I HC QUC GIA TP.H CH MINHTRNG I HC CNG NGH THNG TINKHOA MNG MY TNH V TRUYN THNG

N MN XY DNG CHUN CHNH SCH AN TON THNG TIN TRONG DOANH NGHIP---------- TI: GII PHP DATA LOSS PREVENTION CHO DOANH NGHIP

Hng dn thc hin : ThS. Nguyn DuyCc thnh vin : ng V Hip12520590 ng Thi Ho12520596 on Hng Cng12520552 Nguyn Thanh Tm12520909L Anh Minh Tun11520448

Mc Lc1.Nhu cu khch hng41.1Yu cu chung41.2nh hng thit k, trin khai42.Phn tch, nh gi h thng mng hin ti42.1Hin trang h thng42.2Phn tch, nh gi h thng hin ti52.2.1Kh nng bo mt52.2.2Ri ro mt thng tin73.Gii php xut83.1M hnh tng th83.1.1im mnh ca m hnh93.1.2Trin khai thit b103.2M hnh chi tit cho Web v Mail Server113.3Gii php cng ngh133.3.1Chc nng ca Endpoint Security133.3.2Chc nng ca UTM-1 130143.3.3Gii php c th chng tht thot d liu ca Checkpoint153.3.4Gii php backup: Cloud backup ca vinacis163.3.5Li ch ca gii DLP173.3.6Tnh nng ca DLP174.Xy dng chnh sch194.1Chnh sch bo mt ca t chc194.1.1Internal: Chnh sch ni b trong cng ty194.1.2External: Chnh sch cho nhng i tc ti ca cng ty204.2Chnh sch qun l ti sn204.2.1Trch nhim vi ti sn204.2.2Thng tin214.3Chnh sch qun l con ngi224.4Chnh sch qun l Physical244.4.1Chnh sch qun l khu vc244.5Chnh sch qun l truy cp254.6Qun l thit b in n v thit b ngoi vi274.7Qun l thng tin c nhn v qun l nhn s285.Ti liu tham kho29

1. Nhu cu khch hng1.1 Yu cu chung Phn tch nhng im yu trong m hnh mng hin ti Phn tch nhng ri ro mt mt d liu Attacker Nhn vin Thit k li h thng mng vi tnh bo mt tt nht c th (hng ti gii php chng tht thot d liu) V m hnh tng th V m hnh chi tit cho tng phn (Web Security, Email Security, IDS/IPS Security,) Thuyt minh gii php cho tng phn Xy dng qui trnh v chnh sch phi hp vi cc cng ngh c s dng trong h thng gim thiu ti a kh nng mt mt d liu trong h thng.1.2 nh hng thit k, trin khai Thit k li theo hng gim tht thot d liu v m bo bo mt cao ra gii php c hiu qu kinh t

2. Phn tch, nh gi h thng mng hin ti2.1 Hin trang h thng Hin ti doanh nghip c khong 100 ngi dng. Thng tin chi tit cc dch v chy trong h thng xem hnh bn di. Nhng thng tin chi tit v h thng: Qun tr theo m hnh workgroup Router Cisco tch hp firewall Khng c phn mm antivirus, firewall chuyn dng cng nh cc chnh sch bo mt khc

