259
Page | 1 Copyright by Tocbatdat TOCBATDAT SECURITY TOÀN TẬ P Security toàn tập Version 1.2 2012

An ninh bao mat mang [full]

Embed Size (px)

Citation preview

  1. 1. Page | 1 Copyright by Tocbatdat T O C B A T D A T S E C U R I T Y T O N T P Security ton tp Version 1.2 2012
  2. 2. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 2 Copyright by Tocbatdat BNG THEO DI THAY I Phin bn Ngy cp nht Ngi cp nht Ch thch 1 7/2012 Hong Tun t First Release
  3. 3. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 3 Copyright by Tocbatdat Mc lc ti liu I. MC CH V PHM VI TI LIU .............................................................................................9 1. Mc ch ca ti liu.........................................................................................................9 2. Phm vi ti liu..................................................................................................................9 II. TNG QUAN V AN NINH MNG (SECURITY OVERVIEW)..............................................10 1. Khi nim c bn v an ton thng tin (security). .......................................................11 2. H thng mng c bn ....................................................................................................11 a. M hnh mng OSI......................................................................................................................11 b. M hnh mng TCP/IP................................................................................................................17 c. So snh m hnh TCP/IP v OSI.................................................................................................19 d. Cu to gi tin IP, TCP,UDP, ICMP ..........................................................................................19 e. Mt s Port thng s dng........................................................................................................22 f. S dng cng c Sniffer phn tch gi tin IP, ICMP, UDP, TCP. .........................................22 g. Phn tch tng gi tin v ton phin kt ni................................................................................22 3. Khi nim v iu khin truy cp (Access Controls)...................................................23 a. Access Control Systems..............................................................................................................23 b. Nguyn tc thit lp Access Control...........................................................................................24 c. Cc dng Access Controls...........................................................................................................24 4. Khi nim v Authentications........................................................................................27 a. Nhng yu t nhn dng v xc thc ngi dng..................................................................27 b. Cc phng thc xc thc ..........................................................................................................27 5. Authorization...................................................................................................................31 a. C bn v Authorization.............................................................................................................31 b. Cc phng thc Authorization..................................................................................................31 6. Khi nim v Accounting................................................................................................33 7. Tam gic bo mt CIA....................................................................................................34 a. Confidentiality ............................................................................................................................34 b. Integrity.......................................................................................................................................35 c. Availability .................................................................................................................................35 8. Mt m hc c bn..........................................................................................................36 a. Khi nim c bn v mt m hc................................................................................................36 b. Hm bm Hash.........................................................................................................................36 c. M ha i xng Symmetric....................................................................................................37 d. M ha bt i xng Assymmetric..........................................................................................37 e. Tng quan v h thng PKI ........................................................................................................39 f. Thc hnh m ha v gii m vi cng c Cryptography tools..................................................42
  4. 4. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 4 Copyright by Tocbatdat 9. Khi nim c bn v tn cng mng..................................................................................42 a. bc c bn ca mt cuc tn cng............................................................................................42 b. Mt s khi nim v bo mt......................................................................................................44 c. Cc phng thc tn cng c bn...............................................................................................44 d. ch ca cc dng tn cng.........................................................................................................45 III. INFRASTRUCTURE SECURITY (AN NINH H TNG). ........................................................47 1. Cc gii php v l trnh xy dng bo mt h tng mng ........................................48 3. Thit k m hnh mng an ton .....................................................................................50 4. Router v Switch .............................................................................................................51 a. Chc nng ca Router.....................................................................................................................51 b. Chc nng ca Switch.....................................................................................................................52 c. Bo mt trn Switch........................................................................................................................52 d. Bo mt trn Router........................................................................................................................52 e. Thit lp bo mt cho Router..........................................................................................................53 5. Firewall v Proxy ............................................................................................................58 a. Khi nim Firewall .....................................................................................................................58 b. Chc nng ca Firewall ..............................................................................................................58 c. Nguyn l hot ng ca Firewall ..............................................................................................59 d. Cc loi Firewall.........................................................................................................................60 e. Thit k Firewall trong m hnh mng........................................................................................61 6. Cu hnh firewall IPtable trn Linux............................................................................64 7. Ci t v cu hnh SQUID lm Proxy Server.............................................................68 a. Linux SQUID Proxy Server:.......................................................................................................68 b. Ci t:........................................................................................................................................68 c. Cu hnh Squid:...........................................................................................................................70 d. Khi ng Squid:........................................................................................................................72 8. Trin khai VPN trn nn tng OpenVPN .....................................................................74 a. Tng quan v OpenVPN.............................................................................................................74 b. Trin khai OpenVPN vi SSL trn mi trng Ubuntu linux....................................................75 9. ng dng VPN bo v h thng Wifi ............................................................................82 a. Cc phng thc bo mt Wifi...................................................................................................82 b. Thit lp cu hnh trn thit b Access Point v VPN Server 2003 ............................................83 c. To kt ni VPN t cc thit b truy cp qua Wifi......................................................................95 10. H thng pht hin v ngn chn truy cp bt hp php IDS/IPS ..........................100 a. Nguyn l phn tch gi tin.......................................................................................................100 a. Ci t v cu hnh Snort lm IDS/IPS.....................................................................................104
