GII PHP

PHNG CHNG RANSOMWARE TON DIN

M HNH H THNG MT DOANH NGHIP

1 S tng th

(thm thit b load balance cho WAN)

2. GII PHP PHNG CHNG RANSOMWARE TON DIN.

2.1 Gii php phng chng Ransomware cho End Point.
2.1.1 Antivirus: Trendmicro & Kaspersky

Page 1 of 10
a. TrendMicro

Tnh nng ngn chn m ha d liu (Ransomware) ca Trend Micro Security 11(2017):
-Kim tra v ngn cc chng trnh thc hin cc thay i tri php trong h thng.
- Tnh nng chng m ha d liu gip ngi dng bo v c cc file word, excel v cc
file office khng b m ha v i tin chuc ca Hacker, bo v d liu quan trong c an
ton, chng tht thot d liu quan trng.
Ti v ci t tnh nng mi ca Trend Micro Security 11 (2017) ti
y: http://trendmicro.ctydtp.vn/tai-ve.html

b. Kaspersky

Chc nng chng phn mm c hi l nn tng ca h thng phng v ca bn

Kaspersky Endpoint Security for Business ADVANCED bao gm cc cng ngh chng phn mm c hi
mi nht ca Kaspersky Lab, kt hp bin php bo v da trn ch k, ch ng v c s h tr ca web
phng v hiu qu, nhiu cp. Vi cc bn cp nht t ng t Mng Bo mt Kaspersky trn nn tng in
ton m my, Kaspersky cung cp phn ng nhanh i vi cc mi e da mi v ang pht trin.

Ngn chn vic khai thc cc l hng trong cc h thng ca bn

Ti phm mng ang ngy cng gia tng vic s dng cc l hng cha c v trong cc h iu hnh
(HH) v cc ng dng tn cng cc h thng cng ty v nh cp d liu hoc tin. Chc nng qun l
bn v li v qut l hng ca Kaspersky cung cp kh nng kim sot tp trung vic pht hin cc l hng
ca ng dng v HH v phn mc u tin v li ng dng / HH. Kaspersky Endpoint Security for
Business ADVANCED ng mt vai tr quan trng trong vic gip loi b nguy c ti phm khai thc cc l
hng trong h thng.

M ha d liu nhy cm gi b mt thng tin kinh doanh

Vi thut ton m ha mnh m, cng ngh m ha d liu ca Kaspersky c th gip bo v thng tin kinh
doanh nhy cm v uy tn ca doanh nghip ca bn trong trng hp d liu hoc thit b ri vo tay k
xu. Khng ging nh nhiu sn phm m ha d liu khc c th gp kh khn khi trin khai v yu cu mt
bng iu khin qun l ring, cc cng ngh m ha ca Kaspersky c th c iu khin t cng mt bng

Page 2 of 10
iu khin qun l d s dng, qun l hu nh tt c cc tnh nng bo v khc ca Kaspersky v vy bn
s tn t thi gian v chi ph hn gi an ton cho d liu ca mnh.

Qun l h thng tng cng hiu qu

V cc h thng mng CNTT doanh nghip ngy cng tr nn phc tp, nhim v qun l tt c cc h thng
m doanh nghip ca bn ph thuc vo tr nn kh khn v tn thi gian hn nhiu. Kaspersky Endpoint
Security for Business ADVANCED n gin ha hng lot tc v qun l h thng bao gm vic cu hnh,
trin khai v x l s c.

Gip thc thi cc chnh sch bo mt CNTT ca bn d dng hn

Cc tnh nng Kim sot ng dng, Kim sot Thit b v Kim sot Web cung cp cho i ng CNTT ca
bn quyn kim sot chi tit v vic nhng ng dng no c th chy trn cc h thng ca bn, ng dng c
th truy cp nhng ti nguyn CNTT no v nhn vin c php s dng cc thit b c th tho ri v
Internet nh th no.

Bo v cc thit b di ng v n gin ha vic qun l di ng v Mang Thit b ca Ring Bn

(BYOD)
Vic thng qua chnh sch Mang Thit b ca Ring Bn (BYOD) c th tit kim chi ph v tng nng sut.
Tuy nhin, BYOD cng c th mang li ri ro bo mt ng k. Bng cch kt hp bo mt di ng v qun
l thit b di ng (MDM), Kaspersky Endpoint Security for Business ADVANCED cung cp kh nng bo
v v qun l d dng cho php cc thit b di ng truy cp vo cc h thng v d liu ca bn, m khng
gy ra cc ri ro bo mt cho doanh nghip ca bn.

Ngay lp tc sn sng qun l v bo v

Kaspersky Endpoint Security for Business ADVANCED c cu hnh sn gip bn qun l v bo v cc
h thng ca bn ngay sau khi c ci t. Hn na, vi bng iu khin qun l hp nht, d s dng
c cung cp cng vi Trung tm Bo mt Kaspersky i ng CNTT ca bn c th nhanh chng p dng
cc chnh sch qun l h thng mi v cu hnh bo mt.