2.2 Phn tch, nh gi h thng hin ti2.2.1 Kh nng bo mt Nhng im yu trong m hnh mng: M hnh mng cng ln, d liu trong mang v ngi dng cng nhiu m khng c s qun l th rt d xy ra nhiu bt cp lin quan n bo mt v khai thc ti nguyn. Workgroup khng thch hp cho mng c trn 10 my. Khng thun li trong cng tc qun tr v tnh bo mt km. Nhng ti khon khng c qun l tp trung. Khng cho php qun l tp trung nn d liu phn tn, kh nng bo mt thp, rt d b xm nhp. Cc ti nguyn khng c sp xp nn rt kh nh v v tm kim. Khng qun tr tp trung, c bit trong trng hp c nhiu ti khon cho mt ngi s dng (user) truy xut vo cc trm lm vic khc nhau; vic bo mt mng c th b vi phm vi cc ngi s dng c chung tn ngi dng, mt khu truy xut ti cng ti nguyn; khng th sao chp d phng (backup) d liu tp trung. D liu c lu tr ri rc trn tng trm. Mi ngi dng phi c mt ti khon ngi dng trn mi my tnh m h mun ng nhp; bt k s thay i ti khon ngi dng, nh l thay i mt khu hoc thm ti khon ngi dng mi, phi c lm trn tt c cc my tnh trong Workgroup, nu bn qun b sung ti khon ngi dng mi ti mt my tnh trong nhm th ngi dng mi s khng th ng nhp vo my tnh v khng th truy xut ti ti nguyn ca my tnh ; vic chia s thit b v file c x l bi cc my tnh ring, v ch cho ngi dng c ti khon trn my tnh c s dng. Cc d liu v ti nguyn c lu tr phn tn ti cc my cc b, cc my t qun l ti nguyn cc b ca mnh. Trong h thng mng khng c my tnh chuyn cung cp dch v v qun l h thng mng. M hnh ny ch ph hp vi mng nh v yu cu bo mt mng khng cao. ng thi m hnh mng ny cc my tnh s dng h iu hnh h tr a ngi dng, lu tr thng tin ngi dng trn cng mt tp tin SAM (Security Accounts Manager) ngay chnh trn my cc b. Mng ny c qu nhiu ti nguyn trong mng v vy ngi dng kh c th xc nh chng khai thc. Qun tr workgroup bao gm vic qun tr CSDL ti khon bo mt trn mi my tnh mt cch ring l, mang tnh cc b, phn tn. iu ny r rng rt phin phc v c th khng th lm c i vi mt mng rt ln. H thng mng c thit k theo m hnh workgroup nn CSDL phn tn, kh qun l Khng c firewall chuyn dng nn d b tn cng DOS, DDOS nh cp d liu Cc phng ban c cng lp mng nn c th truy cp d liu ln nhau. D b mt mt d liu, in n t do. Khng c phn mm antivirus nn d b ly nhim virus qua cc thit b di ng hoc thng qua vic truy cp mng ca nhn vin. H thng mng khng c tnh d phng. Khi router cht th s lm t lit h thng mng. Cc my tnh trong mi trng workgroup l ngang hng vi nhau khng th kim sot c truy cp ca nhn vin, khng c chnh sch an ninh no c p dng nn nhn vin c th chp d liu qua usb hay gi thng tin ra bn ngoi thng qua internet m khng b pht hin. H thng mng ch s dng 1 ng truyn mng, kh m rng m hnh mng.2.2.2 Ri ro mt thng tin Attacker Tn cng vo l hng bo mt: Hacker li dng cc l hng bo mt mng, cc giao thc cng nh cc l hng ca h iu hnh tn cng n cp d liu. V d nh attacker li dng l hng SQL injection ca my ch web tn cng v get c s d liu trong SQL. Tn cng gi mo: y l th on ca k tn cng nhm gi dng mt nhn vt ng tin cy d la v ly cp thng tin, v d nh cc attacker dng email t xng l cc ngn hng hoc t chc hp php thng c gi s lng ln. N yu cu ngi nhn cung cp cc thng tin kh nhy cm nh tn truy cp, mt khu, m ng k hoc s PIN bng cch dn n mt ng link ti mt website nhn c v hp php, iu gip cho tn trm c th thu thp c nhng thng tin ca qu khch tin hnh cc giao dch bt hp php sau . Phn mm c hi, Virut, Worm, Trojans: Attacker s dng cc phn mm c hi, hoc cc loi virut c tim vo cc phn mm trng nh v hi d ngi s dng nhim phi. Chng c th n cp thng tin, ph hoi d liu my tnh... v ly lan qua cc my khc. Tn cng trc tip qua cc kt ni vt l: Bng cch ny hay cch khc k tn cng tm cch tip cn vi mng ni b, chng c th dung mt s cng c nghe ln bt cc gi tin, phn tch chng n cp d liu. V d nh thng tin ti khon ng nhp, chim quyn iu khin ca cc my ly d liu hoc tn cng my ch Tn cng thm d: Attacker gi dng cc cng ty v bn sn phm tin hc hi thm nhn vin v mt s thng tin ca phng server, c bao nhiu thit b, thit b dng hng no, c firewall hay khng t lm c s cho tn cng v nh cp d liu Nhn vin Nhn vin c th gi nhng thng tin mt ca cng ty ra ngoi qua email. Truy cp mng, lt web v tnh click vo nhng link l hay hnh nh c chia s c th b dnh virus ri b nh cp thng tin. S dng cc chng trnh chia s file, up d liu ln mng. S dng laptop c nhn trong cng vic m khng m ha d liu ri v tnh b nh cp. S dng cc thit b di ng chp d liu ra bn ngoi hoc chp d liu v lm vic nhng li mt cc thit b di ng ny. Nhn vin ra ngoi khng log off ti khon hay tt my tnh nhn vin khc chp d liu ca mnh em ra bn ngoi. Ly nhim virus do nhn vin s dng USB cm vo my tnh cng ty Nhn vin tit l thng tin ni b ra bn ngoi trong qu trnh s dng : skype, yahoo, in thoi Nhn vin c th ci phn mm nghe ln vo trong my tnh ca cng ty. In ti liu, photocopy t do khng c qun l tp trung. em ti liu in, copy ra bn ngoi Dng in thoi, camera chp li ti liu ca cng ty.

3. Gii php xut3.1 M hnh tng th Thit k li h thng T s ban u ca cng ty c xy dng vi mi trng Workgroup, khng c firewall chuyn dng cn tn ti nhiu nhc im th cng ty yu cu cn trin khai li h thng mi vi bo mt cao hn. Di y l m hnh tng th c thit k li theo hng gim tht thot d liu v m bo bo mt cao