  5. 5. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 5 Copyright by Tocbatdat 11. Ci t v cu hnh Sourcefire IPS .............................................................................111 a. Tnh nng ca h thng IPS Sourcefire ....................................................................................111 b. M hnh trin khai in hnh h thng IDS/IPS........................................................................113 c. Nguyn l hot ng ca h thng IDS/IPS Sourcefire............................................................114 d. Thit lp cc thng s qun tr cho cc thit b Sourcefire .......................................................117 e. Upgrade cho cc thit b Sourcefire..........................................................................................118 f. Cu hnh cc thit lp h thng (System settings) ....................................................................118 g. Thit lp qun tr tp trung cho cc thit b Sourcefire.............................................................122 h. Cu hnh Interface Sets v Detection Engine............................................................................124 i. Qun tr v thit lp chnh sch cho IPS ...................................................................................127 j. Phn tch Event v IPS..............................................................................................................143 12. Endpoint Security..........................................................................................................147 a. Gii php Kaspersky Open Space Security (KOSS).................................................................147 b. Tnh nng ca gi Kaspersky Endpoint Security......................................................................148 c. Lab ci t KSC v Endpoint Security cho my trm ..............................................................149 13. Data Loss Prevent..........................................................................................................149 14. Network Access Control ...............................................................................................151 15. Bo mt h iu hnh ...................................................................................................154 a. Bo mt cho h iu hnh Windows.........................................................................................154 b. Lab: S dng Ipsec Policy bo v mt s ng dng trn Windows.....................................156 c. Bo v cho h iu hnh Linux.................................................................................................156 16. Chnh sch an ninh mng.............................................................................................159 a. Yu cu xy dng chnh sch an ninh mng.............................................................................159 b. Quy trnh tng quan xy dng chnh sch tng quan: ..............................................................159 c. H thng ISMS .........................................................................................................................160 d. ISO 27000 Series ......................................................................................................................161 IV. AN TON NG DNG .................................................................................................................164 1. Bo mt cho ng dng DNS .........................................................................................164 a. S dng DNS Forwarder...........................................................................................................164 b. S dng my ch DNS lu tr..................................................................................................165 c. S dng DNS Advertiser ..........................................................................................................165 d. S dng DNS Resolver.............................................................................................................166 e. Bo v b nh m DNS ..........................................................................................................166 f. Bo mt kt ni bng DDNS.....................................................................................................166 g. Ngng chy Zone Transfer .......................................................................................................167
  6. 6. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 6 Copyright by Tocbatdat h. S dng Firewall kim sot truy cp DNS....................................................................................167 i. Ci t kim sot truy cp vo Registry ca DNS.........................................................................167 j. Ci t kim sot truy cp vo file h thng DNS.........................................................................168 2. Bo mt cho ng dng Web .........................................................................................168 a. Gii thiu.....................................................................................................................................168 b. Cc l hng trn dch v Web...................................................................................................168 c. Khai thc l hng bo mt tng h iu hnh v bo mt cho my ch Web......................169 d. Khai thc l hng trn Web Service.........................................................................................171 e. Khai thc l hng DoS trn Apache 2.0.x-2.0.64 v 2.2.x 2.2.19 .....................................173 f. Khai thc l hng trn Web Application ..................................................................................173 3. An ton dch v Mail Server ........................................................................................175 a. Gii thiu tng quan v SMTP, POP, IMAP ................................................................................175 b. Cc nguy c b tn cng khi s dng Email......................................................................................................185 4. Bo mt truy cp t xa .................................................................................................187 5. L hng bo mt Buffer overflow v cch phng chng ...........................................187 a. L thuyt...................................................................................................................................187 b. M t k thut ..........................................................................................................................188 c. V d c bn .............................................................................................................................188 d. Trn b nh m trn stack .....................................................................................................188 e. M ngun v d ........................................................................................................................189 f. Khai thc...................................................................................................................................190 g. Chng trn b m...................................................................................................................191 h. Thc hnh:................................................................................................................................194 V. AN TON D LIU ......................................................................................................................194 1. An ton c s d liu..........................................................................................................194 a. S vi phm an ton c s d liu.............................................................................................195 b. Cc mc an ton c s d liu............................................................................................195 c. Nhng quyn hn khi s dng h c s d liu. .......................................................................196 d. Khung nhn mt c ch bo v................................................................................................197 e. Cp php cc quyn truy nhp..................................................................................................198 f. Kim tra du vt........................................................................................................................201 2. Gim st thng k c s d liu ........................................................................................201 3. Phng thc an ton c s d liu....................................................................................208 VI. CC CNG C NH GI V PHN TCH MNG.............................................................212 1. K nng Scan Open Port ..............................................................................................212 a. Nguyn tc truyn thng tin TCP/IP .............................................................................................212
  7. 7. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 7 Copyright by Tocbatdat b. Nguyn tc Scan Port trn mt h thng......................................................................................214 c. Scan Port vi Nmap. .....................................................................................................................216 2. Scan l hng bo mt trn OS......................................................................................219 a. S dng Nmap Scan l hng bo mt ca OS .....................................................................219 b. S dng Nessus Scan l hng bo mt ca OS....................................................................220 c. S dng GFI Scan l hng bo mt ca OS.........................................................................228 3. Scan l hng bo mt trn Web...................................................................................231 a. S dng Acunetix scan l hng bo mt trn Web ..............................................................232 b. Lab S dng IBM App Scan Scan l hng bo mt trn Web.............................................234 4. K thut phn tch gi tin v nghe nn trn mng.....................................................234 a. Bn cht ca Sniffer..................................................................................................................234 b. M hnh phn tch d liu chuyn nghip cho doanh nghip ...................................................235 c. Mi trng Hub ........................................................................................................................236 d. K thut Sniffer trong mi trng Switch ................................................................................236 e. M hnh Sniffer s dng cng c h tr ARP Attack...............................................................239 5. Cng c khai thc l hng Metasploit.........................................................................240 a. Gii thiu tng quan v cng c Metasploit .............................................................................240 b. S dng Metasploit Farmwork .................................................................................................242 c. Kt lun.....................................................................................................................................248 6. S dng Wireshark v Colasoft phn tch gi tin.................................................248 d. S dng Wireshark phn tch gi tin v traffic ca h thng mng .....................................248 e. S dng Colasoft phn tch traffic ca h thng mng ........................................................252 VII. KT LUN......................................................................................................................................259
  8. 8. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 8 Copyright by Tocbatdat Bng cc thut ng s dng trong ti liu STT Thut ng Vit y Mt vi thng tin 1 ATTT An ton thng tin 2 Security Bo Mt 3 4 5 6 7 8 9 10 11 12 13 14 15
  9. 9. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 9 Copyright by Tocbatdat I. MC CH V PHM VI TI LIU 1. Mc ch ca ti liu L ti liu o to v An ton thng tin cho cc cn b vn hnh v qun tr mng ca ABC.Cung cp y cho hc vin cc khi nim, m hnh h thng, cu hnh trin khai cc gii php, qun l ri ro v nhiu kin thc khc v An ton thng tin. 2. Phm vi ti liu L ti liu c vit ring cho kha hc An ton thng tin cho cc cn b ca ABC