Bo mt c th bao gm cc yu cu c th ca bn
Bt c khi no bn cn thm cc gii php bo mt hn na cho gii php Kaspersky Endpoint Security for
Business ADVANCED ca mnh, ch cn thm mt trong nhng gii php Kaspersky Targeted Security
Solutions c th mang n cho bn kh nng bo v tch hp y cho lu tr, o ha, email, cng Internet
hoc cng tc. c gii php bo mt cao nht ca chng ti dnh cho doanh nghip, hy chn Kaspersky
TOTAL Security for Business.

2.1.2 Thit lp policy ngn chn truy xut d liu qua cng usb
- Cu hnh trn tng my trong h thng mng LAN
- Cu hnh Policy trn AD trong h thng Domain
2.1.3 Cu hnh ty chnh & Cp nht Windows, Windows Firewall, Windows
Defender
- Cp nht cc bn v li Windows
- Ty chnh cu hnh Windows Firewall
Kch hot / v hiu qu Windows Firewall: C nhiu cch kch hot tng la
trong windows, nhng c l y l mt cch tt nht bn hiu v thc hnh vi tng
la. Bn c th s dng firewall bng cch kch hot qua giao din, hay i khi bn ci
t mt ng dng hay phn mm mi h thng se hin th cho bn cch s dng netsh
to cc lut cho vic m hoc ng cc cng m ng dng s dng.
netsh advfirewall set allprofiles state on (off)

Khi ng (reset) li Windows Firewall: Nu xy ra li trong vic cu hnh windows

firewall, bn c th s dng cc cu lnh SSH di y reset n hay khi bn mun
trin khi li cc ci t cu hnh mc nh.
Page 3 of 10
 netsh advfirewall reset

Ly v cc lut cho tng la: Bn c th ly cc lut c cu hnh trong

Windows Firewall bng vic s dng cc cu lnh netsh sau:
netsh advfirewall firewall show rule name=all

Set Logging: ng dn mc nh file log trong windows firewall

l \Windows\system32\LogFiles\Firewall\pfirewall.log. Tuy nhin bn c th thay i
bng vic thc hin cc lnh command line nh bn di. Bn s thay i fire log n
th mc temp trong C ca bn
netsh advfirewall firewall set currentprofile logging filename "C:\temp\pfirewall.log"

Cho php hoc ngn chn Ping: Lnh ping thng c dng thm d server, n s
phn hi cc gi tim ICMP c client request, bn c th s dng netsh kim sot
n
netsh advfirewall firewall add rule="ALL ICMP V4" dir=IN action = block protocol=icmpv4

netsh advfirewall firewall add rule="ALL ICMP V4" dir=IN action = allow protocol=icmpv4

Kch hot hoc xa cc Port: m hoc ng cc Port bn cn bit v khi nim

port trong windows Firewall. Khi mt chng trnh c kch hot n s yu cu h
thng m mt hoc mt s cng thc hin giao tip d liu vi bn ngoi. Tuy nhin
bn c th s dng Windows Firewall kim sot vic m hoc ng cc cng ny.
netsh advfirewall firewall add rule name="Open SQL Server Port 1433" dir=in action=allow
protocol=TCP localport=1433

Kch hot Remote Desktop:

netsh advfirewall firewall set rule gourp="remote desktop" new enable=Yes

Kch hot Remote Management

netsh advfirewall firewall set rule group="remote administration" new enable=yes

Export and Import cc ci t cu hnh ca Windows Firewall: Sau khi bn ly

c cc cu hnh ca Windows Firewall, bn c th import hoc export cc cu hnh
ca bn
netsh advfirewall export "C:\temp\WFconfiguration.wfw" netsh advfirewall
import "C:\temp\WFconfiguration.wfw"

Chn (block) truy cp t mt a ch IP bn ngoi

netsh advfirewall firewall add rule name="HTTP-block" protocol=TCP locaport=80
action=block dir=IN remoteip=10.2.10.151

- Ty chnh cu hnh Windows Defender

ng dng Windows Defender Settings, bn s c th cu hnh ty chn sau y:
Bt / Tt Real-Time bo v
Bt / Tt da trn m my bo v
Turn Of/Off Sample submission
Thm Exclusions

Page 4 of 10
Trong Windows 10, Windows Defender c bo v in ton m my . Tnh nng
ny s gi thng tin cho Microsoft da trn n c th pht trin ch k chng phn
mm c hi mi i ph tt hn vi vic xc nh v loi b malware.
Cui cng v pha cui, bn s thy Version info . Nhp vo Use Windows Defender
pha di s m Windows Defender UI.
Nu bn khng mun cho Windows Defender qut cc tp tin ca bn c th, th
mc, loi tp tin hoc qu trnh, bn c th t trn Exclusion list . thm bt c iu
g vo danh sch loi tr, ch cn bm vo Add an exclusion di Exclusions v thm
tp tin, th mc, loi tp tin