M hnh tng th

3.1.1 im mnh ca m hnh S dng m hnh mng vi cu trc phn lp ( 3 lp): Lp Core: Gm 2 Router c nhim v cung cp ti u ho v tin cy trong qu trnh truyn tin vi tc rt cao. Lp Core Layer p ng cc vai tr sau: Kim tra Access-list, M ho d liu, Address translation Lp Distribution: Gm 2 Switch layer 3 c vai tr p ng mt s giao tip gip gim ti cho lp Core Layer trong qu trnh truyn thng tin trong mng. Mt chnh sch c th p dng cc dng c th sau: Routing updates, Route summaries, VLAN Lp Access: Lp truy cp ch yu c thit k cung cp cc cng kt ni n tng my trm trn cng mt mng, nn thnh thong n cn c gi l Desktop Layer. Bt c cc d liu no ca cc dch v t xa ( cc VLAN khc, ngoi vo) u c x l lp Phn Phi Mang li s thun tin trong thit k, c th trong trin khai, d dng qun l v gii quyt s c. V cng p ng c yu cu v tnh mm do cho h thng mng. M hnh trn p ng tng i y cc yu cu k thut khi thit k mng nh: Kh nng d phng, sn sng c nh gi rt cao trong m hnh mng ny D phng hai nh cung cp mng. Cc thit b,ng dy u c d phng khi xy ra s c. Hiu sut hot ng ca mng rt n nh: Thit k theo m hnh ba lp nn mi tng c nhim v ring m bo khng tng no b qu ti. S dng router c tnh nng load balancing m bo cn bng ti khi i ra bn ngoi h thng. Kh nng qun tr: M hnh c thit k tp trung: cc truy cp bn trong, cng nh ra bn ngoi u c kim sot bi cc phn mm bo mt c ci trn server cc b. Vng DMZ c thit k tch bit vi Server ni b m bo tnh bo mt. Khch hng c thit k ng dy wifi ring bit trnh cc truy cp tri php vo h thng. Mi phng ban l mt vlan ring m bo cc phng ban khng th truy cp d liu ca nhau v m bo bo mt cho h thng mng Kh nng m rng ca m hnh ny rt linh hot: do cc thit b c backup, kt hp vi tnh mm do ca m hnh 3 lp nn vic m rng m hnh rt d thc hin. M hnh mng c thit k m bo h thng mng thch ng vi cc cng ngh mi trong tng lai. Bo mt: S dng 2 firewall UTM tch hp nhiu tnh nng bo mt tt. Bn trong h thng s dng cc dch v bo mt tt nht hin nay. Cc kt ni t xa c m bo thng qua ng hm VPN.3.1.2 Trin khai thit b H thng s dng 2 nh mng l FPT v Viettel m bo khng b gin on h thng mng H thng tng la c t sau router nhm bo v vng DMZ v vng Server farm c an ton. Tng la y cng ty s dng tng la ca hng Checkpoint vi sn phm UTM-1 130 trin khai mc gateway nhm kim sot tt c lu lng mng ra v vo. Ngoi ra, th h thng cn xy dng thm firewall mm cng ca hng checkpoint vi dng sn phm Endpoint Security trn my Domain Controller nhm kim sot nhn vin truy cp u cui. Vng DMZ s trin khai h thng Web server v Mail server (DOVECOT-POSTFIX). Vng ny s ni trc tip vi Firewall Checkpoint kim sot mi lu lng ra vo nhm m bo an ton cho vng DMZ hn ch tn cng t bn ngoi. Vng Server farm s trin khai h thng File server, Domain Controller, DHCP, DNS v Server backup. Ring my Domain Controller s trin khai winserver 2008 v EndPoint Security ca Checkpoint. Mi phng ban l 1 Vlan ring m bo d liu ca mi phng ba l bo mt. Nhn vin ca phng ban ny khng th truy cp d liu ca phng ban khc. Mi vlan s ni trc tip vi Switch layer2, ri t switch layer 2 s ni trc tip vi Switch layer3 lp Distribution. i vi khch hng v i tc ca cng ty th ch s dng c h thng wifi ca cng ty cp. h thng wifi ny s dng 1 Vlan ring tch bit vi h thng mng dy ca cng ty.

3.2 M hnh chi tit cho Web v Mail Server

M hnh Web Server

Web server c xy dng tch bit vi cc vng khc, c ni trc tip vi 2 Firewall UTM nhm o bo an ton cho web server ny.Vi m hnh ny th web server m bo c tnh sn sng cao.

M hnh cho Mail Server

Mail server c xy dng tch bit vi cc vng khc, c ni trc tip vi 2 Firewall UTM nhm o bo an ton cho mail server ny.Vi m hnh ny th mail server m bo c tnh sn sng cao.

3.3 Gii php cng ngh m bo an ton cho c h thng mng, cng ty s dng sn phm tng la ca hng Checkpoint mc Gateway v Endpoint. Checkpoint l hng lun i u nhiu nm lin trong lnh vc tng la v trong lnh vc VPN. Sau y l mt s chc nng ca dng sn phm ny:3.3.1 Chc nng ca Endpoint Security Full Disk Encryption: Bo m an ninh cc a cng hon ton t ng v n i vi ngi dng cui. Dng c ch xc thc khi ng (Multi-factor pre-boot authentication) nh danh ngi dng. Media Encryption: Cung cp kh nng m ha thit b lu tr a phng tin. Kh nng kim sot Port cho php qun l cc Port thit b u cui, bao gm kh nng truy cp vo hot ng ca Port . Remote Access: Cung cp cho ngi dng truy cp mt cch an ninh v lin lc n mng hay ti nguyn cng ty khi ngi dng di chuyn. Anti-Malware/Program Control: Pht hin v xa b hiu qu malware thit b u cui vi b lc n. Phn mm kim sot chng trnh ch cho php cc chng trnh hp php v c cho php chy trn thit b u cui. WebCheck: Bo v chng li cc mi e da trn nn web mi nht bao gm vic download, tn cng zero-day. a trnh duyt chy trn mi trng o ha an ninh. Firewall/Compliance Check: Bo v bn trong v bn ngoi gip ngn chn malware t nhng h thng b nhim, kha cc cuc tn cng c mc tiu v ngn chn cc lung traffic khng mong mun.