  10. 10. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 10 Copyright by Tocbatdat II. TNG QUAN V AN NINH MNG (SECURITY OVERVIEW) 1. Khi nim c bn v an ton thng tin (security). 2. H thng mng c bn 3. Khi nim v iu khin truy cp (Access Controls). 4. Khi nim v Authentications 5. Authorization 6. Khi nim v Accounting 7. Tam gic bo mt CIA 8. Mt m hc c bn 9. Khi nim c bn v tn cng mng
  11. 11. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 11 Copyright by Tocbatdat 1. Khi nim c bn v an ton thng tin (security). Mt s t chc ln trn th gii a ra cc khi nim v Security Bo Mt hay An ton thng tin nh sau: - Bo mt hay an ton thng tin l mc bo v thng tin trc cc mi e ra v thng tn l, thng tin khng cn ton vn v thng tin khng sn sng. - Bo mt hay an ton thng tin l mc bo v chng li cc nguy c v mt an ton thng tin nh nguy him, thit hi, mt mt v cc ti phm khc. Bo mt nh l hnh thc v mc bo v thng tin bao gm cu trc v qu trnh x l nng cao bo mt. - T chc Institute for Security and Open Methodologies nh ngha Security l hnh thc bo v, ni tch bit gia ti nguyn v nhng mi e ra. 2. H thng mng c bn a. M hnh mng OSI Khi mt ng dng hay mt dch v hot ng phc v cc nhu cu trao i thng tin ca ngi dng, h thng mng s hot ng vic trao i thng tin c din ra vi nhng quy tc ring. Khi nhn vo si dy mng hay cc thit b khng dy con ngi s khng th hiu c nhng nguyn tc truyn thng tin . d dng hiu cc nguyn tc, nguyn l phc ph qu trnh nghin cu, pht trin ng dng cng nh khc phc s c mng t chc tiu chun th gii dng m hnh OSI nh l mt tiu chun ISO. M hnh OSI (Open Systems Interconnection Reference Model, vit ngn l OSI Model hoc OSI Reference Model) - tm dch l M hnh tham chiu kt ni cc h thng m - l mt thit k da vo nguyn l tng cp, l gii mt cch tru tng k thut kt ni truyn thng gia cc my vi tnh v thit k giao thc mng gia chng. M hnh ny c pht trin thnh mt phn trong k hoch Kt ni cc h thng m (Open Systems Interconnection) do ISO v IUT-T khi xng. N cn c gi l M hnh by tng ca OSI. (Ngun Wikipedia).
  12. 12. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 12 Copyright by Tocbatdat Mc ch ca m hnh OSI: M hnh OSI phn chia chc nng ca mt giao thc ra thnh mt chui cc tng cp. Mi mt tng cp c mt c tnh l n ch s dng chc nng ca tng di n, ng thi ch cho php tng trn s dng cc chc nng ca mnh. Mt h thng ci t cc giao thc bao gm mt chui cc tng ni trn c gi l "chng giao thc" (protocol stack). Chng giao thc c th c ci t trn phn cng, hoc phn mm, hoc l t hp ca c hai. Thng thng th ch c nhng tng thp hn l c ci t trong phn cng, cn nhng tng khc c ci t trong phn mm. M hnh OSI ny ch c ngnh cng nghip mng v cng ngh thng tin tn trng mt cch tng i. Tnh nng chnh ca n l quy nh v giao din gia cc tng cp, tc qui nh c t v phng php cc tng lin lc vi nhau. iu ny c ngha l cho d cc tng cp c son tho v thit k bi cc nh sn xut, hoc cng ty, khc nhau nhng khi c lp rp li, chng s lm vic mt cch dung ha (vi gi thit l cc c t c thu o mt cch ng n). Trong cng ng TCP/IP, cc c t ny thng c bit n vi ci tn RFC (Requests for Comments, dch st l " ngh duyt tho v bnh lun"). Trong cng ng OSI, chng l cc tiu chun ISO (ISO standards). Thng th nhng phn thc thi ca giao thc s c sp xp theo tng cp, tng t nh c t ca giao thc ra, song bn cnh , c nhng trng hp ngoi l, cn c gi l "ng ct ngn" (fast path). Trong kin to "ng ct ngn", cc giao dch thng dng nht, m h thng cho php, c ci t nh mt thnh phn n, trong tnh nng ca nhiu tng c gp li lm mt. Vic phn chia hp l cc chc nng ca giao thc khin vic suy xt v chc nng v hot ng ca cc chng giao thc d dng hn, t to iu kin cho vic thit k cc chng giao thc t m, chi tit, song c tin cy cao. Mi tng cp thi hnh v cung cp cc dch v cho tng ngay trn n, ng thi i hi dch v ca tng ngay di n. Nh ni trn, mt thc thi bao gm nhiu tng cp trong m hnh OSI, thng c gi l mt "chng giao thc" (v d nh chng giao thc TCP/IP). M hnh tham chiu OSI l mt cu trc ph h c 7 tng, n xc nh cc yu cu cho s giao tip gia hai my tnh. M hnh ny c nh ngha bi T chc tiu chun ho quc t (International Organization for Standardization) trong tiu chun s 7498-1
  13. 13. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 13 Copyright by Tocbatdat (ISO standard 7498-1). Mc ch ca m hnh l cho php s tng giao (interoperability) gia cc h my (platform) a dng c cung cp bi cc nh sn xut khc nhau. M hnh cho php tt c cc thnh phn ca mng hot ng ha ng, bt k thnh phn y do ai to dng. Vo nhng nm cui thp nin 1980, ISO tin c vic thc thi m hnh OSI nh mt tiu chun mng. Ti thi im , TCP/IP c s dng ph bin trong nhiu nm. TCP/IP l nn tng ca ARPANET, v cc mng khc - l nhng ci c tin ha v tr thnh Internet. (Xin xem thm RFC 871 bit c s khc bit ch yu gia TCP/IP v ARPANET.) Hin nay ch c mt phn ca m hnh OSI c s dng. Nhiu ngi tin rng i b phn cc c t ca OSI qu phc tp v vic ci t y cc chc nng ca n s i hi mt lng thi gian qu di, cho d c nhiu ngi nhit tnh ng h m hnh OSI i chng na. Chi tit cc tng ca m hnh OSI: Tng 1: Tng vt l: Tng vt l nh ngha tt c cc c t v in v vt l cho cc thit b. Trong bao gm b tr ca cc chn cm (pin), cc hiu in th, v cc c t v cp ni (cable). Cc thit b tng vt l bao gm Hub, b lp (repeater), thit b tip hp mng (network adapter) v thit b tip hp knh my ch (Host Bus Adapter)- (HBA dng trong mng lu tr (Storage Area Network)). Chc nng v dch v cn bn c thc hin bi tng vt l bao gm: Thit lp hoc ngt mch kt ni in
  14. 14. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 14 Copyright by Tocbatdat (electrical connection) vi mt [[mi trng truyn dnphng tintruyn thng (transmission medium). Tham gia vo quy trnh m trong cc ti nguyn truyn thng c chia s hiu qu gia nhiu ngi dng. Chng hn gii quyt tranh chp ti nguyn (contention) v iu khin lu lng. iu bin (modulation), hoc bin i gia biu din d liu s (digital data) ca cc thit b ngi dng v cc tn hiu tng ng c truyn qua knh truyn thng (communication channel). Cp (bus) SCSI song song hot ng tng cp ny. Nhiu tiu chun khc nhau ca Ethernet dnh cho tng vt l cng nm trong tng ny; Ethernet nhp tng vt l vi tng lin kt d liu vo lm mt. iu tng t cng xy ra i vi cc mng cc b nh Token ring, FDDI v IEEE 802.11.]] Tng 2: Tng lin kt d liu (Data Link Layer) Tng lin kt d liu cung cp cc phng tin c tnh chc nng v quy trnh truyn d liu gia cc thc th mng, pht hin v c th sa cha cc li trong tng vt l nu c. Cch nh a ch mang tnh vt l, ngha l a ch (a ch MAC) c m ha cng vo trong cc th mng (network card) khi chng c sn xut. H thng xc nh a ch ny khng c ng cp (flat scheme). Ch : V d in hnh nht l Ethernet. Nhng v d khc v cc giao thc lin kt d liu (data link protocol) l cc giao thc HDLC; ADCCP dnh cho cc mng im-ti-im hoc mng chuyn mch gi (packet-switched networks) v giao thc Aloha cho cc mng cc b. Trong cc mng cc b theo tiu chun IEEE 802, v mt s mng theo tiu chun khc, chng hn FDDI, tng lin kt d liu c th c chia ra thnh 2 tng con: tng MAC (Media Access Control - iu khin Truy nhp ng truyn) v tng LLC (Logical Link Control - iu khin Lin kt Lgic) theo tiu chun IEEE 802.2. Tng lin kt d liu chnh l ni cc cu ni (bridge) v cc thit b chuyn mch (switches) hot ng. Kt ni ch c cung cp gia cc nt mng c ni vi nhau trong ni b mng. Tuy nhin, c lp lun kh hp l cho rng thc ra cc thit b ny thuc v tng 2,5 ch khng hon ton thuc v tng 2.
  15. 15. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 15 Copyright by Tocbatdat Tng 3: Tng mng (Network Layer) Tng mng cung cp cc chc nng v qui trnh cho vic truyn cc chui d liu c di a dng, t mt ngun ti mt ch, thng qua mt hoc nhiu mng, trong khi vn duy tr cht lng dch v (quality of service) m tng giao vn yu cu. Tng mng thc hin chc nng nh tuyn, .Cc thit b nh tuyn (router) hot ng ti tng ny gi d liu ra khp mng m rng, lm cho lin mng tr nn kh thi (cn c thit b chuyn mch (switch) tng 3, cn gi l chuyn mch IP). y l mt h thng nh v a ch lgic (logical addressing scheme) cc gi tr c chn bi k s mng. H thng ny c cu trc ph h. V d in hnh ca giao thc tng 3 l giao thc IP. Tng 4: Tng giao vn (Transport Layer) Tng giao vn cung cp dch v chuyn dng chuyn d liu gia cc ngi dng ti u cui, nh cc tng trn khng phi quan tm n vic cung cp dch v truyn d liu ng tin cy v hiu qu. Tng giao vn kim sot tin cy ca mt kt ni c cho trc. Mt s giao thc c nh hng trng thi v kt ni (state and connection orientated). C ngha l tng giao vn c th theo di cc gi tin v truyn li cc gi b tht bi. Mt v d in hnh ca giao thc tng 4 l TCP. Tng ny l ni cc thng ip c chuyn sang thnh cc gi tin TCP hoc UDP. tng 4 a ch c nh l address ports, thng qua address ports phn bit c ng dng trao i. Tng 5: Tng phin (Session layer) Tng phin kim sot cc (phin) hi thoi gia cc my tnh. Tng ny thit lp, qun l v kt thc cc kt ni gia trnh ng dng a phng v trnh ng dng xa. Tng ny cn h tr hot ng song cng (duplex) hoc bn song cng (half-duplex) hoc n cng (Single) v thit lp cc qui trnh nh du im hon thnh (checkpointing) - gip vic phc hi truyn thng nhanh hn khi c li xy ra, v im hon thnh c nh du - tr hon (adjournment), kt thc (termination) v khi ng li (restart). M hnh OSI u nhim cho tng ny trch nhim "ngt mch nh nhng" (graceful close) cc phin giao dch (mt tnh cht ca giao thc kim sot giao vn TCP) v trch nhim kim tra v phc hi phin, y l phn thng khng c dng n trong b giao thc TCP/IP.
  16. 16. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 16 Copyright by Tocbatdat Tng 6: Tng trnh din (Presentation layer) Lp trnh din hot ng nh tng d liu trn mng. lp ny trn my tnh truyn d liu lm nhim v dch d liu c gi t tng Application sang dng Fomat chung. V ti my tnh nhn, lp ny li chuyn t Fomat chung sang nh dng ca tng Application. Lp th hin thc hin cc chc nng sau: - Dch cc m k t t ASCII sang EBCDIC. - Chuyn i d liu, v d t s interger sang s du phy ng. - Nn d liu gim lng d liu truyn trn mng. - M ho v gii m d liu m bo s bo mt trn mng. Tng 7: Tng ng dng (Application layer) Tng ng dng l tng gn vi ngi s dng nht. N cung cp phng tin cho ngi dng truy nhp cc thng tin v d liu trn mng thng qua chng trnh ng dng. Tng ny l giao din chnh ngi dng tng tc vi chng trnh ng dng, v qua vi mng. Mt s v d v cc ng dng trong tng ny bao gm Telnet, Giao thc truyn tp tin FTP v Giao thc truyn th in t SMTP, HTTP, X.400 Mail remote M hnh m t d hiu m hnh OSI vi cc hnh thc trao i thng tin thc t:
  17. 17. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 17 Copyright by Tocbatdat b. M hnh mng TCP/IP TCP/IP (ting Anh: Internet protocol suite hoc IP suite hoc TCP/IP protocol suite - b giao thc lin mng), l mt b cc giao thc truyn thng ci t chng giao thc m Internet v hu ht cc mng my tnh thng mi ang chy trn . B giao thc ny c t tn theo hai giao thc chnh ca n l TCP (Giao thc iu khin Giao vn) v IP (Giao thc Lin mng). Chng cng l hai giao thc u tin c nh ngha. Nh nhiu b giao thc khc, b giao thc TCP/IP c th c coi l mt tp hp cc tng, mi tng gii quyt mt tp cc vn c lin quan n vic truyn d liu, v cung cp cho cc giao thc tng cp trn mt dch v c nh ngha r rng da trn vic s dng cc dch v ca cc tng thp hn. V mt lgic, cc tng trn gn vi ngi dng hn v lm vic vi d liu tru tng hn, chng da vo cc giao thc tng cp di bin i d liu thnh cc dng m cui cng c th c truyn i mt cch vt l.
