Bai Giang an Toan Va Bao Mat He Thong Thong Tin 7765

Embed Size (px)

Citation preview

HC VIN CNG NGH BU CHNH VIN THNG C S TP. H CH MINH

BI GING

BO MT H THNG THNG TINDNH CHO H O TO T XA Bin son: L Phc

Thng 7/2007

M UTi liu ny c xy dng vi mc ch gip sinh vin h o to t xa nghin cu cc vn v bo mt h thng thng tin. Bo mt h thng thng tin l tp cc k thut, dch v, c ch v ng dng ph tr gip trin khai cc h thng thng tin vi an ton cao nht, m c th l bo v ba c trng c bn ca mt h thng an ton l tnh B mt, tnh Ton vn v tnh Kh dng ca thng tin. Tnh bo mt ca h thng l vn c cn nhc ngay khi thit k h thng v c thc hin xuyn sut trong qu trnh thi cng, vn hnh v bo dng h thng. Trong thi im m vic kt ni vo mng Internet, ni cha rt nhiu nguy c tn cng tim n, tr thnh mt nhu cu sng cn ca cc h thng thng tin th vn bo mt cng cn phi c quan tm v u t ng mc. Ti liu ny nhm n i tng sinh vin l nhng ngi va hc va lm, do cc vn bo mt thc t trn mng c quan tm nhiu hn l cc c s l thuyt. Cc chuyn v mt m cng c trnh by n gin theo cch nhn ca ngi s dng, khng qu chuyn su v c s ton hc, do , nu c nhu cu tm hiu su hn hoc chng minh cc thut ton, sinh vin cn phi c thm cc ti liu v l thuyt s. Ni dung ti liu c chia thnh 3 chng: -Chng 1:Tng quan v bo mt h thng thng tin, trnh by cc vn chung v bo mt v an ton h thng, cc nguy c v cc phng thc tn cng vo h thng thng tin, cc ng dng bo v h thng thng tin ang c s dng nh Firewall v IDS -Chng 2: Mt m v xc thc thng tin, trnh by cc c ch mt m v xc thc nhm m bo tnh B mt v Ton vn ca thng tin. Phn ny m t nguyn l ca cc thut ton mt m thng dng, hm bm, ch k s v cc vn qun l kho. -Chng 3: Cc ng dng bo mt trong h thng thng tin, trnh by cc ng dng thc t nh cc giao thc xc thc, bo mt trong kt ni mng vi IPSec, bo mt trong ng dng Internet vi SSL v SET. Cui mi chng u c phn tm tt, cc cu hi trc nghim v bi tp, gip sinh vin h thng ho li kin thc hc. c bit, cc bi tp thc hnh v lp trnh s gip sinh vin nm r hn phn l thuyt, nn c gng thc hin cc bi tp ny mt cch chu o. Hy vng ti liu ny s t nhiu gip ch cho vic nghin cu chuyn an ton h thng thng tin ca cc bn sinh vin. Thng 7/2007. Tc gi.

1

CHNG I TNG QUAN V BO MT H THNG THNG TINGii thiu: Chng ny gip hc vin nm c cc khi nim thng dng trong bo mt v an ton h thng, nguyn tc xy dng mt h thng thng tin bo mt, nhn din v phn tch cc nguy c v ri ro i vi h thng thng tin, t c k hoch nng cp v bo v h thng. Ni dung chng ny gm cc phn nh sau: -Cc c trng ca mt h thng bo mt. -Nguy c v ri ro i vi h thng thng tin. -Cc khi nim dng trong bo mt h thng -Chin lc bo mt h thng AAA. -Mt s hnh thc xm nhp h thng. -K thut ngn chn v pht hin xm nhp.

I.1 TNG QUANVn bo m an ton cho cc h thng thng tin l mt trong nhng vn quan trng cn cn nhc trong sut qu trnh thit k, thi cng, vn hnh v bo dng h thng thng tin. Cng nh tt c cc hot ng khc trong i sng x hi, t khi con ngi c nhu cu lu tr v x l thng tin, c bit l t khi thng tin c xem nh mt b phn ca t liu sn xut, th nhu cu bo v thng tin cng tr nn bc thit. Bo v thng tin l bo v tnh b mt ca thng tin v tnh ton vn ca thng tin. Mt s loi thng tin ch cn ngha khi chng c gi kn hoc gii hn trong mt s cc i tng no , v d nh thng tin v chin lc qun s chng hn. y l tnh b mt ca thng tin. Hn na, thng tin khng phi lun c con ngi ghi nh do s hu hn ca b c, nn cn phi c thit b lu tr thng tin. Nu thit b lu tr hot ng khng an ton, thng tin lu tr trn b mt i hoc sai lch ton b hay mt phn, khi tnh ton vn ca thng tin khng cn c bo m. Khi my tnh c s dng x l thng tin, hiu qu x l thng tin c nng cao ln, khi lng thng tin c x l cng ngy cng ln ln, v ko theo n, tm quan trng ca thng tin trong i sng x hi cng tng ln. Nu nh trc y, vic bo v thng tin ch ch trng vo vn dng cc c ch v phng tin vt l bo v thng tin theo ng ngha en ca t ny, th cng v sau, vn bo v thng tin tr nn a dng hn v phc tp hn. C th k ra hai iu thay i ln sau y i vi vn bo v thng tin: 1-S ng dng ca my tnh trong vic x l thng tin lm thay i dng lu tr ca thng tin v phng thc x l thng tin. Cn thit phi xy dng cc c ch bo v thng tin theo c th hot ng ca my tnh. T y xut hin yu cu bo v s an ton hot ng ca my tnh (Computer Security) tn ti song song vi yu cu bo v s an ton ca thng tin (Information Security). 2-S pht trin mnh m ca mng my tnh v cc h thng phn tn lm thay i phm vi t chc x l thng tin. Thng tin c trao i gia cc thit b x l thng qua mt khong cch vt l rt ln, gn nh khng gii hn, lm xut hin thm nhiu nguy c hn i vi s an ton ca thng tin. T xut hin yu cu bo v s an ton ca h thng mng (Network 2

Security), gm cc c ch v k thut ph hp vi vic bo v s an ton ca thng tin khi chng c trao i gia cc thit b trn mng. Cng vi vic nhn din hai iu thay i ln i vi vn bo m an ton thng tin, hin nay, khi nim bo m thng tin (Information Assurance) c xut nh mt gii php ton din hn cho bo mt thng tin. Theo , vn an ton ca thng tin khng cn ch gii hn trong vic m bo tnh b mt v tnh ton vn ca thng tin, phm vi bo v khng cn gii hn trong cc h thng my tnh lm chc nng x l thng tin na, m din ra trong tt c cc h thng t ng (automated systems). Yu cu bo v khng cn ch tp trung vn an ton ng (Security) na m bao gm c vn an ton tnh (Safety) v vn tin cy ca h thng (Reliability). Trong phm vi ti liu ny, vn Bo mt h thng thng tin (Information System Security) l vn trng tm nht. Ton b ti liu s tp trung vo vic m t, phn tch cc c ch v k thut nhm cung cp s bo mt cho cc h thng thng tin. Mt h thng thng tin, theo cch hiu ngm nh trong ti liu ny, l h thng x l thng tin bng cng c my tnh, c t chc tp trung hoc phn tn. Do vy, ni dung ca ti liu s va cp n vn bo mt my tnh (Computer Security) v bo mt mng (Network Security). Tuy vy, cc k thut bo mt mng ch c cp mt cch gin lc, dnh phn cho mt ti liu khc thuc chuyn ngnh Mng my tnh v truyn thng, l ti liu Bo mt mng.

I.2 CC C TRNG CA MT H THNG THNG TIN BO MTMt h thng thng tin bo mt (Secure Information System) l mt h thng m thng tin c x l trn n phi m bo c 3 c trng sau y: -Tnh b mt ca thng tin (Confidentiality) -Tnh ton vn ca thng tin (Integrity) -Tnh kh dng ca thng tin (Availability).

Confidentiality

Secure Integrity Availability

Hnh 1.1: M hnh CIA Ba c trng ny c lin kt li v xem nh l m hnh tiu chun ca cc h thng thng tin bo mt, hay ni cch khc, y l 3 thnh phn ct yu ca mt h thng thng tin Bo mt. M hnh ny c s dng rng ri trong nhiu ng cnh v nhiu ti liu khc nhau, v 3

c gi tt l m hnh CIA (ch phn bit vi thut ng CIA vi ngha Confidentiality, Itegrity, Authentication trong mt s ti liu khc). Phn sau y s trnh by chi tit v tng c trng ny.

I.2.1

Tnh b mt:

Mt s loi thng tin ch c gi tr i vi mt i tng xc nh khi chng khng ph bin cho cc i tng khc. Tnh b mt ca thng tin l tnh gii hn v i tng c quyn truy xut n thng tin. i tng truy xut c th l con ngi, l my tnh hoc phn mm, k c phn mm ph hoi nh virus, worm, spyware, Tu theo tnh cht ca thng tin m mc b mt ca chng c khc nhau. V d: cc thng tin v chnh tr v qun s lun c xem l cc thng tin nhy cm nht i vi cc quc gia v c x l mc bo mt cao nht. Cc thng tin khc nh thng tin v hot ng v chin lc kinh doanh ca doanh nghip, thng tin c nhn, c bit ca nhng ngi ni ting, thng tin cu hnh h thng ca cc mng cung cp dch v, v.v u c nhu cu c gi b mt tng mc . m bo tnh b mt ca thng tin, ngoi cc c ch v phng tin vt l nh nh xng, thit b lu tr, dch v bo v, th k thut mt m ho (Cryptography) c xem l cng c bo mt thng tin hu hiu nht trong mi trng my tnh. Cc k thut mt m ho s c trnh by c th chng II. Ngoi ra, k thut qun l truy xut (Access Control) cng c thit lp bo m ch c nhng i tng c cho php mi c th truy xut thng tin. Access control s c trnh by phn 3 ca chng ny. S b mt ca thng tin phi c xem xt di dng 2 yu t tch ri: s tn ti ca thng tin v ni dung ca thng tin . i khi, tit l s tn ti ca thng tin c ngha cao hn tit l ni dung ca n. V d: chin lc kinh doanh b mt mang tnh sng cn ca mt cng ty b tit l cho mt cng ty i th khc. Vic nhn thc c rng c iu tn ti s quan trng hn nhiu so vi vic bit c th v ni dung thng tin, chng hn nh ai tit l, tit l cho i th no v tit l nhng thng tin g, Cng v l do ny, trong mt s h thng xc thc ngi dng (user authentication) v d nh ng nhp vo h iu hnh Netware hay ng nhp vo hp th in t hoc cc dch v khc trn mng, khi ngi s dng cung cp mt tn ngi dng (user-name) sai, thay v thng bo rng user-name ny khng tn ti, th mt s h thng s thng bo rng mt khu (password) sai, mt s h thng khc ch thng bo chung chung l Invalid user name/password (ngi dng hoc mt khu khng hp l). Dng ng sau cu thng bo khng r rng ny l vic t chi xc nhn vic tn ti hay khng tn ti mt user-name nh th trong h thng. iu ny lm tng s kh khn cho nhng ngi mun ng nhp vo h thng mt cch bt hp php bng cch th ngu nhin.

I.2.2

Tnh ton vn:

c trng ny m bo s tn ti nguyn vn ca thng tin, loi tr mi s thay i thng tin c ch ch hoc h hng, mt mt thng tin do s c thit b hoc phn mm. Tnh ton vn c xt trn 2 kha cnh: -Tnh nguyn vn ca ni dung thng tin. -Tnh xc thc ca ngun gc ca thng tin. 4

Ni mt cch khc, tnh ton vn ca thng tin phi c nh gi trn hai mt: ton vn v ni dung v ton vn v ngun gc. V d: mt ngn hng nhn c lnh thanh ton ca mt ngi t xng l ch ti khon vi y nhng thng tin cn thit. Ni dung thng tin c bo ton v ngn hng nhn c mt cch chnh xc yu cu ca khch hng (ng nh ngi xng l ch ti khon gi i). Tuy nhin, nu lnh thanh ton ny khng phi cho chnh ch ti khon a ra m do mt ngi no khc nh bit c thng tin b mt v ti khon mo danh ch ti khon a ra, ta ni ngun gc ca thng tin khng c bo ton. Mt v d khc, mt t bo a tin v mt s kin va xy ra ti mt c quan quan trng ca chnh ph, c ghi ch rng ngun tin t ngi pht ngn ca c quan . Tuy nhin, nu tin tht s khng phi do ngi pht ngn cng b m c ly t mt knh thng tin khc, khng xt n vic ni dung thng tin c ng hay khng, ta ni rng ngun gc thng tin khng c bo ton. S tan vn v ngun gc thng tin trong mt s ng cnh c ngha tng ng vi s m bo tnh khng th chi ci (non-repudiation) ca h thng thng tin. Cc c ch m bo s ton vn ca thng tin c chia thnh 2 loi: cc c ch ngn chn (Prevention mechanisms) v cc c ch pht hin (Detection mechanisms). C ch ngn chn c chc nng ngn cn cc hnh vi tri php lm thay i ni dung v ngun gc ca thng tin. Cc hnh vi ny bao gm 2 nhm: hnh vi c gng thay i thng tin khi khng c php truy xut n thng tin v hnh vi thay i thng tin theo cch khc vi cch c cho php. V d: mt ngi ngoi cng ty c gng truy xut n c s d liu k ton ca mt cng ty v thay i d liu trong . y l hnh vi thuc nhm th nht. Trng hp mt nhn vin k ton c trao quyn qun l c s d liu k ton ca cng ty, v dng quyn truy xut ca mnh thay i thng tin nhm bin th ngn qu, y l hnh vi thuc nhm th hai. Nhm cc c ch pht hin ch thc hin chc nng gim st v thng bo khi c cc thay i din ra trn thng tin bng cch phn tch cc s kin din ra trn h thng m khng thc hin chc nng ngn chn cc hnh vi truy xut tri php n thng tin. Nu nh tnh b mt ca thng tin ch quan tm n vic thng tin c b tit l hay khng, th tnh ton vn ca thng tin va quan tm ti tnh chnh xc ca thng tin v c mc tin cy ca thng tin. Cc yu t nh ngun gc thng tin, cch thc bo v thng tin trong qu kh cng nh trong hin ti u l nhng yu t quyt nh tin cy ca thng tin v do nh hng n tnh ton vn ca thng tin. Ni chung, vic nh gi tnh ton vn ca mt h thng thng tin l mt cng vic phc tp.

I.2.3l.

Tnh kh dng:Tnh kh dng ca thng tin l tnh sn sng ca thng tin cho cc nhu cu truy xut hp

V d: cc thng tin v qun l nhn s ca mt cng ty c lu trn my tnh, c bo v mt cch chc chn bng nhiu c ch m bo thng tin khng b tit l hay thay i. Tuy nhin, khi ngi qun l cn nhng thng tin ny th li khng truy xut c v li h thng. Khi , thng tin hon ton khng s dng c v ta ni tnh kh dng ca thng tin khng c m bo.