3.3.2 Chc nng ca UTM-1 130 Firewall: Trng la c th thch nht bo v cho hn 200 ng dng, giao thc v dch v vi tnh nng cng ngh kim sot thch ng v thng minh nht. IPsec VPN: Kt ni an ton cho vn phng v ngi dng cui thng qua VPN Site-to-Site c qun l truy cp t xa mm do. IPS: Gii php phng chng xm nhp IPS tch hp hiu nng cao nht vi tm bao ph cc nguy c tt nht Web Security: Bo v tin tin cho ton b mi trng Web c trng bi s bo v mnh nht chng li cc tn cng trn b m. URL Filtering: B lc Web thuc hng tt nht bao ph hn 20 triu URLs, bo v ngi dng v doanh nghip bng cch cm truy cp ti cc trang Web nguy him. Antivirus & Anti-Malware: Bo v dit virus hng u bao gm phn tch virus heuristic, ngn chn virus, su v cc malware khc ti cng. Anti-Spam & Email Security: Bo v a hng cho h tng th tn, ngn chn spam, bo v cc servers v hn ch tn cng qua email. Tch hp squid proxy trn firewall: Kim sot truy cp ca ngi dng,tng tc mng,.3.3.3 Gii php c th chng tht thot d liu ca Checkpoint Email M ha tt c email khi nhn vin gi ra ngoi mng Internet (Dng tnh nng Anti-Spam & Email Security ca UTM-1 130) Chng th rc t bn ngoi gi vo Internet (Dng tnh nng Anti-Spam & Email Security ca UTM-1 130) T chi tt c email c nh km mt s file nh sau: exe, bat, msi, vbx(Dng tnh nng Anti-Spam & Email Security ca UTM-1 130) Chng cc cuc tn cng DOS v Buffer over flow (Dng tnh nng Anti-Spam & Email Security ca UTM-1 130) Web Chn web theo th loi nh streaming media, search engine Hn ch nhn vin s dng web tm kim d liu v xem video hay phim (Dng tnh nng Web Filtering ca UTM-1 130) Chn cc URL m ngi qun tr khng mun nhn vin truy cp vo trong gi lm vic (Dng tnh nng Web Filtering ca UTM-1 130) Bo v an ton truy cp web (Dng tnh nng Antivirus & Anti Malware ca UTM-1 130) File share Cm ti d liu ln mng bng giao thc FTP v cc trang nh mediafire, dropbox, 4share(Dng tnh nng Web Security ca UTM-1 130) M ha tt c d liu chia s khi chp qua cc thit b di ng (Dng tnh nng Media Encryption ca Endpoint Security) Ch truy cp d liu theo quyn hn ca mnh (Cp quyn trong Win server 2008 cho user) Cc thit b Desktop/Laptop Khng c s dng laptop c nhn trong cng ty. M ha cc d liu trn cc a ca Desktop (Dng tnh nng Full Disk Encryption ca Endpoint Security). Trin khai firewall trn my Desktop trong cng ty chng li malware, virus. Hn ch ly nhim virus qua usb (Dng tnh nng Anti-Malware ca Endpoint Security) Lu profile ngi s dng trn server,ngi s dng ch thao tc thng qua mt s thit b nht nh: mn hnh c cm mng,chut,bn phm Thit b di ng M ha tt c cc d liu khi chp vo cc thit b di ng nh USB, CD/DVD (Dng tnh nng Media Encryption ca Endpoint Security) Truy cp t xa (VPN) M ha ng truyn khi truy cp t xa, hn ch b hacker tn cng (Dng tnh nng IPSec VPN) Ngn chn tn cng Vi tnh nng IPS trn UTM-1 130 s ghi nhn li thng tin cc lung d liu i ra v vo mng phn tch s bt thng v cnh bo cho qun tr vin. Thit lp cc rules chng li cc cuc tn cng nh DOS, DDOS, Buffer over flow S dng h thng IDS/IPS theo di,cnh bo,ngn chn.