  18. 18. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 18 Copyright by Tocbatdat M hnh OSI miu t mt tp c nh gm 7 tng m mt s nh sn xut la chn v n c th c so snh tng i vi b giao thc TCP/IP. S so snh ny c th gy nhm ln hoc mang li s hiu bit su hn v b giao thc TCP/IP. Tng ng dng: Gm cc ng dng: DNS, TFTP, TLS/SSL, FTP, HTTP, IMAP, IRC, NNTP, POP3, SIP, SMTP, SNMP, SSH, TELNET, ECHO, BitTorrent, RTP, PNRP, rlogin, ENRP, Cc giao thc nh tuyn nh BGP v RIP, v mt s l do, chy trn TCP v UDP - theo th t tng cp: BGP dng TCP, RIP dng UDP - cn c th c coi l mt phn ca tng ng dng hoc tng mng. Tng giao vn: Gm cc giao thc:TCP, UDP, DCCP, SCTP, IL, RUDP, Cc giao thc nh tuyn nh OSPF (tuyn ngn nht c chn u tin), chy trn IP, cng c th c coi l mt phn ca tng giao vn, hoc tng mng. ICMP (Internet control message protocol| - tm dch l Giao thc iu khin thng ip Internet) v IGMP (Internet group management protocol - tm dch l Giao thc qun l nhm Internet) chy trn IP, c th c coi l mt phn ca tng mng. Tng mng: Giao thc: IP (IPv4, IPv6) ARP (Address Resolution Protocol| - tm dch l Giao thc tm a ch) v RARP (Reverse Address Resolution Protocol - tm dch l Giao thc tm a ch ngc li) hot ng bn di IP nhng trn tng lin kt (link layer), vy c th ni l n nm khong trung gian gia hai tng.
  19. 19. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 19 Copyright by Tocbatdat Tng lin kt: Gm cc giao thc: Ethernet, Wi-Fi, Token ring, PPP, SLIP, FDDI, ATM, Frame Relay, SMDS, c. So snh m hnh TCP/IP v OSI M hnh n gin hn m hnh OSI vn th hin c qu trnh giao tip trn mng. M hnh TCP/IP c chia lm 4 Layer OSI Model TCP/IP Model 7. Application 4. Application 6. Presentation 5. Session 4. Transport 3. Transport 3. Network 2. Internet 2. Data Link 1. Network Access 1. Physical d. Cu to gi tin IP, TCP,UDP, ICMP phc v cng tc nghin cu v Security cn phi hiu r cu to gi tin cc layer c th hiu v phn tch gi tin. M hnh ng gi thng tin cc Layer ca m hnh TCP/IP
  20. 20. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 20 Copyright by Tocbatdat Cu to gi tin IPv4 y l cu to ca gi tin IPv4, gm phn Header v data. Header bao gm 160 hoc 192 bits phn cn li l Data. Phn a ch l 32bits Cu to gi tin IPv6: Gi tin IPv6 cng gm hai phn l Hearder v Data. Phn Header ca gi tin bao gm 40 octec (320bits), trong a ch IPv6 l 128bit. Cu to ca gi tin TCP:
  21. 21. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 21 Copyright by Tocbatdat Cu to ca gi tin TCP bao gm hai phn Header v Data. Trong phn Header l 192bit. Ba bc bt u kt ni TCP: + Bc I: Client bn n Server mt gi tin SYN + Bc II: Server tr li ti Client mt gi tin SYN/ACK + Bc III: Khi Client nhn c gi tin SYN/ACK s gi li server mt gi ACK v qu trnh trao i thng tin gia hai my bt u. Bn bc kt thc kt ni TCP: + Bc I: Client gi n Server mt gi tin FIN ACK + Bc II: Server gi li cho Client mt gi tin ACK + Bc III: Server li gi cho Client mt gi FIN ACK + Bc IV: Client gi li cho Server gi ACK v qu trnh ngt kt ni gia Server v Client c thc hin. Cu to gi tin UDP: G i t i UDP bao gm hai phn Header v Data, trong phn Header gm 64bit.
  22. 22. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 22 Copyright by Tocbatdat Cu to gi tin ICMP Type (8 bits) [8 bt s dng nhn din loi ICMP] Code (8 bits) [Mi Type c th c nhng code c th ring miu t cho dng ] Checksum (16 bits) [Checksum gm 16bits] Message (Khng c nh) [Ph thuc vo type v code] e. Mt s Port thng s dng nhiu dch v c th cng lc giao tip trn mt kt ni, mi dch v c s dng mt port nht nh. Khi nghin cu v Security chng ta cng nn c mt s kin thc v cc port hay c s dng: Protocol Port FTP 20/21 SSH 22 Telnet 23 SMTP 25 DNS 53 TFTP 69 HTTP 80 POP3 110 SNMP 161/162 HTTPS 443 SMB 445 NetBIOS 135,137,139 VPN 1723,500 Remote Desktop 3389 f. S dng cng c Sniffer phn tch gi tin IP, ICMP, UDP, TCP. Thc hnh: Ci t Wireshark v Colasoft phn tch g. Phn tch tng gi tin v ton phin kt ni Thc hnh: Ci t Wireshark v Colasoft phn tch
  23. 23. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 23 Copyright by Tocbatdat 3. Khi nim v iu khin truy cp (Access Controls). Trc khi c cp thm quyn mi ngi u truy cp vi quyn user Anonymouse. Sau khi ngi dng c xc thc (Authentication) s c h thng cp cho thm quyn s dng ti nguyn (Authorization) v ton b qu trnh truy cp ca ngi dng s c gim st v ghi li (Accounting). a. Access Control Systems Ti nguyn ch c th truy cp bi nhng c nhn c xc thc. Qu trnh qun l truy cp ti nguyn ca ngi dng cn thc hin qua cc bc: - Identification: Qu trnh nhn dng ngi dng, ngi dng cung cp cc thng tin cho h thng nhn dng. - Authentication: Bc xc thc ngi dng, ngi dng cung cp cc thng tin xc nhn dng, h thng tin hnh xc thc bng nhiu phng thc khc nhau. - Authorization:Thm quyn truy cp ti nguyn c h thng cp cho ngi dng sau khi xc thc Authentication. - Accounting: H thng gim st v thng k qu trnh truy cp ca ngi dng vo cc vng ti nguyn. Tt c cc h thng iu khin truy cp (access control systems) u phi c ba yu t c bn nht: - Subjects: Ton b i tng c th gn quyn truy cp. C th coi y l User/Group trong h thng - Objects: Ti nguyn c s dng. - Access Permissions c s dng gn quyn truy cp cc Objects cho Subjects. (V d mt User l mt Subject, mt foder l mt Object, Permission l quyn gn cho User truy cp vo Folder). Bng Access Permissions cho mt i tng gi l Access Control List (ACLs), ACL ca ton b h thng c thng k trong bng Access Control Entries (ACEs).
  24. 24. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 24 Copyright by Tocbatdat b. Nguyn tc thit lp Access Control Ngi lm v chnh sch bo mt cn phi a ra cc nguyn tc qun tr ti nguyn h thng m bo: Bo mt nht cho ti nguyn, p ng c cng vic ca ngi dng. Cc nguyn tc c chia ra: - Principle of Least Privilege Ngi dng (Subjects) c gn quyn nh nht (minimum permissions) vi cc ti nguyn (Object) v vn m bo c cng vic. - Principle of Separation of Duties and Responsibilities Cc h thng quan trng cn phi phn chia thnh cc thnh phn khc nhau d dng phn quyn iu khin hp l. - Principle of Need to Know Ngi dng ch truy cp vo nhng vng ti nguyn m h cn v c hiu bit v ti nguyn m bo cho cng vic ca h. c. Cc dng Access Controls Ti nguyn c nhiu dng, ngi dng c nhiu i tng vy chng ta cn phi s dng nhng dng iu khin truy cp d liu hp l. - Mandatory Access Control (MAC) + L phng thc iu khin da vo Rule-Base gn quyn truy cp cho cc i tng. + Vic gn quyn cho cc i tng da vo vic phn chia ti nguyn ra cc loi khc nhau (classification resources). + Phng thc iu khin truy cp ny thng p dng cho: t chc chnh ph, cng ty + V d: mt cng ty sn xut bia cc vng ti nguyn c chia: Public (website), Private (d liu k ton), Confidential (cng thc nu bia). Mi vng ti nguyn s c nhng i tng c truy cp ring, v vic iu khin truy cp ny chnh l Mandatory Access Control.