5

Tnh kh dng l mt yu cu rt quan trng ca h thng, bi v mt h thng tn ti nhng khng sn sng cho s dng th cng ging nh khng tn ti mt h thng thng tin no. Mt h thng kh dng l mt h thng lm vic tri chy v hiu qu, c kh nng phc hi nhanh chng nu c s c xy ra. Trong thc t, tnh kh dng c xem l nn tng ca mt h thng bo mt, bi v khi h thng khng sn sng th vic m bo 2 c trng cn li (b mt v ton vn) s tr nn v ngha. Hin nay, cc hnh thc tn cng t chi dch v DoS (Denial of Service) v DDoS (Distributed Denial of Service) c nh gi l cc nguy c ln nht i vi s an ton ca cc h thng thng tin, gy ra nhng thit hi ln v c bit l cha c gii php ngn chn hu hiu. Cc hnh thc tn cng ny u nhm vo tnh kh dng ca h thng. Mt s hng nghin cu ang a ra cc m hnh mi cho vic m t cc h thng an ton. Theo , m hnh CIA khng m t c y cc yu cu an ton ca h thng m cn phi nh ngha li mt m hnh khc vi cc c tnh ca thng tin cn c m bo nh: -Tnh kh dng (Availability) -Tnh tin ch (Utility) -Tnh ton vn (Integrity) -Tnh xc thc (Authenticity) -Tnh bo mt (Confidentiality) -Tnh s hu (Possession)

I.3 CC NGUY C V RI RO I VI H THNG THNG TINI.3.1 Nguy c:Nguy c (threat) l nhng s kin c kh nng nh hng n an ton ca h thng. V d: tn cng t chi dch v (DoS v DDoS) l mt nguy c i vi h thng cc my ch cung cp dch v trn mng. Khi ni n nguy c, ngha l s kin cha xy ra, nhng c kh nng xy ra v c kh nng gy hi cho h thng. C nhng s kin c kh nng gy hi, nhng khng c kh nng xy ra i vi h thng th khng c xem l nguy c. V d: tn cng ca su Nimda (nm 2001) c kh nng gy t lit ton b h thng mng ni b. Tuy nhin, su Nimda ch khai thc c li bo mt ca phn mm IIS (Internet Information Service) trn Windows (NT v 2000) v do ch c kh nng xy ra trn mng c my ci t h iu hnh Windows. Nu mt mng my tnh ch gm ton cc my ci h iu hnh Unix hoc Linux th su Nimda hon ton khng c kh nng tn ti, v do vy, su Nimda khng phi l mt nguy c trong trng hp ny. C th chia cc nguy c thnh 4 nhm sau y: -Tit l thng tin / truy xut thng tin tri php -Pht thng tin sai / chp nhn thng tin sai -Ph hoi / ngn chn hot ng ca h thng -Chim quyn iu khin tng phn hoc ton b h thng y l cch phn chia rt khi qut. Mi nhm s bao gm nhiu nguy c khc nhau. 6

Nghe ln, hay c ln (gi chung l snooping) l mt trong nhng phng thc truy xut thng tin tri php. Cc hnh vi thuc phng thc ny c th n gin nh vic nghe ln mt cuc m thoi, m mt tp tin trn my ca ngi khc, hoc phc tp hn nh xen vo mt kt ni mng (wire-tapping) n cp d liu, hoc ci cc chng trnh ghi bn phm (key-logger) ghi li nhng thng tin quan trng c nhp t bn phm. Nhm nguy c pht thng tin sai / chp nhn thng tin sai bao gm nhng hnh vi tng t nh nhm trn nhng mang tnh ch ng, tc l c thay i thng tin gc. Nu thng tin b thay i l thng tin iu khin h thng th mc thit hi s nghim trng hn nhiu bi v khi , hnh vi ny khng ch gy ra sai d liu m cn c th lm thay i cc chnh sch an ton ca h thng hoc ngn chn hot ng bnh thng ca h thng. Trong thc t, hnh thc tn cng xen gia Man-in-the-middle (MITM) l mt dng ca phng thc pht thng tin sai / chp nhn thng tin sai. Hot ng ca hnh thc tn cng ny l xen vo mt kt ni mng, c ln thng tin v thay i thng tin trc khi gi n cho ni nhn. Gi danh (spoofing) cng l mt dng hnh vi thuc nhm nguy c pht thng tin sai / chp nhn thng tin sai. Hnh vi ny thc hin vic trao i thng tin vi mt i tc bng cch gi danh mt thc th khc. Ph nhn hnh vi (repudiation) cng l mt phng thc gy sai lch thng tin. Bng phng thc ny, mt thc th thc hin hnh vi pht ra thng tin, nhng sau li chi b hnh vi ny, tc khng cng nhn ngun gc ca thng tin, v do vi phm yu cu v tnh ton vn ca thng tin. V d: mt ngi ch ti khon yu cu ngn hng thanh ton t ti khon ca mnh. Mi thng tin u chnh xc v ngn hng thc hin lnh. Tuy nhin sau ngi ch ti khon li ph nhn vic mnh a ra lnh thanh ton. Khi , thng tin b sai lch do ngun gc ca thng tin khng cn xc nh.

Nhm nguy c th 3 bao gm cc hnh vi c mc ch ngn chn hot ng bnh thng ca h thng bng cch lm chm hoc gin on dch v ca h thng. Tn cng t chi dch v hoc virus l nhng nguy c thuc nhm ny. Chim quyn iu khin h thng gy ra nhiu mc thit hi khc nhau, t vic ly cp v thay i d liu trn h thng, n vic thay i cc chnh sch bo mt v v hiu ho cc c ch bo mt c thit lp. V d in hnh cho nhm nguy c ny l cc phng thc tn cng nhm chim quyn root trn cc my tnh chy Unix hoc Linux bng cch khai thc cc li phn mm hoc li cu hnh h thng. Tn cng trn b m (buffer overflow) l cch thng dng nht chim quyn root trn cc h thng Linux vn c xy dng trn nn tng ca ngn ng lp trnh C.

I.3.2

Ri ro v qun l ri ro:Ri ro (risk) l xc sut xy ra thit hi i vi h thng.

Ri ro bao gm 2 yu t: Kh nng xy ra ri ro v thit hi do ri ro gy ra. C nhng ri ro c kh nng xy ra rt cao nhng mc thit hi th thp v ngc li.

7

V d: ri ro mt thng tin trn h thng khng c c ch bo v tp tin, chng hn nh Windows 98. Windows 98 khng c c ch xc thc ngi s dng nn bt c ai cng c th s dng my vi quyn cao nht. Nu trn ch c cha cc tp tin vn bn khng c tnh b mt th vic mt mt tp tin th thit hi gy ra ch l mt cng sc nh my vn bn . y l dng ri ro c xc sut xy ra cao nhng thit hi thp. Mt v d khc: trn my ch cung cp dch v c mt phn mm c li trn b m, v nu khai thc c li ny th k tn cng c th chim c quyn iu khin ton b h thng. Tuy nhin, y l phn mm khng ph bin v khai thc c li ny, k tn cng phi c nhng k nng cao cp. Ri ro h thng b chim quyn iu khin c nh gi l c kh nng xy ra thp, nhng nu c xy ra, th thit hi s rt cao. Cn ch phn bit gia nguy c v ri ro. Nguy c l nhng hnh vi, nhng s kin hoc i tng c kh nng gy hi cho h thng. Ri ro l nhng thit hi c kh nng xy ra i vi h thng. V d: Tn cng t chi dch v l mt nguy c (threat). y l mt s kin c kh nng xy ra i vi bt k h thng cung cp dch v no. Thit hi do tn cng ny gy ra l h thng b gin on hot ng, y mi l ri ro (risk). Tuy nhin, khng phi bt k tn cng t chi dch v no xy ra cng u lm cho h thng ngng hot ng, v hn na, tn cng t chi dch v khng phi l ngun gc duy nht gy ra gin on h thng; nhng nguy c khc nh li h thng (do vn hnh sai), li phn mm (do lp trnh), li phn cng (h hng thit b, mt in, ) cng u c kh nng dn n gin on h thng. Mt v d khc, xt trng hp lu tr tp tin trn mt my tnh chy h iu hnh Windows 98 ni trn. Nguy c i vi h thng l cc hnh vi sa hoc xo tp tin trn my ngi khc. Nhng ngi hay s dng my tnh ca ngi khc cng c xem l nguy c i vi h thng. Ri ro i vi h thng trong trng hp ny l vic tp tin b mt hoc b sa. Trong thc t, vic ra chnh sch bo mt cho mt h thng thng tin phi m bo c s cn bng gia li ch ca vic bo m an ton h thng v chi ph thit k, ci t v vn hnh cc c ch bo v chnh sch . Cng vic qun l ri ro trn mt h thng l quy trnh cn thit nhn din tt c nhng ri ro i vi h thng, nhng nguy c c th dn n ri ro v phn tch li ch / chi ph ca gii php ngn chn ri ro. Quy trnh phn tch ri ro bao gm cc bc: -Nhn dng cc ri ro i vi h thng -Chn la v thc hin cc gii php gim bt ri ro. -Theo di v nh gi thit hi ca nhng ri ro xy ra, lm c s cho vic iu chnh li hai bc u.

I.3.3

Vn con ngi trong bo mt h thng:

Con ngi lun l trung tm ca tt c cc h thng bo mt, bi v tt c cc c ch, cc k thut c p dng bo m an ton h thng u c th d dng b v hiu ho bi con ngi trong chnh h thng . V d: h thng xc thc ngi s dng yu cu mi ngi trong h thng khi mun thao tc trn h thng u phi cung cp tn ngi dng v mt khu. Tuy nhin, nu ngi c cp mt khu khng bo qun k thng tin ny, hoc thm ch em tit l cho ngi khc bit, th kh nng xy ra cc vi phm i vi chnh sch an ton l rt cao v h thng xc thc b v hiu ho. 8

Nhng ngi c ch mun ph v chnh sch bo mt ca h thng c gi chung l nhng ngi xm nhp (intruder hoc attacker) v theo cch ngh thng thng th y phi l nhng ngi bn ngoi h thng. Tuy nhin, thc t chng minh c rng chnh nhng ngi bn trong h thng, nhng ngi c iu kin tip cn vi h thng li l nhng ngi c kh nng tn cng h thng cao nht. c th l mt nhn vin ang bt mn v mun ph hoi, hoc ch l mt ngi thch khm ph v chng t mnh. Cc tn cng gy ra bi cc i tng ny thng kh pht hin v gy thit hi nhiu hn cc tn cng t bn ngoi. Nhng ngi khng c hun luyn v an ton h thng cng l ni tim n cc nguy c do nhng hnh vi v ca h nh thao tc sai, b qua cc khu kim tra an ton, khng tun th chnh sch bo mt thng tin nh lu tp tin bn ngoi th mc an ton, ghi mt khu ln bn lm vic,

I.4 NGUYN TC XY DNG MT H THNG BO MTI.4.1 Chnh sch v c ch:Hai khi nim quan trng thng c cp khi xy dng mt h thng bo mt: -Chnh sch bo mt (Security policy) -C ch bo mt (Security mechanism) Chnh sch bo mt l h thng cc quy nh nhm m bo s an ton ca h thng. C ch bo mt l h thng cc phng php, cng c, th tc, dng thc thi cc quy nh ca chnh sch bo mt. Chnh sch bo mt c th c biu din bng ngn ng t nhin hoc ngn ng ton hc. V d: trong mt h thng, bo m an ton cho mt ti nguyn (resource) c th, chnh sch an ton quy nh rng ch c ngi dng no thuc nhm qun tr h thng (Administrators) mi c quyn truy xut, cn nhng ngi dng khc th khng. y l cch biu din bng ngn ng t nhin. C th biu din quy nh ny bng ngn ng ton hc nh sau: Gi: U l tp hp cc ngi dng trong h thng. A l tp hp cc ngi dng thuc nhm qun tr. O l tp hp cc i tng (ti nguyn) trong h thng Thao tc Access(u, o) cho gi tr TRUE nu ngi dng u c quyn truy xut n i tng o, ngc li, cho gi tr FALSE. Quy nh p trong chnh sch an ton c pht biu nh sau:

u U, o O: Access(u, o) = TRUE u AMa trn cng thng c dng biu din mt chnh sch bo mt. V d: mt h thng vi cc tp ngi dng U = {u1, u2, u3, u4} v tp i tng O = {o1, o2, o3, o4}. Cc thao tc m mt ngi dng u c th thc hin c trn mt i tng o bao gm c (r), ghi (w) v thc thi (x). Quy nh v kh nng truy xut ca tng ngi dng n tng i tng trong h thng c biu din bng ma trn nh sau:

9

u1 o1 o2 o3 o4 x x w w

u2 x r

U3 R R R R

u4

Quan st ma trn, ta bit rng ngi dng u3 c quyn c trn tt c cc i tng t o1 n o4, trong khi ngi dng u4 th khng c quyn truy xut n bt k i tng no. C ch bo mt thng thng l cc bin php k thut. V d: xy dng bc tng la (firewall), xc thc ngi dng, dng c ch bo v tp tin ca h thng qun l tp tin NTFS phn quyn truy xut i vi tng tp tin / th mc trn a cng, dng k thut mt m ho che giu thng tin, v.v Tuy nhin, i khi c ch ch l nhng th tc (procedure) m khi thc hin n th chnh sch c bo ton. V d: phng thc hnh my tnh ca trng i hc quy nh: sinh vin khng c sao chp bi tp ca sinh vin khc c lu trn my ch. y l mt quy nh ca chnh sch bo mt. thc hin quy nh ny, cc c ch c p dng bao gm: to th mc ring trn my ch cho tng sinh vin, phn quyn truy xut cho tng sinh vin n cc th mc ny v yu cu sinh vin phi lu bi tp trong th mc ring, mi khi ri khi my tnh phi thc hin thao tc logout khi h thng. Trong c ch ny, cc bin php nh to th mc ring, gn quyn truy xut, l cc bin php k thut. Bin php yu cu sinh vin that khi h thng (logout) khi ri khi my l mt bin php th tc. Nu sinh vin ra v m khng that ra khi h thng, mt sinh vin khc c th s dng phin lm vic ang m ca sinh vin ny sao chp bi tp. Khi , r rng chnh sch bo mt b vi phm. Cho trc mt chnh sch bo mt, c ch bo mt phi m bo thc hin c 3 yu cu sau y: -Ngn chn cc nguy c gy ra vi phm chnh sch -Pht hin cc hnh vi vi phm chnh sch -Khc phc hu qu ca ri ro khi c vi phm xy ra. Thng thng, vic xy dng mt h thng bo mt phi da trn 2 gi thit sau y: 1-Chnh sch bo mt phn chia mt cch r rng cc trng thi ca h thng thnh 2 nhm: an ton v khng an ton. 2-C ch bo mt c kh nng ngn chn h thng tin vo cc trng thi khng an ton. Ch cn mt trong hai gi thit ny khng m bo th h thng s khng an ton. Tng c ch ring l c thit k bo v mt hoc mt s cc quy nh trong chnh sch. Tp hp tt c cc c ch trin khai trn h thng phi m bo thc thi tt c cc quy nh trong chnh sch. Hai nguy c c th xy ra khi thit k h thng bo mt do khng m bo 2 gi thit trn: 1-Chnh sch khng lit k c tt c cc trng thi khng an ton ca h thng, hay ni cch khc, chnh sch khng m t c mt h thng bo mt tht s. 10

2-C ch khng thc hin c tt c cc quy nh trong chnh sch, c th do gii hn v k thut, rng buc v chi ph, Da trn nhng nhn thc ny, c th nh gi mc an ton ca mt c ch nh sau: Gi P l tp hp tt c cc trng thi ca h thng, Q l tp hp cc trng thi an ton theo nh ngha ca chnh sch bo mt, gi s c ch ang p dng c kh nng gii hn cc trng thi ca h thng trong tp R. Ta c cc nh ngha nh sau: -Nu R Q: c ch c nh gi l an ton (secure mechanism). -Nu R = Q: c ch c nh gi l chnh xc (precise mechanism). -Nu tn ti trng thi r R sao cho r Q: c ch c nh gi l lng lo (broad mechanism).