3.3.4 Gii php backup: Cloud backup ca vinacis Lp lch sao lu: vic sao lu d liu c thc thi hon ton t ng theo lch trnh c nh sn. Khi phc d liu thng qua giao din web: cung cp mt cng qun l trc tuyn cho php ngi dng cui d dng truy cp v ly li d liu c sao lu t bt k u. Tch hp plugin ng dng: Cloud Backup km theo cc plugin tch hp sn vo cc ng dng thng dng nhm n gin ha qui trnh sao lu. H tr sao lu my ch: to bn sao lu cho cc dch v my ch nh MS Exchange, MS SQL, v MySQL M ha 256-bit AES: d liu sao lu lun c Cloud Backup m ha bng c ch 256-bit AES vi kha m ha do bn thit lp nhm trnh vic truy xut tri php. ng truyn SSL: kt ni gia my tnh ca bn v h thng Cloud Backup c bo mt bi knh truyn SSL. SSL m ha mi gi tin c gi i t my tnh ca bn v h thng Cloud Backup. Do , loi tr hon ton nguy c k xu nh cp d liu ca bn trn Internet. Ngoi ra nhng chc nng trn th Checkpoint cn cung cp mt gii php nhm hng n gii php chng tht thot d liu trong cng ty vi tn gi l DLP (Data Loss Prevetion). Gii php ny c trin khai mc gateway trn firewall UTM ca Checkpoint.

3.3.5 Li ch ca gii DLP D dng trin khai v qun l n gin Chnh sch c cu hnh sn cho php phng chng tht thot d liu H tr rt nhiu tp tin v cc kiu d liu S dng cng ngh UserCheck cho php khc phc hu qu trong thi gian thc Kim tra v kim sot d liu ra vo cng ty v gia cc phng ban vi nhau

3.3.6 Tnh nng ca DLP Checkpoint UserCheck: Cng ngh ny cnh bo cho ngi dng vi phm chnh sch ca cng ty v ngi dng phi lp tc khc phc s c. Nu ngi dng c tnh vi phm s c thng tin log c gi v cho nh qun tr.

Bo v thng tin ni b: DLP kim sot ton b thng tin email khi ri khi cng ty. Tt c email khi mun ri khi cng ty th u phi c chuyn n DLP gateway kim tra. M ha ton b d liu khi i qua DLP gateway. DLP s gii m d liu bng public key ca ngi gi kim tra, bo v sau m ha li v gi n cho ngi nhn. Bo v d liu khi gi qua mng nh: SMTP, HTTP, FTP. Fingerprint Sensitive Files: Qut v kim tra kho tp tin nhy cm khi 1 d liu c gi ra bn ngoi. Nu tp tin nhy cm ph hp vi kho d liu th tp tin s c gi li khng cho gi ra bn ngoi.

Trin khai nhanh chng v linh hot: Check Point DLP Software Blades c th c ci t trn bt k Check Point gateway no. Trin khai d dng v nhanh chng, tit kim thi gian v gim chi ph bng cch tn dng c s h tng bo mt hin ti.

4. Xy dng chnh sch4.1 Chnh sch bo mt ca t chc4.1.1 Internal: Chnh sch ni b trong cng ty Xy dng mt ti liu m t ton b h thng mng hin ti ca cng ty. Ti liu m t chi tit cc thit b , cc kt ni gia cc thit b, cc a ch IP trn cc thit b , cu trc mng nm c ci nhn tng qut cho ton h thng mng H thng mng phi c cc chnh sch bo mt thch hp: Cn phi qun l chi tit vic truy cp vo dch v mng ca cc user nh: cc ng dng mng c php s dng, cc trang web c php truy cp, thi gian truy cp, ngn chn download cc nh dng file c th trnh lm gim hiu nng mng. Ngoi ra , phi gim st c hiu sut ca h thng mng ca cng ty , m bo bng thng cho vic s dng quan trng. thc hin c chnh sch trn th mt gii php ti u l s dng h thng UTM (Unified Thread Management) v Endpoint Security m c th y s dng thit b ca hng Checkpoint . Chnh sch m bo an ton cho vng DMZ m c th y l web server v mail server nhm hn ch nhng cuc tn cng t bn ngoi vo nh DOS, DDOS, spam email. Chnh sch m bo an ton cho vng server ni b : Phn chia quyn truy cp vo cc server y rt cn thit vi nguya c t bn trong cng ty cng rt ln, khng ch ch trng vic ngn cn t bn ngoi tn cng vo h thng m vic m bo an ton trong ni b cng rt cn thit. Trong cng ty , cc server ni b nm trong mt vng Vlan ring bit nn ch cn phn quyn cho php nhng ngi dng no c th truy cp vo Vlan ny Sao lu d liu thng xuyn: Sao lu d liu thng c thc hin hng ngy theo mt khung gi c th ph hp v c nh thng nht c d liu backup v restore kp thi khi c s c xy ra Qun l cc file cu hnh ca cc thit b trong mng : cc file cu hnh trn router, switch, access point cn phi c qun l sao lu.

4.1.2 External: Chnh sch cho nhng i tc ti ca cng ty Chnh sch cho khch hng : Cc khch hng khi n cng ty giao dch ch c th s dng mng khng dy m cng ty cung cp. H thng ny nm trong mt VLAN ring bit gi l VLAN khch v ngi dng trong VLAN ny ch c th ra ngoi internet m ko c php truy cp n cc ti nguyn ni b ca cng ty nh cc server , cc my tnh trong mng cng nh cc my in, my fax. Chnh sch cho cc i tc: m bo c qu trnh truyn d liu thng tin trao i giao dch gia cng ty n cc i tc tuyt i an ton, bo mt.