  25. 25. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 25 Copyright by Tocbatdat - Discretionary Access Control (DAC) + Ngi dng (Subjects) c iu khin truy cp qua ACLs. + Cc mc truy cp vo d liu c th c phn lm cc mc khc nhau (v d: NTFS Permission, vic gn quyn cho User/Group theo cc mc nh Full control, Modify, Read). + Access Control List c th c s dng khi gn Permission truy cp ti nguyn, hoc trn router, firewall. Khi s dng ACLs l phng thc iu khin truy cp Discretionary Access Control. bng Access Control List ca NTFS Permission
  26. 26. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 26 Copyright by Tocbatdat Role-Base Access Control + Ngi qun tr s da vo vai tr ca ngi dng gn quyn cho ngi dng. Nhng quyn ca ngi dng c th l nhng tc v ngi dng c th thc thi vi h thng. + V d ngi qun tr c th gn cc quyn cho User: Shutdown, change network setings, remote desktop, backup v mt s quyn khc da vo vai tr (role) ca ngi dng. + Trong h thng Windows ca Microsoft phng thc iu khin truy cp ny c th hiu l gn User Rights. + V d thit lp User Right ca h thng Microsoft. Ngoi ra Access Control c th c chia lm hai dng: - Centralized Access Control (CAC)
  27. 27. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 27 Copyright by Tocbatdat Qu trnh xc thc v cp thm quyn c thc hin tp trung cho ton b h thng. C ba phng thc iu khin truy cp tp trung thng c s dng l: + Remote Authentication Dial-In User Service (RADIUS) + Terminal Access Control Access System (TACAS) + Active Directory - Decetranlized Access Control Systems (DACS) L phng thc iu khin tp trung bao gm nhiu h thng CACs khc nhau trong mt t chc c tch hp trong cc h thng khc nhau khng cn lin quan ti phn cng v phn mm. Da vo cc hnh ng vi h thng Access Control cng c th c chia lm cc loi: + Administrative Controls 4. Khi nim v Authentications a. Nhng yu t nhn dng v xc thc ngi dng Cc phng thc xc thc ngi dng da vo cc yu t c bn: - Something you KNOW - Da vo mt vi ci bn bit (vd: user/pass) - Something you HAVE - Da vo mt vi ci bn c (vd: rt tin ATM bn phi c th) - Something you ARE - Da vo mt vi ci l bn (vd: vn tay, ging ni) b. Cc phng thc xc thc Trong thc t c kh nhiu phng thc xc thc ngi dng hay trong CNTT, mi dng xc thc c th ph hp vi mt hoc nhiu dch v khc nhau. Di y ti trnh by mt s phng thc xc thc hay c s dng trong CNTT.
  28. 28. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 28 Copyright by Tocbatdat - PAP - Password Authentication Protocol PAP c s dng bi cc ngi dng t xa cn xc thc qua cc kt ni PPP. PAP cung cp kar nng nhn din v xc thc ngi dng khi h kt ni t h thng t xa. Giao thc xc thc ny yu cu ngi dng phi nhp Pasword trc khi c xc thc. Username v Password c truyn i trn mng sau khi kt ni c thc hin qua PPP. Server xc thc cha d liu xc thc, khi ngi dng nhp thng tin s c gi v my ch ny. Ton b Username/Password c truyn trn mng hon ton khng c m ha (cleartext). - CHAP Challenge Handshark Authentication Protocol CHAP l phng thc xc thc sinh ra khc phc cc im yu v l hng ca phng thc xc thc PAP. CHAP s dng phng thc challenge/response xc thc ngi dng. Khi ngi dng mun thit lp mt kt ni PPP c hai s phi ng s dng phng thc xc thc CHAP. Challenge c m ha s dng mt khu v encryption key. CHAP hot ng c m t trong m hnh di y: - Kerberos L phng thc xc thc m User/Password khng c truyn i trn mng. (VD: h thng Active Directory ca Microsoft s dng phng thc xc thc Kerberos). Phng thc xc thc Kerberos c th c miu t ging nh chng ta i xem phim:
  29. 29. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 29 Copyright by Tocbatdat + u tin ngi dng phi c User/Password c thm quyn (i xem phim phi c tin) + Ngi dng yu cu mt dch v (ngi xem cn xem mt b phim chiu lc gi.) + Ngi dng a thm quyn ca mnh cho ngi xc thc (a tin mua v) + My ch KDC cung cp thm quyn truy cp dch v cho ngi dng (Phng v a v cho ngi mua) + Ngi dng mang thm quyn c cp mang ti my ch dch v (ngi xem phim a v ti phng chiu phim ngi xot v kim tra). Kerberos c th c miu t cc bc nh sau: - Multi factor L phng thc xc thc nhiu yu t. V d s dng dch v ATM ca ngn hng bn cn c th ngn hng + mt khu ( l xc thc da vo 2 yu t). Ngoi ra mt s dch v s dng nhiu phng thc xc thc kt hp nng cao mc bo mt. - Certificate
  30. 30. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 30 Copyright by Tocbatdat L phng thc xc thc rng ri trn Internet, cung cp kh nng xc thc an ton cho ngi dng. Khi ni dung c m ha gi i, ch c Private Key mi gii m c ni dung, v thng Private key khng c truyn i trn mng. V d qu trnh xc thc bnh thng khi ngi dng truy cp Gmail: Bc 1: Ngi dng truy cp gmail.com Bc 2: Gmail s gi thng tin ti Versign ly Certificate Bc 3: Versign gi li cho Gmail Certificate bao gm: Public Key v Private key Bc 4: Gmail gi li cho ngi dng Public Key m ha thng tin xc thc Bc 5: Ngi dng s dng Public Key m ha gi ln Gmail Bc 6: Gmail s dng Private key gii m Phng thc xc thc ny khng an ton khi nhim cc loi m c v nh Keylogger, ngi dng vn c kh nng mt User/Password - RSA RSA phng thc xc thc t tin v an ton cho qu trnh xc thc v truyn thng tin trn Internet. RSA khc phc mt s nhc im ca phng thc xc thc Certificate. y l phng thc hay c s dng giao dch ngn hng. - Biometric
  31. 31. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 31 Copyright by Tocbatdat Phng thc xc thc s dng sinh trc hc nhn dng ngi dng nh dng: Vn tay, tnh mch, vng mc, m thanh, khun mt xc thc ngi dng. 5. Authorization a. C bn v Authorization Authorization (Dch ting Vit: S cp quyn) l vic cp quyn cho ngi dng trong mt h thng sau khi ngi dng xc thc (Authenticaion). Authorization th hin cc quyn m ngi dng c th thc thi trn h thng. Authorization lm vic trc tip vi iu khin truy cp Access Control V d: Trn h thng Authorization ca Windows sau khi ngi dng ng nhp (Authentication) h thng s cp quyn i vi: - File v Folder c NTFS Permmission: Quyn c, ghi, xa, chnh sa. chnh l thm quyn ngi dng c cp i vi file v folder - i vi h thng c User Right: Cp quyn chnh sa h thng cho ngi dng nh remote desktop, s thng s card mng.. b. Cc phng thc Authorization RADIUS Remote Authentication Dial-in User Service (RADIUS) cung cp xc thc v iu khin truy cp s dng giao thc UDP xc thc tp trung cho ton b h thng mng. RADIUS c th s dng cho ngi dng truy cp VPN, RAS hay cung cp xc thc cho cc dch v s dng RADIUS. Kerberos M hnh RADIUS xc thc cho h thng WIFI
  32. 32. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 32 Copyright by Tocbatdat Tng t nh phn Authentication TACACS Terminal Access Controller Access Control System (TACACS) iu khin truy cp bng cch xc thc v cp thm quyn trong h thng UNIX network. Hot ng tng t nh h thng RADIUS, khi mt h thng cn xc thc s chuyn qua Username v Password cho my ch TACACS v my ch ny s xc thc v cp quyn truy cp. TACACS s dng dch v UDP v TCP qua port 49. TACACS+ Extended Terminal Access Controller Access Control System Plus (TACACS+) l mt bin th t TACACS. Tng t nh RADIUS giao thc TACACS+ cung cp xc thc v cp thm quyn c tnh nng Accounting cho vic cp thm quyn tp trung vi yu cu xc thc. LDAP Lightweight Directory Access Protocol (LDAP) cung cp truy cp ti directory services (dch v danh mc), c tch hp trong Microsoft Active Directory. LDAP c to ra nh mt phn gin lc ca dch v X.500 Directory Access Protocol, v s dng port 389. LDAP c s dng rt rng ri trong cc dch v cung cp directory nh: Directory Service Markup Language (DSML), Service Location Protocol (SLP), v Microsoft Active Directory. XTACACS L mt phin bn ca h thng TACACS c pht trin v cung cp bi Cisco v c gi li Extended Terminal Access Controller Access Control System (XTACACS). Dch v pht trin m rng t giao thc TACACS cho php h tr thm tnh nng Accounting v Auditing, vi hai tnh nng ch c trong TACACS+ v RADIUS. IEEE 802.1x
  33. 33. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 33 Copyright by Tocbatdat IEEE 802.1x l chun cho wireless, s dng port ph thuc vo dch v cung cp xc thc (authentication) v cp thm quyn (authorization) nh RADIUS v TACACS+. Giao thc ny c th c s dng bo mt cho cc giao thc WPA/WPA2. Ngoi ra IPsec cng l mt giao thc kh ph bin c s dng kt hp vi IEEE 802.1x cung cp bo mt cho h thng mng. 6. Khi nim v Accounting Gim st l qun l vic truy cp vo h thng ra sao v vic truy cp din ra nh th no. - Qun l gim st s gip ngi qun tr xc nh c li do ai ai v l li g ngi qun tr hon ton c th bit c vic cn thit khi phc li mt cch nhanh nht. - Ngoi ra nh gim st m ngi qun tr s pht hin ra k thm nhp bt hp php vo h thng , ngn chn cc cuc tn cng. - Vic bn truy cp vo v lm g cng cn qun l bi v trn thc t th 60% cc cuc tn cng l bn trong h thng 40% l ngoi Internet. Vic ngn nga nhng tn cng t trong mng rt kh v h hiu c h thng v c ch bo mt ca h thng. - Ngi qun tr s gim st nhng thuc tnh truy cp, xc thc t pht hin ra cc tn cng v mi e do ca h thng. - Vic trnh din cc kt ni cng rt quan trng, thng qua cc kt ni bn c th nhn dng k tn cng t u v k nh lm g. Gim st truy cp v xc thc da trn nhng thnh t chnh sau pht hin lhng v tn cng: Truy cp li nhiu ln, kt ni theo mt giao thc khc khng c trong h thng, ng nhp sai mt khu nhiu ln,pht hin Scan mng.v.v.. Quy trnh gim: Gim st h thng: gim st tt c cc tin trnh Logon, tin trnh truy cp iu khin, tin trnh ca cc chng trnh chy trong h thng. Gim st truy cp mng, gim st cc giao thc, cc kt ni, mail v mt s tnh nng truy cp khc.