I.4.2

Cc mc tiu ca bo mt h thng:

Mt h thng bo mt, nh trnh by phn 2 ca chng ny, l h thng tho mn 3 yu cu c bn l tnh b mt, tnh ton vn v tnh kh dng, gi tt l CIA. thc hin m hnh CIA, ngi qun tr h thng cn nh ngha cc trng thi an ton ca h thng thng qua chnh sch bo mt, sau thit lp cc c ch bo mt bo v chnh sch . Mt h thng l tng l h thng: -C chnh sch xc nh mt cch chnh xc v y cc trng thi an ton ca h thng; -C c ch thc thi y v hiu qu cc quy nh trong chnh sch. Tuy nhin trong thc t, rt kh xy dng nhng h thng nh vy do c nhng hn ch v k thut, v con ngi hoc do chi ph thit lp c ch cao hn li ch m h thng an ton em li. Do vy, khi xy dng mt h thng bo mt, th mc tiu t ra cho c ch c p dng phi bao gm 3 phn nh sau: Ngn chn (prevention): mc tiu thit k l ngn chn cc vi phm i vi chnh sch. C nhiu s kin, hnh vi dn n vi phm chnh sch. C nhng s kin c nhn din l nguy c ca h thng nhng c nhng s kin cha c ghi nhn l nguy c. Hnh vi vi phm c th n gin nh vic l mt khu, qun that khi h thng khi ri khi my tnh, hoc c nhng hnh vi phc tp v c ch ch nh c gng tn cng vo h thng t bn ngoi. Cc c ch an ton (secure mechanism) hoc c ch chnh xc (precise mechanism) theo nh ngha trn l cc c ch c thit k vi mc tiu ngn chn. Tuy nhin, khi vic xy dng cc c ch an ton hoc chnh xc l khng kh thi th cn phi quan tm n 2 mc tiu sau y khi thit lp cc c ch bo mt: Pht hin (detection): mc tiu thit k tp trung vo cc s kin vi phm chnh sch v ang xy ra trn h thng. Thc hin cc c ch pht hin ni chung rt phc tp, phi da trn nhiu k thut v nhiu ngun thng tin khc nhau. V c bn, cc c ch pht hin xm nhp ch yu da vo vic theo di v phn tch cc thng tin trong nht k h thng (system log) v d liu ang lu thng trn mng (network traffic) tm ra cc du hiu ca vi phm. Cc du hiu vi phm ny (gi l signature) thng phi c nhn din trc v m t trong mt c s d liu ca h thng (gi l signature database). V d: khi my tnh b nhim virus. a s cc trng hp ngi s dng pht hin ra virus khi n thc hin ph hoi trn my tnh. Tuy nhin c nhiu virus vn ang dng tim n ch 11

cha thi hnh, khi dng chng trnh qut virus s c th pht hin ra. chng trnh qut virus lm vic c hiu qu th cn thit phi cp nht thng xuyn danh sch virus. Qu trnh cp nht l qu trnh a thm cc m t v du hiu nhn bit cc loi virus mi vo c s d liu (virus database hoc virus list). Phc hi (recovery): mc tiu thit k bao gm cc c ch nhm chn ng cc vi phm ang din ra (response) hoc khc phc hu qu ca vi phm mt cch nhanh chng nht vi mc thit hi thp nht (recovery). Ty theo mc nghim trng ca s c m c cc c ch phc hi khc nhau. C nhng s c n gin v vic phc hi c th hon ton c thc hin t ng m khng cn s can thip ca con ngi, ngc li c nhng s c phc tp v nghim trng yu cu phi p dng nhng bin php b sung phc hi. Mt phn quan trng trong cc c ch phc hi l vic nhn din s h ca h thng v iu chnh nhng s h . Ngun gc ca s h c th do chnh sch an ton cha cht ch hoc do li k thut ca c ch.

I.5 CHIN LC BO MT H THNG AAAAAA (Access control, Authentication, Auditing) c xem l bc tip cn c bn nht v l chin lc nn tng nht thc thi cc chnh sch bo mt trn mt h thng c m t theo m hnh CIA. C s ca chin lc ny nh sau: 1-Quyn truy xut n tt c cc ti nguyn trong h thng c xc nh mt cch tng minh v gn cho cc i tng xc nh trong h thng. 2-Mi khi mt i tng mun vo h thng truy xut cc ti nguyn, n phi c xc thc bi h thng chc chn rng y l mt i tng c quyn truy xut. 3-Sau khi c xc thc, tt c cc thao tc ca i ng u phi c theo di m bo i tng khng thc hin qun quyn hn ca mnh. Cn phn bit vi AAA trong ng cnh qun l mng truy nhp vi ngha Authentication, Authorization, Accounting l dch v trn cc my ch truy nhp t xa (remote access server) thc hin qun l truy nhp mng ca ngi s dng, theo di lu lng s dng v tnh cc truy nhp. AAA trong trng hp ny thng trin khai cng vi cc dch v nh RADIUS, TACACS+, AAA gm 3 lnh vc tch ri nhng hot ng song song vi nhau nhm to ra cc c ch bo v s an ton ca h thng. Phn sau y trnh by chi tit v 3 lnh vc ca AAA.

I.5.1

iu khin truy xut:

iu khin truy xut (Access control) c nh ngha l mt quy trnh c thc hin bi mt thit b phn cng hay mt module phn mm, c tc dng chp thun hay t chi mt s truy xut c th n mt ti nguyn c th. iu khin truy xut c thc hin ti nhiu v tr khc nhau ca h thng, chng hn nh ti thit b truy nhp mng (nh remote access server-RAS hoc wireless access point WAP), ti h thng qun l tp tin ca mt h iu hnh v d NTFS trn Windows hoc trn cc h thng Active Directory Service trong Netware 4.x hay Windows 2000 server, Trong thc t, iu khin truy xut c thc hin theo 3 m hnh sau y: 12

-M hnh iu khin truy xut bt buc (Mandatory Access Control_MAC): l m hnh iu khin truy xut c p dng bt buc i vi ton h thng. Trong mi trng my tnh, c ch iu khin truy xut bt buc c tch hp sn trong h iu hnh, v c tc dng i vi tt c cc ti nguyn v i tng trong h thng, ngi s dng khng th thay i c. V d: trong h thng an ton nhiu cp (multilevel security), mi i tng (subject) hoc ti nguyn (object) c gn mt mc bo mt xc nh. Trong h thng ny, cc i tng c mc bo mt thp khng c c thng tin t cc ti nguyn c mc bo mt cao, ngc li cc i tng mc bo mt cao th khng c ghi thng tin vo cc ti nguyn c mc bo mt thp. M hnh ny c bit hu dng trong cc h thng bo v b mt qun s (m hnh BellLaPadula, 1973). Nhng c im phn bit ca m hnh iu khin truy xut bt buc: -c thit lp c nh mc h thng, ngi s dng (bao gm c ngi to ra ti nguyn) khng thay i c. -Ngi dng v ti nguyn trong h thng c chia thnh nhiu mc bo mt khc nhau, phn nh mc quan trng ca ti nguyn v ngi dng. -Khi m hnh iu khin bt buc c thit lp, n c tc dng i vi tt c ngi dng v ti nguyn trn h thng. -M hnh iu khin truy xut t do (Discretionary Access Control_DAC): l m hnh iu khin truy xut trong vic xc lp quyn truy xut i vi tng ti nguyn c th do ngi ch s hu ca ti nguyn quyt nh. y l m hnh c s dng ph bin nht, xut hin trong hu ht cc h iu hnh my tnh. V d: trong h thng qun l tp tin NTFS trn Windows XP, ch s hu ca mt th mc c ton quyn truy xut i vi th mc, c quyn cho php hoc khng cho php ngi dng khc truy xut n th mc, c th cho php ngi dng khc thay i cc xc lp v quyn truy xut i vi th mc.Xem v thay i quyn truy xut DAC trn mt th mc trong Windows XP: -Khi ng Windows Explorer bng cch click phi vo biu tng My Computer v chn Explorer. -Mc nh, Windows XP khng th hin cc thng tin chi tit v quyn truy xut i vi th mc. Mun th hin cc thng tin ny, vo menu Tools, chn Folder Options, click vo tab View, trong ca s Advanced settings, tm dng Use simple file sharing (Recommended) cui danh sch v b tu chn ny (uncheck), chn OK. -Click phi vo mt th mc tu trong ca s Windows Explorer, chn Properties, click vo tab Security (Hnh 1.2). -Ca s Group or User names lit k cc ngi dng v nhm ngi dng hin c trong h thng. Ca s Permissions for lit k cc quyn c gn cho nhm hoc ngi dng tng ng. -Th cho php hoc xo b cc quyn mc nh ca mt ngi dng bt k.

Hnh 1.2: iu khin truy xut t do trong Windows XP

c im phn bit ca m hnh iu khin truy xut t do: 13

-Khng c p dng mc nh trn h thng -Ngi ch s hu ca ti nguyn (owner), thng l ngi to ra ti nguyn hoc ngi c gn quyn s hu, c ton quyn iu khin vic truy xut n ti nguyn. -Quyn iu khin truy xut trn mt ti nguyn c th c chuyn t i tng (user) ny sang i tng (user) khc. -M hnh iu khin truy xut theo chc nng (Role Based Access Control_RBAC): y l m hnh iu khin truy xut da trn vai tr ca tng ngi dng trong h thng (user roles). V d: mt ngi qun l ti chnh cho cng ty (financial manager) th c quyn truy xut n tt c cc d liu lin quan n ti chnh ca cng ty, c thc hin cc thao tc sa, xa, cp nht trn c s s liu. Trong khi , mt nhn vin k ton bnh thng th ch c truy xut n mt b phn no ca c s d liu ti chnh v ch c thc hin cc thao tc c gii hn i vi c s d liu. Vn quan trng trong m hnh iu khin truy xut theo chc nng l nh ngha cc quyn truy xut cho tng nhm i tng ty theo chc nng ca cc i tng . Vic ny c nh ngha mc h thng v p dng chung cho tt c cc i tng. C ch qun l theo nhm (account group) ca Windows NT chnh l s m phng ca m hnh RBAC. Trong c ch ny, ngi s dng c gn lm thnh vin ca mt hoc nhiu nhm trong h thng, vic phn quyn truy xut n cc ti nguyn c thc hin i vi cc nhm ch khng phi i vi tng ngi dng, khi cc ngi dng thnh vin trong nhm s nhn c quyn truy xut tng ng mt cch mc nh. Vic thay i quyn truy xut i vi tng ngi dng ring bit c thc hin bng cch chuyn ngi dng sang nhm khc c quyn truy xut thch hp. c im phn bit ca m hnh iu khin truy xut theo chc nng: -Quyn truy xut c cp da trn cng vic ca ngi dng trong h thng (users role) -Linh ng hn m hnh iu khin truy xut bt buc, ngi qun tr h thng c th cu hnh li quyn truy xut cho tng nhm chc nng hoc thay i thnh vin trong cc nhm. -Thc hin n gin hn m hnh iu khin truy xut t do, khng cn phi gn quyn truy xut trc tip cho tng ngi dng. ng dng cc m hnh iu khin truy xut trong thc t: Trong thc t, m hnh iu khin truy xut t do (DAC) c ng dng rng ri nht do tnh n gin ca n i vi ngi dng. Tuy nhin, DAC khng m bo c cc yu cu c bit v an ton h thng. Do vy, mt m hnh thch hp nht l phi hp c 3 m hnh: m hnh iu khin truy xut bt buc, m hnh iu khin truy xut t do v m hnh iu khin truy xut theo chc nng. Ngoi m hnh DAC c tch hp trong hu ht cc h iu hnh; m hnh RBAC c ng dng trong dch v Active Directory ca Netware 4.11 v Windows 2000 tr v sau; m hnh MAC c a vo trong cc h iu hnh nh Windows Vista (di dng c ch Mandatory Integrity Control), SELinux (k c Red Hat Enterprise Linux version 4), Trusted Solaris v Apple Computer (MAC OS X version 10.5 Leopard).

I.5.2

Xc thc:

14

Xc thc (Authentication) l mt th tc c chc nng xc minh nhn dng (identity) ca mt i tng trc khi trao quyn truy xut cho i tng ny n mt ti nguyn no . Xc thc c thc hin da trn 3 c s: -What you know (iu m i tng bit), v d mt khu. -What you have (ci m i tng c), v d th thng minh Smartcard. -What you are (c trng ca i tng): cc c im nhn dng sinh trc hc nh du vn tay, vng mc, Trong mi trng my tnh, xc thc c dng nhiu ng cnh khc nhau, v d: xc thc tn ng nhp v mt khu ca ngi s dng (hnh 1.3) trc khi cho php ngi s dng thao tc trn h thng my tnh (xc thc ca h iu hnh), xc thc tn ng nhp v mt khu trc khi cho php ngi dng kim tra hp th in t (xc thc ca Mail server); trong giao dch ngn hng, th tc xc thc dng xc nh ngi ang ra lnh thanh ton c phi l ch ti khon hay khng; trong trao i thng tin, th tc xc thc dng xc nh chnh xc ngun gc ca thng tin.