4.2 Chnh sch qun l ti sn Tt c cc nhn vin v c nhn c quyn truy nhp vo h thng my tnh trong cng ty phi tun th cc chnh sch c ra di y nhm bo v h thng my tnh, mng my tnh, s ton vn d liu v an ton thng tin ca cng ty.4.2.1 Trch nhim vi ti sn Danh mc ti sn Ti sn ca cng ty bao gm cc nhm danh mc chnh sau: Server My tnh Cc thit b ph kin: Printer, Photocopy, Fax, IP camera Thit b mng: Router, Switch, Firewall, Access Point Thit b lu tr (USB, Tape) Phn mm phc v h thng v cng vic i vi cc thit b lu tr s c theo di c bit HDD Tape (Cha d liu, backup) Cc a CD/DVD, a mm, usb S hu v s dng ti sn Yu cu cng ty ban hnh mt b chnh sch v vic s ha v s dng ti sn v thng qua , trin khai xung tng phng ban, b phn trong cng ty Cc c nhn lm vic v tr cha thit b c trch nhim bo qun, gim st, bo v cc thit b . Cc c nhn c y quyn s dng cc thit b di ng, lu tr c trch nhim bo qun cc thit b . Khng s dng cc thit b lu tr cc thng tin ni b, nhy cm ca cng ty m khng c s cho php. Di chuyn ti sn: Phi in mu v c xc nhn cp nht vo CSDL S serial Tn V tr hin ti V tr mi Ch s hu

4.2.2 Thng tin Phn loi thng tin: Thng tin bnh thng: L nhng thng tin trao i bnh thng nhn vin, khch hng trang i trn mng (Web, lin lc email, IM., khch hng s dng wifi) Thng tin nhy cm: L thng tin lin quan n hot ng kinh doanh (PR, chm sc khch hng), log file, trao i file, giy t trong ni b cng ty. Thng tin mt: L thng tin lin quan n ti khon mt khu, thng tin v ti chnh, giao dch ca cng ty, backup data. Thng tin tuyt mt: Thng tin v nh hng, chin lc kinh doanh ca cng ty Chnh sch : nh nhn cc thit b lu tr, ti liu trn giy t: Ty nhn ca chng m c lu tr trong nhng khu vc khc nhau, c th phn loi mc theo mu sc Thng tin nhy cm: Do trng phng, nhn vin c y quyn lu tr. Thng tin bo mt: Ph gim c tr ln hoc ngi c y quyn lu tr. Thng tin tuyt mt: Gim c tr hoc ngi c y quyn lu tr. S dng, truy xut cc thit b lu tr: USB, a Mm, CD/DVD, Bng t Thng tin bnh thng: Nhn vin c th ty nghi s dng Thng tin nhay cm: Cn phi c s ng ca cp trn ca nhn vin mi c th s dng hay mang ra ngoi. Thng tin mt: Cn c xc nhn ca Ph Gim c tr ln. Thng tin tuyt mt: Ch c Gim c tr ln mi c th quyt nh. Hy d liu trong cc thit b: USB, a Mm, CD, Bng T, HDD Thng tin bnh thng: Xa bnh thng, khng bt buc phi format. Thng tin nhy cm: Thit b lu tr cn c format li. Thng tin mt: Phi ghi nhiu ln m bo khng th khi phc li. Thng tin mt: Hy c d liu ln thit b.

