An Toan Bao Mat Mang

8/2/2019 An Toan Bao Mat Mang

1/72

CH NG 1 ........................................................................................................ 2T NG QUAN V B O M T V AN TON M NG ...................................................2

1. T NG QUAN V AN TON B O M T M NG: ...............................................22. CC D NG T N CNG: ...............................................................................63. CC PH NG PHP PHNG CH NG: .......................................................21

CH NG 2 ...................................................................................................... 24B O M T V I L C GI IP ................................................................................ 241. Gi Tin (Packet): ......................................................................................242. B o M t V i L c Gi: ................................................................................29

Ch ng 3 ........................................................................................................ 42IPSEC ..............................................................................................................42(Internet protocol security) ..............................................................................42

1. T ng quan ............................................................................................... 422. C u trc b o m t ..................................................................................... 423. Hi n tr ng ................................................................................................434. Thi t k theo yu c u. ............................................................................. 43

5. Technical details. .....................................................................................446. Implementations - th c hi n .................................................................... 46CH NG 4 ...................................................................................................... 49NAT .................................................................................................................49(Network Address Translation) ........................................................................49

1. Nat L. G ? ..............................................................................................492. M Hnh M ng C a D ch V Nat ............................................................... 493. Nguyn L Ho t ng C a NAT ...............................................................494. Tri n Khai D ch V Nat ............................................................................. 51

CH NG 5 ...................................................................................................... 57VIRUS ..............................................................................................................57

V CCH PHNG CH NG ................................................................................ 571 Virus .........................................................................................................572. Phng Ch ng Virus: ..................................................................................64


2/72

CHNG 1

TNG QUAN V BO MT V AN TON MNG

1. TNG QUAN V AN TON BO MT MNG:

1.1. Gii thiu v AAA: (Access Control, Authentication v Auditing):Khi h thng mng c ra i nhu cu cn trao i ti nguyn c t ra v nhng ngi s

dng h thng mng c trao i ti nguyn vi nhau. Sau mt khong thI gian s dng, hthng mng ngy cng c m rng v s lng tham gia vo mng ngy cng tng, do vic thc hin cc chnh sch bo mt, thit lp cc chnh sch trong vic truy xut ti nguynmng c t ra.

Cng ngh thng tin c p dng trong nhiu lnh vc nh thng mi, hng hi, Trong spht trin thng tin l mt phn quan trng nht. MI thit b my tnh nh (Ram, CPU, Mn

hnh, a cng ) cng nh h tng mng (router, switch, ) c to ra h tr vic x l, lutr, trnh by, vn chuyn thng tin V vy vic bo m tnh an ton ca d liu c lu trtrn my tnh cng nh tnh b mt v ton vn ca thng tin c truyn trn mng c ngha rtln i vi s tn ti v pht trin ca cng ngh thng tin.

h tr cho vic bo mt nhm hn ch truy cp d liu ca ngI khc, trnh s mt mt dliu, thut ng AAA (Access Control, Authentication v Auditing) ra i.

AAA c vit tc t: Access Control, Authentication v Auditing. AAA l khi nim c bnca an ninh my tnh v an ninh mng. Nhng khi nim ny c dng bo mcc tnh nngbo mt thng tin, ton vn d liu v tnh sn sng ca h thng.

1.2. iu khin truy cp (Access Control):

iu khin truy cp l mt chnh sch, c s h tr ca phn mm hay phn cng c dng cho php hay t chi truy cp n ti nguyn, qui nh mc truy xut n ti nguyn.

C ba m hnh c s dng gii thch cho m hnh iu khin truy cp:- MAC (Mandatory Access Control)- DAC (Discretionary Access Control)- RBAC ( Role Based Access Control)

1.2.1 MAC (Mandatory Access Control):

M hnh MAC l mt m hnh tnh s dng cc quyn hn truy cp n tp tin c nhngha trc trn h thng. Ngi qun tr h thng thit lp cc tham s ny v kt hp chng vimt ti khon, vi nhiu tp tin hay ti nguyn. M hnh MAC c th b hn ch nhiu. Trong m

hnh MAC ngi qun tr thit lp vic truy cp v ngi qun tr cng l ngi c th thay i struy cp . Ngi dng khng th chia s ti nguyn c tr khi c mt mi quan h vi tinguyn tn ti trc.V d:

i vi Unix h thng qui nh mt tp tin hay th mc s v mt ch s hu (Owner). Khi ta khng th nh ngha mt tp tin hay th mc thuc quyn s hu ca hai hay nhiu ngi.

Quyn tp tin, th mc trn Windows 2000 (Full control, Write, Read, List folder content )

Trang 2


3/72

1.2.2. DAC (Discretionary Access Control):

L tp cc quyn truy cp trn mt I tng m mt ngI dng hay mt ng dng nhngha. M hnh DAC cho php ngI dng chia s tp tin v s dng tp tin do ngI khc chia s.M hnh DAC thit lp mt danh sch iu khin truy cp (Access control list) dng nhn rangI dng no c quyn truy cp n ti nguyn no. Ngoi ra, m hnh ny cho php ngIdng gn hay loI b quyn truy cp n mI c nhn hay nhm da trn tng trng hp c th.

1.2.3. RBAC (Role Based Access Control):

Trong RBAC, vic quyt nh quyn truy cp da trn vai tr ca mI c nhn v trch nhimca h trong t chc.

Quyn hn da trn cng vic v phn nhm ngI dng. Tu thuc vo tng quyn hn cangI dng m chng ta s phn quyn cho ph hp.

V d:

NgI qun tr c ton quyn qun tr trn h thng mng, c quyn thm, xo, sa thng tintrn mng. Nhng nhn vin bnh thng trong mng s ch c quyn s dng my tnh m khng

c php lm g c.1.3 Xc thc (Authentication):

Qu trnh dng xc nhn mt my tnh hay mt ngI dng c gng truy cp n ti nguyn,cng nh cch thc ng nhp v s dng h thng.

Qu trnh xc thc rt a dng, t cch xc nhn thng thng nh kim tra tn ng nhp/mtkhu n vic s dng cc cng ngh tin tin nh th thng minh, thit b sinh hc nhn dngngI dng.

1.3.1. Username/Password:

y l phng thc xc nhn c in v c s dng rt ph bin (do tnh nng n gin vd qun l).

MI ngI dng s c xc nhn bng mt tn truy cp v mt khu. Mt khu thng thngc lu trong c s d liu dI dng m ho hoc khng m ho. Tuy nhin mt khu c th ddng b on bng cc phng php vt cn.

Chnh sch mt khu:

- Mc khng an ton: t hn 06 k t- Mc an ton trung bnh: 08 n 13 k t- Mc an ton cao: 14 k t

Ngoi ra mt khu cn tun theo mt s yu cu sau:

- Kt hp gia cc k t hoa v thng- S dng s, k t c bit, khng s dng cc t c trong t in.- Khng s dng thng tin c nhn t mt khu (ngy sinh, s in thoi, tn ngI thn

).

Trang 3


4/72

1.3.2. CHAP:

Do im yu ca User/Pass l thng tin dng b mt khi chuyn trn mng, do cnphi c mt phng php m bo rng d liu c truyn thng an ton trong qu trnhchng thc. CHAP l mt giao thc p ng c yu cu trn.

CHAP thng c dng bo v cc thng tin xc nhn v kim tra kt ni n tinguyn hp l, s dng mt dy cc thch thc v tr li c m ho. y l nghi thc xc nhn

truy cp t xa m khng cn gi mt khu qua mng.CHAP c s dng xc nh s hp l bng cch s dng c ch bt tay 3 - Way. Cch ny c s dng khi kt ni c khi to v c s dng nhiu ln duy tr kt ni.

- Ni cn xc nhn s gi mt thng ip Challenge- Bn nhn s s dng mt khu v mt hm bm mt chiu tnh ra kt qu v tr li cho

bn cn xc nhn.- Bn cn xc nhn s tnh ton hm bm tng ng v i chiu vi gi tr tr v. Nu gi

tr l ng th vic xc nhn hp l, ngc li kt ni s kt thc.- Vo mt thi im ngu nhin,bn cnh xc nhn s gi mt Challenge mi kim tra s

hp l ca kt ni

1.3.3. Ch ng ch (Certificates) Trong cuc sng chng ta s dng CMND hay h chiu giao tip vi ngi khc trongx hi nh s dng i du lch, tu xe Trong my tnh chng ta s dng chng ch xcnhn vi nhng my khc rng ngi dng v my tnh hp l v gip cho cc my tnh truynthng vi nhau c an ton.

Chng ch in t l mt dng d liu s cha cc thng tin xc nh mt thc th (thcth c th l mt c nhn, mt server, mt thit b hay phn mm)

Chi tit v chng ch chng ta s tham kho trong cc phn sau.

1.3.4. Mutual Authentication (Xc nh nl n nhau): a s cc c ch chng thc u thc hin mt chiu, khi vic xc thc rt d b gi lp

v d b Hacker tn cng bng phng php gi lp cch thc kt ni (nh Reply Attack ) Trongthc t c rt nhiu ng dng i hi c ch xc nhn qua li. v d mt ngi dng c mt tikhon ti Ngn hng. Khi ngi dng truy xut kim tra ngy np tin vo Ngn hng s kimtra tnh hp l ca Ngn hng ang thao tc. Nu thng tin kim tra l hp l th qu trnh ngnhp thnh cng v ngi dng c th thay i thng tin ti khon ca mnh.

Mi thnh phn trong mt giao tip in t c th xc nhn thnh phn kia. Khi , khngch xc nhn ngi dng vi h thng m cn xc nhn tnh hp l ca h thng i vi ngidng.

1.3.5. Biometrics:

Cc thit b sinh hc c th cung cp mt c ch xc nhn an ton rt cao bng cch sdng cc c tnh v vt l cng nh hnh vi ca mi c nhn chng thc, c s dng cckhu vc cn s an ton cao.

Cch thc hot ng ca Biometric:- Ghi nhn c im nhn dng sinh hc

Cc c im nhn dng ca i tng c qut v kim tra. Cc thng tin v sinh hc c phn tch v lu li thnh cc mu.

- Kim tra i tng cn c kim tra s c qut

Trang 4


5/72

My tnh s phn tch d liu qut vo v i chiu vi d liu mu. Nu d liu mu i chiu ph hp th ngi dng c xc nh hp l v cquyn truy xut vo h thng.

Mt s dng:- Cc c im vt l:

Du vn tay

Hand geometry Qut khun mt Qut vng mc mt Qut trng en mt

- Cc c tnh v hnh vi: Ch k tay Ging ni

Hin nay c ch xc nhn sinh hc c xem l c ch mang tnh an ton rt cao. Tuy nhin xy dng c ch xc nhn ny th chi ph rt cao.

1.3.6. Multi Factor:

khi mt h thng s dng hai hay nhiu phng php chng thc khc nhau kim travic User ng nhp hp l hay khng th c gi l multi factor. Mt h thng va s dng ththng minh va s dng phng php chng thc bng username va password th c gi l mth thng chng thc two factor. Khi ta c th kt hp hai hay nhiu c ch xc nhn to ramt c ch xc nhn ph hp vi nhu cu.

Ch danh ca mt c nhn c xc nh s dng t nht hai trong cc factors xcnhn sau:

- Bn bit g (mt mt khu hay s pin)- Bn c g (smart card hay token)- Bn l ai (du vn tay, vng mc )

- Bn lm g (ging ni hay ch k)

1.3.7. Kerberos:

Kerberos l mt dch v xc nhn bo m cc tnh nng an ton, xc nhn mt ln, xcnhn ln nhau v da vo thnh phn tin cy th ba.An ton:

S dng ticket, dng thng ip m ha c thi gian, chng minh s hp l ca ngidng. V th mt khu ca ngi dng c th c bo v tt do khng cn gi qua mng haylu trn b nh my tnh cc b.

Xc nhn truy cp mt ln:Ngi dng ch cn ng nhp mt ln v c th truy cp n tt c cc ti nguyn trn

mt h thng hay my ch khc h tr nghi thc Kerberos.

Thnh phn tin cy th ba:

Lm vic thng qua mt my ch xc nhn trung tm m tt c cc h thng trongmng tin cy.

Xc nhn ln nhau:

Trang 5


6/72

Khng ch xc nhn ngi dng i vi h thng m cn xc nhn s hp l ca hthng i vi ngi dng.

Xc nhn Kerberos c tch hp trc tip trong cu trc qun l th mc (Active Directory)ca Windows 2000, 2003 server h tr cc my trm c th ng nhp mt ln vo DC v s dngdch v trn cc server khc thuc cng DC m khng cn phi ng nhp. Vic ny hon ton

trong sut vI ngI dng nn h khng nhn ra c s h tr ca Kerberos.

2. CC DNG TN CNG:

2.1. Gii thiu: xy dng mt h thng bo mt, trc ht chng ta phi hiu r cch thc cc Hacker s

dng tn cng vo h thng. Vic tm hiu cch thc tn cng gp phn rt nhiu cho cng tcbo mt mt h thng mng, gip vic ngn chn hiu qu hn rt nhiu. Mi trng mng ngycng pht trin, do nhu cu bo mt, bo m an ninh trn mng lun pht trin.