  34. 34. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 34 Copyright by Tocbatdat Gim st tnh nng backup sao lu Gim st tnh kh dng, tnh sn sng, tnh n nh thng tin 7. Tam gic bo mt CIA Khi phn tch mt h thng bo mt chng ta cn phi c phng php lun. C vng d liu yu cu tnh mt ca thng tin, c vng d liu cn tnh ton vn, tt c cc d liu u phi c p ng khi yu cu l tnh sn sng ca h thng. - Tnh mt ca thng tin - Tnh ton vn thng tin - Tnh sn sng ca h thng L ba gc ca tam gic bo mt CIA ca mt i tng cn bo v: a. Confidentiality Tnh mt ca thng tin la mc bo mt cn thit nhm m bo nhng d liu quan trng khng b r r hay l thng tin.
  35. 35. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 35 Copyright by Tocbatdat K tn cng c th thc hin nhiu phng thc nhm t c mc ch l ly nhng thng tin mong mun. Nhng phng thc c th l gim st h thng mng, ly cc file cha mt khu, hay Social engineering. Thng tin c th b l do khng s dng cc phng thc m ha mnh khi truyn hay lu tr thng tin. Tnh mt ca thng tin c i din bi quyn READ. b. Integrity Tnh ton vn ca thng tin l mc bo mt cn thit nhm m bo tin tng ca thng tin khng b thay i hay ch c chnh sa bi ngi c thm quyn. K tn cng c th thc hin nhiu phng thc nhm thay i nhng thng tin mong mun. Nhng phng thc c th l t nhp vt qua cc qu trnh xc thc, hoc tn cng khai thc l hng bo mt ca h thng. y l mc bo mt thng tin quan trng, hng nm c rt nhiu t chc doanh nghip b tn cng khai thc l hng bo mt v b thay i d liu. Tnh ton vn ca thng tin c i din bi quyn MODIFY. c. Availability Cho ti truy cp d liu ca bn Hy bt my tnh ca ti ln trc Kh nng p ng ca thng tin l iu rt quan trng, iu ny th hin tnh sn sng phc v ca cc dch v. Kh nng p ng ca h thng chu nh hng bi kh nhiu thnh phn: c th l phn cng, phn mm hay h thng Backup. Kh nng p ng ca h thng cn c tnh n da trn s ngi truy cp v mc quan trng ca d liu.
  36. 36. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 36 Copyright by Tocbatdat 8. Mt m hc c bn a. Khi nim c bn v mt m hc Mt h thng m ha (cipher system) cung cp mt phng php bo v thng tin bng vic m ha chng (encrypting) thnh mt dng m ch c th c bi ngi c thm quyn vi h thng hay mt ngi dng c th. Vic s dng v to h thng gi l mt m (cryptography). Mt m c s dng t rt sm trong lch s loi ngi, trc khi c CNTT c rt nhiu phng thc m ha c s dng. V d: M ha kinh thnh, m ha Caesa, trong chin tranh th gii th 2 qun i c s dng c my m ha bng c hc bo v cc bc th trong chin trng. Ngnh cng nh thng tin c cc phng thc m ha c bn sau: - Hm bm HASH - M ha i xng Symmetric - M ha bt i xng Assymmetric hiu v nghin cu v mt m cn phi hiu mt s khi nim: - Cleartext hay Plantext: L d liu cha c m ha - Ciphertext: L d liu sau khi c m ha - Encrypt: Qu trnh m ha - Algorithm: Thut ton m ha c x dng trong qu trnh m ha - Key: Key c s dng bi thut ton m ha trong qu trnh m ha - Decrypt: Qu trnh gii m b. Hm bm Hash Hash l mt phng php hay thut ton c s dng kim tra tnh ton vn ca d liu, kim tra s thay i ca d liu. Hash c hai thut ton c bit ti nhiu nht: SHA v MD5.
  37. 37. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 37 Copyright by Tocbatdat Khi d liu c truyn trn mng hay lu tr hon ton c th b thay i, ngi nhn thng tin mun kim tra xem d liu c cn ton vn hay khng th ch cn kim tra chui Hash ca d liu ban u v d liu nhn c. S dng hm bm kim tra nu hai chui Hash ging nhau th d liu vn cn ton vn cha b chnh sa v ngc li. Thc hnh: S dng MD5 hash mt file c. M ha i xng Symmetric Symmetric Key Cryptography l mt h thng m ha s dng mt key m ha v gii m. Phng php m ha ny c u im l d dng s dng v tch hp hn l phng thc m ha bt i xng (Assymmetric). V tc m ha v gii m cng nhanh hn phng thc m ha bt i xng. Tuy nhin do c qu trnh m ha v gii m s dng mt Key nn thng key c thit lp sn hai u ngi gi v ngi nhn (vd: IPsec), hay thng tin c chia s c m ha v ch c ngi c key mi m ra c. M ha i xng thng c s dng m ha d liu, cn m ha bt i xng thng c dng cho xc thc v truyn key. C rt nhiu thut ton m ha i xng nhng hay dng nht hin nay l thut ton AES (Advanced Encrypt Standard). d. M ha bt i xng Assymmetric Assymmetric Key Cryptography l mt h thng m ha s dng mt cp key: Public key v Private Key thc hin cho qu trnh m ha v gii m. Thng thng h thng ny hay s dng Public key m ha v s dng Private Key gii m:
  38. 38. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 38 Copyright by Tocbatdat Hnh m t qu trnh m ha v gii m ca Assymmetric Do qu trnh sinh key v cung cp Key phc tp nn vic tch hp v s dng phng thc m ha ny khng d nh Symmetric. Thc hin m ha v gii m mt nhiu ti nguyn hn nn phng thc ny thng dng vo qu trnh xc thc ngi dng. Tuy nhin hin nay h thng my tnh rt mnh (VD: Google) nn phng thc ny c th c s dng truyn d liu. c th thc hin c phng thc m ha ny i hi phi c mt h thng: To, cung cp, qun l v khc phc s c cung cp Key (public, private). H thng ny gi l Public Key Infrastructure (PKI). Thut ton m ha RSA l mt thut ton m ha bt i xng, c s dng rng ri nht. M t thut ton =>
  39. 39. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 39 Copyright by Tocbatdat e. Tng quan v h thng PKI thut ton m ha bt i xng (Assymmetric) hot ng cn mt h thng: Sinh Key, Cung cp Key, Qun l Key, Thit lp chnh sch vi Key, h thng c gi l Public Key Infrastructure vit tt l PKI. PKI c s dng rng ri cung cp h thng bo mt cho ng dng v mng, iu khin truy cp, ti nguyn t website, bo v email v nhiu th khc. PKI bo v thng tin bi cung cp cc tnh nng sau: - Identify authentication: Cung cp nhn din v xc thc - Integrity verification: Kim tra tnh ton vn d liu - Privacy assurance: m bo s ring t - Access authorization: Cp thm quyn truy cp ti nguyn - Transaction authorization: Thc thi vic cp thm quyn truy cp ti nguyn - Nonrepudiation support: H tr tnh nng chng chi b Tip theo chng ta cn quan tm ti cc chun v PKI, mi chun ca h thng PKI c p dng cho cc h ng dng v h thng sau: PKIX Working Group ca t chc IETF pht trin chun Internet cho PKI da trn chun X.509 v Certificate, v c trng tm: - X.509 Version 3 Public Key Certificate v X.509 Version 2 Certificate Revocation List (CRLs). - PKI Management Protocols - Operational Protocols