4.3 Chnh sch qun l con ngi Mi nhn vin trong cng ty s c cp mt ti khon ng nhp vo h thng my tnh ca cng ty. Password ng nhp vo ti khon my tnh ca cng ty phi c phc tp (bao gm ch in hoa, cc k t t bit do cc nhn vin IT cp) v cc nhn vin phi t bo qun khng mt mt, r r. Nu b mt hoc b l phi bo vi nhn vin IT gii quyt. Nu nhn vin khng cn lm vic ti cng ty na th ti khon ca nhn vin s b kha. Tt c thnh vin trong cng ty tuyt i khng c chp d liu ca cng ty em ra ngoi vi mi hnh thc. Nu pht hin th ty vo mc nng nh m s c hnh pht tng xng (k lut, cnh co, sa thi, truy t trch nhim trc php lut). Trng hp mun chp d liu cho khch hng th phi c s ng ca Trng phng tr ln mi c php chp d liu. Mi nhn vin phi c ngha v v trch nhim bo qun cc thit b c cng ty y quyn s dng, nu c vn xy ra phi bo ngay vi b phn IT kp thi x l. Cc nhn vin khng c ci t phn mm khng r ngun gc hoc khng c bn quyn ngoi cc phn mm phc v cng vic c ci sn trn my. Mi nhn vin nghim tc thc hin cc chnh sch ca cng ty a ra nu vi phm phi chu trch nhim (khin trch, tr lng hoc sa thi) Nhn vin kinh doanh lm bn ngoi cng ty c cp laptop tin lm vic bn ngoi. Laptop c ci t cc phn mm bn quyn cn thit phc v cho cng vic (MS office, chng trnh VPN) M ha tt c d liu cng trn my laptop hn ch b nh cp d liu v nhn vin phi chu trch nhim vi d liu ca mnh nu chp cho ngi khc. Phi chu trch nhim bo qun ti sn ca cng ty, ch s dng cho cng vic khng c cho mn hay ci thm phn mm l khng r ngun gc vo my tnh. nh k hng thng em n phng IT bo dng, kim tra qut virus, nng cp phn mm Nhn vin cc phng ban Ch c php s dng my tnh desktop phc v cho cng vic trong gi hnh chnh khng s dng cho cc mc ch khc (nh chat, xem phim). Ch c truy cp vo ti nguyn phng ban ca mnh khng c truy cp ti nguyn m khng c thm quyn. Nhn vin bnh thng ch c log on vo ti khon trong gi hnh chnh, ngoi thi gian lm vic th nhn vin khng th log on vo my tnh c. Nhn vin th vic,thc tp: c p dng ging nh nhn vin cc phng ban, cp user cho php s dng nhng thng tin ca phng ban mnh cng tc, khng c php truy cp nhng thng tin ca cc phng ban khc. Nhn vin ngh vic Khng nn xa Acount lun m ch kha li, khi c ngi vo thay th, ta ch i thng tin li m khng cn mt thi gian t li quyn v cu hnh li t u. Nhn vin qun tr phng IT C trch nhim gim st, theo di hot ng ca cc nhn vin khc trong cng ty s dng my tnh vo cng vic m khng lm chuyn ring. m bo d liu ca cng ty c bo mt trnh tht thot ra ngoi. Khi xy ra s c phi bo co tnh hnh v mc thit hi cho cp trn c bit. Phi khc phc s c vi thi gian nhanh nht c th m bo h thng hot ng thng sut. Chu s qun l v nghim chnh chp hnh yu cu ca cp trn. Qun l cc ti nguyn ca cng ty, chu trch nhim backup d liu ca cng ty theo nh k Nu nhn vin IT ngh lm vic ti cng ty phi thng bo trc vi cp cng ty (theo lut lao ng Vit Nam) v bn giao ton b cng vic hin thi ang lm v cc thit b do mnh qun l cho nhn vin khc c cng chuyn mn hoc cho cp trn.. Ban lnh o gim c C ton quyn quyt nh cc chnh sch an ninh thng tin cho cng ty Khng c truy xut vo d liu, ti nguyn ni b ca cc nhn vin khc ngoi tr nhng trng hp t bit. C trch nhim t bo qun ti nguyn ca cng ty, cc ti liu c nhn trnh xy ra tnh trng tht thot d liu. C trch nhim gim st cc nhn vin cp di Thng pht Thc hin cng tc kim tra, tuyn dng, khen thng Nu vi phm ty theo mc a ra hnh thc x pht v k lut.

4.4 Chnh sch qun l Physical4.4.1 Chnh sch qun l khu vc Mc tiu ca chnh sch Ngn chn cc truy cp tri php v vt l, gy thit hi cho cc thit b. Nhng thit b cha d liu quan trng, nhy cm ca t chc phi c t trong vng bo mt c cc c ch qun l v an ninh, kim sot vic ra vo cc khu vc . Xc nh r nhng nguy c, ri ro c th xy ra t c nhng quy nh c th ph hp. Cc gii php xut c th u tin v qun l theo khu vc th vn u tin l tch bit v khng gian, dnh ring 1 phng t cc thit b quan trng nh server farm, cc thit b t tin. Qun l, gim st vic ra vo ti nhng khu vc ring bit ny. Ch cho php nhng ngi c trch nhim lin quan mi c php vo. Mi ln ra vo phi c ghi chp thi gian, l do (bo tr, sa cha,). Lp t cc camera theo di v cc h thng bo ng trnh vic t nhp tri php. Lp t my qut vn tay kim tra trc khi vo nu thy cn mc bo mt cao hn. Qun l ra vo theo thi gian c th nh trong gi hnh chnh th mi c th vo, ngoi gi hnh chnh, mi hnh vi ra vo nhng khu vc trn phi c s dm st ca ngi i din cao nht trong t chc hoc ngi c y quyn. Bo v khu vc khi nhng nguy c nh chy n, ngp nc. Cc cht d bt la, gy chy n phi cch xa cc khu vc c bo v ny. Cc thit b d phng phi t cch xa nhau trnh h hng hng lot khi xy ra s c. Trong cc khu vc cn c cc h thng bo chy, bnh cu ha, sensor. V trong cng ty phn r cc phng ban nn vic nhn vin thuc phng ban ny vo phng ban kia l khng cn thit. Vic qun l v khu vc l ht sc cn thit, trnh c cc nguy c gy tn hi n ti sn, ti nguyn ca cng ty nn chnh sch p dng cho vn ny phi mc cao, c th nu nhn vin vi phm c th b k lut.