Hin nay, cc phng php tn cng rt a dng v phong ph. Tuy c rt nhiu phng thc

tn cng nhng c th tm xp chngvo nhng nhm nh sau:- Theo mc tiu tn cng: ng dng mng hay c hai- Theo cch thc tn cng: Ch ng (Active) hay th ng (Passive)- Theo phng php tn cng: C nhiu loi v d nh b kho, khai thc li, phn mm hay

h thng, m nguy him Ranh gii ca cc nhm ny dn kh nhn ra v nhng cch tn cng ngy nay, ngy cng phc

tp, tng hp.Tuy nhin, khng phi mi hacker u tn cng nhm mc ch ph hoi h thng. C mt s

i tng tn cng vo h thng c mc ch nhm tn ra l hng ca h thng v bo cho ngiqun tr h v l hng li. Nhng hacker dng ny ngi ta gi l White hat, cn hackerdng khc ngi ngi ta gI l Black hat.

Mt s ngi li lm tng gia hacker v cracker. Cracker l mt ngi chuyn i tm hiucc phn mm v b kho cc phn mm , cn hacker l ngi chuyn i tm cc l hng ca hthng.

2.2. Minh ho khi qut mt qui trnh tn cng:Tu thuc vo mc tiu tn cng m hacker s c nhng kch bn tn cng khc nhau. y

chng ta ch minh ho mt dng kch bn tng qut tn cng vo h thng.

Cc bc c bn ca mt cuc tn cng

Trang 6

1. thm d v nh

gi h thng 2. Thm nhp 3. Gia tng quyn hn

1. Duy trtruy cp

2. Khai thc


7/72

- Bc 1: Tin hnh thm d v nh gi h thng- Bc 2: Thc hin bc thm nhp vo h thng. Sau c th quay li bc 1 tip tc

thm d, tm thm cc im yu ca h thng.- Bc 3: Tm mi cch gia tng quyn hn. Sau c th quay li bc 1 tip tc

thm d, tm thm cc im yu ca h thng hoc sang bc 4 hay bc 5.

- Bc 4: Duy tr truy cp, theo di hot ng ca h thng- Bc 5: Thc hin cc cuc tn cng (v d: t chI dch v )

2.3. Tn cng ch ng:L nhng dng tn cng m k tn cng trc tip gy nguy hi ti h thng mng v ng dng

(khng ch my ch, tt cc dch v) ch khng ch nghe ln hay thu thp thng tin.

Nhng dng tn cng ph bin nh: Dos, Ddos, Buffer overflow, IP spoofing

2.3.1. DOS:

Tn cng t chi dch v, vit tt l DOS (Denial of service) l thut ng gi chung cho nhngcch tn cng khc nhau v c bn lm cho h thng no b qu ti khng th cung cp dch v,hoc phi ngng hot ng. Kiu tn cng ny ch lm gin on hot ng ch rt t kh nngnh cp thng tin hay d liu.

Thng thng mc tiu ca tn cng t chi dch v l my ch (FTP, Web, Mail) tuy nhincng c th l cc thit b mng nh: Router, Switch, Firewall

Tn cng t chi dch v khng ch l tn cng qua mng m cn c th tn cng my cc bhay trong mng cc b cn gi l Logcal Dos Against Hosts.

Ban u tn cng t chI dch v xut hin khai thc s yu km ca giao thc TCP l Dos,sau pht trin thnh tn cng t chi dch v phn tn Ddos (Distributed Dos).

Chng ta c th phn nh tn cng t chi dch v ra thnh cc dng Broadcast stom, SYN,Finger, Ping, Flooding

Hai vn ca tn cng t chi dch v l:- Vic s dng ti nguyn (Resource consumption attacks) ca s lng ln yu culm h thng qu ti. Cc ti nguyn l mc tiu ca tn cng t chi dch v bao gm:Bandwidth (thng b tn cng nht), Hard disk (mc tiu ca bom mail), Ram, CPU- C li trong vic x l cc String, Input, Packet c bit c attacker xy dng(malfomed packet attack). Thng thng dng tn cng ny s c p dng vi routerhay switch. Khi nhn nhng packet hay string dng ny, do phn mm hay h thng bli dn n router hay switch b crash

Tn cng t chi dch v khng em li cho attacker quyn kim sot h thng nhng n lmt dng tn cng v cng nguy him, c bit l vi nhng giao dch in t hay thng mi int. Nhng thit hi v tin v danh d, uy tnh l kh c th tnh c. Nguy him tip theo l rtkh phng dng tn cng ny thng thng chng ta ch bit khi b tn cng.

i vi nhng h thng bo mt tt tn cng t chi dch v c coi l phng php cuIcng c attacker p dng trit h h thng.

2.3.2. DDOS:

Tn cng t chi dch v phn tn thc hin vi s tham gia ca nhiu my tnh. So vi Dosmc nguy him ca DDos cao hn rt nhiu.

Trang 7


8/72

Tn cng DDos bao gm hai thnh phn:

- Thnh phn th nht: L cc my tnh gi l zombie (thng thng trn internet) bhacker ci vo mt phn mm dng thc hin tn cng di nhiu dng nh UDPflood hay SYN flood Attacker c th s dng kt hp vi spoofing tng mc nguyhim. Phn mm tn cng thng di dng cc daemon.

- Thnh phn th hai: L cc my tnh khc c ci chng trnh client. Cc my tnh nycng nh cc zombie tuy nhin cc attacker nm quyn kim sot cao hn.Chng trnhclient cho php attacker gi cc ch th n Daemon trn cc zombie.

Khi tn cng attacker s dng chng trnh client trn master gi tn hiu tn cng ng lotti cc zombie. Daemon process trn zombie s thc hin tn cng ti mc tiu xc nh. C thattacker khng trc tip thc hin hnh ng trn master m t mt my khc sau khi pht ngtn cng s ct kt ni vi cc master phng b pht hin.

Minh ho tn cng DDOS

Thng thng mc tiu ca DDos l chim dng bandwidth gy nghn mng. Cc cng c thchin c th tm thy nhTri00 (Win Trin00), Tribe Flood Network (TFN hay TFN2K), Sharf Hin nay cn pht trin cc dng virus, worm c kh nng thc hin DDos.

2.3.3. Buffer Overflows (trn b m):

y l mt dng tn cng lm trn b m ca my tnh. Buffer Overflowsxut hin khi mtng dng nhn nhiu d liu hn chng trnh chp nhn. Trong trng hp ny ng dng c thb ngt. Khi chng trnh b ngt c th cho php h thng gid liu vi quyn truy cp tm thin nhng mc c c quyn cao hn vo h thng b tn cng. Nguyn nhn ca vic trn bm ny l do li ca chng trnh.

Trang 8


9/72

2.3.4. Spoofing:

Truy cp vo h thng bng cch gi danh (s dng ch danh nh cp ca ngI khc, gi ach MAC, IP )

L phng php tn cng m attacker cung cp thng tin chng thc hoc gi dng mt userhp l truy cp bt hp l vo h thng. Tuy nhin trong vi trng hp vic cu hnh h thngsai c th gy hu qu tng t. V d cu hnh h thng c li cho user c quyn cao hn quync php m user ny khng h c gi mo.

C nhiu tn cng bng spoofing. Trong c blind spoofing attacker ch gi thng tin gimo i v on kt qu tr v. V d IP spoofing sau khi gi packet gi mo a ch attacker khngnhn c tr li. Dng th hai cn quan tm l informed spoofing attacker kim sot truynthng c hai hng.

Tn cng bng cch gi mo thng c nhc n nht l IP spoofing v ARP spoofing haycn gi l ARP poisoning.

Vic gi mo IP xy ra do im yu ca giao thc TCP/IP. Giao thc TCP/IP khng h c tnhnng chng thc a ch packet nhn c c phi l a ch ng hay l a ch gi mo.Mt IP

address c coi nh l mt my tnh (thit b) duy nht kt ni vo mng v do cc my tnhc th giao tip vi nhau m khng cn kim tra. Tuy nhin chng ta c th khc phc bng cchs dng Firewall, router, cc giao thc v thut ton chng thc... Vic thc hin gi mo IP c thbng cch s dng Raw IP.

ARP poisoning cch tn cng nhm thay I ARP entries trong bng ARP nh c th thayi c ni nhn thng ip. Cc tn cng ny p dng vI LAN switch.

Trnh by cch tn cng bng ARP poisoning:

- ARP (Address Resolution Protocol): L mt giao thc dng lm cho mt a ch IP phhp vi mt a ch MAC. ARP c dng trong tt c cc trng hp ni m mt nt trnmng TCP/IP cn bit a ch MAC ca mt nt khc trn cng mt mng hay trn mng

tng tc. V c bn, ARP cho php mt my tnh gi thng ip ARP trn mng cc b tt c cc nt u nghe thy nhng ch c nt mng c a ch IP tng ng mi tr li.

- Mt vi h iu hnh khng cp nht thng tin ARP nu n khng c sn trong cache, mts khc th chp nhn ch mt ln tr li li u tin (v d nh Solaris)

- Attacker c th gi mo mt packet ICMP bt chc bt buc my trm thc hinmt ARP request. Ngay lp tc sau khi nhn c ICMP, my trm gi li mt ARP.

Bin php i ph:

- Chng ta c th s dng mt trong cc bin php sau: (Yes: c th s dng c, No:khng th s dng c)

Yes Passive monitoring (arp watch) Yes Active monitoring (ettercap) Yes IDS (detect but not avoid) Yes Static ARP entries (avoid it) Yes Secure ARP (puplic key auth) No Port security on the switch No Anticap, antidote, middleware approach

Trang 9


10/72

2.3.5. SYN Attacks:

L mt trong nhng dng tn cng kinh in nht. Li dng im yu ca bt tay 3 bc TCP.Vic bt tay ba bc nh sau:

- Bc 1: Client gi gi packet cha c SYN- Bc 2: Server gi tr client packet chc SYN/ACK thng bo sn sng chp nhn kt ni

ng thi chun b ti nguyn phc v kt ni, ghi nhn li cc thng tin v client- Bc 3: Client gi tr server ACK v hon thnh th tc kt ni.

Khai thc li ca c ch bt tay 3 bc ca TCP/IP. Vn y l client khng gi tr choserver packet cha ACK , vic ny gI l half open connection (client ch m kt nI mt na) vvi nhiu packet nh th server s qu ti do ti nguyn c hn. Khi c th cc yu cu hp ls khng c p ng. Vic ny tng t nh mt my tnh b treo do m qu nhiu chng trnhcng mt lc.

My tnh khi to kt ni s gI mt thng ip SYN + Spoofing IP

My nhn c s tr li lI SYN v mt ACK

S khng c ngi no nhn c ACK (do a ch gi)

Do vy my nhn c s i mt khong thi gian di trc khi xo kt niKhi s lng to kt ni SYN ny qu nhiu s lm cho hng i to kt ni b y v khng

th phc v cc yu cu kt ni khc.

Trn Windows nhn bit tn cng SYN c th dng lnh Netstar n p tcp

Chng ta s ch SYN Received ca cc connection. Tuy nhin tn cng SYN thng ichung vi IP spoofing. Cch attacker thng s dng l random source IP, khi server thngkhng nhn c ACK t cc my c IP khng tht, ng thi server c khi cn phi gi liSYN/ACK v ngh rng client khng nhn c SYN/ACK . L do tip theo l trnh b pht hinsource IP , khi nhn vin qun tr s block source IP ny.

Gii php:

- Gim thi gian ch i khi to kt ni. Vic ny c th sinh ra li t chi dch v vi myt xa c bng thng thp truy xut n.

- Tng s lng cc c gng kt ni- S dng tng la gi gi ACK cho my nhn chuyn kt ni ang thc hin sang

dng kt ni thnh cng.

2.3.6. Man in the Middle Attacks:

K tn cng s ng gia knh truyn thng ca hai my tnh xem trm thng tin v thmch c th thay I nI dung trao I gia hai my tnh.

Trong khi c hai my tnh u ngh rng mnh ang kt ni trc tip vi my tnh kia.Cch tn cng Man in the Middle:

- Tn cng trong mng ni b:

ARP Poisoning DNS Spoofing STP mangling Port Stealing

Trang 10


11/72

- Tn cng t cc b n cc my xa (thng qua gateway)

ARP Poisoning DNS Spoofing DHCP Spoofing ICMP Redirection IRDP Spoofing Route mangling Tn cng t xa

DNS Spoofing Traffic tunneling Route mangling

- Tn cng trn mng khng dy

Access Point Reassociation

2.3.7. Replay Attacks:

S dng cng c ghi nhn tt c thng tin trao i khi mt my tnh no truy xut nserver. Sau s dng cc thng tin bt c trn mng nI kt li n server .

y l k thut m Attacker khi nm c mt s lng packet s s dng li nhng packetny sau . V d Attacker c c packet cha password ca mt user. Password ny c mho v attacker khng bit c. Tuy nhin h thng chng thc khng c chc nng kim traSession time hay h thng c TCP Sequence number km. Attacker s thc hin BypassAuthenticate bng cch gi packet mt ln na hay cn gi l replay.

2.3.8. Dumpster Diving:

Dumpster Diving l thut ng m t tn cng bng cch thu lm thng tin t nhng th tng

nh khng cn gi tr. V d Attacker c th c c nhiu thng tin t Recycle bin t giy tchng t b i Khng ch t nhng thng tin trn my vi tnh, nhng thng tin thu lm ccng c th ly c t cc ti liu, h s do ngI dng b i. T nhng loI giy t thu nhnc c th rt trch ra ly nhng thng tin cn thit cho vic tn cng.

