tnh chnh xc
nh gi qua 2 gi tr:
FPR (False Positive Rate): t l pht hin nhm
FNR (False Negative Rate): t l b st
I: s kin c tn cng xy ra
A: s kin h thng IDS pht ra cnh bo
FPR = P(A | not I)
FNR = P(not A | I)
19
20
10
04/01/2017
21
22
11
04/01/2017
23
NIDS v HIDS
NIDS: Network-based IDS
Mt s thnh phn chc nng trong b pht hin:
B phn tch giao thc
B phn tch du hiu: pht hin cc dng tn cng bit
Shadow execution
Trnh ghi nht k
u im
Nhc im
24
12
04/01/2017
Host-based IDS
Mt s thnh phn ca b pht hin:
B qut gi tin
B qut file
B qut b nh chnh
Phn tch thi gian thc
Sandbox execution
u im?
Nhc im?
25
2. H THNG TNG LA
Bi Trng Tng,
Vin Cng ngh thng tin v Truyn thng,
i hc Bch khoa H Ni
26
13
04/01/2017
Khi nim c bn
Firewall: h thng ngn cch gia mt s vng ti nguyn
v phn cn li.
in hnh: mng ni b (intranet) v mng cng cng (Internet)
Kim sot truy cp vo ti nguyn:
Dch v
Ngi dng
Th hin qua
Hng
chnh sch
Hnh vi
Ch : tng la khng th kim sot cc truy cp bn
trong
27
B lc gi
L hnh thc n gin nht ca tng la
Kim sot truy cp da trn cc thng tin trn phn tiu
:
a ch IP
Cng dch v
Giao thc
Cc c trng thi
in hnh: ACL-Access Control List
Hn ch: VPN, SSL/TLS
28
14
04/01/2017
Proxy
Hot ng trn tng ng dng
Tng cng kim sot d liu ca cc dch v
Hn ch: lm tng tr, phc tp
Web
server
Proxy
server
client
client
29
Cc m hnh chnh
Screening host
30
15
04/01/2017
31
Screening subnet
32
16