4.5 Chnh sch qun l truy cp Mc tiu ca chnh sch Kim sot thng tin truy cp. m bo ngi truy cp c quyn, trnh truy cp tri php. p t trch nhim cho ngi dng vi cc ti khon truy cp trnh vic mt mt thng tin. Ngn chn s dng tri php cc dch v mng t bn trong ln bn ngoi cng ty Kim sot truy cp tri php vo h iu hnh. Thit lp cc quyn c php cho ngi dng trn cc ng dng. m bo an ton khi truy cp t xa qua cc thit b di ng. Gii php c th Quy nh r quy tc kim sot truy cp v quyn cho tng ngi v tng nhm. To cc chnh sch cho cc user v OU trong domain theo tng phng ban c th. Qua a ra cc mc cnh co i vi cc user c tnh sai quy nh. Xc nh quyn c th trn file server cho cc phng ban thng qua NTFS permission. Quy nh phng ban ny khng c php truy cp vo ti nguyn, ti liu ca phng ban khc. iu ny tim n nguy c v nh cp thng tin nn phi c mc cnh co ph hp. Cp ID cho nhn vin khi mi vo lm v xc nh r cc quyn m user c php lm v quy trch nhim v cc hnh ng ca user gy ra. Cp quyn ph hp vi user da vo v tr ca nhn vin trong cng ty, phng ban lm vic, v nhu cu ca cng vic , v mc bo mt ca t chc. C vn bn k kt gia nhn vin c cp ID vi t chc v vic hiu r cc quyn m ID c php. Khi cc ID c to ra m bo n b cm trc khi c k kt cc iu khon vi ngi dng. Yu cu thay i mt khu ngay ln u truy cp ca ID m bo trch nhim thuc v ngi s dng ID ch khng phi l ngi qun tr to ra ID . Trnh ti s dng mt khu c bng cch p t thuc tnh trong DC controller. Yu cu user thay i mt khu ngay khi ngi qun tr pht hin c nguy c b l mt khu. S dng h thng c tch hp Single sign on (Checkpoint) trnh user ng nhp nhiu ln bo v cho mt khu c an ton. Quy nh s ln ti a ng nhp sai cho cc user l 3 ln, nu qu 3 ln th user s b kha trong 30 pht v ghi li hot ng ny theo di. Hin th thi im v my tnh ng nhp ln trc ngi dng kim tra cc hot ng ca ID ny. Thit lp c ch m ha knh truyn bng IPSec policy tng tnh bo mt thng tin. Khi ngi dng cc ID thay i v tr cng tc, cn thay i ngay lp tc cc quyn ph hp vi cng vic hin ti. Kim tra m bo ch cung cp cc ID cn thit cho mi nhn vin. p t cc user no ch c php truy cp t my no, v theo di hot ng ng nhp ny da vo audit logon. Theo di v gi ng nhp h thng ca user ngn chn nhng truy cp khng cn thit ngoi gi hnh chnh. C c ch log off sau 5 pht user khng hot ng hoc ph hp hn trnh khi vic s dng tri php user khc trn h thng. Tt cc port khng s dng trnh s t nhp tri php. Xy dng h thng chng thc v cp cho ngi dng v cc i tc c nhu cu trao i t xa v gia cc chi nhnh trnh vic gi mo. Khi user gi nhn mail yu cu phi c m ha v s dng ch k s c cp v attach file khng qu 4MB. Cu hnh nh tuyn trn router m bo cho lung thng tin khng vi phm vo cc chnh sch. Quy nh r nhng user no c php truy cp t xa nh gim c, qun tr vin.

4.6 Qun l thit b in n v thit b ngoi vi Mc tiu chnh sch Kim sot c vic s dng cc thit b ngoi vi Hn ch vic in, photo ti liu t do Gii php c th S dng in n tp trung, ch cho php in n qua mng. Mi nhn vin mun in ti liu phi log on bng ti khon c cp v tin hnh in n. Khng s dng my in, photo cho mc ich khc ngoi tr cng vic. Cm s dng cc thit b di ng nh: USB, CD/DVD, a mm bng cch to chnh sch trong Group Policy v Checkpoint. Nhng trng hp mun s dng cc thit b ny phi c s cho php ca trng phng v phi m ha ton b d liu khi copy. Cm nhn vin khng c em my nh, my quay camera v cc thit b ghi m, ghi hnh khc vo cng ty. Nu b pht hin th ty trng hp nng nh m cng ty s c hnh thc x pht (khin trch, cnh co, tr lng, buc thi vic)

4.7 Qun l thng tin c nhn v qun l nhn s Mc tiu chnh sch Qun l thng tin c nhn ca nhn vin: tiu s, gia nh, quan h x hi Gii php c th Mi nhn vin u c trch nhim bo mt thng tin cc nhn ca mnh. Phng nhn s c trch nhim qun l thng tin c nhn ca nhn vin, mi s sai st s do phng nhn s chu trch nhim Khng c php bn hay gi thng tin ca nhn vin ra bn ngoi vi mi hnh thc. i vi cc thng tin nhy cm nh: tiu s, gia nh, mi quan h x hi th phng nhn s khng c php cung cp thng tin ny cho i tc, bn thng tin ra bn ngoi. Nhn vin c trch nhim cung cp thng tin mi nht v ni , s in thoi cho phng nhn s khi c s thay i mi. Ty mc vi pham m cng ty s c hnh thc x pht.

5. Ti liu tham khohttp://www.checkpoint.com/products/index.html#gatewayshttp://www.checkpoint.com/products/index.html#endpointhttp://www.checkpoint.com/products/dlp-software-blade/index.htmlhttp://www.spector360.com/Resources/OnlineDemos/index.htmlhttp://supportcontent.checkpoint.com/documentation_download?ID=22912File Chng 08 - Chun ISO 27001 & ISO 27002