2.3.9. Social Engineering:

y l mt dng tn c s dng ph bin nht v rt kh phng nga. Cch tn cng nykhng i hi k tn cng s dng cc cng c hay thit b m vn c th c c cc thng tincn thit thm nhp vo h thng.

a s ngi dng thng t mt khu da vo thng tin c nhn nh h tn, s in thoi,ngy sinh, Khi k tn cng c th thu thp cc thng tin ny thc hin vic on mt khuca ngi dng.

Mt dng khc l khai thc s tin cy hay nh d ca con ngi tm ra cc thng tin quantrong nh gi danh mt khch hng quen thuc ca Cng ty thu thp cc thng tin quan trng

Gii php: o to hng dn ngi dng lun cnh gic

Trang 11


12/72

2. 4. Tn cng th ng:

2.4.1. D tm l h ng:

y l bc c bn k tn cng s thc hin nh gi v tm ra cc im yu ca h thng.k thut dng cc cng c qut tm ra im yu tn cng.

S dng cc cng c qut cng thm d v pht hin cc thng tin ca h thng nh h iuhnh, phin bn, cc ng dng trin khai

Attacker s kim tra ht vng tm ra mt ca no khng kho hoc d dng ph m khng bpht hin.

A/ Gii thiu cng c NMAP:

NMAP l vit tt ca Network Mapper. Ban u NMAP c thit k ch yu dnh choSystem admin nhm scan nhng mng c nhiu my tnh bit my no hot ng, cc servicen ang chy v h iu hnh ang s dng.

NMAP h tr k thut scan bao gm: UDP, TCP, TCP SYN (half open), FTP Proxy (bounceattack), ICMP (ping sweep), FIN, ACK sweep, Xmas tree, SYN sweep, IP Protocol C th dng

xc nh cc thng tin ca my xa, v d nh OS qua TCP/IP Fingerprinting.Cng c NMAP c th d dng tm trn internet v c ci t Mc nh trong cc h iu

hnh Unix. NMAP c nhng phin bn chy trn Windows v h tr giao din ho (NMAPWin).

Mt s chc nng chnh ca NMAP:

- Connect Scan (TCP connect): y l mt dng c bn nht ca vic qut TCP. K thutny c dng qut tt c cc cng trn h thng my tnh. Nu cng ang lng nghe,kt ni thnh cng, ngc li th cng s khng t n c. im mnh ca k thut nyl chng ta khng cn phi c c quyn.

- Vic qut bng k thut ny s d dng b pht hin bi my c qut.- TCP SYN (haft open): K thut ny thng c hiu nh l kiu qut (haft open) bi

v bn khng m mt kt ni y TCP. Bn gi mt SYN packet, nu nh bn ang mmt kt ni thc s v bn ang ch hi p. Mt SYN /ACK ch cho bit cng ang lngnghe. Mt RST biu l ca mt Non listener. Nu mt SYN/ACK c nhn, mt RSTngay lp tc gi lin tc n kt ni. Thun li chnh ca k thut qut ny l t site lu lithng tin ca n. thc hin c chng ta phi c quyn root.

- FTP Proxy (Bounce attack): y l mt c im th v ca giao thc FTP h tr chonhng kt ni FTP thng qua proxy. Ni mt cch khc chng ta c th kt ni t Evil.comn FTP server ca target.com v yu cu server gi mt file ANYWHERE trn internet.By gi iu ny c thc hin vo nm 1985 khi RFC c vit. Nhng vi hthng ngy nay, chng ta khng c th chim ot FTPserver v gi yu cu n bt kim no trn internet mt cch ty tin. Khi cc khi nim c v FTP server c vit livo nm 1995, sai lm ca giao thc ny c th c s dng a news v mail gn nhkhng th pht hin c, gy nguy him trn nhng server ti nhng site khc nhau, lmy a cng Chng ta s lidng nhng c im ny Scan TCP port t mt proxyFTP server. V th bn c th kt ni n mt FTP server c t sau mt Firewall v sau qut nhng port dng nh b blocked. NuFTP server cho php c v ghi trn mt

Trang 12


13/72

vi th mc, bn c th gi bt k d liu n nhng cng m bn tm thy (NMAP thkhng lm c vic ny).

- ICMP (Ping Sweep PingScanning): Thnh thong chng ta ch mun bit mt host trnmng c c m hay khng. NMAP c th lm iu ny bng cch gi ICMP echorequest packet n mi a ch IP trn mng m bn ch nh. Nhng host m tr li lnhng host ang m. Mt s site thi block echo request packets. V th NMAPc th gi

mt TCP ACK packet theo cng 80. Nu chng ta nhn c mt RST tr v, my tnh ang m. Mt k thut th ba lin quan n vic gi mt SYN packet v ch RST haySYN/ACK. Mc nh (cho user root) NMAP s dng c hai k thut ACK v ICMP. Bnc th thay i iu ny vi option p.

Ch rng thao tc ping c thc hin bt c lc no v ch nhng host hi p cqut. Ch s dng ty chn nu bn mong mun ping sweep m khng cn bt k portscans no thc s hot ng.

- ACK Sweep (ACK Scan): y l mt phng php thun li thng c s dng vchra nhng b lut firewall. Trong trng hp c bit, n c th gip xc nh ni firewallkhng c hiu qu hay ch l mt b lc packet n gin ch block nhng SYN packet.

- Cc Scan ny gi mt ACK packet n mt port c ch nh. Nu c RST tr v, portc phn loi l unfiltered. Nu khng c bt c thng tin g tr v (hay nu mt ICMPunreachable c tr v) port c phn loi l filtered. Ch rng NMAP thngkhng in ra nhng port c phn loi l unfiltered.

- Xmas tree, FIN, Null Scan: l nhng ln khi s dng qut SYN nhng khng bo mb mt. mt vi firewall v packet filter c th nhn thy tn hiu SYN v gii hn port vchng trnh ging nh SYN logger v courtney th d dng pht hin ra vic qut ny.Vic s dng nhng cch qut ny (Xmas tree, FIN, Null Scan) s c th vt qua c mkhng b cn tr.

- IP Protocol: Phng php ny c s dng xc nh nhng giao thc IP no c h

tr trn host. K thut ny s gi nhng IP packet dng raw m khng cha bt k protocolheader n tng giao thc c ch nh ti host ch. Nu chng ta nhn mt ICMPprotocol unreachable message, iu c ngha rng giao thc khng c s dng, ngcli chng ta gi s rng n c m. ch rng mt vi host (AIX, HP UX, DigitalUNIX) v mt s firewall khng th gi protocol unreachable messages, y l nguynnhn lm cho hiu lm rng tt c giao thc u c open.

C php chun nh sau:

NMAP [Scan type (s)] [option]

Scan type bao gm:

- -sS: TCP SYN- -sT: TCP connect ()

- -sU: UDP scan

- -sO: IP protocol

- -sF -sX -sN: Stealth FIN, Xmas tree, Null scan

- -sP: ping scanning

- -sV: version detection

Trang 13


14/72

Cc Option chnh nh sau:

- -PA [portlist] s dng TCP ACK ping xem danh sch cc host ang hot ng

- -PS [portlist] tng t -PA nhng dng SYN (connection request)

- -PU [portlist] dng UDP

V d: qut tt c cc cng TCP trn my ch 172.29.14.141

Nmap v 172.29.14.141

Ty chn v: M ch hin th chi tit qu trnh qut.

qut mt ng mng lp C m c cha a ch IP 172.29.14.141 dng tn hiu SYN.Ngoi ra cng xc nh lun c h iu hnh m ang s dng ti mi my l g ? C ang hotng hay khng ? s dng c c im ny, ngi s dng phi c quyn root.

Nmap sS O 172.29.14.141

2.4.2. Nghe ln (Sniffing):

K nghe ln phi nm trong cng ng mng hoc c t cc v tr cng truy cp c

cc thng tin c truyn trn mng.

S dng phn mm n bt cc thng tin quan trng (v d tn truy cp, mt khu, cookie)truyn trn mng m khng c m ha hoc ch s dng nhng c ch m ha n gin.

Cc qun tr mng c th s dng cc cng c sniff xem xt v nh gi lu thng mng.

A/ Gii thiu cng c TCP Dump:

L cng c phn tch ph bin trong mi trng Unix hay Linux. TCP Dump h tr cc giaothc TCP, UDP, IP v ICMP. Ngoi ra cn h tr cc dng d liu ca cc ng dng ph bin.Hu ht chng trnh TCP Dump phi chy vi quyn root hay c setuid l root.

C php TCP Dump nh sau:

TCP Dump [ -adefln Nopq RstuvxX]

[ -c count ]

[ -C file _size ]

[ -F file ]

[ -i interface ]

[ -m module ]

[ - r file ]

[ -s snaplen ][ -T type ]

[ -U user ]

[ - w file ]

[ -E algo: secret ]

[ expression ]

Cc lu :

Trang 14


15/72

- -c s dng khi bt s gi tin

- - C trc khi save raw packet vo file s kim tra file hin ti c kch thc ln hn file_size hay khng. Nu c th m mt file mi vi tn ch nh l w cng vi kch thcpha sau. n v ca file _size l 1000000 bytes.

V d: in ra tt c nhng packet c nhn v gi i t my c tn l sundown:

# tcpdump host sundown in ra s lu thng gia hai h thng my tnh c tn l sundown v moondown:

# tcpdump host sundown and moodown

in ra tt c nhng gi tin IP gia sundown v bt k nhng host khc ngoi tr my c tn ltestking:

# tcpdump ip host sundown and not testking

B/ Gii thiu cng c Ethereal:

L mt trong nhng cng c phn tch giao thc protocol analyzer mi nht hin nay, phttrin nm 1998. Ethereal c c phin bn cho Unix/Linux v windows. Mt khi thc hin bt gitin, packet s c gi trong buffer v sau c hin th ln mn hnh. Mt tnh nng caEthereal l live decodes ngay packet cho n khi dng vic bt gi tin. Chng ta c th thy iunay qua Network monitor ca windows s trnh by sau. Tuy nhin y cng l tnh nng khng ttlm nu lu lng mng kh nhiu 10000 packet chng hn m khng thc hin bin php lc gino. Khi chng ta khng th no theo di kp cc thng tin trnh by.

C/ Gii thiu cng c Network monitor ca windows:

Windows 2000, 2003 c h tr cng c Network monitoring h tr cc qun tr mng theo div phn tch cc gi tin c gi ra ngoi cng nh cc kt ni truy xut n.

Thng thng nu c ci t NW s c t ti. Trong trng hp khng c ta c th d

dng ci t thm bng cch:Start Setting Control pannel Add/Remove Program Add/Romove WindowsComponentsManagement and Monitoring tools.

Chy chng trnh:

Sau khi chn Network interface nhn start capture bt gi tin. Nhn biu tng Stop andView capture xem cc gi tin bt c. Ngay sau khi bt c chng ta ang panel u lpanel lit k tm tt.

B chn Zoom panel (thanh toolbar hnh knh lp) xem c 3 panel ca cc gi tin bcapture nh sau:

Panel th hai l thng tin chi tit v panel cui cng biu din di dng hex. DngEdit/Display Filter (thanh toolbar hnh ci phu) lc cc gi tin.

D/ Gii thiu cng c Cain & Abel:

y l cng c lng nghe rt mnh h tr cc tnh nng:

- Gi mo i ch ARP thu thp c thm nhiu thng tin

- Kh nng gii m i vi mt s password bt c di dng m ha.

Trang 15


16/72

Hng dn s dng Cain & Abel lng nghe thng tin trn mng LAN (thit b s dng trongmng thuc tng 1 v 2)

Ci t chng trnh Cain & Abel:

- Download chng trnh Cain & Abel t website: http://www.oxid.it/

- Ci t chng trnh (cn ci t Winpcap v3.1 beta 4 trc khi s dng chng trnh Cain

& Abel)- S dng chng trnh Cain & Abel lng nghe thng tin trn mng.

Chy chng trnh Cain & Abel:

Chn mc trn thanh cng c bt u qu trnh lng nghe trn mng, sau chn tabSniffer.

Tab Sniffer , chn mc Add to list Trn thanh cng c qut danh sch cc my tnh trn hthng mng. Mi thng tin trao i t danh sch ny s c lng nghe.

Trang 16
http://www.oxid.it/http://www.oxid.it/


17/72

Lu : Chng ta ch qut c nhng my tnh thuc cng ng mng vi mnh.

Chn tab password quan st cc thng tin tr v khi c s trao i thng tin trn mng.