Trm lm vic (workstation)

My ch (server)

Hnh 1.3: Xc thc bng tn ng nhp v mt khu Nhiu k thut khc nhau c p dng thc thi c ch xc thc. C ch xc thc dng tn ng nhp v mt khu l c ch truyn thng v vn cn c s dng rng ri hin nay. Khi vic xc thc c thc hin thng qua mng, mt s h thng thc hin vic mt m ho tn ng nhp v mt khu trc khi truyn i trnh b tit l, nhng cng c nhiu h thng gi trc tip nhng thng tin nhy cm ny trn mng (v d nh cc dch v FTP, Telnet, ) gi l cleartext authentication. Mt s k thut tin tin hn c dng trong xc thc nh th thng minh (Smartcard), chng thc s (digital certificate), cc thit b nhn dng sinh trc hc (biometric devices), tng tin cy ca c ch xc thc, nhiu k thut c s dng phi hp nhau gi l multi-factor authentication. V d: xc thc dng th thng minh km vi mt khu, ngha l ngi s dng va c th va phi bit mt khu th mi ng nhp c, trnh trng hp ly cp th ca ngi khc ng nhp.

15

Trong thc t tn ti hai phng thc xc thc: xc thc mt chiu (one way authentication) v xc thc hai chiu (mutual authentication). Phng thc xc thc mt chiu ch cung cp c ch mt i tng (thng l my ch) kim tra nhn dng ca i tng kia (ngi dng) m khng cung cp c ch kim tra ngc li (tc khng cho php ngi dng kim tra nhn dng ca my ch). Xt trng hp mt ngi s dng ng nhp vo mt hp th in t xa thng qua dch v web (web mail). Ngi s dng d nhin phi cung cp tn ng nhp v mt khu ng th mi c php truy xut hp th. nh cp mt khu ca ngi dng, k tn cng c th xy dng mt trang web han tan ging vi giao din ca my ch cung cp dch v th in t (mail server) v nh la ngi s dng kt ni n trang web ny. Do khng c c ch xc thc my ch, ngi s dng khng th nhn bit y l mt my ch gi mo nn yn tm cung cp tn ng nhp v mt khu. Phng thc kim tra hai chiu cho php hai i tng tham gia giao tc xc thc ln nhau, do tnh chnh xc ca qu trnh xc thc c m bo. Giao thc bo mt SSL (Secure Sockets Layer) dng trong dch v web (c trnh by chng III) cung cp c ch xc thc hai chiu dng chng thc s. C nhiu gii thut xc thc khc nhau. Gii thut n gin nht ch cn so snh tn ng nhp v mt khu m ngi s dng cung cp vi tn ng nhp v mt khu c lu trong h thng, nu ging nhau ngha l th tc xc thc thnh cng (PAP). Gii thut phc tp hn nh CHAP th thc hin vic mt m ha thng tin trn mt gi tr ngu nhin no do my ch a ra (gi l challenge) trnh trng hp mt khu b c ln trn mng v cc hnh thc tn cng pht li (replay attack). Mt gii thut phc tp khc l Kerberos thc hin th tc xc thc theo mt qu trnh phc tp gm nhiu bc nhm m bo hn ch tt c cc nguy c gy nn xc thc sai. Cc gii thut xc thc c trnh by cho tit phn I ca chng III.

I.5.3

Kim tra:

Kim tra (Auditing) l c ch theo di hot ng ca h thng, ghi nhn cc hnh vi din ra trn h thng v lin kt cc hnh vi ny vi cc tc nhn gy ra hnh vi. V d: ci t c ch kim tra cho mt th mc trong h thng tp tin NTFS s cho php ngi qun tr theo di cc hot ng din ra trn th mc nh: thao tc no c thc hin, ngy gi thc hin, ngi s dng no thc hin, Cc mc tiu ca kim tra: -Cung cp cc thng tin cn thit cho vic phc hi h thng khi c s c -nh gi mc an ton ca h thng c k hoch nng cp kp thi -Cung cp cc thng tin lm chng c cho vic pht hin cc hnh vi truy xut tri php trn h thng. Trong mt h thng tin cy (reliable system) th vic kim tra cng l mt yu cu quan trng bi v n m bo rng cc hnh vi ca bt k ngi dng no trong h thng (k c nhng ngi dng hp h c xc thc authenticated user) cng u c theo di chc chn rng nhng hnh vi din ra ng theo cc chnh sch an ton c nh ngha trn h thng. Nguyn tc chung khi xy dng cc h thng an tan l chia nh cc th tc thnh nhiu cng on c thc hin bi nhiu tc nhn khc nhau, v do vic thc hin hon chnh mt th tc yu cu phi c s tham gia ca nhiu tc nhn. y l c s thc thi cc c ch kim tra.

16

V d: cng vic gi kho hng v cng vic qun l s sch phi c thc hin bi hai nhn vin khc nhau trnh trng hp mt nhn vin va c th ly hng ra ngoi va c th thay i thng tin trong s qun l. Nguyn tc ny c p dng trit trong c ch kim tra trn h thng nhm phn bit r rng gia chc nng kim tra vi cc hot ng c kim tra. Thng thng, mt i tng c kim tra s khng c quyn thay i cc thng tin m c ch kim tra ghi li. Cc thnh phn ca h thng kim tra: -Logger: Ghi li thng tin gim st trn h thng -Analyzer: Phn tch kt qu kim tra -Notifier: Cnh bo v tnh an ton ca h thng da trn kt qu phn tch. Song song vi c ch kim tra thng trc trn h thng (auditing), vic kim tra h thng nh k (system scanning) c chc nng kim tra v pht hin cc s h k thut nh hng n s an ton ca h thng. Cc chc nng c th thc hin bi cc chng trnh kim tra h thng trn my tnh thng gp: -Kim tra vic tun th chnh sch an ton v mt khu (password policy), v d: ngi dng c i mt khu thng xuyn khng, di mt khu, phc tp ca mt khu, -nh gi kh nng xm nhp h thng t bn ngoi. -Kim tra phn ng ca h thng i vi cc du hiu c th dn n tn cng t chi dch v hoc s c h thng (system crash). Lu rng, cc cng c kim tra h thng cng ng thi l cc cng c m nhng k tn cng (attacker) s dng pht hin cc l hng bo mt trn h thng, t thc hin cc thao tc tn cng khc. C nhiu phn mm qut h thng, in hnh nh SATAN (System Administrator Tool for Analyzing Network), Nessus, Nmap, Ci t chc nng Audit ca h iu hnh Windows XP ln mt th mc trn mt phn vng NTFS: -Mc nh, Windows XP khng p dng c ch kim tra, do cn phi kch hot c ch kim tra ca Windows XP dng Local Security Policy nh sau: Vo Control Panel, chn Administrative Tools, chn Local Security Policy, trong khung Security Settings bn tri ca s, double-click vo mc Local Policy, sau click vo mc Audit Policy. Khi , khung bn phi ca s lit k cc chc nng kim tra ca Windows XP. kch hot c ch kim tra trn th mc, tm dng Audit object access, double-click vo dng ny v chn c hai mc Success v Failure trong ca s mi m. Click OK v ng tt c cc ca s li. - p dng c ch kim tra trn mt th mc no : khi ng Windows explorer, tm mt th mc mun kim tra v click phi vo th mc ny, chn Properties, click vo tab Security, click vo nt Advanced, sau click vo tab Auditing. Trong ca s Auditing entries lit k cc mc kim tra ci t. to mt mc mi, click vo nt Add, chn tn ngi dng hoc nhm cn kim tra trong ca s Select User or Group va xut hin, click OK. Ca s Aditing Entry for xut hin, chn cc thao tc mun kim tra, v d Delete Subfolders and Files theo di cc hnh vi xo tp tin v th mc con trong mc ny. Cn chn c hai loi s kin l Successful v Failed. Click OK v ng tt c cc ca s li. -Bt u t y, tt c cc thao tc xo cc tp tin v th mc con trong th mc chn c thc hin bi ngi dng hoc nhm ch nh trn u c theo di v ghi li trong nht k h thng. Mun xem cc thng tin ny th vo Control Panel, chn Administrative Tools, chn Event Viewer v chn mc Security.

17

Hnh 1.4: Ci t Auditing trn th mc NTFS Tm li, AAA l phng php tip cn c bn nht thc hin mt h thng bo mt theo m hnh CIA. Phng php ny gm 3 phn tch ri: -Thit lp cc c ch iu khin truy xut cho tng i tng (Access control) -Xc thc cc i tng trc khi cho php thao tc trn h thng (Authentication) -Theo di cc thao tc ca i tng trn h thng (Auditing)

I.6 CC HNH THC XM NHP H THNGThut ng xm nhp (intrusion) v tn cng (attack) c s dng vi ngha gn ging nhau trong ng cnh bo mt h thng. Xm nhp mang ngha ph qut hn, ch bt k mt s kin no c xm hi n s an ton ca h thng, mt cch ch ng hoc th ng. Tn cng thng c dng ch cc hnh vi xm nhp ch ng, c thc hin bi con ngi nhm vo mt h thng vi mc ch khai thc hoc ph hoi. Mc tiu ca xm nhp l tc ng vo 3 thuc tnh CIA ca h thng. Mt cch tng qut, s an ton ca mt h thng thng tin c th b xm phm bng nhng cch sau y: -Interruption: lm gin on hot ng ca h thng thng tin, v d nh ph hoi phn cng, ngt kt ni, ph hoi phn mm, Hnh thc xm nhp ny tc ng vo c tnh Kh dng ca thng tin. -Interception: truy xut tri php vo h thng thng tin. Tc nhn ca cc hnh vi xm nhp kiu Interception c th l mt ngi, mt phn mm hay mt my tnh lm vic bng cch quan st dng thng tin (monitor) nhng khng lm thay i thng tin gc. Hnh thc xm nhp ny tc ng vo c tnh B mt ca thng tin.

18

-Modification: truy xut tri php vo h thng thng tin, ng thi lm thay i ni dung thng tin, v d xm nhp vo my tnh v lm thay i ni dung mt tp tin, thay i mt chng trnh lm cho chng trnh lm vic sai, thay i ni dung mt thng bo ang gi i trn mng, v.v Hnh thc xm nhp ny tc ng vo tnh Ton vn ca thng tin. -Ngoi ra, mt hnh thc xm nhp th t l hnh thc xm nhp bng thng tin gi danh (Farbrication), v d, gi danh mt ngi no gi mail n mt ngi khc, gi mo a ch IP ca mt my no kt ni vi mt my khc, Hnh thc xm nhp ny lm thay i ngun gc thng tin, tc cng l tc ng vo c tnh Ton vn ca thng tin.

i tng xm nhp

Mng Ngi dng My ch

Hnh 1.5: Xm nhp kiu Interruption

i tng xm nhp

Mng Ngi dng Ngi dng

Hnh 1.6: Xm nhp kiu Interception

Trong thc t, vic xm nhp h thng c thc hin bi rt nhiu phng thc, cng c v k thut khc nhau, thm vo , vic pht hin ra cc phng thc xm nhp mi l vic xy ra rt thng xuyn, nn vn nhn dng v phn loi cc xm nhp mt cch c h thng l kh khn v khng chnh xc. C th phn loi xm nhp theo cc tiu ch sau y: 19

-Phn loi theo mc tiu xm nhp (xm nhp mng, xm nhp ng dng, xm nhp hn hp) -Phn loi theo tnh cht xm nhp (xm nhp ch ng, xm nhp th ng) -Phn loi theo k thut xm nhp (d mt khu, phn mm khai thc, ) Trong ti liu ny, vi mc tiu l gip ngi c nhn din c nhng phng thc xm nhp h thng c bn v ph bin c ghi nhn v phn tch, nn cc hnh thc xm nhp c trnh by theo hai nhm nh sau: 1-Cc phng thc tn cng (attacks) 2-Cc phng thc xm nhp h thng bng phn mm ph hoi (malicious codes)

i tng xm nhp

Mng Ngi dng Ngi dng

Hnh 1.7: Xm nhp kiu Modification

i tng xm nhp

Mng Ngi dng Ngi dng

Hnh 1.8: Xm nhp kiu Farbrication

I.6.1

Cc phng thc tn cng:-Tn cng t chi dch v DoS (Denial of Service):

Dng tn cng ny khng xm nhp vo h thng ly cp hay thay i thng tin m ch nhm vo mc ch ngn chn hot ng bnh thng ca h thng, c bit i vi cc h thng phc v trn mng cng cng nh Web server, Mail server, 20

V d: k tn cng dng phn mm t ng lin tc gi d liu n mt my ch trn mng, gy qu ti cho my ch, lm cho my ch khng cn kh nng cung cp dch v mt cch bnh thng. Cc tn cng t chi dch v thng rt d nhn ra do tc ng c th ca n i vi h thng. Mc tiu tn cng ca t chi dch v c th l mt my ch hoc mt mng con (bao gm c thit b mng nh router v kt ni mng). C s ca tn cng t chi dch v l cc s h v bo mt trong cu hnh h thng (cu hnh firewall), s h trong giao thc kt ni mng (TCP/IP) v cc l hng bo mt ca phn mm, hoc n gin l s hn ch ca ti nguyn nh bng thng kt ni (connection bandwidth), nng lc ca my ch (CPU, RAM, a cng, ). Tn cng t chi dch v thng c thc hin thng qua mng Intrenet, nhng cng c th xut pht t trong ni b h thng di dng tc ng ca cc phn mm c nh worm hoc trojan. Hai k thut thng dng gy ra cc tn cng t chi dch v truyn thng tng ng vi hai mc tiu tn cng l Ping of Death v buffer-overflow. Ping of Death tn cng vo kt ni mng (bao gm c router) bng cch gi lin tc v vi s lng ln cc gi d liu ICMP (Internet Control Message Protocol) n mt mng con no , chim ton b bng thng kt ni v do gy ra tc nghn mng. Buffer-overflow (c m t phn software exploitation attacks) tn cng vo cc my ch bng cch np d liu vt qu gii hn ca b m (buffer) trn my ch, gy ra li h thng. Cc tn cng t chi dch v ni ting trong lch s bo mt my tnh nh Code Red, Slapper, Slammer, l cc tn cng s dng k thut buffer-overflow.