  40. 40. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 40 Copyright by Tocbatdat - Certificate Policies v Certifcate practice statements (CPSs) - Time-stamping, data-certification, and validation services. Ni PKIX c pht trin da trn Internet Standards X.509, Public Key Cryptography Standard (PKCS) l phng thc m ha d liu c pht trin v cng b bi RSA Lab, hin nay l mt phn ca hng RSA. Trong c 15 ti liu c th v PKCS, v d: - PKCS #1 RSA Cryptography Standard cung cp xut v trin khai h thng mt m Public Key da trn thut ton RSA - PKCS #2 c tch hp sn vo PKCS #1 - PKCS #15: - Di y l thng tin ca mt Certificate theo chun X.509 H thng PKI gm cc thnh phn: - Certificate Authority (CA)
  41. 41. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 41 Copyright by Tocbatdat CA l thnh phn quan trng trong khi nim v h thng PKI. Cc nh cung cp CA v nh VeriSign hay Entrust. L h thng cung cp Certificate. - Registration Authority (RA) RA cung cp xc thc ti CA v c coi nh mt Client yu cu chng ch s. - Digital Certificates Chng ch s l d liu bao gm public key cryptography, hu ht Certificate u da trn cu trc ca chun X.509. bao gm - Certificate Policies L chnh sch cho chng ch s, nhn din vic s dng chng ch s. Nhng thng tin c th nh: S dng bo v thng tin vi CA Phng thc xc thc vi CA Qun l Key Qun l s dng Private Key Thi gian s dng chng ch s Cp mi Cho php exporrt private key di ti thiu ca Public key v Private Key - Certificate Practice Statement CPS l ti liu c to ra v cng b bi CA cung cp cc thng tin ph thuc vo h thng CA s dng chng ch s. CPS cung cp thng tin CA s dng
  42. 42. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 42 Copyright by Tocbatdat V d trn VeriSign l CA, Thawte SGC CA l CSP v thng tin s dng cho dch v accounts ca Google. - Revocation (Thu hi key) Khi chng ch s c s dng, chng cng c th c thu hi. Qu trnht hu hi mt chng ch s c thc hin trc khi n b qu hn. Qu trnh thu hi m bo mt chng ch s khng th tn ti qu thi gian quy nh lc CA to ra. - Trust models H thng PKI c cu trc n gin l c mt CA. Mt CA trong cu trc cho php to v qun l chng ch s nhng m hnh ny ch p dng i vi cc t chng nh bi v tnh n gian. Nhng nu CA li ton b h thng s dng dch v u b li. gim thiu ri ro cho h thng PKI cho php xy dng h thng c cu trc bao gm Root CA l tng trn cng sau l cc tng CA con, gia CA con c qun l khi b li c th xy dng li n gin. l h thng Trust Models f. Thc hnh m ha v gii m vi cng c Cryptography tools 9. Khi nim c bn v tn cng mng a. bc c bn ca mt cuc tn cng Thng thng mt cuc tn cng c chia lm cc bc c bn nh di y:
  43. 43. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 43 Copyright by Tocbatdat - Bc 1: Reconnaissance (trinh thm) L bc u tin ca bt k cuc tn cng no. K tn cng c gng ly cng nhiu thng tin v i tng cng tt v ch yu qua hai phng thc (Active/Passive). Passive: k tn cng c th tm thng tin v i tng qua cc knh thng tin Active: k tn cng thc hin theo di v n tn a im hay v tr ca mc tiu v tm hiu. Mc tiu ca bc ny l xc nh c mc tiu. - Bc 2: Scan Bc th hai thc hin sau khi xc nh c mc tiu. Bc Scan nhm mc tiu xc nh c cc k h ca i tng. T lp bng lit k c ton b cc yu t c th thc hin xm nhp vo h thng. - Bc 3: Gaining Accesss Khi pht hin c cc im yu ca h thng, k tn cng la chn mt hoc nhiu l hng t tin hnh tn cng v chim quyn iu khin. - Bc 4: Maintaining Access Khi thc hin tn cng thnh cng, ln sau truy cp vo h thng n gin hn k tn cng thng s dng Virus, Trojan, backdoor hay nhng on shell code.
  44. 44. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 44 Copyright by Tocbatdat - Bc 5: Clearing Track K tn cng thc hin xa nhng du vt truy cp ca mnh nh vic xa log. b. Mt s khi nim v bo mt. - Threat Mt hnh ng hay mt tnh hung c th nh hng ti bo mt. Threat l mt nguy c nh hng ti bo mt ca h thng - Vulnerability L l hng bo mt ca h thng. - Target of Evaluation L mt h thng cng ngh thng tin l ch ca cuc tn cng - Attack Tn cng h thng mng c th c chia lm hai dng: + Active Attack + Passive Attack Tn cng h thng c th c chia lm nhiu dng khc. Ly thng tin, thay i thng tin hay ph hy thng tin l nhng mc ch c bn nht ca cc cuc tn cng - Exploit L hnh thc khai thc l hng bo mt c. Cc phng thc tn cng c bn - Brute Force L phng thc tn cng m k tn cng s dng nhng password n gin th ln lt nhm on ra mt khu ca ngi dng. Phng thc ny ch p dng i vi nhng mt khu n gin. - Dictionary L phng thc tn cng tng t Brute force nhng thay v th ln lt mt khu ,k tn cng s dng b t in cha mt khu cn th. - Spoofing
  45. 45. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 45 Copyright by Tocbatdat L dng tn cng m mt c nhn, mt h thng thc hin hnh vi gi mo. V nh mt ngi gi mo a ch mail gi i m khng cn phi xc thc. - DoS L dng tn cng m mt ngi hay mt h thng lm cho mt h thng khc khng th truy cp hoc b chm i ng k bng cch s dng ht cc ti nguyn. - Man-in-the-middle K tn cng bng mt cch no ng gia lung cng ng gia giao tip ca hai my tnh. - Replay V d: khi mt qu trnh xc thc c thc hin thnh cng v b k tn cng capture c qu trnh . Khi cn ng nhp vo h thng, k tn cng pht li lung traffic thc hin xc thc. l phng thc tn cng Replay - Sesion Hijacking Khi ngi dng thc hin thnh cng qu trnh xc thc, k tn cng thc hin tn cng cp phin giao tip. Dng tn cng l Session Hijacking. d. ch ca cc dng tn cng Cc dng tn cng c chia theo ch ca dng tn cng : o Operating System: ch tn cng l cc h iu hnh. Ngy nay cc h iu hnh rt phc tp vi nhiu serivice, port, nhiu ch truy cp. Vic v cc l hng bo mt ngy cng phc tp v i khi vic cp nht khng c thc hin. K tn cng thc hin khai thc cc l hng bo mt trn cc h iu hnh . o Application: ch tn cng l cc ng dng. Cc ng dng c pht trin bi cc hng phn mm c lp v i khi ch quan tm ti p ng nhu cu cng vic ca ng dng m qun i vic phi bo mt cho ng dng. Rt nhiu ng dng c l hng bo mt cho php hacker khai thc. o Shrink Wrap: Cc chng trnh, ng dng i khi b l m code v vic ny cng l l hng bo mt rt ln. o Misconfiguration: cc thit lp sai trn h thng i khi to k h cho k tn cng thc hin khai thc.