Nu password b m ha chng ta s dng chnh chng trnh Cain & Abel gii m hoc dngchng trnh LC5. C nhiu thut ton gip cho vic gii m thnh cng nh:

Trang 17


18/72

- Gii m dng phng php Dictionary Attack

- Gii m dng phng php Brute Force Attack

- Gii m dng phng php Cryptanalysis

2.5. Password Attacks:

L phng php tn cng nhm on ra password cn gi l password guessing. Chng ta cth ngh ngay n vic on password t nhng thng tin lin quan n user s dng n: Ngysinh, tn

C hai cch tn cng chnh l Brute Force Attack (vt cn) v Dictionary based Attack(da trn danh sch mt khu xy dng trc)

2.5.1. Brute Force Attacks:

- S dng cc cng c on mt khu bng cc qut cn

- Kh nng tm ra mt khu s rt cao nu mt khu n gin

2.5.2. Dictionary Based Attacks:- Cc mt khu c trong cc t trong t in rt d b ph mt khu

- Cch ph mt khu s dng mt danh sch cc t nm trong t in c tnh gi trbm trc.

- Danh sch cc t v gi tr bm c th tm thy trn internet.

2.5.3. M t s cng c t n cng password: tn cng password, chng ta s dng cc cng c c kh nng gii m c cc password.

Nhng cng c mnh c kh nng tn cng password nh Cain & Able (xem phn trn), LC5

V d: Cch tn cng mt khu bng phng php vt cn

S dng chng trnh Cain & Able

Mc tiu: Ly mt khu ca cc user trn my cc b.

Cch thc hin:

- B1: Kch hot chng trnh Cain & Abel

- B2: Chn tab Cracker ti panel bn tri, chn mc LM & NTLM Hash. Sau chntrn thanh cng c chc nng add to list

Trang 18


19/72

- Chn mc Import Hashes from local machine chn Next

- Click chut trn user cn ly password, chn mc Brute Force Attack (NTLM)>LMhashes

Trang 19


20/72

- Ca s Brute Force Attackc hin ra >Chn Start bt u qu trnh d/giim/on password > Kt qu tr v l 1234

2.6. Malicous Code Attacks:

2.6.1. Viruses:

Virus, wrom v trojan horse c gi chun g l nhng on m nguy him. chng c th chimdng ti nguyn lm chm h thng, hoc lm h h thng.

Trang 20


21/72

Virus l nhng chng trnh c thit k ph hoi h thng c mc h iu hnh v ngdng.

2.6.2. Trojan horse:

Trojan horse l mt loi chng trnh c v an ton v hu ch nhng thc s bn trong ca nli c nhng nhng an m nguy him.

2.6.3. Logic Bombs:

Nhng on m c tch hp vo cc ng dng v c th c thc hin tn cng khi thamn mt iu kin no (v d cc Script hay ActiveX c tch hp trong cc trang web)

L mt loi malware thng c attacker li trong h thng c tnh nng tng t bomhn gi. Logic bomb khi gp nhng iu kin nht nh s pht huy tnh nng ph hoi ca n.Mt trong nhng logic bomb ni ting l Chemobyl pht huy tnh nng ph hoi ca n vo ngy26/4.

Mt cch dng ca logic bomb m attacker hay dng l hy cc chng c ca t tn cngkhi admin h thng bt u pht hin t nhp.

2.6.4. Worms:

Worm cng l mt dng virus nhng n c kh nng t to ra cc bn sao pht tn, y lanqua mng.

im khc bit ln nht gia worm v virus: Worm l mt chng trnh c lp c th t nhnbn, ly lan qua mng bng nhiu cch nhng thng thng nht l E - mail v Chat. Worm cngc th thc hin cc ph hoi nguy him. Trong khi virus l mt on m nguy him c gntrong mt chng trnh khc. V th virus ch c kch hot khi chng trnh c cha virus cthc thi.

2.6.5. Back door:Mt chng trnh, mt on m hay nhng cu hnh c bit trn h thng m chng ta khng

bit cho php attacker c th truy cp m khng cn chng thc hay login.

3. CC PHNG PHP PHNG CHNG:

3.1. Gii thiu cng c Essential NetTools:

Essential NetTools l mt b cng c bao gm Netstat , Nslookup, Tracert, Ping, Vic sdng cc lnh ny trn windows th rt l phc tp kh nh gi c. Tuy nhin, vi b cng cny, vic s dng tng i n gin nh giao din thn thin, d dng v ti lu hng dn chitit v y .

Vi cng c Essential NetTools, ngi qun tr mng c th gim st mi hot ng xy ra trnh thng my tnh (kim tra xem c ngi no ang tn cng bng SYN flood)

Gii php:

- Loi b nhng dch v khng cn thit

- S dng tng la hay IP Sec lc thng tin khng cn thit

- S dng IDS pht hin cc thm d v thng bo cc truy cp kh nghi

Trang 21


22/72

3.2. Gii thiu cng c Microsoft Baseline Security Analyzer:

Mc tiu:

Tm hiu cch thc pht hin l hng bo mt trn my cc b v mng, din gii c cc bnbo co tr v.

Cch thc hin:

- S dng cng c Microsoft Baseline Security Analyzer (MBSA) kim tra l hng trnh iu hnh windows.

- Nghin cu cc l hng bo mt c tm thy v cung cp cch v nhng l hng .

- S dng MBSA qut nhng im yu ca h thng windows

Ci t MBSA:

Kch hot chng trnh MBSA

Chn Scan a computer

Chn Start Scan bt u d l hng, bn bo co s c tr li nh sau:

Vi nhng Score c biu tng X l nhng l hng nghim trng nht.Chn mc Result details xem chi tit v l hng bo mt. chn mc how to correct this tm raphng thc khc phc vn .

Ch : khi mun qut li bo mt t cc h thng khc, chng ta ch cn nhp tn hay IP ca mycn qut.

3.3. S dng cng c Tenable NeWT Scanner:

Mc tiu:

Tm hiu cch thc pht hin l hng bo mt trn my cc b, din gii c cc bo co trv.

Cch thc hin:

- S dng NeWT d nhng l hng bo mt trn my cc b

- Tm hiu cc l hng c tm thy v cung cp cch v l hng

- S dng NeWT qut nhng ni b tn cng trn h thng cc b

Ci t chng trnh Tenable NeWT Scanner:

Kch hot chng trnh NeWT Security Scanner

Chn New Scan task bt u qu trnh qut

Nhp vo tn hoc a ch IP ca my cn qut chn Next

Chn Scan now bt u scan. Sau khi qu trnh qut thnh cng. Mt thng bo s hin thra nh sau:

Da trn bn bo co tr v, chng ta a ra cc gii php khc phc li.

Trang 22


23/72

3.4. Xy dng Firewall hn ch tn cng:

ngn chn s xm nhp bt hp php ca ngi dng mng, chng ta cn xy dng cc hthng phng th. Firewall l mt gii php tt cho vn ny. Vic xy dng firewall c th dngthit b phn cng hoc s dng gii php phn mm. Trong phn ny chng ta s hiu hai giiphp ny.

3.4.1. Gi i php ph n c ng: Hin nay trn th trng c rt nhiu sn phm cho php thit lp firewall t n gin n phc

tp. Cc firewall c tch hp trong cc thit b ni ng truyn ADSL hay trong cc thit bLoad Balance Router cng nh cc sn phm firewall chuyn dng nh Fotinex, Juniper, CheckPoint, Ty vo mc ca h thng mng m chng ta s s dng cc loi firewall tng ng.Trong phn ny, chng ta s tm hiu mt s tnh nng ca firewall trn sn phm Load BalanceRouter.

Vi thit b Load Balance Router ca hng Dray tek (vigor 3300V) s dng cc tnh nng hn ch ngi dng trong v ngoi mng nh:

A/ IP Filter:

y l mt tnh nng lc cc thng tin t mng trong i ra ngoi v ngc li.

B/ Dos:

y l mt tnh nng cho php gii hn s tn cng ca cc my tnh bn ngoi s dng Dos.

C/ URL Filter:

y l mt tnh nng cho php lc ni dung a ch website truy cp

D/ Bind IP to MAC:

y l mt tnh nng gii hn nhng ngi dng khng hp l c th truy cp s dngng internet hin ti.

E/ IM/P2P Blocking:

y l mt tnh nng cho php cm mt hoc mt vi a ch IP truy cp vo cc dch v tinnhn, VoIP hay cc dch v chia s d liu ngang hng.

3.4.2. Gi i php ph n m m:

Ngoi cc gii php s dng phn cng, chng ta cn c th s dng cc gii php phn mm hn ch s xm nhp t cc my khc. T Windows XP tr v sau ny, cc phin bn u tchhp cch thc thit lp firewall c bn bo v my tnh. Nu chng ta mong mun bo v anton trn mng, c mt s phn mm gii quyt cc gii php nh ISA, Kerio Win RouteFirewall, Zone Alam, Trong phn ny chng ta s s dng ISA 2004 xy dng firewall.

Phn mm ISA 2004 cung cp cho chng ta nhiu gii php xy dng firewall v hn ch sxm nhp bt hp php ca ngi dng trn mng. Cc mn hc trc chng ta tm hiu cchthc thit lp b lc hn ch ngi dng trong mng truy cp ra ngoi cng nh m mt scng dch v cn thit cho php cc my bn ngoi mng truy cp vo trong ni b. ngoi ratrn ISA 2004 chng ta cn c th gii hn c s lng phin (session) c m ng thi cngnh hn ch c cc tn cng theo dng Dos.

Trang 23


24/72

CHNG 2

BO MT VI LC GI IP

1. Gi Tin (Packet):

1.1 Packet l g?- Nh chng ta bit cc tn hiu trao i gia hai my tnh l cc tn hiu in di dng

cc bt nh phn 0/1.- Vi vic truyn d liu di dng cc bt nh phn n thun th chng ta khng th no

bit c thng tin nhn c l thng tin g, n thuc kiu dng d liu no, v n gi cho ngdng mng no trn my nhn gi tin.

- khc phc cc kh khn ngi ta a ra khi nim gi tin (data packet). Theo khinim ny th thng tin d liu trc khi c gi i n s c chia thnh nhiu phn nh, cc

phn nh ny trc khi c gi i n s c ng vo mt khun dng no gi l gi tin sau n mi c gi i. Trong gi tin c mt phn dng cha ng cc thng tin v ni gi vnhn, cng nh cc phng php kim sot li, m ha, gi l phn mo u ca gi tin (datapacket header)

- Giao thc TCP/IP l mt trong nhng giao thc ph bin nht hin nay s dng phngthc truyn d liu di dng gi tin. Trong giao thc ny n c rt nhiu loi gi tin nh: giTCP, gi IP, gi UDP,

1.2 Gi IP:y l loi gi tin c s dng trong giao thc IP (internet protocol) lp Internet trong

m hnh TCP/IP

Gi tin ny c chc nng l m bo cho vic truyn d liu mt cch chnh xc t myn my.Cu trc ca gi IP nh sau:

Trang 24


25/72

Version : trng ny c 4 bit n cho bit phin bn ca giao thc IP ang c s dng . Sversion ny ht sc quan trng nht l ngy nay ta ang tn ti hai phin bn IP song song . Mt sphn mm ng dng trn giao thc ny khi x l mt IP datagram n bt but phi bit c sversion , nu n khng nhn bit c s version th coi nh gi tin d b li v khng c chpnhn c x l tip theo .

Header Length : trng ny c di 4 bt , n cho bit s word c s dng IP header , ta

s dng trng ny bi v IP header c hai cu trc l short_IP_header c 20 byte , long_IP_headerc 24 byte do c s dng trng option . Type Of Service : c di 1 byte cho bit cch thc s l gi tin khi n c truyn trn

mng .

Ba bt u tin cho bit mc u tin ca gi tin000 : thp nht111: cao nht

Bit D quy nh v tr

1 : yu cu tr thp0 : bnh thngBit T ch thng lng yu cu

1 : yu cu thng lng cao0 : bnh thng

Bt R ch tin cy yu cu1 : tin cy cao0 : bnh thng

Bit M yu cu v chi ph1 : chi ph thp0 : bnh thng

Bt Z cha c s dng . Total Length : Cho bit di ca ton b ca mt IP datagram bao gm c header , n v

tnh l byte . N c gi tr thp nht l 20byte v ln nht l 65535 byte . Trng ny dng xcnh ln ca phn data .

Identification : c di 16 bt , dng cho vic nh s cc gi tin khi truyn i , n cho bitth t ca gi tin , s th t ny c cho bi u pht v khng b thay i trong qu trnh i tngun ti ch .

DF(dont fragment):bt ny cho bit gi tin c c php chia nh trong sut qu trnhtruyn hay khng

1 : khng cho php chia nh0 : cho php chia nh

MD (more fragment) : cho bit sau n cn c gi tin no khc hay khng .1 : cn mt gi tin ng sau n0 : khng cn gi tin no ng sau n

bt ny ch c s dng khi DF c gi tr 0 Fragment offset : c di 13 bt , ng v tnh ca trng ny l octect ( 1 ( 1 octect = 8

byte ) n cho bit v tr ca octect u tin ca gi b phn mnh trong qu trnh truyn so vi v trca octect th 0 ca gi gc . Trng ny ch c s dng khi DF c gi tr l 1 .

Time To Live : c di 1 byte , n qui nh thi gian sng ca mt gi tin , n v tnh ls nt mng m n i qua , thi gian sng c thuyt lp khi gi tin c gi i , v c mi ln i

Trang 25


26/72

qua mt nt mng thi gian sng ca n gim i mt , nu thi gian sng bng 0 trc khi gi tini ti ch th n s b hy . Mc ch l hn ch tc ngn trn ng truyn .