Tn cng t chi dch v thng khng gy tit l thng tin hay mt mt d liu m ch nhm vo tnh kh dng ca h thng. Tuy nhin, do tnh ph bin ca t chi dch v v c bit l hin nay cha c mt gii php hu hiu cho vic ngn chn cc tn cng loi ny nn t chi dch v c xem l mt nguy c rt ln i vi s an ton ca cc h thng thng tin. -Tn cng t chi dch v phn tn (Distributed DoS hay DDoS): L phng thc tn cng da trn nguyn tc ca t chi dch v nhng c mc nguy him cao hn do huy ng cng lc nhiu my tnh cng tn cng vo mt h thng duy nht. Tn cng t chi dch v phn tn c thc hin qua 2 giai on: 1-K tn cng huy ng nhiu my tnh trn mng tham gia t chi dch v phn tn bng cch ci t cc phn mm iu khin t xa trn cc my tnh ny. Cc my tnh c ci t phn mm iu khin ny c gi l cc zoombie. thc hin bc ny, k tn cng d tm trn mng nhng my c nhiu s h tn cng v ci t cc phn mm iu khin t xa ln m ngi qun l khng hay bit. Nhng phn mm ny c gi chung l backdoor. 2-K tn cng iu khin cc zoombie ng lot thc hin tn cng vo mc tiu. M hnh mt chui tn cng chi dch v phn tn in hnh c m t hnh 1.9. Cc thnh phn tham gia trong chi dch v phn tn bao gm: -Client: phn mm iu khin t xa c k tn cng s dng iu khin cc my khc tham gia tn cng. My tnh chy phn mm ny c gi l master. 21

-Deamon: phn mm chy trn cc zoombie, thc hin yu cu ca master v l ni trc tip thc hin tn cng chi dch v (DoS) n my nn nhn.Master (client)

Zoombie (Deamon)

Mc tiu

Hnh 1.9: Tn cng t chi dch v phn tn (DDoS) -Tn cng gi danh (Spoofing attack): y l dng tn cng bng cch gi danh mt i tng khc (mt ngi s dng, mt my tnh vi mt a ch IP xc nh hoc mt phn mm no ) thc hin mt hnh vi. V d 1: mt ngi c th gi danh a ch e-mail ca mt ngi khc gi th n mt ngi th ba, y l trng hp i tng b gi danh l mt ngi s dng. V d 2: mt my tnh trn mng c th to ra cc gi d liu mang a ch IP ngun (source IP address) khng phi l a ch ca mnh gi cho my khc (gi l IP spoofing), y l trng hp i tng b gi danh l mt my tnh. V d 3: trng hp th ba l trng hp m i tng b gi danh l mt phn mm, v d chng trnh xc thc ngi s dng (user logon) trn h iu hnh Windows. Bng cch to ra mt chng trnh c giao din ging nh ca s logon ca Windows v cho thc hin khi Windows khi ng. Ngi s dng khng phn bit c y l ca s gi nn nhp tn ng nhp v mt khu cho chng trnh ny v hu qu l nhng thng tin ny b tit l. Tn cng gi danh nh cp trn l hnh thc in hnh nht ca spoofing attack, tn ti song song vi nhng khim khuyt v k thut ca b giao thc TCP/IP. Ngy nay, Tn cng gi danh pht trin thm mt hng mi da trn s ph bin ca mng Internet, l Phishing. Phishing hot ng bng cch gi danh cc a ch e-mail hoc a ch trang web nh la ngi s dng. -Tn cng xen gia (Man-in-the-middle attack): y l phng thc tn cng bng cch xen vo gia mt th tc ang din ra, thng xy ra trn mng IP, nhng cng c th xy ra trong ni b mt my tnh. Trn mng, k tn cng bng mt cch no xen vo mt kt ni, c bit giai on thit lp kt ni gia ngi dng vi my ch, v thng qua nhn c nhng thng tin quan 22

trng ca ngi dng. Tn cng xen gia c bit ph bin trn mng khng dy (wireless network) do c tnh d xm nhp ca mi trng khng dy. Do vy, vic p dng cc k thut m ho (nh WEP, WPA, ) l iu rt quan trng m bo an ton cho mng khng dy. Cn trn mt my tnh, tn cng dng ny c th c thc hin di dng mt chng trnh thu thp thng tin n (key-logger), chng trnh ny s m thm chn bt tt c nhng thng tin m ngi dng nhp vo t bn phm, trong c th s c nhiu thng tin quan trng.

I.1.1

Cli

K tn cng xen vo gia mt th tc bt tay ly thng tin.

I.1.2

Se

Hnh 1.10: Tn cng xen gia (Man-in-the-middle) -Tn cng pht li (Replay attack): Trong phng thc tn cng ny, cc gi d liu lu thng trn mng c chn bt v sau pht li (replay). Trong mi trng mng, thng tin xc thc gia ngi dng v my ch c truyn i trn mng. y l ngun thng tin thng b tn cng nht. Nu khi pht li, my ch chp nhn thng tin ny th my tn cng c kh nng truy xut vo my ch vi quyn ca ngi dng trc .Thng tin xc thc gi cho server

Client

Thng tin xc thc b chn bt

Server Thng tin xc thc c pht li

K tn cng

Hnh 1.11: Tn cng pht li (Replay)

-Nghe ln (Sniffing attack): y l hnh thc ly cp d liu bng cch c ln trn mng. Hu ht cc card mng iu c kh nng chn bt (capture) tt c cc gi d liu lu thng trn mng, mc d gi d liu khng c gi n cho mnh. Nhng card mng c kh nng nh th c gi l ang ch promiscuous. C rt nhiu phn mm cho php thc hin chn bt d liu t mt my ang kt ni vo mng, v d Ethereal, Common view hoc Network monitor c sn trn Windows server (2000

23

hoc 2003 server). Bng vic c v phn tch cc gi d liu bt c, k tn cng c th tm thy nhiu thng tin quan trng tin hnh cc hnh thc tn cng khc. -Tn cng mt khu (Password attack): L hnh thc truy xut tri php vo h thng bng cch d mt khu. C hai k thut d mt khu ph bin: -D tun t (Brute force attack): D mt khu bng cch th ln lt cc t hp k t, thng thng vic ny c thc hin t ng bng phn mm. Mt khu cng di th s ln th cng ln v do kh b pht hin hn. Mt s h thng quy nh chiu di ti thiu ca mt khu. Ngoi ra ngn chn vic th mt khu nhiu ln, mt s h thng ngt kt ni nu lin tip nhn c mt khu sai sau mt s ln no . -D theo t in (Dictionary attack): th ln lt cc mt khu m ngi s dng thng dng. cho dn gin, ngi s dng thng c thi quen nguy him l dng nhng thng tin d nh lm mt khu, v d nh tn mnh, ngy sinh, s in thoi, Mt s h thng hn ch nguy c ny bng cch nh ra cc chnh sch v mt khu (password policy), quy nh kh ti thiu ca mt khu, v d mt khu phi khc vi nhng thng tin lin quan n c nhn ngi s dng, phi bao gm c ch hoa v ch thng, ch ci v cc mu t khc ch ci, Mt s k thut tn cng da trn giao thc TCP/IP: Giao thc TCP/IP l giao thc chun c s dng trong hu ht cc mng my tnh, v l giao thc bt buc trn mng Internet. Nhng khng may, TCP/IP cha trong n nhiu s h v bo mt dn n nhng tn cng da trn nguyn l ca TCP/IP nh sau: -Lm trn kt ni TCP (TCP SYN/ACK flooding attack): y l tn cng khai thc th tc bt tay ba chiu (three-way handshake) ca TCP. Mc ch ca tn cng l gy ra qu ti kt ni trn my ch v dn ti t chi dch v (DoS). Hnh 1.12 m t th tc bt tay ba chiu trong tnh hung bnh thng. Khi mt my (client) mun kt ni mt my khc (server) qua mt dch v no , n bt u bng cch gi bn tin SYN ti server trn cng (port) tng ng ca dch v . Ngay sau , server dnh ring mt kt ni cho client ny v tr li bng mt bn tin SYN/ACK cho client. hon thnh kt ni, client phi mt ln na tr li bng mt bn tin ACK gi n server. Trong trng hp khngSYN message SYN/ACK message ACK message

Hnh 1.12: Th tc bt tay ba chiu ca TCP/IP nhn c bn tin ACK tr li t pha client th server phi ch cho n khi ht thi hiu (timeout) ri mi gii to kt ni ny. Vi s h ny, nu mt k tn cng c tnh to ra cc bn ACK lin tip gi n server nhng khng hi p (tc khng gi li bn tin ACK cho server), th n mt thi im no , tt c cc kt ni c th c ca server u dnh ht cho vic ch i ny v do khng c kh nng phc v cho cc kt ni khc. Hnh 1.13 trnh by phng thc tn cng dng SYN/ACK flooding. 24

ACK message ACK message ACK message ACK message K tn cng ACK message ACK message My ch

Hnh 1.13: Tn cng TCP SYN/ACK flooding

-Tn cng da vo s th t ca TCP (TCP sequence number attack): Trong qu trnh truyn d liu gia cc my s dng giao thc TCP, s th t (sequence number) l mt thng tin quan trng gip xc nh th t cc gi d liu v xc nhn cc gi c nhn thnh cng. S th t c nh theo tng byte d liu v c duy tr mt cch ng b gia bn gi v bn nhn. Nu mt my th ba, bng cch no , chn bt c cc gi d liu ang c trao i v on c s th t ca qu trnh truyn nhn d liu, n s c kh nng xen vo kt ni, lm ngt kt ni ca mt u v nhy vo thay th (hijacking). Hnh 1.14 m t phng thc hot ng ca tn cng ny.

Server K tn cng S th t

My b tn cng

Hnh 1.14: Tn cng da vo s th t TCP (TCP sequence number attack) -Chim kt ni TCP (TCP Hijacking): Ging nh phng thc tn cng trn (sequence number attack), nhng sau khi on c s th t, my tn cng s c gng chim ly mt u ca kt ni hin hu m u kia khng hay bit tip tc truyn nhn d liu, khi thng tin trao i gia hai my ban u b chuyn sang mt my th ba. Hnh 1.15 trnh by hot ng ca phng thc tn cng ny. -Tn cng dng giao thc ICMP (ICMP attack): ICMP (Internet Control Message Protocol) l mt giao thc iu khin dng trong mng IP. Giao thc ny thng c s dng thc hin cc th tc iu khin trn mng IP nh

25

kim tra cc kt ni (v d khi thc hin cc lnh Ping, Tracert, ). Hai phng thc tn cng ph bin da trn ICMP bao gm:

Ngt kt ni ca client n server

Chim kt ni hin ti ca client

Server

Client

My tn cng

Hnh 1.15: Chim kt ni TCP (TCP connection hijacking) -Smurf attack: (cn c gi la Ping of Death). Nguyn l hot ng ca ICMP l hi p li (reply) khi nhn c cc yu cu (echo request) t cc my khc, do chc nng ca ICMP l kim tra cc kt ni IP. Da vo nguyn l ny, mt k tn cng c th gi danh mt a ch IP no (IP spoofing) v gi mt yn cu (echo request) n tt c cc my trong mng ni b (bng cch s dng a ch qung b broadcast). Ngay lp tc, tt c cc my ny u ng lot tr li cho my c a ch IP b gi danh, dn n my ny b tc nghn khng cn kh nng hot ng bnh thng. Mc tiu ca tn cng smurf l lm t lit mt my no bng cc gi ICMP. Hnh 1.16 m t hot ng ca phng thc tn cng smurf.Cc my trong nhm qung b

My tn cng Thc hin lnh Ping n a ch qung b ca mng t a ch gi danh

Tt c cc my trong nhm qung b ng lot gi tr li v my c a ch IP b gi danh, gy tc nghn My b tn cng

Hnh 1.16: Tn cng Ping of Death 26

-ICMP tunneling: Do gi d liu ICMP thng c chp nhn bi nhiu my trn mng, nn k tn cng c th li dng iu ny chuyn cc thng tin khng hp l thng qua cc gi d liu ICMP. ngn chn cc tn cng ny, cch tt nht l t chi tt c cc gi d liu ICMP. -Tn cng khai thc phn mm (Software exploitation): y l tn gi chung ca tt c cc hnh thc tn cng nhm vo mt chng trnh ng dng hoc mt dch v no lp ng dng. Bng cch khai thc cc s h v cc li k thut trn cc phn mm v dch v ny, k tn cng c th xm nhp h thng hoc lm gin on hot ng bnh thng ca h thng. Tn cng trn b m (buffer overflow attack): l phng thc tn cng vo cc li lp trnh ca s phn mm. Li ny c th do lp trnh vin, do bn cht ca ngn ng hoc do trnh bin dch. Ngn ng C l ngn ng c nhiu kh nng gy ra cc li trn b m nht, v khng may, y l ngn ng vn c dng rng ri nht trong cc h iu hnh, cc chng trnh h thng, c bit trong mi trng Unix v Linux.a s cc trnh bin dch C khng kim tra gii hn vng nh cp pht cho cc bin, do , khi d liu lu vo vng nh vt qua gii hn cp pht, n s ghi chng qua nhng vng nh k cn v gy ra li. V d: khi lp trnh, mt khu m ngi dng nhp vo thng c x l di dng mt chui (string), v c khai bo vi chiu di xc nh, v d 32 k t. Tuy nhin, nu trong chng trnh khng thc hin vic kim tra chiu di mt khu trc khi x l v trnh bin dch cng thng t ng thc hin vic ny th khi ngi s dng nhp mt khu c chiu di ln hn 32 k t, ton b chui k t ny s trn vng nh cp pht v c th gy ra li trn b m.

Ngoi tn cng trn b m, cc phng thc tn cng khc nhm vo vic khai thc cc s h ca phn mm v dch v bao gm: khai thc c s d liu (database exploitation), khai thc ng dng (application exploitation) v d nh cc loi macro virus, khai thc cc phn mm gi th in t (e-mail exploitation), -Cc k thut nh la (Social enginerring): y l phng thc tn cng khng s dng k thut hay my tnh xm nhp h thng m bng cc k xo gian ln tm kim cc thng tin quan trng, ri thng qua m xm nhp h thng. V d, mt k tn cng gi danh l mt nhn vin h tr k thut gi in thoi n mt ngi trong h thng trao i cng vic, thng qua cuc trao i ny khai thc cc thng tin cn thit thc hin hnh vi xm nhp h thng. R rng, phng thc ny khng s dng cc k thut tn cng, nn c gi l social engineering. y cng l mt trong nhng loi tn cng ph bin, v i tng m n nhm n l vn con ngi trong h thng.

I.6.2

Cc phng thc xm nhp h thng bng phn mm ph hoi

K thut v hnh thc tn cng mi thng xuyn c pht hin v nng cp. trn ch gii thiu cc hnh thc tn cng ph bin c pht hin v phn tch. Ngoi cc hnh thc tn cng nh trn, cc h thng thng tin cn phi i mt vi mt nguy c xm nhp rt ln l cc phn mm virus, worm, spyware, gi chung l cc phn mm ph hoi hay phn mm c (malicious code). Sau y s tp trung trnh by cc hnh thc xm nhp ny. Cc phn mm c c chia thnh cc nhm sau y: Virus, worm, Trojan horse v logic bomb.