2.1.4 Ci t Mobile Security

Hng dn ci t v cp nht phin bn phn mm bo mt Trend Micro Mobile Security cho
h iu hnh iOS.
***Ni bt vi cc tnh nng u vit gip ngi dng an ton khi cc mi e da t internet,
chng nh cp d liu, v truy tm thit b Apple ca bn khi b nh mt....Trend Micro
Mobile Security gip ngi dng qut virus, dn rc, dit virus cho in thoi v cc file khng
cn thit trn thit b, gip in thoi hot ng nhanh hn, mt hn sau qu trnh s dng lu
di.
***Cc bn ti v lm theo hng dn ti y:http://trendmicro.ctydtp.vn//cai-dat-mobile-
security-tren-

Page 5 of 10
2.2 Gii php phng chng Ransomware cho h thng Network & Wireless
2.2.1 Thit b cn bng ti WAN v h tr VPN
2.2.2 Firewall WatchGuard / Cisco
2.2.3Wifi WatchGuard / Meraki
2.2.4 Router Cisco Access list, nh tuyn, qun l VLan.
Trnh ly lan Ransomware trong trng hp 1 VLan b ly nhim.
2.2.5 Switch h tr VLan (layer2, layer3).

2.3 Gii php phng chng Ransomware cho h thng my ch

2.3.1 H thng Mail Server
- Spam Firewall Barracuda
- Loadbalancer Barracuda
- Anrivirus Kaspersky Enpoint
- Agent Backup Acronis Backup
- o ha Mail Server lu tr d phng.
2.3.2 H thng Web Server
- Anrivirus Kaspersky Enpoint
- Agent Backup Acronis Backup
- o ha Web Server lu tr d phng.

Page 6 of 10
 2.3.3 H thng File Server
- Anrivirus Kaspersky Enpoint
- Agent Backup Acronis Backup
- Lp lch ng b d liu sang thit b lu tr ngoi vi v ngt kt ni thit b vi h
thng sau khi ng b hon tt.

2.3.4 Application & Database Server

- Anrivirus Kaspersky Enpoint
- Agent Backup Acronis Backup
- o ha Application & Database Server lu tr d phng.

2.4 Gii php backup phng chng Ransomware

2.4.1 Server Backup
- Ci t phn mm Backup
- Lp lch backup
- Backup d liu t cc Server v thit b lu tr
2.4.2 Thit b lu tr backup
Tape Backup & Auto loader
NAS (Start & Shutdown theo lch backup)

2.5 Gii php kt ni an ton v phng chng Ransomware cho h thng Site to Site, Client
to Site.
2.5.1 Cu hnh VPN Loadbalance gia cc site thng qua thit b loadbalance hoc
firewall theo cc chun m ha IPSec/ SSL
2.5.2 Cu hnh VPN SSL Client to Site trn Firewall WatchGuard v thit b End
User.
2.5.2 S dng ng leaseline cho nhng kt ni c yu cu bo mt v tc
truyn ti d liu cao.
2.5.3

2.6 Thit lp Quarantine Server

2.6.1 Lu tr Quarantine t Firewall
2.6.2 Xy dng h thng Antivirus Center.
2.6.3 Thit lp vng phn tch, kim tra m c

Page 7 of 10
 2.7 Training ngi dng v an ton thng tin v cch phng chng Ransomware t pha
End User.

3. Trin khai ng dng ngn chn m ho d liu t ng:

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Mc 2.2 nh gi:

- H th ng hin ti l h thng mng ngang hng, khng c h thng qun l ngi dng tp
trung.
- D liu lu tr phn tn trn my ca tng ngi dng, khng c sao lu d phng nn khi
pht sinh s c trn my tnh nh h hng phn cng, nhim virus, rt d mt d liu.
- Vic lu tr d liu trn my c nhn khng c phn quyn cn gy ra tnh trng r r thng
tin ni b gia cc phng ban hoc r r ra bn ngoi.
- Cha c thit b bo mt cho h thng mng ni b trc cc mi e do t bn ngoi Internet,
nguy c ly nhim cc phn mm gin ip, virus m ho d liu rt cao.

Bng nh gi tnh trng h thng hin ti:

Tiu ch Tnh nht qun Tnh bo mt Tnh ton vn Tnh sn sng Tnh tin li

nh gi Khng Khng Khng Khng Khng

Ch thch:

Page 8 of 10
- Tnh nht qun: D liu c lu tr v qun l tp trung ti mt im, khng trng lp hoc
sai khc v ni dung thng tin.
- Tnh bo mt: H thng mng v d liu c bo v khi cc mi nguy hi nh virus nh
cp thng tin, m ho d liu,
- Tnh ton vn: D liu c phn quyn truy cp r rng, khng b thay i hoc xo b bi
nhng ngi khng c thm quyn.
- Tnh sn sng: Khi c s c pht sinh khng lm ngng tr hoc gim thiu ti a thi gian
ngng tr hot ng ca h thng.
- Tnh tin li: Tit kim thi gian v nhn lc trong vic qun l, d dng trin khai p dng
cc chnh sch qun l mi khi c thay i.

Page 9 of 10
Phn 3: TNG QUAN V GII PHP XUT.

Page 10 of 10