Protocol : c di 1 byte , n cho bit giao thc c s dng lp trn . VD : TCP ( 6 ) ;UDP ( 17 )

Header Checksum : c 16 bit dng kim tra li ca IP header , trng ny c th thay isau mi ln qua mt nt mng nu DF = 1 . Trng ny dng phng php kim tra li CRC .

Source/Destination address : chi bit a ch ngun v a ch ch , mi trng c di 32 bt . Option : trng ny c dy t 3 n 4 byte , n c th c hoc khng c s dng .

N cung cp cc thng tin v kim tra li , o lng , .

FC (flag copy) : bt ny c chc nng l c sao chp trng option khi phn mnh (on) haykhng .

1 : sao chp trng option cho tt c cc phn on .0 : ch c phn on u tin c trng option , cc phn on cn li th khng

c trng option .Class : c 2 bt n c cc gi tr sau :

00 : dng cho iu khin datagram10 : dng cho mc ch iu hnh

bn gi tr ca trng type ca option :

FC class Number option ngha

1 00 00000 Marks the end of the options list1 00 00001 No option (used for padding)1 00 00010 Security options (military purposes only)1 00 00011 Loose source routing1 00 00111 Activates routing record (adds fields)1 00 01000 Tream ID1 00 01001 Strict source routing1 10 00100 Timestamping active (adds fields)

Length : cho bit di ca trng option bao gm c trng type v lengthOption data : dng cha ng cc thng tin lin quan do n trng type .

Padding : trng ny c s dng khi trng option c di nh hn 4 byte , trn thc t

trng ny ch l b m lt them vo cho dy cu trc khung.Data : dng cha d liu ca gi tin . N c di khng c nh , ty thuc vo ln cathng tin truyn i cng nh mi trng mng .

1.3. Gi UDP:Chc nng v cu trc:

Chc nng:

Trang 26


27/72

y l gi tin c s dng trong giao thc UDP chc nng ca n l m bo cho d liuc truyn t ng dng trn host ngun n mt ng dng trn host ch mt cch chnh xc datrn phng php hot ng khng kt ni.

Cu trc gi tin:

Source port number : cho bit a ch ca ng dng ngun gi gi UDP i .Destination port number : cho bit a ch ca ng dng ch s nhn gi UDP UDP length : cho bit di ca gi UDP bao gm c phn header v phn data .UDP checksum : y l vng ty chn , n c th c hoc khng c s dng , khi khng cs dng n c gi tr l 0 , nhng khi mun m bo s an ton cng nh chnh xc ca gi tin

th trng ny mi c s dng .

Hot ng Ca UDPng gi UDP :

hnh 4.2 : qu trnh ng gi UDPHot ng :y l mt giao thc hot ng theo phng thc khng lin kt . Tc l khi mt ng dng trnhost ngun mun gi d liu n host ch m s dng giao thc UDP th n ch vic gi d liui m khng cn bit d liu c ti c host ch hay khng .UDP ch c s dng vi cc ng dng khng yu cu tin cy cao hoc i hi tnh thi gianthc nh : TFTP , BOOTP , Multimedia (intenet vedeo , VoIP .)

1.4 Gi TCP:

Trang 27


28/72

Sequence number : n v tnh l octect , n cho bit v tr ca byte u tin trong trng data tronglung d liu truyn i . Trng ny c gi tr t 0 n 1232 .Khi mi bt u kt ni sequence number cha ng gi tr u tin ca n , gi tr ny do hostngun chn v thng khng c gi tr c nh . Khi gi d liu u tin c gi i n c gi tr

bng gi tr u cng thm 1 .Tng qut trng sequence number c th c tnh nh sau :)(__ 11 += nnn datalennumbersequencenumbersequence

Acknowledgement number : trng ny cho bit gi tin m ni gi mun thng bo cho ni nhnbit l n ang i pha nhn gi cho n gi tin c s sequence number c gi tr bng vi gi trca Acknowledgement number , khi nhn c thng bo ny ni nhn xc nh c rng cc gitin m n gi n u kia trc n ch an ton .Hlen : cho bit di ca phn TCP header , nh vo trng ny m u thu bit c trngOption c c x dng hay khng .Reserved : trng ny hin cha c s dng .Flag bit : trng ny c 6 bt c , mi bt c s dng vo cc mc ch khc nhau , n gm cc

bt sau :URG : cho bit trng Urgent pointer c hiu lc hay khngACK : cho bit ACK number c c s dng hay khngPHS : 1 _ a thng ln lp trn khng cn kim tra .

0 _ kim tra trc khi a ln lp trn .RST : yu cu thit lp li kt ni .SYN : thit lp li s trnh t .FIN : kt thc truyn ti .

Window : cho bit ln ca ca host ngunChecksum : dng kim tra li ca ca gi TCP , vic kim tra li do u nhn thc hin . Victnh ton do pha g m nhn . TCP s dng m CRC kim tra li .

Khi tnh ton trng Header checksum ngi ta thm vo gi UDP mt phn u gi , ni dungca phn u gi ny ging nh ni dung ca phn u gi ca UDP :

Urgent pointer : y l trng con tr khn cp , n c cc chc nng nh :Ngn cn mt qu trnh no trong qu trnh truyn ti

Trang 28


29/72

Dng ch ra ranh gii gia gia phn d liu khn cp v1 phn d liu thng(trong TCP phn d liu khn cp c t trc) .Option : trng ny l ty chn , n c cu trc ging nh trng Option ca IP :

Type : cho bit loi thng ip optionLength : cho bit di ca trng optionOptiondata : cha ni dung ca trng option

Cc loi thng ip option :Type number length means

0 - Kt thc ca option list1 - Khng s dng2 4 Cho bit kch thc ti a ca 1 phn on3 3 Thng bo v s thay i ca ca s4 2 Shack permit

5 X shack 8 10 Timestamp

2. Bo Mt Vi Lc Gi:

2.1. Khi Qut V Lc Gi:Bo mt da trn lc gi tin l phng php bo mt da trn cc thng tin phn header

ca cc gi tin, thng qua cc thng tin ny m ta c th quy nh gi tin no c php hay khngc php trn qua b lc.

Cc thng tin m chng ta quan tm n l cc thng tin nh a ch ca my gi v nhn

gi tin, a ch ca ng dng nhn v gi gi tin, giao thc s dng trong sut qua trnh trao ithng tin gia hai my.

2.2 Cc Bc Xy Dng Lut Bo Mt Trong IPSEC:

B c 1: Xc nh b l c gi tin:

- B lc gi tin c chc nng cho php hay ngn cm mt hay mt s loi gi tinc php hay khng c php truyn qua n.

- Cc bc xy dng b lc nh sau:> Khi ng IPSEC:

vo administrative tool Local security policy Right click ln IP security policies manage ip filter list ..

Trang 29


30/72

xut hin hp thoi:

chn mc manage ip filter list and filter action chn add tin hnh to b lc mi:

Xut hin hp thoi sau:

Trang 30


31/72

- name: cho php khai bo tn ca b lc- Description: cho php g vo cc m t chi tit ca b lc- Filters: cho php khai bo cc chc nng ca b lc- Add: cho php thm vo b lc 1 chc nng mi- Edit : cho php hiu chnh (thay i) 1 chc nng c sn ca b lc- Remove: cho php xa 1 chc nng ca b lc

Chn add thm 1 chc nng vo b lc next xut hin hp thoi: ip trafic source

Trang 31


32/72

Hp thoi ny cho php ta khai bo a ch ip ca my gi gi tin

next xut hin hp thoi: ip trafic destination

Hp thoi ny cho php khai bo a ch ip ca my nhn gi tin

next xut hin hp thoi: ip protocol type

Trang 32


33/72

Hp thoi ny cho php xc nh giao thc s dng trong b lc l giao thc g

next xut hin hp thoi: ip protocol port

Hp thoi ny cho php khai bo a ch port ca ng dng gi v ng dng nhn gi tin- From any port/ from this port: mc ny cho php khai bo a ch port ca ng

dng gi gi tin

Trang 33


34/72

- To any port/ to this port: mc ny cho php khai bo a ch port ca ng dngnhn gi tin.

next finish: hon tt vic xy dng 1 chc nng cho b lc

Ch :ti bc ny chng ta c th bm ok kt thc vic xy dng b lc, hoc chon add thm vo b lc 1 chc nng lc khc.

B c 2: xc nh cc hnh ng c a b l c:

Chng ta c 3 loi hnh ng c bn ca b lc: Permit: cho php Block: ngn cm (kha) Negotiate security: m ha d liu khi truyn

Ti ca s manage ip filter list and filter action chn manage filter action

Trang 34


35/72

chn add to hnh ng mi cho b lc:

Name: cho php khai bo tn ca hnh ngDescription: phn m t chi tit cho hnh ng next filter action general option: hp thoi ny cho php khai bo cc hnh ng

tng ng ca b lc nh: ngn cn, cho php, m ha d liu:

Trang 35


36/72

next finish hon tt vic to action filter

B c 3: xy d ng lu t:

right click ln ip security policy local computer chn create ip security policy

xut hin hp thoi: ip security policy name: mc ny cho php khai bo tn ca lutang c xy dng:

next finish

Trang 36


37/72

xut hin hp thoi:

chn add thm vo lut 1 chnh sch mi next xut hin hp thoi

- all net connection: co hiu lc cho tt c cc mng- local area network: co hiu lc ch trong mng ni b

- remote access: ch c hiu lc vi cc my s dng dch v truy nhp t xa. next xut hin hp thoi ip filter list hp thoi ny cho php chn b lc.

Trang 37


38/72

nextxut hin hp thoi filter action: hp thoi ny cho php chng ta chn hnhng tng ng ca b lc

next finish xut hin hp thoi new rule properties

Trang 38


39/72

chn ok hon tt qu trnh ci t 1 chnh sch lc cho lut (rule)

ti y chng ta c th chn close hon tt vic xy dng 1 lut, hoc chn add thm 1 chnh sch mi vo trong lut.

2.3 Lc Gi IP Da Trn Thit B Phn CngChng ta s dng modem Drayteck 2800Truy nhp vo modem drayteck: http:\\[IP ca modem]

Trang 39


40/72

Sau khi nhp ng user/pass trnh duyt xut hin mng hnh cu hnh thit b nh sau:

Chn filterwall mng hnh xut hin nh sau:

Trang 40


41/72

- IM blocking: kha dch v tin nhn- P2P blocking: kha cc dch v chia s file nh: emule, - Dos defense: ngn chn tn cng bn DDOS- URL conten filter: ngn cm truy nhp mt s a ch web no - Web filter: ngn cm truy nhp web site theo thng tin t cc web site bo mt

trn mng.

Trang 41


42/72

Chng 3

IPSEC

(Internet protocol security)1. Tng quan

Giao thc IPsec c lm vic ti tng Network Layer layer 3 ca m hnh OSI. Cc giaothc bo mt trn Internet khc nh SSL, TLS v SSH, c thc hin t tng transportlayer tr ln (T tng 4 ti tng 7 m hnh OSI). iu ny to ra tnh mm do cho IPsec,giao thc ny c th hot ng t tng 4 vi TCP, UDP, hu ht cc giao thc s dng titng ny. IPsec c mt tnh nng cao cp hn SSL v cc phng thc khc hot ng ticc tng trn ca m hnh OSI. Vi mt ng dng s dng IPsec m (code) khng b thayi, nhng nu ng dng bt buc s dng SSL v cc giao thc bo mt trn cc tng

trn trong m hnh OSI th on m ng dng s b thay i ln.

2. Cu trc bo mt

IPsec c trin khai (1) s dng cc giao thc cung cp mt m (cryptographic protocols)nhm bo mt gi tin (packet) trong qu trnh truyn, (2) phng thc xc thc v (3) thitlp cc thng s m ho.

Xy dng IPsec s dng khi nim v bo mt trn nn tng IP. Mt s kt hp bo mt rtn gin khi kt hp cc thut ton v cc thng s (v nh cc kho keys) l nn tng

trong vic m ho v xc thc trong mt chiu. Tuy nhin trong cc giao tip hai chiu, ccgiao thc bo mt s lm vic vi nhau v p ng qu trnh giao tip. Thc t la chn ccthut ton m ho v xc thc li ph thuc vo ngi qun tr IPsec bi IPsec bao gmmt nhm cc giao thc bo mt p ng m ho v xc thc cho mi gi tin IP.

Trong cc bc thc hin phi quyt nh ci g cn bo v v cung cp cho mt gi tinoutgoing (i ra ngoi), IPsec s dng cc thng s Security Parameter Index (SPI), mi qutrnh Index (nh th t v lu trong d liu Index v nh mt cun danh b in thoi)bao gm Security Association Database (SADB), theo sut chiu di ca a ch ch trongheader ca gi tin, cng vi s nhn dng duy nht ca mt tho hip bo mt (tm dch t

- security association) cho mi gi tin. Mt qu trnh tng t cng c lm vi gi tin ivo (incoming packet), ni IPsec thc hin qu trnh gii m v kim tra cc kho tSADB.

Cho cc gi multicast, mt tho hip bo mt s cung cp cho mt group, v thc hin choton b cc receiver trong group . C th c hn mt tho hip bo mt cho mt group,bng cch s dng cc SPI khc nhau, tuy nhin n cng cho php thc hin nhiu mc bo mt cho mt group. Mi ngi gi c th c nhiu tho hip bo mt, cho php xcthc, trong khi ngi nhn ch bit c cc keys c gi i trong d liu. Ch cc

Trang 42


43/72

chun khng miu t lm th no cc tho hip v la chn vic nhn bn t group ticc c nhn.