27

-Virus: L phn mm n, kch thc nh v c gn vo mt tp tin ch no , thng thng l cc tp tin thc thi c, nh virus mi c kh nng ph hoi v lan truyn sang cc my khc. Mt s loi virus li gn vi cc tp tin ti liu (v d nh word, excel, ) v c gi l cc virus macro. Virus lan truyn gia cc my tnh thng qua vic sao chp cc tp tin c nhim virus t a mm, a CD, a flash, hoc thng qua cc tp tin gi km theo e-mail. Phm vi ph hoi ca virus l rt ln. Thng thng nht, cc virus thng gy ra mt mt d liu, h hng phn mm v h hng c h iu hnh. Nu trn my cha ci t sn cc chng trnh qut virus th du hiu thng thng nht nhn bit c virus trn my tnh l: -Xut hin cc thng bo l trn mn hnh -My tnh lm vic chm i ng k, c bit khi khi ng chng trnh. -Mt t ngt mt hoc nhiu tp tin trn a. -Li phn mm khng r l do. -Kch thc mt s tp tin, c bit l cc tp tin thc thi, tng ln bt thng. -My tnh t khi ng li khi ang lm vic - Hnh 1.17 m t vic ly lan ca virus thng qua ng sao chp tp tin (bng a hoc qua cc tp tin dng chung trn mng). Hnh 1.18 m t qu trnh pht tn virus thng qua email. C th thy mc pht tn ca virus thng qua e-mail nghim trng hn nhiu, bi v i vi hnh thc ly lan qua ng sao chp tp tin th ch c cc my tnh ch ng sao chp tp tin mi b nhim virus; ngc li trong phng thc pht tn bng e-mail, nhng my khng ch ng sao chp tp tin cng c kh nng b ly nhim nu v m nhng tp tin nhim virus c gi km theo e-mail.

My b nhim virus

My cha b nhim virus

Hnh 1.17: Virus ly lan t my ny sang my khc qua phng tin lu tr (a) hoc qua th mc dng chung trn mng

28

Hnh 1.18: Virus pht tn qua e-mail -Worm: L loi phn mm c c c ch hot ng v tm ph hoi gn ging nh virus. im khc nhau c bn gia worm v virus l worm c kh nng t sao chp thng qua mng (trong khi virus phi nh vo thao tc sao chp ca ngi s dng) v t tn ti nh mt chng trnh c lp (trong khi virus phi gn vo mt tp tin khc). c trng c bn nht ca worm l tnh pht tn nhanh trn phm vi rng bng nhiu phng tin khc nhau, nh s dng trc tip giao thc TCP/IP, s dng cc dch v mng lp ng dng, pht tn qua e-mail v nhiu phng tin khc. Worm Nimda xut hin nm 2001 l mt worm in hnh vi tc pht tn cc nhanh v mc nguy him ln, c th gy t lit cc h thng mng ln s dng h iu hnh Windows trong nhiu gi. -Trojan horse: Mt dng phn mm c hot ng np di danh ngha mt phn mm hu ch khc, v s thc hin cc hnh vi ph hoi h thng khi chng trnh gi danh c kch hot bi ngi s dng. Trojan khng c kh nng t sao chp nh worm (m phi gi dng thnh mt phn mm c ch hoc c gn vo mt phn mm thc thi khc c ci t vo my), khng c kh nng t thc thi nh virus (m ch thc hin khi ngi s dng khi ng chng trnh). Mc ph hoi ca Trojan cng rt a dng, trong quan trong nht l thc thi nh mt phn mm gin ip (back-door) gip cho nhng k tn cng t xa c th d dng xm nhp h thng. Spyware l mt v d ca Trojan, y l cc phn mm c t ng ci vo my khi ngi s dng ti cc phn mm trn Internet v ci trn my ca mnh. Spyware c th t ng gi e-mail, t ng m cc trang web hoc thc hin cc hnh vi khc gy nh hng n hot ng bnh thng ca my tnh b nhim. 29

-Logic bomb: L cc phn mm nm n trn my tnh v ch thc hin khi c mt s kin no xy ra, v d khi ngi qun tr mng ng nhp vo h thng, khi mt ng dng no c chy hoc n mt ngy gi nh trc no . Thng thng, khi c thc hin, logic bomb gi mt thng bo v mt my trung tm nh trc no thng bo s kin xy ra. Nhn c thng bo ny, k tn cng t my tnh trung tm s thc hin tip cc th thut tn cng vo h thng, v d khi ng mt cuc tn cng t chi dch v (DoS hoc DDoS). Trn y l cc phng thc xm nhp vo h thng s dng cc phn mm ph hoi. Mc d s xm nhp vo mt h thng c th no ca cc phn mm ny c th khng do ch ch ca mt c nhn no, nhng thit hi do cc hnh thc xm nhp ny gy ra l rt ln, do tnh ph bin ca n. Bt k my no cng c th b nhim phn mm c, c bit khi kt ni n mng Internet. Cc nguyn tc chung trnh s xm nhp ca cc phn mm c vo my tnh ni ring v vo mt h thng thng tin ni chung bao gm: -Khng sao chp d liu t cc ngun khng tin cy (t a hay qua mng). -Khng ci t cc phn mm khng r ngun gc, c bit l cc phn mm download t Internet. -Thng xuyn cp nht cc bn sa li (Hotfixes hoc service pack) cho h thng (c h iu hnh v chng trnh ng dng). -Ci t cc chng trnh Antivirus, Antispyware v cp nht thng xuyn cho cc chng trnh ny. -Theo di cc thng tin v cc loi virus mi, phng thc hot ng v cch thc ngn chn trn cc trang web chuyn v bo mt (v d trang CERT ti a ch http://www.cert.org).

I.7 K THUT NGN CHN V PHT HIN XM NHPSau khi nhn din cc nguy c v ri ro i vi h thng, phn tch cc phng thc v k thut tn cng c kh nng nh hng n s an ton ca h thng, cc h thng thng tin thng trin khai cc bin php k thut cn thit ngn chn v pht hin xm nhp. Phn ny gii thiu v tng la (Firewall) v h thng pht hin xm nhp (IDS), l hai ng dng bo mt in hnh nht hin nay.

I.7.1

Tng la:

Tng la hay firewall l k thut ngn chn cc tn cng xm nhp t bn ngoi (mng Internet) vo h thng bn trong (mng LAN v server). Hnh 1.19 m t mt cu trc mng in hnh trong firewall c lp t trc router, vi vai tr bo v cho ton b h thng mng bn trong. Nguyn tc chung ca cc bc tng la l iu khin truy xut mng bng cch gim st tt c cc gi d liu c gi thng qua tng la, v tu vo cc ci t trong chnh sch bo mt m cho php hoc khng cho php chuyn tip cc gi ny n ch. Hnh 1.20 m t hot ng in hnh ca mt bac tng la, trong , lu lng HTTP (TCP port 80) c php i qua tng la, cn lu lng NetBIOS (TCP port 445) th b chn li.

30

Internet Firewall Router

Web server

Mail server Cc my tnh khc trong mng ni b

Hnh 1.19: Bc tng la t trc Router bo v ton b mng bn trong Chc nng ca tng la trn mng l qun l lu lng vo/ra trn kt ni Internet v ghi li cc s kin din ra trn kt ni ny phc v cho cc mc ch an ton mng. Tuy nhin, do bn cht ca tng la l gim st lu lng lun chuyn thng qua mt kt ni gia mng ni b v mng cng cng bn ngoi, cho nn tng la khng c kh nng gim st v ngn chn cc tn cng xut pht t bn trong mng ni b. C th tm tt chc nng ch yu ca tng la nh sau: -Separator: Tch ri gia mng ni b v mng cng cng, rng buc tt c cc kt ni t trong ra ngoi hoc t ngoi vo trong phi i qua tng la nh mt ng i duy nht. -Restricter: Ch cho php mt s lng gii hn cc loi lu lng c php xuyn qua tng la, nh ngi qun tr c th thc thi chnh sch bo mt bng cch thit lp cc quy tc lc gi tng ng gi l cc access rules. -Analyzer: Theo di (tracking) lu lng lun chuyn qua tng la, ghi li cc thng tin ny li (logging) theo yu cu ca ngi qun tr phc v cho cc phn tch nh gi mc an ton ca h thng. Ngoi cc chc nng c bn trn, mt s bc tng la cn c chc nng xc thc (authentication) i vi ngi s dng trc khi chp nhn kt ni.HTTP (port 80)

Mng ni bNetBios (port 445)

Internet

Firewall

Hnh 1.20: Hot ng c bn ca bc tng la *-Phn loi tng la theo c tnh k thut: Tng la c th l mt phn mm chy trn mt my tnh no vi t nht l hai giao tip mng (dual-home host), khi n c gi l firewall mm. Cc firewall mm thng dng hin nay gm: SunScreen, ISA server, Check point, Gauntlet, IPTables,

31

Ngc li, chc nng tng la cng c th c thc hin trong mt khi phn cng ring bit v c gi l firewall cng. Cc sn phm firewall cng in hnh hin nay bao gm: Cisco PIX, NetScreen firewalls, SonicWall appliances, WatchGuard Fireboxes, Nokia firewalls, *-Phn loi firewall theo phm vi bo v: Cn c vo phm vi m tng la bo v, c th chia tng la thnh 2 nhm ring bit: tng la dnh cho my tnh c nhn (personal firewalls) v tng la dnh cho mng (network firewalls). -Personal firewall thng thng l cc firewall mm, c ci t trn my c nhn bo v cho my c nhn. H iu hnh Windows (2000 v XP) c tch hp sn personal firewall. Ngoi ra, cc phn mm antivirus chuyn nghip cng c chc nng ca personal firewall nh Norton Antivirus, McAfee, -Network firewall c th l firewall mm hoc firewall cng, thng c lp t trc hoc sau b nh tuyn (router) nhm mc ch bo v cho ton h thng mng. *-Phn loi firewall theo c ch lm vic: Da trn c ch lm vic, firewall c chia thnh 3 loi nh sau: -Tng la lc gi (packet filtering firewall hay stateless firewall) Nguyn l ca cc bc tng la lc gi l c tt c cc thng tin trong tiu ca cc gi d liu IP lun chuyn qua bc tng la, v da trn cc thng tin ny quyt nh chp nhn (accept) hay loi b gi d liu (drop). Nh vy, khi thit lp cc quy tc lc gi ca tng la, ngi qun tr mng phi cn c trn cc thng tin sau y: -a ch IP, bao gm a ch IP ca my gi v a ch IP ca my nhn (source IP address v destination IP address). -S cng kt ni (port number), bao gm c cng ca my gi v cng ca my nhn (source port v destination port) -Giao thc kt ni (protocol), v d TCP, UDP hay ICMP. Packet filtering firewall ch phn tch tiu ca gi IP, khng phn tch ni dung gi v do khng c kh nng ngn chn truy xut theo ni dung d liu. Packet filtering firewall hu ch trong cc trng hp mun ngn chn mt hoc mt s cng xc nh no , t chi mt hoc mt s a ch IP xc nh hoc mt giao thc xc nh no (v d ICMP). Trong thc t, cc tn cng xm nhp thng c thc hin thng qua cc cng khc vi cc cng dch v ph bin. Bng 1.1 lit k danh sch mt s dch v thng dng trn Internet v s cng tng ng. -Tng la lp ng dng (Application Layer gateway): Hot ng ca tng la lp ng dng tng t nh tng la lc gi, tc l cng da trn vic phn tch cc gi d liu IP quyt nh c cho php i xuyn qua bc tng la hay khng. im khc ca tng la lp ng dng l n c kh nng phn tch c ni dung ca gi d liu IP (phn data payload), v do cho php thit lp cc quy tc lc gi phc tp hn. V d, c th chp nhn lu lng HTTP i qua bc tng la, tuy nhin vi nhng gi no c cha ni dung trng vi mu nh trc th chn li. Do c tnh ca tng la lp ng dng can thip trc tip vo tt c cc gi d liu i qua n, nn nhn di gc truy xut mng, bc tng la lp ng dng trc tip thc hin cc 32

giao dch vi mng bn ngai thay cho cc my tnh bn trong. Do vy, tng la lp ng dng cng cn c gi l cc phn mm Proxy. K thut ny c ch trong cc trng hp cn qun l ni dung truy cp ca ngi s dng hoc nhn dng du hiu ca mt s loi phn mm c (virus, worm, trojan, ), v d ngn chn ngi s dng ti cc tp tin hnh nh hoc phim vi kch thc ln. Do phi phn tch ton b cu trc gi d liu ly thng tin nn nhc im ca tng la lp ng dng l yu cu nng lc x l mnh, v l ni c th xy ra tc nghn tim nng ca mng. -Tng la kim sot trng thi (stateful inspection firewall): L loi tng la kt hp c hai nguyn l lm vic ca tng la lc gi v tng la lp ng dng. Tng la kim sat trng thi cho php thit lp cc quy tc lc gi phc tp hn so vi tng la lc gi, tuy nhin khng mt qu nhiu thi gian cho vic phn tch ni dung ca tt c cc gi d liu nh trng hp tng la lp ng dng. Tng la kim sat trng thi theo di trng thi ca tt c cc kt ni i qua n v cc gi d liu lin quan n tng kt ni. Theo , ch cc cc gi d liu thuc v cc kt ni hp l mi c chp nhn chuyn tip qua tng la, cc gi khc u b loi b ti y. Tng la kim sat trng thi phc tp hn do phi tch hp chc nng ca c 2 loi tng la trn. Tuy nhin, c ch thc hin ca tng la ny chng t c tnh hiu qu ca n v trong thc t, cc sn phm tng la mi u h tr k thut ny. Bng 1.1: Mt s dch v ph bin trn TCP Cng 20 21 22 23 25 80 110 143 443 FTP, knh d liu (Data port) Secure Shell (SSH) Telnet Simple Mail Transfer Protocol (SMTP) HyperText Transfer Protocol (HTTP) Post Office Protocol, version 3 (POP3) Internet Message Access Protocol Secure Sockets Layer (SSL) Dch v FTP, knh iu khin (Control port)

I.7.2

H thng pht hin xm nhp:

H thng pht hin xm nhp IDS (Intrusion Detection System) l h thng pht hin cc du hiu ca tn cng xm nhp. Khc vi bc tng la, IDS khng thc hin cc thao tc ngn chn truy xut m ch theo di cc hot ng trn mng tm ra cc du hiu ca tn cng v cnh bo cho ngi qun tr mng. IDS khng thc hin chc nng phn tch gia mng ni b v mng cng cng nh bc tng la nn khng gnh ton b lu lng qua n v do khng c nguy c lm tc nghn mng. 33