3. Hin trng

IPsec l mt phn bt bc ca IPv6, c th c la chn khi s dng IPv4. Trong khi cc

chun c thit kt cho cc phin bn IP ging nhau, ph bin hin nay l p dng vtrin khai trn nn tng IPv4.

Cc giao thc IPsec c nh ngha t RFCs 1825 1829, v c ph bin nm 1995.Nm 1998, c nng cp vi cc phin bn RFC 2401 2412, n khng tng thch vichun 1825 1929. Trong thng 12 nm 2005, th h th 3 ca chun IPSec, RFC 4301 4309. Cng khng khc nhiu so vi chun RFC 2401 2412 nhng th h mi c cungcp chun IKE second. Trong th h mi ny IP security cng c vit tt li l IPsec.

S khc nhau trong quy nh vit tt trong th h c quy chun bi RFC 1825 1829 l

ESP cn phin bn mi l ESPbis.4. Thit k theo yu cu.

IPsec c cung cp bi Transport mode (end-to-end) p ng bo mt gia cc my tnhgiao tip trc tip vi nhau hoc s dng Tunnel mode (portal-to-portal) cho cc giao tipgia hai mng vi nhau v ch yu c s dng khi kt ni VPN.

IPsec c th c s dng trong cc giao tip VPN, s dng rt nhiu trong giao tip. Tuynhin trong vic trin khai thc hin s c s khc nhau gia hai mode ny.

Giao tip end-to-end c bo mt trong mng Internet c pht trin chm v phi chi rt lu. Mt phn b l do tnh ph thng ca no khng cao, hay khng thit thc,Public Key Infrastructure (PKI) c s dng trong phng thc ny.

IPsec c gii thiu v cung cp cc dch v bo mt:

1. M ho qu trnh truyn thng tin

2. m bo tnh nguyn vn ca d liu

3. Phi c xc thc gia cc giao tip

4. Chng qu trnh replay trong cc phin bo mt.

5. Modes Cc mode

C hai mode khi thc hin IPsec l: Transport mode v tunnel mode.

Transport mode

Trang 43


44/72

Trong Transport mode, ch nhng d liu bn giao tip cc gi tin c m ho v/hocxc thc. Trong qu trnh routing, c IP header u khng b chnh sa hay m ho; tuynhin khi authentication header c s dng, a ch IP khng th bit c, bi cc thngtin b hash (bm). Transport v application layers thng c bo mt bi hm bm(hash), v chng khng th chnh sa (v d nh port number). Transport mode s dngtrong tnh hung giao tip host-to-host.

iu ny c ngha l ng gi cc thng tin trong IPsec cho NAT traversal c nh nghabi cc thng tin trong ti liu ca RFC bi NAT-T.

Tunnel mode

Trong tunnel mode, ton b gi IP (bao gm c data v header) s c m ho v xcthc. N phi c ng gi li trong mt dng IP packet khc trong qu trnh routing carouter. Tunnel mode c s dng trong giao tip network-to-network (hay gia ccrouters vi nhau), hoc host-to-network v host-to-host trn internet.

5. Technical details.

C hai giao thc c pht trin v cung cp bo mt cho cc gi tin ca c hai phin bnIPv4 v IPv6:

IP Authentication Header gip m bo tnh ton vn v cung cp xc thc.

IP Encapsulating Security Payload cung cp bo mt, v l option bn c th la chn ctnh nng authentication v Integrity m bo tnh ton vn d liu.

Thut ton m ho c s dng trong IPsec bao gm HMAC-SHA1 cho tnh ton vn dliu (integrity protection), v thut ton TripleDES-CBC v AES-CBC cho m m ho vm bo an ton ca gi tin. Ton b thut ton ny c th hin trong RFC 4305.

a. Authentication Header (AH)

AH c s dng trong cc kt ni khng c tnh m bo d liu. Hn na n l la chnnhm chng li cc tn cng replay attack bng cch s dng cng ngh tn cng slidingwindows v discarding older packets. AH bo v qu trnh truyn d liu khi s dng IP.Trong IPv4, IP header c bao gm TOS, Flags, Fragment Offset, TTL, v Header

Checksum. AH thc hin trc tip trong phn u tin ca gi tin IP. di y l m hnhca AH header.

Cc modes thc hin

Trang 44


45/72

ngha ca tng phn:

Next header:Nhn dng giao thc trong s dng truyn thng tin.

Payload length: ln ca gi tin AH.

RESERVED: S dng trong tng lai (cho ti thi im ny n c biu din bng ccs 0).

Security parameters index (SPI): Nhn ra cc thng s bo mt, c tch hp vi ach IP, v nhn dng cc thng lng bo mt c kt hp vi gi tin.

Sequence number: Mt s t ng tng ln mi gi tin, s dng nhm chng li tn cngdng replay attacks.

Authentication data: Bao gm thng s Integrity check value (ICV) cn thit trong gi tinxc thc.

b. Encapsulating Security Payload (ESP)

Giao thc ESP cung cp xc thc, ton vn, m bo tnh bo mt cho gi tin. ESP cngh tr tnh nng cu hnh s dng trong tnh hung ch cn bo m ho v ch cn choauthentication, nhng s dng m ho m khng yu cu xc thc khng m bo tnh bomt. Khng nh AH, header ca gi tin IP, bao gm cc option khc. ESP thc hin trntop IP s dng giao thc IP v mang s hiu 50 v AH mang s hiu 51.

Trang 45


46/72

ngha ca cc phn:

Security parameters index (SPI): Nhn ra cc thng s c tch hp vi a ch IP.

Sequence number:T ng tng c tc dng chng tn cng kiu replay attacks.

Payload data: Cho d liu truyn i

Padding: S dng vi block m ho

Pad length: ln ca padding.

Next header:Nhn ra giao thc c s dng trong qu trnh truyn thng tin.

Authentication data: Bao gm d liu xc thc cho gi tin.

6. Implementations - thc hin

IPsec c thc hin trong nhn vi cc trnh qun l cc key v qu trnh thng lngbo mt ISAKMP/IKE t ngi dng. Tuy nhin mt chun giao din cho qun l key, n

c th c iu khin bi nhn ca IPsec.

Bi v c cung cp cho ngi dng cui, IPsec c th c trin khai trn nhn caLinux. D n FreeS/WAN l d n u tin hon thnh vic thc hin IPsec trong mngun m c th l Linux. N bao gm mt nhn IPsec stack (KLIPS), kt hp vi trnhqun l key l deamon v rt nhiu shell scripts. D n FreeS/WAN c bt u vothng 3 nm 2004. Openswan v strongSwan tip tc d n FreeS/WAN.

Trang 46


47/72

D n KAME cng hon thnh vic trin khai s dng IPsec cho NetBSB, FreeBSB. Trnhqun l cc kho c gi l racoon. OpenBSB c to ra ISAKMP/IKE, vi tn ngin l isakmpd (n cng c trin khai trn nhiu h thng, bao gm c h thng Linux).

Trong bi vit ny ti s gii thiu vi cc bn tng quan v cch thc lm vic ca PublicKey Infrastructure (PKI).

Nu bn s dng Active Directory ca cng ngh Windows NT th mi user khi c to racng i lin vi n c mt cp Key: Public key v Private key. Ngoi ra cn c nhiu ngdng to ra cp kho ny.

Cp key c to ra ngu nhin vi nhiu ch s hin th. Khi cc keys c to ra tnhiu ch s ngu nhin, s khng th gii m nu ra private key nu bit public key.Nhng c mt s thut ton c th to ra public key t private key. Nhng ch c Publickey mi c published cho ton b mi ngi.

Hu ht cc cp key c to ra t nhiu s v bng mt thut ton m ho no .

Mt thng tin c m ho vi public key th ch c th gii m bi private key. Nu ch cpublic key bn s khng th gii m c gi tin. iu ny c ngha khi mt ngi gi

Trang 47


48/72

thng tin c m ho ti mt ngi khc th ch c ngi nhn mi m c thng tin m thi. Nhng ngi khc c bt c ton b thng tin th cng khng th gii m cnu ch c Public key.

Mt thng tin c m ho vi private key c th gii m vi public key. Khi public key c public cho ton b mi ngi th ai cng c th c c thng tin nu c public key.

m bo an ton hn trong qu trnh truyn thng tin: Alice kt hp Private key ca c

y vi Public key ca Bob to ra v chia s bo mt (share secret). Cng tng t nhvy Bob cng kt hp Private key ca mnh vi Public key ca Alice to ra mt sharedsecret. Ri hai ngi truyn thng tin cho nhau.

Khi Alice truyn thng tin cho Bob bng Shared Secret c to ra, khi Bob nhn c gitin m ho bi shared secret dng Public key ca Alice kt hp vi Private key ca mnh m thng tin. iu ny cng tng t khi Bob truyn thng tin v cch Alice gii m ly thng tin.

Trang 48


49/72

CHNG 4

NAT

(Network Address Translation)

1. Nat L. G ?

NAT hay cn gi l Network Address Translation l mt k thut c pht minh lc khi udng gii quyt vn IP shortage. Khi c hai my tnh trn cng mt lp mng (cngsubnet), cc my tnh ny kt ni trc tip vi nhau, iu ny c ngha l chng c th gi v nhnd liu trc tip vi nhau. Nu nhng my tnh ny khng trn cng mt lp mng v khng c ktni trc tip th d liu s c chuyn tip qua li gia nhng lp mng ny v nh th phi cnmt router (c th l phn mm hoc phn cng) y l trng hp khi mt my tnh no mun

kt ni ti mt my khc trn internet.

2. M Hnh Mng Ca Dch V Nat

3. Nguyn L Hot ng Ca NAT

NAT lm vic nh mt router, cng vic ca n l chuyn tip cc gi tin (packets) gia nhng lpmng khc nhau trn mt mng ln. Bn cng c th ngh rng Internet l mt mng n nhng cv s subnet. Routers c kh nng hiu c cc lp mng khc nhau xung quanh n v cth chuyn tip nhng gi tin n ng ni cn n.

Trang 49
http://www.vnpower.org/forums/Subnet-mask-la-gi-t43802.htmlhttp://www.vnpower.org/forums/Subnet-mask-la-gi-t43802.html


50/72

NAT s dng IP ca chnh n lm IP cng cng cho mi my con (client) vi IP ring. Khi mtmy con thc hin kt ni hoc gi d liu ti mt my tnh no trn internet, d liu s cgi ti NAT, sau NAT s thay th a ch IP gc ca my con ri gi gi d liu i vi ach IP ca NAT. My tnh t xa hoc my tnh no trn internet khi nhn c tn hiu s gigi tin tr v cho NAT computer bi v chng ngh rng NAT computer l my gi nhng gid liu i. NAT ghi li bng thng tin ca nhng my tnh gi nhng gi tin i ra ngoi trn

mi cng dch v v gi nhng gi tin nhn c v ng my tnh (client).

NAT thc hin nhng cng vic sau:

- Chuyn i a ch IP ngun thnh a ch IP ca chnh n, c ngha l d liu nhn c bimy tnh t xa (remote computer) ging nh nhn c t my tnh c cu hnh NAT.- Gi d liu ti my tnh t xa v nh c gi d liu s dng cng dch v no.- D liu khi nhn c t my tnh t xa s c chuyn ti cho cc my con.

NAT c hot ng vi bt k giao thc v ng dng no khng?

Giao thc s dng a kt ni hoc a phng tin v nhiu kiu d liu (nh l FTP hocRealAudio). Vi FTP, khi bn bt u cng vic truyn file, bn thc hin mt kt ni ti FTPserver bi FTP client, my client kt ni vo v yu cu c truyn file hoc th mc, vi mt viFTP client bn s thy mt hin tng g nh lnh port, nhng g m dng lnh ny ang thchin l thit lp kt ni d liu gi tp tin hoc th mc v li cho FTP client. Cch thc hincng vic nh vy c ngha l my client ni vi server rng hy kt ni vi ti trn a ch IPny v trn cng port ny truyn d liu.

Vn y l my client ch cho server bit kt ni ngc li trn a ch IP ni b bn trongmng LAN ca chnh n v nh vy server s khng tm c a ch IP ny v tht bi nu serverc gng tm kim v kt ni vi a ch ny, y l lc phi cn ti NAT

Hu ht cc gii php NAT (trong bao gm c WinGate) u c s h tr c bit i vi giaothc FTP v yu cu i vi my tnh c cu hnh NAT l my tnh phi c a ch IP tnh(static IP).