Intrusion (xm nhp) c nh ngha l bt k mt s kin hay hnh vi no tc ng vo 3 thnh phn c bn ca mt h thng an tan l tnh Bo mt, tnh Tan vn v tnh Kh dng. IDS pht hin du vt ca tn cng bng cch phn tch hai ngun thng tin ch yu sau y: 1-Thng tin v cc thao tc thc hin trn my ch c lu trong nht k h thng (system log) 2-Lu lng ang lu thng trn mng. Chc nng ban u ca IDS ch l pht hin cc du hin xm nhp, do IDS ch c th to ra cc cnh bo tn cng khi tn cng ang din ra hoc thm ch sau khi tn cng hon tt. Cng v sau, nhiu k thut mi c tch hp vo IDS, gip n c kh nng d an c tn cng (prediction) v thm ch phn ng li cc tn cng ang din ra (Active response). Hai thnh phn quan trng nht cu to nn h thng IDS l sensor (b cm nhn) c chc nng chn bt v phn tch lu lng trn mng v cc ngun thng tin khc pht hin du hiu xm nhp; signature database l c s d liu cha du hiu (signature) ca cc tn cng c pht hin v phn tch. C ch lm vic ca signature database ging nh virus database trong cc chung trnh antivirus, do vy, vic duy tr mt h thng IDS hiu qu phi bao gm vic cp nhn thng xuyn c s d liu ny. *-Phn loi IDS theo phm vi gim st: Da trn phm vi gim st, IDS c chia thnh 2 lai: -Networ- based IDS (NIDS): L nhng IDS gim st trn tan b mng. Ngun thng tin ch yu ca NIDS l cc gi d liu ang lu thng trn mng. NIDS thng c lp t ti ng vo ca mng, c th ng trc hoc sau bc tng la. Hnh 1.21 m t mt NIDS in hnh. -Host-based IDS (HIDS): L nhng IDS gim st hat ng ca tng my tnh ring bit. Do vy, ngun thng tin ch yu ca HIDS ngai lu lng d liu n v i t my ch cn c h thng d liu nht k h thng (system log) v kim tra h thng (system audit). Hnh 1.22 trnh by cu trc ca HIDS. IDS c thit k phi hp vi h iu hnh x l cc thng tin gim st h thng. Dch v nht k h thng (logging) ghi li cc s kin v trng thi ca h thng vo mt c s d liu (Event database). Ngoi ra, kt qu gim st trn mng ca IDS cng c ghi vo Event Database. pht hin xm nhp, IDS duy tr mt c s d liu (IDS database) cha cc m t v tng loi tn cng. *-Phn loi IDS theo k thut thc hin: Da trn k thut thc hin, IDS cng c chia thnh 2 loi: -Signature-based IDS: Signature-based IDS pht hin xm nhp da trn du hiu ca hnh vi xm nhp, thng qua phn tch lu lng mng v nht k h thng. K thut ny i hi phi duy tr mt c s d liu v cc du hiu xm nhp (signature database), v c s d liu ny phi c cp nht thng xuyn mi khi c mt hnh thc hoc k thut xm nhp mi. -Anomaly-based IDS: pht hin xm nhp bng cch so snh (mang tnh thng k) cc hnh vi hin ti vi hat ng bnh thng ca h thng pht hin cc bt thng (anomaly) c th l du hiu ca xm nhp. V d, trong iu kin bnh thng, lu lng trn mt giao tip 34

mng ca server l vo khang 25% bng thng cc i ca giao tip. Nu ti mt thi im no , lu lng ny t ngt tng ln n 50% hoc hn na, th c th gi nh rng server ang b tn cng DoS.

Router

Firewall

IDS

Signature database

Qun tr h thng

Hnh 1.21: Network-based IDS (NIDS)

Network Host H iu hnh

Logging

Hnh 1.22: Host-based IDS (HIDS) hat ng chnh xc, cc IDS lai ny phi thc hin mt qu trnh hc, tc l gim st hat ng ca h thng trong iu kin bnh thng ghi nhn cc thng s hat ng, y l c s pht hin cc bt thng v sau. Trong thc t, IDS l mt k thut mi so vi firewall, tuy nhin, cho n thi im ny, vi s pht trin kh mnh m ca k thut tn cng th IDS vn cha tht s chng t c tnh hiu qu ca n trong vic m bo an tan cho cc h thng mng. Mt trong nhng phn mm IDS ph bin hin nay l Snort. y l mt sn phm NIDS m ngun m vi h thng signature database (c gi l rule database) c cp nht thng xuyn bi nhiu thnh vin trong cng ng Internet.

35

Tm tt chng: -Mt h thng thng tin an tan l h thng m bo c 3 c trng c bn: -Tnh Bo mt (Confidentiality) -Tnh Tan vn (Integrity) -Tnh Kh dng (Availability) Ba c trng ny c gi tt l CIA. -Chin lc c bn nht m bo tnh bo mt ca mt h thng thng tin: -Access Control -Authentication -Auditing K thut ny gi tt l AAA. -Nguy c (threat) ca mt h thng thng tin l cc s kin, hnh vi c kh nng nh hng n 3 c trng CIA ca h thng. Ri ro i vi h thng thng tin l xc sut xy ra cc thit hi i vi h thng. -Chnh sch bo mt (security policy) nh ngha cc trng thi an tan ca h thng, cc hnh vi m ngi s dng c php hoc khng c php thc thi. C ch bo mt (security mechianism) l cc bin php k thut (technical) hoc th tc (procedure) nhm m bo chnh sch. Nguyn tc xy dng mt h thng thng tin an ton bao gm xy dng chnh sch bo mt nh ngha mt cch chnh xc v y cc trng thi an ton ca h thng, sau thit lp cc c ch m bo thc thi chnh sch. -C nhiu hnh thc xm nhp / tn cng khc nhau trn h thng. Cc tn cng ny da trn cc s h v an tan ca giao thc (TCP/IP), ca h iu hnh (Windows, Linux, ) hoc ca cc chng trnh ng dng chy trn cc h iu hnh . K thut tt cng lun lun c pht trin v han thin, do cng ngh an ton mng cng phi c pht trin tng xng. -Hai gii php k thut gip pht hin v ngn chn cc tn cng trn mt h thng thng tin l IDS v Firewall. IDS gim st h thng pht hin cc du hiu tn cng v to ra cnh bo. Firewall ngn chn hoc cho php cc truy xut thng qua Firewall theo cc quy lut nh trc (access rules).

CU HI V BI TP.A- Cu hi trc nghim Cu 1. Th no l tnh bo mt ca h thng thng tin? a- L c tnh ca h thng trong thng tin c gi b mt khng cho ai truy xut. b- L c tnh ca h thng trong tt c thng tin c lu tr di dng mt m. c- L c tnh ca h thng trong ch c nhng ngi dng c cho php mi c th truy xut c thng tin d- Tt c u ng Cu 2. Chn cu ng khi ni v tnh bo mt ca h thng thng tin: a- Mt h thng m bo tnh b mt (confidential) l mt h thng an ton (secure). b- Tnh b mt ca thng tin bao gm tnh b mt v s tn ti ca thng tin v tnh 36

b mt ni dung thng tin. c- Tnh b mt ca thng tin bao gm tnh b mt v ni dung thng tin v tnh b mt v ngun gc thng tin. d- Tt c u sai. Cu 3. Th no l tnh ton vn ca h thng thng tin? a- L c tnh ca h thng trong thng tin khng b sa i hoc xo b bi ngi s dng. b- L c tnh ca h thng trong thng tin khng b thay i theo thi gian c- L c tnh ca h thng trong thng tin khng b truy xut bi nhng ngi khng c php. d- L c tnh ca h thng trong thng tin khng b thay i, h hng hay mt mt. Cu 4. Chn cu ng khi ni v tnh ton vn ca thng tin: a- Mt h thng an ton l mt h thng m bo tnh ton vn ca thng tin. b- Tnh ton vn ca thng tin bao gm ton vn v ni dung v ton vn v ngun gc thng tin. c- Tnh ton vn ca thng tin bao gm ton vn v ni dung v s tn ti ca thng tin. d- Cu a v b. Cu 5. Cc c ch m bo tnh ton vn ca thng tin: a- Gm cc c ch ngn chn v c ch pht hin cc vi phm v ton vn thng tin. b- Mt m ho ton b thng tin trong h thng. c- Lu ton b thng tin trong h thng di dng nn. d- Tt c cc c ch trn. Cu 6. Hnh vi no sau y nh hng n tnh ton vn ca h thng thng tin: a- Mt sinh vin sao chp bi tp ca mt sinh vin khc. b- Virus xa mt cc tp tin trn a cng. c- Mt in thng xuyn lm h thng my tnh lm vic gin an. d- Tt c cc hnh vi trn. Cu 7. Hnh vi no sau y nh hng n tnh kh dng ca h thng thng tin: a- Mt sinh vin sao chp bi tp ca mt sinh vin khc. b- Virus xa mt cc tp tin trn a cng. c- Mt in thng xuyn lm h thng my tnh lm vic gin an. d- Tt c cc hnh vi trn. Cu 8. Hnh vi no sau y nh hng n tnh b mt ca h thng thng tin: a- Mt sinh vin sao chp bi tp ca mt sinh vin khc. b- Virus xa mt cc tp tin trn a cng. c- Mt in thng xuyn lm h thng my tnh lm vic gin an. d- Tt c cc hnh vi trn. Cu 9. Cc c ch bo v tnh b mt ca thng tin: 37

a- Mt m ho ton b thng tin trong h thng. b- Xy dng cc c ch iu khin truy xut (access control) ph hp. c- Lp t cc phng tin bo v h thng thng tin mc vt l. d- Tt c cc c ch trn. Cu 10. Th no l tnh kh dng ca h thng thng tin? a- L tnh sn sng ca thng tin trong h thng cho mi nhu cu truy xut. b- L tnh sn sng ca thng tin trong h thng cho cc nhu cu truy xut hp l. c- L tnh d s dng ca thng tin trong h thng. d- Tt c u sai. Cu 11. Th no l nguy c i vi h thng thng tin? a- L cc s kin, hnh vi nh hng n s an ton ca h thng thng tin. b- L cc thit hi xy ra i vi h thng thng tin c- L cc hnh vi v ca ngi s dng lm nh hng n tnh kh dng ca h thng thng tin. d- Tt c u ng. Cu 12. Cc nguy c no sau y c th nh hng n tnh kh dng ca h thng thng tin: a- Thit b khng an ton. b- Cc tn cng t chi dch v (DoS v DDoS). c- Virus v cc loi phn mm ph hoi khc trn my tnh. d- Tt c cc nguy c trn. Cu 13. Chn cu sai khi ni v cc nguy c i vi s an ton ca h thng thng tin: a- Nhng k tn cng h thng (attacker) c th l con ngi bn trong h thng. b- Ngi s dng khng c hun luyn v an ton h thng cng l mt nguy c i vi h thng. c- Mt h thng khng kt ni vo mng Internet th khng c cc nguy c tn cng. d- Xm nhp h thng (intrusion) c th l hnh vi xut pht t bn ngoi hoc t bn trong h thng. Cu 14. Chn cu ng khi ni v cc nguy c v ri ro i vi h thng thng tin: a- Tt c cc ri ro u c t nht mt nguy c i km vi n. b- C th ngn chn ri ro bng cch ngn chn cc nguy c tng ng. c- Mc tiu ca an ton h thng l ngn chn tt c cc ri ro xy ra trn h thng. d- Tt c cc cu trn. Cu 15. Nguyn tc xy dng mt h thng bo mt: a- p dng cc c ch an ton ph hp vi h thng. b- Xy dng cc chnh sch an ton cht ch. c- Xy dng chnh sch bo mt v trin khai cc c ch m bo chnh sch . d- Tt c u ng. Cu 16. Mc tiu ca chnh sch bo mt h thng: 38

a- Xc nh cc trng thi an ton m h thng cn m bo. b- Ngn chn cc nguy c i vi h thng. c- Hn ch cc ri ro i vi h thng. d- Tt c cc cu trn. Cu 17. Mc tiu ca an tan h thng theo th t u tin gim dn: a- Ngn chn, pht hin, phc hi. b- Pht hin, ngn chn, phc hi. c- Pht hin v ngn chn. d- Pht hin v phc hi. Cu 18. Chn cu ng khi ni v cc m hnh iu khin truy xut (access control): a- MAC l c ch iu khin bt buc c p dng cho ton h thng b- C ch qun l theo nhm trn Windows 2000 l mt dng thc thi tng ng vi c ch RBAC. c- a s cc h iu hnh u c thc hin m hnh DAC. d- Tt c u ng. Cu 19. Cc c ch xc thc thng dng trong h thng thng tin: a- Dng cc c ch qun l truy xut tp tin trn a cng. b- Dng c ch phn quyn cho ngi s dng. c- Dng user-name/password. d- Tt c u sai. Cu 20. Cc giao thc xc thc thng dng trong h thng thng tin: a- Kerberos b- CHAP c- C hai u sai d- C hai u ng.. Cu 21. Chc nng ca c ch kim tra (auditing) trn h thng: a- Ghi li (Logger), phn tch (Analyzer) v thng bo (Notifier). b- Theo di v ghi nhn cc s kin v hnh vi din ra trn h thng. c- Cung cp thng tin phc hi h thng khi c s c. d- Cung cp thng tin lm chng c cho cc hnh vi vi phm chnh sch an ton h thng. Cu 22. Chn cu ng: a- Tn cng kiu Interception tc ng vo c tnh ton vn ca h thng thng tin. b- Modification l kiu tn cng vo c tnh b mt ca h thng thng tin. c- Tn cng bng hnh thc gi danh (farbrication) tc ng n c tnh ton vn ca thng tin. d- Vn ph nhn hnh vi (repudiation) l mt hnh thc tn cng h thng kiu Interruption. Cu 23. Phng thc tn cng no ngn chn cc user hp l truy xut cc ti nguyn h thng? 39

a- Sniffing b- Spoofing c- DoS d- Man-In-The-Middle. Cu 24. Chn cu ng: a- C th ngn chn cc tn cng trn b m (buffer overflow) bng cc phn mm antivirus. b- C th ngn chn cc tn cng trn b m bng cch ci t firewall. c- Tt c cc phn mm vit bng ngn ng C u c cha li trn b m. d- Li trn b m ch xy ra trn cc phn mm c nhp liu t ngi dng. Cu 25. Mt my tnh nghe ln thng tin trn mng v dng cc thng tin ny xm nhp tri php vo mt h thng thng tin, y l phng thc tn cng no? a- Spoofing b- Replay c- Man-In-The-Middle d- Sniffing Cu 26. Phng thc tn cng no sau y khng da trn bn cht ca giao thc TCP/IP: a- SYN/ACK flooding b- TCP sequence number attack c- ICMP attack d- Software exploitation Cu 27. Chn cu ng khi ni v cc phng thc tn cng bng phn mm c (malicious code): a- Virus c th t sao chp v lan truyn thng qua mng my tnh. b- Worm l loi phn mm c hot ng da vo mt phn mm khc. c- Trojan horse l mt loi phn mm c nhng c tn ging nh cc tp tin bnh thng. d- Logic bomb khng th ph hoi h thng nu ng h h thng lun chm hn thi gian hin hnh. Cu 28. Chn cu ng khi ni v firewall: a- Firewall ch c th ngn chn cc tn cng t bn ngoi h thng. b- Tt c cc gi d liu i qua firewall u b c ton b ni dung, nh firewall mi c c s phn bit cc tn cng vi cc loi lu lng khc. c- Nu m tt c cc cng (port) trn firewall th firewall s hon ton b v hiu ho. d- Tt c u ng. Cu 29. ng dng no sau y c chc nng thay i a ch IP ca tt c cc gi d liu i qua n: a- IDS b- Proxy 40

c- NAT d- Khng c ng dng no nh vy Cu 30. Nguyn l hot ng ca IDS: a- Phn tch cc gi d liu lu thng trn mng tm du hin ca tn cng. b- Phn tch cc d liu trong nht k h thng (system log) pht hin du hiu ca tn cng. c- Duy tr mt c s d liu v cc du hiu tn cng (signature database). d- Tt c cc iu trn. Cu 31. Chn cu ng khi ni v IDS: a- IDS l mt ng dng c chc nng pht hin v ngn chn cc tn cng vo h thng thng tin. b- IDS ch c th pht hin c cc tn cng t bn ngoi vo h thng. c- Network-based IDS khng c kh nng pht hin tn cng vo mt my ch c th. d- Signature-based IDS khng c kh nng pht hin cc tn cng hon ton mi, cha tng c m t trong c s d liu. B- Bi tp Cu 32. Lit k v sp xp cc phng thc tn cng theo hai loi: tn cng ch ng (active attacks) v tn cng th ng (passive attacks). Cu 33. Lit k v sp xp cc phng thc tn cng theo hai loi: tn cng vo giao thc TCP/IP v tn cng vo phn mm (chng trnh ng dng v h iu hnh). Cu 34. Ci t v cu hnh phn mm IDS Snort trn H iu hnh Linux. Cu 35. Ci t v cu hnh ISA server 2004 trn Windows. ----------

41

CHNG II MT M V XC THC THNG TINGii thiu: Chng ny trnh by c ch mt m v cc vn lin quan nh hm bm, ch k s, chng thc v c s h tng kho cng khai PKI. Mt m l c ch c bn nht nhm m bo tnh B mt ca thng tin. Cc c ch xc thc nh hm bm v ch k s c chc nng bo v tnh Ton vn ca thng tin. Cc ni dung cp trong chng ny bao gm: -Tng quan v k thut mt m. -K thut mt m i xng -K thut mt m bt i xng -Cc hm bm bo mt -Ch k s -Vn qun l kho v c s h tng kho cng khai

II.1 TNG QUAN V MT M:II.1.1 Gii thiu:Mt m (Encryption) l mt k thut c s quan trng trong bo mt thng tin. Nguyn tc ca mt m l bin i thng tin gc thnh dng thng tin b mt m ch c nhng thc th tham gia x l thng tin mt cch hp l mi hiu c. Mt thc th hp l c th l mt ngi, mt my tnh hay mt phn mm no c php nhn thng tin. c th gii m c thng tin mt, thc th cn phi bit cch gii m (tc l bit c thut tan gii m) v cc thng tin cng thm (kha b mt). Qu trnh chuyn thng tin gc thnh thng tin mt theo mt thut ton no c gi l qu trnh m ho (encryption). Qu trnh bin i thng tin mt v dng thng tin gc ban u gi l qu trnh gii m (decryption). y l hai qu trnh khng th tch ri ca mt k thut mt m bi v mt m (giu thng tin) ch c ngha khi ta c th gii m (phc hi li) c thng tin . Do vy, khi ch dng thut ng mt m th n c ngha bao hm c m ha v gii m. K thut m ho c chia thnh hai loi: m ho dng kho i xng (symmetric key encryption) v m ho dng kho bt i xng (asymmetric key encryption) nh s trnh by trong cc phn tip theo.

II.1.2 Cc thnh phn ca mt h thng m ho:Hnh 2.1 m t nguyn tc chung ca mt h thng mt m quy c. Cc thnh phn trong mt h thng mt m in hnh bao gm: -Plaintext: l thng tin gc cn truyn i gia cc h thng thng tin -Encryption algorithm: thut tan m ha, y l cch thc to ra thng tin mt t thng tin gc. -Key: kha mt m, gi tt l kha. y l thng tin cng thm m thut tan m ha s dng trn vi thng tin gc to thnh thng tin mt. -Ciphertext: thng tin m ha (thng tin mt). y l kt qu ca thut ton m ha. 42

-Decryption algorithm: Thut tan gii m. u vo ca thut tan ny l thng tin m ha (ciphertext) cng vi kha mt m. u ra ca thut tan l thng tin gc (plaintext) ban u.Kho mt m (Key) Kho mt m (Key)

Thng tin c m ho (ciphertext)

Thng tin gc (Plaintext)

Thut ton m ho (Encryption algorithm)

Thut ton gii m (Decryption algorithm)

Thng tin gc (Plaintext)

Hnh 2.1: Cu trc mt h thng mt m quy c

II.1.3 Cc tiu ch c trng ca mt h thng m ho:Mt h thng m ha bt k c c trng bi 3 tiu ch sau y: -Phng php m (operation): c hai phng php mt m bao gm thay th (substitution) v chuyn v (transposition). Trong phng php m thay th, cc n v thng tin (bit, k t, byte hoc khi) trong thng tin gc c thay th bng cc n v thng tin khc theo mt quan h no . Trong phng php m chuyn v, cc n v thng tin trong thng gc c i ch cho nhau to thnh thng tin m ha. Cc h thng m ho hin i thng kt hp c hai phng php thay th v chuyn v. -S kha s dng (number of keys): nu pha m ha (pha gi) v pha gii m (pha nhn) s dng chung mt kha, ta c h thng m dng kho i xng (symmetric key) - gi tt l m i xng hay cn c cc tn gi khc nh m mt kha (single-key), m kha b mt (secret key) hoc m quy c (conventional cryptosystem). Nu pha m ha v pha gii m dng 2 kha khc nhau, h thng ny c gi l m bt i xng (asymmetric key), m hai kha (two key) hc m kha cng khai (public key). -Cch x l thng tin gc (mode of cipher): thng tin gc c th c x l lin tc theo tng phn t , khi ta c h thng m dng (stream cipher). Ngc li, nu thng tin gc c x l theo tng khi, ta c h thng m khi (block cipher). Cc h thng m dng thng phc tp v khng c ph bin cng khai, do ch c dng trong mt s ng dng nht nh (v d trong thng tin di ng GSM). Cc thut tan mt m c gii thiu trong ti liu ny ch tp trung vo c ch m khi.

II.1.4 Tn cng mt h thng mt m:Tn cng (attack) hay b kho (crack) mt h thng mt m l qu trnh thc hin vic gii m thng tin mt mt cch tri php. Thut ng cryptanalysis c dng ch hnh vi b kho v ngi thc hin b kho c gi l cryptanalyst. Thng thng, y l hnh vi ca mt k tn cng khi mun xm nhp vo mt h thng c bo v bng mt m. Theo nguyn tc mt m, ly c thng tin gc, th tc nhn 43

gii m phi c c 3 thnh phn: thng tin mt (ciphertext), kha (secret key) v thut tan gii m (decryption algorithm). K tn cng thng khng c y 3 thng tin ny, do , thng c gng gii m thng tin bng hai phng php sau: -Phng php phn tch m (cryptanalysis): da vo bn cht ca thut tan m ha, cng vi mt an thng tin gc hoc thng tin mt c c, k tn cng tm cch phn tch tm ra tan b thng tin gc hoc tm ra kha, ri sau thc hin vic gii m ton b thng tin mt. -Phng php th tun t (brute-force): bng cch th tt c cc kha c th, k tn cng c kh nng tm c kha ng v do gii m c thng tin mt. Thng thng, tm c kha ng th cn phi th mt s lng kha bng khang mt na s kha c th c ca h thng m. V d, nu kho c chiu di l 8 bit th s c tt c 28 = 256 kho khc nhau. chn c kho ng th k tn cng phi th trung bnh khong 256 / 2 = 128 ln. Vic th ny thng c tr gip bi cc my tnh v phn mm chuyn nghip. Hai thnh phn m bo s an ton ca mt h thng mt m l thut ton m (bao gm thut ton m ho v thut ton gii m) v kho. Trong thc t, thut tan m khng c xem nh mt thng tin b mt, bi v mc ch xy dng mt thut tan m l ph bin cho nhiu ngi dng v cho nhiu ng dng khc nhau, hn na vic che giu chi tit ca mt thut tan ch c th tn ti trong mt thi gian ngn, s c mt lc no , thut tan ny s c tit l ra, khi tan b h thng m ha tr nn v dng. Do vy, tt c cc tnh hung u gi thit rng k tn cng bit trc thut tan m. Nh vy, thnh phn quan trng cui cng ca mt h thng m l kha ca h thng, kha ny phi c gi b mt gia cc thc th tham gia nn c gi l kha b mt. Mt cch tng qut, chiu di kha cng ln th thi gian cn thit d ra kha bng cch th cng ln, do vy kh nng pht hin kha cng thp. Bng sau y lit k mt s kha vi di khc nhau v thi gian cn thit d ra kha. Bng 2.1: Quan h gia di kho v thi gian d kho. Chiu di kho (bit) 32 56 128 168 26 k t (hon v) S kho ti a 232 = 4,3 * 109 256 = 7,2 * 1016 2128 = 3,4 * 1038 2168 = 3,7 * 1050 26! = 4 * 1026 Thi gian d kho vi tc th 1 kho /ms 231 ms = 35,8 pht 255 ms = 1.142 nm 2127 ms = 5,4 * 1024 nm 2167 ms = 5,9 * 1036 nm 2 * 1026 ms = 6,4 x 1012 nm Thi gian d kho vi tc th 106 kho /ms 2,15 milli giy 10,01 gi 5,4 * 1018 nm 5,9 * 1030 nm 6.4 * 106 nm

II.2 K THUT MT M I XNG:K thut mt m i xng c c trng bi vic s dng mt kha duy nht cho c qu trnh m ha v gii m thng tin. Bng mt cch an tan no , kha chung ny phi c trao

44

i thng nht gia bn gi v bn nhn (tc bn m ha v bn gii m), ng thi c gi b mt trong sut thi gian s dng. K thut mt m i xng cn c gi l mt m quy c (conventional encryption) hoc mt m dng kha b mt (secret key encryption). Cu trc chung ca mt h thng mt m ha quy c nh trnh by hnh 2.2, trong , knh thng tin dng trao i kha b mt phi l mt knh an tan. C th thc hin vic trao i kha b mt gia hai thc th A v B theo nhng cch sau y: 1-A chn ra mt kha b mt v chuyn trc tip cho B (chuyn bng phng tin vt l nh ghi ln a, ni trc tip, ghi ra giy, ) 2-Mt thc th th 3 chn ra kha b mt v thng bo kha ny cho c A v B (bng phng tin vt l nh trn) 3-Nu A v B trc dng mt kha no thng tin vi nhau, th mt trong hai thc th s tip tc dng kha c gi thng bo v kha mi cho thc th kia. 4-Nu A v B c cc kt ni an tan n mt thc th th 3 l C, th C c th gi thng bo v kha cho c hai thc th A v B thng qua kt ni an tan ny.Kho b mt (dng chung) Thng tin gc Thng tin mt Thng tin gc

Thut ton m ha

Thut ton gii m

Hnh 2.2: Trao i kho trong mt m i xng M ha i xng da ch yu trn hai thao tc: thay th v chuyn v. Thao tc thay th s thay tng t m bi mt t m khc theo mt quy c no , v quy c ny chnh l kha ca h thng m. V d: thay th tng k t trong mt thng ip bng mt k t ng cch n 3 v tr trong bng ch ci la tinh, thng ip HELLO WORLD s c m ha thnh KHOOR ZRUOG. Thao tc chuyn v thc hin vic thay th v tr ca cc t m trong thng tin gc theo mt quy c no v quy c ny cng tr thnh kha ca h thng. V d: dch tng k t trong mt thng ip qua phi mt v tr c xoay vng, thng ip HELLO WORLD s c m ha thnh DHELLO WORL.

II.2.1 Cu trc m khi c bn Feistel:Cu trc m khi c bn Feistel (Feistel Cipher Structure) c IBM a ra vo nm 1973, c xem nh l cu trc mt m c bn nht v c p dng trong nhiu thut ton mt m ph bin hin nay nh DES, Blowfish, IDEA, Cn ch rng Feistel cha phi l mt thut ton mt m, m ch l mt m hnh c xy dng ph hp cho vic thit k cc thit b mt m bng phn cng. Cc thut ton mt m phi thc hin hon chnh m hnh Feistel theo yu cu ca mnh, bao gm vic nh ngha cc hm F, S-Box v thut ton to kho ph (subkey generation algorithm). Cu trc Feistel c trnh by hnh 2.3. Nguyn l hot ng ca Feistel da trn vic hon v v thay th nhiu ln trn khi d liu gc, c th nh sau: 45

-Thng tin gc c ct thnh tng khi c kch thc 2w bit (tc l mt s bit chn). Mi khi bit c x l thnh 2 phn bng nhau: w bit bn tri (L) v w bit bn phi (R). -C hai phn bn tri v bn phi c a ln lt vo khi m ho gm n vng lin tip v ging nhau. Cc thao tc thc hin ti mi vng bao gm: hon v phn bn tri v phn bn phi, a phn bn phi vo mt hm x l F cng vi kho con Ki, ng ra s c XOR vi phn bn tri. Kt qu cui cng c hon v mt ln na trc khi xut ra.Thng tin gc 2w bit

L0

w bit

w bit

R0 K1

F

L1

R1

Ki F

Li

Ri

Kn F

Ln

Rn

Ln+1

Rn+1

Thng tin mt 2w bit

Hnh 2.3: Cu trc m khi Feistel 46

Qu trnh gii m ca Feistel tng t nh qu trnh m ho, ch khc ch th t cc kho ph a vo ti mi vng b o ngc so vi qu trnh m ho, ngha l kho Kn s a vo vng th nht, kho K1 a vo vng cui cng. Cng v l do ny, tt cc cc thao tc trong cu trc Feistel, k c hm F, u khng cn phi c thao tc ngc. Qu trnh gii m c minh ho hnh 2.4, c th cho trng hp Feistel s dng 16 vng. Ta s chng minh c rng ng ra ca thut ton gii m chnh l thng tin gc ban u. T kt qu chng minh ny, ta c th p dng tng t cho thut ton Feistel bt k vi n vng.

Thng tin gc 2w bit LE0 K1 RE0

Thng tin mt 2w bit LD0=RE16 K16 RD0=LE16

F

F

LE1

K2

RE1

LD1=RE15

K15

RD1=LE15

F

F

LE15

K16

RE15

LD15=RE1

K1

RD15=LE1

F

F

LE16

RE16

LD16=RE0

RD16=LE0

LEout Thng tin mt 2w bit a-Qu trnh m ho

REout

LDout=LE0 Thng tin gc 2w bit b-Qu trnh gii m

RDout=RE0

Hnh 2.4: M ho v gii m dng cu trc Feistel phn bit gia qu trnh m ho v qu trnh gii m, ta k hiu cc khi thng tin ti tng vng nh sau: - LEi v REi: ng vo bn tri v bn phi ca thut tan m ha vng th i. 47

- LDi v RDi: ng vo bn tri v bn phi ca thut tan gii m vng th i. - F(REi, Ki): p dng hm F ln khi thng tin REi v kho Ki. Xt vng cui cng (vng 16) ca qu trnh m ho: LE16 = RE15 RE16 =