Trang 50


51/72

4. Trin Khai Dch V Nat

4.1 Yu Cu:- My phi c t hai giao tip network tr ln

C hai card mngC 1 card mng v 1 giao tip thng qua modem dialup

- My phi ci t HH window server

4.2 Trin khai dch v Nat:Bc 1: khi ng dch v Nat:- Khi ng chng trnh Routing and Remote Access:

menu start all program administrative tools routing and remote access

- Khi ng dch v Nat right click server-radius (tn ca my Nat server)configue and enable routing and

remote access

Trang 51


52/72

next nextwork address translation

next khi ng hp thoi Nat internet conection: hp thoi ny cho php chng tachn la giao tip no kt ni vi h thng mng internet

C 2 mc chn la:

use this public interface to connect to internet:Chng ta chn la mc ny khi my c t 2 card mng tr ln.Ti list box chng ta chn la card mng dng kt ni internet Create a new demand-dial interface to the internetMc ny ch c chn la khi giao tip vi internet l 1 modem dialup

next finish khi ng dch v Nat

Trang 52


53/72

sau khi khi ng dch v nat ta co giao din chng trnh nh sau:

Bc 2: Cu hnh dch v Nat: Cu hnh giao tip internet:

right click ln giao tip internet properties m hp thoi cu hnh ca kt niinternet Tab Nat/Basic firewall:

Trang 53


54/72

Hp thoi ny cho php thit lp cc bo mt c bn trn giao tip interneto Public interface connect to the internet:

Mc ny c chn la khi giao tip ny l giao tip kt ni vi h thng mng bnngoi.

- Enable NAT on this interface: mc ny cho php bt hay tt chc nng NAT, khitt chc nng ny khi cc my trm trong h thng mng LAN khng th kt ni internet c

- Enable basic firewall on this interface: mc ny cho php bt tt ch bo v cbn ca NAT server trn giao tip hin ti.

oStatic Packet Filter:Mc ny cho php thit lp chnh sch lc cc gi tin i qua nat server

- Inbound filter: cho php thit lp b lc gi tin i vo interface ny- Outbound filter: cho php thit lp b lc gi tin i ra interface ny

Tab Address pool:Cho php quy nh nhng my c a ch IP no c php truy nhp internet

Trang 54


55/72

Tab service and ports:Cho php quy nh loi dch v no m cho php bn ngoi internet truy nhp vo n.

- Add: cho php thm vo loi dch v- Edit: cho php hiu chnh thng tin ca tng loi dch v

Tab ICMP:Cho php thit lp cc chnh sch lc vi giao thc h tr nh tuyn ICMP.

Trang 55


56/72

Trang 56


57/72

CHNG 5

VIRUS

V CCH PHNG CHNG

1 VirusVirus tin hc hin nay ang l ni bn khon lo lng ca nhng ngi lm cng tc tin hc,

l ni lo s ca nhng ngi s dng khi my tnh ca mnh b nhim virus. Khi my tnh camnh b nhim virus, h ch bit trng ch vo cc phn mm dit virus hin c trn th trng,trong trng hp cc phn mm ny khng pht hin hoc khng tiu dit c, h b lm phitnh hung rt kh khn, khng bit phi lm nh th no.V l do , c mt cch nhn nhn c bn v c ch v cc nguyn tc hot ng ca virus tin hcl cn thit. Trn c s , c mt cch nhn ng n v virus tin hc trong vic phng chng,

kim tra, cha tr cng nh cch phn tch, nghin cu mt virus mi xut hin.

1.1 Virus l g ?Thut ng virus tin hc dng ch mt chng trnh my tnh c th t sao chp chnh n

ln ni khc (a hoc file) m ngi s dng khng hay bit. Ngoi ra, mt c im chungthng thy trn cc virus tin hc l tnh ph hoi, n gy ra li thi hnh, thay i v tr, m hohoc hu thng tin trn a.

1.2 Phn Loi:Thng thng, da vo i tng ly lan l file hay a m virus c chia thnh hai nhm chnh:

- B-virus: Virus ch tn cng ln Master Boot hay Boot Sector.

- F-virus: Virus ch tn cng ln cc file kh thi.

Mc d vy, cch phn chia ny cng khng hn l chnh xc. Ngoi l vn c cc virus va tncng ln Master Boot (Boot Sector) va tn cng ln file kh thi.

c mt cch nhn tng quan v virus, chng ta xem chng dnh quyn iu khin nh th no.

a. B-virus.

Khi my tnh bt u khi ng (Power on), cc thanh ghi phn on u c t v 0FFFFh, cnmi thanh ghi khc u c t v 0. Nh vy, quyn iu khin ban u c trao cho on mti 0FFFFh: 0h, on m ny thc ra ch l lnh nhy JMP FAR n mt on chng trnh trongROM, on chng trnh ny thc hin qu trnh POST (Power On Self Test - T kim tra khikhi ng).

Qu trnh POST s ln lt kim tra cc thanh ghi, kim tra b nh, khi to cc Chip iu khinDMA, b iu khin ngt, b iu khin a... Sau n s d tm cc Card thit b gn thm trao quyn iu khin cho chng t khi to ri ly li quyn iu khin. Ch rng y l on

Trang 57


58/72

chng trnh trong ROM (Read Only Memory) nn khng th sa i, cng nh khng th chnthm mt on m no khc.

Sau qu trnh POST, on chng trnh trong ROM tin hnh c Boot Sector trn a A hocMaster Boot trn a cng vo RAM (Random Acess Memory) ti a ch 0:7C00h v trao quyniu khin cho on m bng lnh JMP FAR 0:7C00h. y l ch m B-virus li dng tn

cng vo Boot Sector (Master Boot), ngha l n s thay Boot Sector (Master Boot) chun bngon m virus, v th quyn iu khin c trao cho virus, n s tin hnh cc hot ng camnh trc, ri sau mi tin hnh cc thao tc nh thng thng: c Boot Sector (MasterBoot) chun m n ct giu u vo 0:7C00h ri trao quyn iu khin cho on m chunny, v ngi s dng c cm gic rng my tnh ca mnh vn hot ng bnh thng.

b. F-virus.

Khi DOS t chc thi hnh File kh thi (bng chc nng 4Bh ca ngt 21h), n s t chc li vngnh, ti File cn thi hnh v trao quyn iu khin cho File . F-virus li dng im ny bngcch gn on m ca mnh vo file ng ti v tr m DOS trao quyn iu khin cho File sau khi

ti vo vng nh. Sau khi F-virus tin hnh xong cc hot ng ca mnh, n mi sp xp, b trtr li quyn iu khin cho File cho File li tin hnh hot ng bnh thng, v ngi s dngth khng th bit c.

Trong cc loi B-virus v F-virus, c mt s loi sau khi dnh c quyn iu khin, s tin hnhci t mt on m ca mnh trong vng nh RAM nh mt chng trnh thng tr (TSR), hoctrong vng nh nm ngoi tm kim sot ca DOS, nhm mc ch kim sot cc ngt quan trngnh ngt 21h, ngt 13h,... Mi khi cc ngt ny c gi, virus s dnh quyn iu khin tinhnh cc hot ng ca mnh trc khi tr li cc ngt chun ca DOS.

1.3 c im Ca B-Virus:

Qua phn trc, chng ta a ra cc thng tin ht sc c bn v cu trc a, tin trnh khing v cch thc t chc vng nh, t chc thi hnh file ca DOS. Nhng thng tin gipchng ta tm hiu nhng c im c bn ca virus, t a ra cch phng chng, cha tr trongtrng hp my b nhim virus.

a. Phn loi B-virus.

Nh chng ta bit, sau qu trnh POST, sector u tin trn a A hoc a C c c vo vngnh ti 0: 7C00, v quyn iu khin c trao cho on m trong sector khi ng ny. B-virushot ng bng cch thay th on m chun trong sector khi ng ny bng on m ca n chim quyn iu khin, sau khi ci t xong mi c sector khi ng chun c virus ct

gi u vo 0:7C00 v tr li quyn iu khin cho on m chun ny. Vic ct gi sectorkhi ng ti v tr no trn a tu thuc loi a v cch gii quyt ca tng loi virus. i via cng, thng thng n c ct gi u trong Side 0, Cylinder 0 v trong c track ny,DOS ch s dng sector u tin cho bng Partition. Trn a mm, v tr ct gi s phc tp hn vmi ch u c kh nng b ghi thng tin. Mt s hng sau y c cc virus p dng:

S dng sector cui Root Directory, v n thng t c s dng.

S dng cc sector cui cng trn a, v khi phn b vng trng cho file, DOS tm vng trng t

Trang 58


59/72

nh n ln cho nn vng ny thng t c s dng.

Ghi vo vng trng trn a, nh du trong bng FAT vng ny l vng b hng DOS khng sdng cp pht na. Cch lm ny an ton hn cc cch lm trn y.

Format thm track v ghi vo track va c Format thm.

Ty thuc vo ln ca on m virus m B-virus c chia thnh hai loi:

- SB-virus.

Chng trnh ca SB-virus ch chim ng mt sector khi ng, cc tc v ca SB-virus khngnhiu v tng i n gin. Hin nay s cc virus loi ny thng t gp v c l ch l cc virusdo trong nc "sn xut".

- DB-virus.

y l nhng loi virus m on m ca n ln hn 512 byte (thng thy).

V th m chng trnh virus c chia thnh hai phn:

- Phn u virus: c ci t trong sector khi ng chim quyn iu hin khi quyn iukhin c trao cho sector khi ng ny. Nhim v duy nht ca phn u l: ti tip phn thnca virus vo vng nh v trao quyn iu khin cho phn thn . V nhim v n gin nh vynn phn u ca virus thng rt ngn, v cng ngn cng tt v cng ngn th s khc bit giasector khi ng chun v sector khi ng b nhim virus cng t, gim kh nng b nghi ng.

- Phn thn virus: L phn chng trnh chnh ca virus. Sau khi c phn u ti vo vng nhv trao quyn, phn thn ny s tin hnh cc tc v ca mnh, sau khi tin hnh xong mi csector khi ng chun vo vng nh v trao quyn cho n my tnh lm vic mt cch bnhthng nh cha c g xy ra c.

b. Mt s k thut c bn ca B-virus.

D l SB-virus hay DB-virus, nhng tn ti v ly lan, chng u c mt s cc k thut c bnnh sau:

- K thut kim tra tnh duy nht.

Virus phi tn ti trong b nh cng nh trn a, song s tn ti qu nhiu bn sao ca chnh ntrn a v trong b nh s ch lm chm qu trnh Boot my, cng nh chim qu nhiu vng nhnh hng ti vic ti v thi hnh cc chng trnh khc ng thi cng lm gim tc truy xuta. Chnh v th, k thut ny l mt yu cu nghim ngt vi B-virus.

Vic kim tra trn a c hai yu t nh hng:

Th nht l thi gian kim tra:

Nu mi tc v c/ghi a u phi kim tra a th thi gian truy xut s b tng gp i, lm

Trang 59


60/72

gim tc truy xut cng nh gia tng mi nghi ng.

i vi yu cu ny, cc virus p dng mt s k thut sau: Gim s ln kim tra bng cch chkim tra trong trng hp thay i truy xut t a ny sang a khc, ch kim tra trong trnghp bng FAT trn a c c vo.

Th hai l k thut kim tra:Hu ht cc virus u kim tra bng gi tr t kho. Mi virus s to cho mnh mt gi tr c bitti mt v tr xc nh trn a, vic kim tra c tin hnh bng cch c Boot record v kim tragi tr ca t kho ny. K thut ny gp tr ngi v s lng B-virus ngy mt ng o, m v trtrn Boot Record th c hn. Cch khc phc hin nay ca cc virus l tng s lng m lnh cnso snh lm gim kh nng trng hp ngu nhin.

kim tra s tn ti ca mnh trong b nh, cc virus p dng cc k thut sau: n gin nhtl kim tra gi tr Key value ti mt v tr xc nh trn vng nh cao, ngoi ra mt k thut khcc p dng i vi cc virus chim ngt Int 21 ca DOS l yu cu thc hin mt chc nng cbit khng c trong ngt ny. Nu c bo li c bt ln th trong b nh cha c virus, ngc linu virus lu tr trong vng nh th gi tr tr li (trong thanh ghi AX chng hn) l mt gi trxc nh no .

- K thut lu tr.

Sau khi thc hin xong chng trnh POST, gi tr tng s vng nh va c Test s c luvo vng BIOS Data a ch 03h. Khi h iu hnh nhn quyn iu khin, n s coi vng nhm n kim sot l gi tr trong a ch ny. V vy lu tr, mi B-virus u p dng k thutsau y: Sau khi ti phn lu tr ca mnh ln vng nh cao, n s gim gi tr vng nh do DOSqun l ti 03h i mt lng ng bng kch thc ca virus. Tuy nhin nu khng kim tra tt sc mt trong vng nh, khi b Boot mm lin tc, gi tr tng s vng nh ny s b gim nhiu ln,nh hng ti vic thc hin ca cc chng trnh sau ny. Chnh v th, cc virus c thit k ttphi kim tra s tn ti ca mnh trong b nh, nu c mt trong b nh th khng gim dunglng vng nh na.

- K thut ly lan.

on m thc hin nhim v ly lan l on m quan trng trong chng trnh virus. m bovic ly lan, virus khng ch ngt quan trng nht trong vic c/ghi vng h thng: l ngt13h, tuy nhin m bo tc truy xut a, ch cc chc nng 2 v 3 (c/ghi) l dn ti vicly lan. Vic ly lan bng cch c Boot Sector (Master Boot) ln v kim tra xem b ly cha(k thut kim tra ni trn). Nu sector khi ng cha b nhim th virus s to mt sectorkhi ng mi vi cc tham s tng ng ca on m virus ri ghi tr li vo v tr ca n trna. Cn sector khi ng va c ln cng vi thn ca virus (loi DB-virus) s c ghi vovng xc nh trn a. Ngoi ra mt s virus cn chim ngt 21 ca DOS ly nhim v phhoi trn cc file m ngt 21 lm vic.

Vic xy dng sector khi ng c on m ca virus phi m bo cc k thut sau y:

- Sector khi ng b nhim phi cn cha cc tham s a phc v cho qu trnh truy xut a, l bng tham s BPB ca Boot record hay bng phn chng trong trng hp Master boot. Vic

Trang 60


61/72

khng bo ton s dn n vic virus mt quyn iu khin hoc khng th kim sot c a nuvirus khng c mt trong mi trng.

- S an ton ca sector khi ng nguyn th v on thn ca virus cng phi c t ln hngu. Cc k thut v v tr ct giu chng ta cng phn tch cc phn trn.

- K thut ngy trang v gy nhiu.K thut ny ra i kh mun v sau ny, do khuynh hng chng li s pht hin ca ngi sdng v nhng lp trnh vin i vi virus. V kch thc ca virus kh nh b cho nn cc lptrnh vin hon ton c th d tng bc xem c ch ca virus hot ng nh th no, cho nn ccvirus tm mi cch lt lo chng li s theo di ca cc lp trnh vin.

Cc virus thng p dng mt s k thut sau y:

- C tnh vit cc lnh mt cch rc ri nh t Stack vo cc vng nh nguy him, chim v xocc ngt, thay i mt cch lt lo cc thanh ghi phn on ngi d khng bit d liu ly tu, thay i cc gi tr ca cc lnh pha sau ngi s dng kh theo di.

- M ho ngay chnh chng trnh ca mnh ngi s dng khng pht hin ra quy lut, cngnh khng thy mt cch r rng ngay s hot ng ca virus.

- Ngy trang: Cch th nht l on m ci vo sector khi ng cng ngn cng tt v cng gingsector khi ng cng tt. Tuy vy cch th hai vn c nhiu virus p dng: Khi my ang nmtrong quyn chi phi ca virus, mi yu cu c/ghi Boot sector (Master boot) u c virus trv mt bn chun: bn trc khi b virus ly. iu ny nh la ngi s dng v cc chng trnhchng virus khng c thit k tt nu my hin ang chu s chi phi ca virus.

- K thut ph hoi.

l virus th bao gi cng c tnh ph hoi. C th ph hoi mc a cho vui, cng c th lph hoi mc nghim trng, gy mt mt v nh tr i vi thng tin trn a.

Cn c vo thi im ph hoi, c th chia ra thnh hai loi:

- Loi nh thi: Loi ny lu gi mt gi tr, gi tr ny c th l ngy gi, s ln ly nhim, sgi my chy, ... Nu gi tr ny vt qu mt con s cho php, n s tin hnh ph hoi. Loiny thng nguy him v chng ch ph hoi mt ln.

- Loi lin tc: Sau khi b ly nhim v lin tc, virus tin hnh ph hoi, song do tnh lin tc ny,cc hot ng ph hoi ca n khng mang tnh nghim trng, ch yu l a cho vui.

1.4 c im Ca F-Virus:So vi B-virus th s lng F-virus ng o hn nhiu, c l do cc tc v a vi s h tr caInt 21 tr nn cc k d dng v thoi mi, l iu kin pht trin cho cc F-virus.

Thng th cc F-virus ch ly lan trn cc file kh thi (c ui .COM hoc .EXE), tuy nhin mtnguyn tc m virus phi tun th l: Khi thi hnh mt file kh thi b ly nhim, quyn iu khinphi nm trong tay virus trc khi virus tr n li cho file b nhim, v khi file nhn li quyn iu

Trang 61


62/72

khin, tt c mi d liu ca file phi c bo ton.

i vi F-virus, c mt s k thut c nu ra y:

a. K thut ly lan:

Cc F-virus ch yu s dng hai k thut: Thm vo u v thm vo cui

- Thm vo u file.

Thng thng, phng php ny ch p dng cho cc file .COM, tc l u vo ca chng trnhlun lun ti PSP0h. Li dng u vo c nh, virus chn on m ca chng trnh virus vo uchng trnh i tng, y ton b chng trnh i tng xung pha di. Cch ny c mtnhc im l do u vo c nh ca chng trnh .COM l PSP0, cho nn trc khi tr li quyniu khin cho chng trnh, phi y li ton b chng trnh ln bt u t offset 100h. Cch lyny gy kh khn cho nhng ngi khi phc v phi c ton b file vo vng nh ri mi tinhnh ghi li.

- Thm vo cui file.

Khc vi cch ly lan trn, trong phng php ny, on m ca virus s c gn vo sau cachng trnh i tng. Phng php ny c thy trn hu ht cc loi virus v phm vi ly lanca n rng ri hn phng php trn.

Do thn ca virus khng nm ng u vo ca chng trnh, cho nn chim quyn iu khin,phi thc hin k thut sau y:

- i vi file .COM: Thay cc byte u tin ca chng trnh (u vo) bng mt lnh nhy JMP,

chuyn iu khin n on m ca virus.E9 xx xx JMP Entry virus.

- i vi file .EXE: Ch cn nh v li h thng cc thanh ghi SS, SP, CS, IP trong Exe Header trao quyn iu khin cho phn m virus.

Ngoi hai k thut ly lan ch yu trn, c mt s t cc virus s dng mt s cc k thut c bitkhc nh m ho phn m ca chng trnh virus trc khi ghp chng vo file ngy trang,hoc thm ch thay th mt s on m ngn trong file i tng bng cc on m ca virus, gykh khn cho qu trnh khi phc.

Khi tin hnh ly lan trn file, i vi cc file c t cc thuc tnh Sys (h thng), Read Only(ch c), Hidden (n), phi tin hnh i li cc thuc tnh c th truy nhp, ngoi ra victruy nhp cng thay i li ngy gi cp nht ca file, v th hu ht cc virus u lu li thuctnh, ngy gi cp nht ca file sau khi ly nhim s tr li y nguyn thuc tnh v ngy gi cpnht ban u ca n.

Ngoi ra, vic c gng ghi ln a mm c dn nhn bo v cng to ra dng thng bo li caDOS: Retry - Aboart - Ignore, nu khng x l tt th d b ngi s dng pht hin ra s c mtca virus. Li kiu ny c DOS kim sot bng ngt 24h, cho nn cc virus mun trnh cc

Trang 62


63/72

thng bo kiu ny ca DOS khi tin hnh ly lan phi thay ngt 24h ca DOS trc khi tin hnhly lan ri sau hon tr.

b. K thut m bo tnh tn ti duy nht.

Cng ging nh B-virus, mt yu cu nghim ngt t ra i vi F-virus l tnh tn ti duy nht

ca mnh trong b nh cng nh trn file.

Trong vng nh, thng thng cc F-virus s dng hai k thut chnh: Th nht l to thm chcnng cho DOS, bng cch s dng mt chc nng con no trong t chc nng ln hn chcnng cao nht m DOS c. kim tra ch cn gi chc nng ny, gi tr tr li trong thanh ghiquyt nh s tn ti ca virus trong b nh hay cha. Cch th hai l so snh mt on m trongvng nh n nh vi on m ca virus, nu c s chnh lch th c ngha l virus cha c mttrong vng nh v s tin hnh ly lan.

Trn file, c th c cc cch kim tra nh kim tra bng test logic no vi cc thng tin caEntry trong th mc ca file ny. Cch ny khng m bo tnh chnh xc tuyt i song nu thit

k tt th kh nng trng lp cng hn ch, hu nh khng c, ngoi ra mt u im l tc thchin kim tra rt nhanh. Ngoi ra c th kim tra bng cch d mt on m c trng (key value)ca virus ti v tr n nh no trn file, v d trn cc byte cui cng ca file.

c. K thut thng tr

y l mt k thut kh khn, l do l DOS ch cung cp chc nng thng tr cho chng trnh,ngha l ch cho php c chng trnh thng tr. V vy nu s dng chc nng ca DOS, chngtrnh virus mun thng tr th c file i tng cng phi thng tr, m iu ny th khng thc nu kch thc ca file i tng qu ln.

Chnh v l do trn, hu ht cc chng trnh virus mun thng tr u phi thao tc qua mtDOS trn chui MCB bng phng php "th cng". Cn c vo vic thng tr c thc hintrc hay sau khi chng trnh i tng thi hnh, c th chia k thut thng tr thnh hai nhm:

- Thng tr trc khi tr quyn iu khin.

Nh ni trn, DOS khng cung cp mt chc nng no cho kiu thng tr ny, cho nnchng trnh virus phi t thu xp. Cc cch sau y c virus dng n:

- Thao tc trn MCB tch mt khi vng nh ra khi quyn iu khin ca DOS, ri dng vngny cha chng trnh virus.

- T nh v v tr trong b nh ti phn thng tr ca virus vo, thng th cc virus chn vng nh cao, pha di phn tm tr ca file command.com trnh b ghi khi h thng ti licommand.com. V khng cp pht b nh cho phn chng trnh virus ang thng tr, cho nncommand.com hon ton c quyn cp pht vng nh cho cc chng trnh khc, ngha lchng trnh thng tr ca virus phi chp nhn s mt mt do may ri.

- Thng tr bng chc nng thng tr 31h: y l mt k thut phc tp, tin trnh cn thchin c m t nh sau:

Trang 63


64/72

Khi chng trnh virus c trao quyn, n s to ra mt MCB c khai bo l phn t trung giantrong chui MCB cha chng trnh virus, sau li to tip mt MCB mi cho chngtrnh b nhim bng cch di chng trnh xung vng mi ny. thay i PSP m DOS anglu gi thnh PSP m chng trnh virus to ra cho chng trnh i tng, phi s dng chcnng 50h ca ngt 21h.

-. Thng tr sau khi ot li quyn iu khin.

Chng trnh virus ly tn chng trnh ang thi hnh trong mi trng ca DOS, ri n thi hnhngay chnh bn thn mnh. Sau khi thi hnh xong, quyn iu khin li c tr v cho virus, vkhi n mi tin hnh thng tr mt cch bnh thng bng chc nng 31h ca ngt 21h.

c. K thut ngy trang v gy nhiu

Mt nhc im khng trnh khi l file i tng b ly nhim virus s b tng kch thc. Mts virus ngy trang bng cch khi s dng chc nng DIR ca DOS, virus chi phi chc nng tm

kim file (chc nng 11h v 12h ca ngt 21h) gim kch thc ca file b ly nhim xung, vth khi virus ang chi phi my tnh, nu s dng lnh DIR ca DOS, hoc cc lnh s dng chcnng tm kim file trn c thng tin v entry trong bng th mc, th thy kch thc file bly nhim vn bng kch thc ca file ban u, iu ny nh la ngi s dng v s trong schca file ny.

Mt s virus cn gy nhiu bng cch m ho phn ln chng trnh virus, ch khi no vo vngnh, chng trnh mi c gii m ngc li. Mt s virus anti-debug bng cch chim ngt 1 vngt 3. Bi v cc chng trnh debug thc cht phi dng ngt 1 v ngt 3 thi hnh tng bcmt, cho nn khi virus chim cc ngt ny ri m ngi lp trnh dng debug theo di virus thkt qu khng lng trc c.

d. K thut ph hoi

Thng thng, cc F-virus cng s dng cch thc v k thut ph hoi ging nh B-virus. C thph hoi mt cch nh thi, lin tc hoc ngu nhin. i tng ph hoi c th l mn hnh, loa,a,...

2. Phng Chng Virus: phng chng virus c nhiu cch khc nhau, cch ph bin nht ngy nay l s dng cc phnmm dit virus.

Symantec antivirus l mt trong nhng phn mm dit virus ph bin nht hin nay.

2.1 Ci t Chng Trnh Symantec Antivirus Server (Server Intall):Chy file ci t setup.exeMng hnh welcome . xut hin

Trang 64


65/72

Chn Next mng hnh xc nhn bn quyn xut hin chn I accept tip tc qutrnh ci t

Chn Next mng hnh chn la phng thc ci t xut hin: client server option

chn server intall

Trang 65


66/72

Chn next hp thoi setup type xut hin chn complete ci t y cc tnhnng ca chng trnh

Chn Next hp thoi select server group xut hin trong hp thoi ny, khai bo cc

thng tin sau:- server group: cho php khai bo nhm server- username: khai bo user cho php ng nhp server sau khi ci t- Password: cho php khai bo password ca user ng nhp

Trang 66


67/72

Chn next hp thoi xc nhn password xut hin: g li password li mt ln na.

Chn ok hp thoi intall option xut hin

Trang 67


68/72

Chn next hp thoi ready to xut hin xc lp li qu trnh ci t

Chn install bt u qu trnh ci t

2.2 Ci t Chng Trnh Symantec System Center:

a. Ch c n ng:

y l chng trnh cho php qun l cc symantec antivirus server v symantec antivirus

client. Thng qua chng trnh ny chng ta c th thc hin cc chc nng qun l nh:- Ci t antivirus v bo v cc l hng bo mt trn my.- Cho php cp nht symantec antivirus client defination- Ci t cc chng trnh bo v trn my trm- .

b. Ci t :

Cc bc ci t cng ging nh ci t synmantec server.Ti hp thoi select

Trang 68

Documents

An Toan Bao Mat Mang