  46. 46. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 46 Copyright by Tocbatdat
  47. 47. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 47 Copyright by Tocbatdat III. INFRASTRUCTURE SECURITY (AN NINH H TNG). Trong phn ny gm cc ni dung chnh sau: Cc gii php v l trnh xy dng bo mt h tng mng Thit k m hnh mng an ton Thnh phn bo mt trong h tng mng Bo mt cho h iu hnh Xy dng chnh sch an ton thng tin
  48. 48. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 48 Copyright by Tocbatdat 1. Cc gii php v l trnh xy dng bo mt h tng mng c th xy dng mt h thng mng m bo tnh an ton cn phi c l trnh xy dng hp l gia: Yu cu v Chi ph c th chi tr t la chn nhng gii php. Gii php ph hp nht phi cn bng c cc yu t: - Tnh nng yu cu - Gi thnh gii php - Tnh nng - Hiu nng ca h thng VD1: Chng ta khng th xy dng gii php hng triu $ bo v cho mt my c nhn khng quan trng c. VD2: Chng ta cn bo v cho h thng web, u cn nhng tnh nng v Endpoint security VD3: Chng ta khng th chim 50% Performance ca h thng cho cc chng trnh bo v c. Bt k doanh nghip hay t chc no cng khng th cng mt lc c th trin khai ton b cc gii php bo mt, iu ny t ra cn phi c l trnh xy dng r rng. Mt l trnh xy dng cn phi p ng tnh ph kn v tng thch gia cc gii php vi nhau trnh chng cho v xung t. Mt n v c th da vo l trnh ny c th xy dng c mt h tng CNTT p ng tnh bo mt. Di y l l trnh cc bc cng nh gii php xy dng mt h thng mng m bo tnh bo mt cao
  49. 49. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 49 Copyright by Tocbatdat
  50. 50. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 50 Copyright by Tocbatdat 3. Thit k m hnh mng an ton cc gii php v an ton thng tin lm vic khng b trng lp v xung t cn phi c m hnh thit k ph hp. Di y l mt m hnh ti thy t thit k cc vng, thit b s dng, truy cp t xa, tnh HA u c: Ti c kh nhiu cun v Security nhng cha thy cun no c m hnh dng Module nh th ny, a phn l nhng m hnh n gin v thiu tnh thc t. - Phn tch tng quan m hnh c chia lm cc module: + Module Internet gm: Router, Proxy v ti u ha bng thng, Firewall
  51. 51. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 51 Copyright by Tocbatdat + Module DMZ: IPS bo v v cc Server public ra internet + Module Core: Vng Routing v Switching li ca ton b h thng, ni thit lp Access Controll List cho cc vng. + Module Server Farm: Ni cha cc server quan trng nh my ch d liu, core banking c gim st bi thit b IDS + Module Management: L vng mng an ton cm cc cng qun tr ca cc thit b v my ch + Vng User: Cung cp mng cho ngi dng ti c quan + Branch: Kt ni ti cc mng chi nhnh trn c nc. - Phn tch cc thit b bo mt: + Router v Switch Core thit lp Access Controll List v m bo tnh HA cho ton b cc kt ni + Proxy ng ra ti u ha bng thng Input-Output + Firewall c chc nng ng m port v public server cng nh cho cc kt ni VPN + IPS thit b gim st, pht hin v ngn chn cc cuc tn cng mng + Endpoint Security: Gii php Endpoint cho my trm my ch + Gii php Data Loss Prevent chng tht thot d liu + Network Access Control qun l truy cp mng 4. Router v Switch a. Chc nng ca Router - Routing: thc hin vic Routing cc gi tin trn mng - NAT: Thc hin NAT cc a ch IP t private public v ngc li
  52. 52. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 52 Copyright by Tocbatdat - Access Control List: Cho php to cc Access Control List p ng yu cu chn port, ip ca ngi qun tr. b. Chc nng ca Switch - Thc hin vic Switch cc gi tin Layer 2 c. Bo mt trn Switch - Chia VLAN: Cho php to ra nhiu mng trn mt Switch, trnh c s bng n ca Virus hay cc dng tn cng khc. - Security Port: Gn c nh mt s a ch MAC vo mt port nht nh trn Switch, cho php chn c cc dng tn cng nh MAC Spoofing, ARP Spoofing. d. Bo mt trn Router - Router l thit b rt quan trng trong m hnh mng, cho php routing, nat v to ra cc ACLs bo v h thng mng t tng Gateway. Lab: Ci t Packet Tracert 4.0 test mt s cu lnh trn Router. Hiu v Access Control List Trn Router Cisco to ra mt Access List (ch p dng cho a ch IP) s dng cu lnh:
  53. 53. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 53 Copyright by Tocbatdat Router(config)# access-list access list number {permit|deny} source [source- mask] p dng Access List va to: Router (config-if)# ip access-group access-list-number {in|out} To v p dng Extended Access Control List (cho php p dng cho port v IP). Router(config)# access-list access-list-number {permit|deny} protocol source source-mask destination destination mask [operator|operand] Router(config-if)#ip access-group access-list number {in|out} Xem li h thng Log trn Router chng ta c th bit c h thng block hay nhng ai truy cp vo Router. e. Thit lp bo mt cho Router t a ch IP trn mt Interface: Router> Enable Router# Configure Terminal Router (Config)# Interface Ethernet 0 Router (Config-if)# ip address 192.168.0.35 255.255.255.0 t Password cho Console login Router#config terminal Router(config)#line console 0 Router(config-line)#login Router(config-line)#password l3tm3!n Router(config-line)#^Z Router# t password cho remote Router#config terminal Router(config)#line vty 0 Router(config-line)#login
  54. 54. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 54 Copyright by Tocbatdat Router(config-line)#password l3tm3!n Router(config-line)#^Z Router To User trn Router Router#configure terminal Router(conf)#username Auser password u$3r1 Router(conf)#username Buser password u$3r2 Router(conf)#username Cuser password u$3r3 Router(conf)#username Duser password u$3r4 Router(conf)#^Z Thit lp ng nhp qua SSH trn Router Router#configure terminal Router(config)#ip domain-name scp.mil Router(config)#access-list 23 permit 192.168.51.45 Router(config)#line vty 0 4 Router(config-line)#access-class 23 in Router(config-line)#exit Router(config)#username SSHUser password No+3ln3+ Router(config)#line vty 0 4 Router(config-line)#login local Router(config-line)#exit Router(config)# Router#configure terminal Router(config)#crypto key generate rsa The name for the keys will be: Router.scp.mil Choose the size of the key modulus in the range of 360 to 2048
  55. 55. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 55 Copyright by Tocbatdat for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 Generating RSA keys ... [OK] Router(config)# Router#configure terminal Router(config)#ip ssh timeout 45 Router(config)#^Z Router#configure terminal Router(config)#ip ssh authentication-retries 2 Router(config)#^Z Router#configure terminal Router(config)#line vty 0 4 Router(config-line)#transport input ssh telnet Router(config-line)#^Z Router# show ip ssh Thit lp static route trn router MarketingRouter#config terminal
  56. 56. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 56 Copyright by Tocbatdat MarketingRouter(config)#ip route 10.0.10.0 255.255.255.0 20.0.20.1 MarketingRouter(config-line)#^Z MarketingRouter# FinanceRouter#config terminal FinanceRouter(config)#ip route 30.0.30.0 255.255.255.0 20.0.20.2 FinanceRouter(config-line)#^Z FinanceRouter# Thit lp RIP (Dynamic route) trn Router LEFT#configure terminal LEFT(config)#router rip LEFT(config-router)#network 172.16.0.0 LEFT(config-router)#network 192.168.10.0 LEFT(config-router)^Z LEFT# Bo mt Router trc cc dng ICMP Router#config terminal Router(config)#interface Serial 0 Router(config-if)#no ip unreachables Router(config-if)#^Z Router#config terminal Router(config)#interface Ethernet 0 Router(config-if)#no ip directed broadcast Router(config-if)#no ip unreachables Router(config)#interface Serial 0 Router(config-if)#no ip directed broadcast
  57. 57. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 57 Copyright by Tocbatdat Router(config-if)#no ip unreachables Router(config)#interface Serial 1 Router(config-if)#no ip directed broadcast Router(config-if)#no ip unreachables Router(config-if)#^Z Bo v Source Routing Router#config terminal Router(config)#no ip source-route Router(config)#^Z Router# Small Services Router#config terminal Router(config)#no service tcp-small-servers Router(config)#no service udp-small-servers Router(config)#^Z Router# Chng Finger Router#config terminal Router(config)#no service finger Router(config)#^Z Router# Router#config terminal Router(config)#no ip finger Router(config)#^Z Router# Tt cc Services khng cn thit
  58. 58. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 58 Copyright by Tocbatdat Router#config terminal Router(config)#no ip bootp server Router(config)#no ip name-server Router(config)#no ntp server Router(config)#no snmp-server Router(config)#no ip http server Router(config)#^Z To cc Access Control List (bn trn). 5. Firewall v Proxy a. Khi nim Firewall Thut ng Firewall c ngun gc t mt k thut thit k trong xy dng ngn chn, hn ch ha hon. Trong cng ngh thng tin, Firewall l mt k thut c tch hp vo h thng mng chng s truy cp tri php, nhm bo v cc ngun thng tin ni b v hn ch s xm nhp khng mong mun vo h thng. Firewall c miu t nh l h phng th bao quanh vi cc cht kim sot tt c cc lung lu thng nhp xut. C th theo di v kha truy cp ti cc cht ny. Cc mng ring ni vi Internet thng b e da bi nhng k tn cng. bo v d liu bn trong ngi ta thng dng firewall. Firewall c cch no cho php ngi dng hp i qua v chn li nhng ngi dng khng hp l. Firewall c th l thit b phn cng hoc chng trnh phn mm chy trn host bo m hoc kt hp c hai. Trong mi trng hp, n phi c t nht hai giao tip mng, mt cho mng m n bo v, mt cho mng bn ngoi. Firewall c th l gateway hoc im ni lin gia hai mng, thng l mt mng ring v mt mng cng cng nh l Internet. Cc firewall u tin l cc router n gin. b. Chc nng ca Firewall Chc nng chnh ca Firewall l kim sot lung thng tin t gia Intranet v Internet. Thit lp c ch iu khin dng thng tin gia mng bn trong (Intranet) v mng Internet. Cho php hoc cm nhng dch v truy cp ra ngoi. Cho php hoc cm nhng dch v t ngoi truy cp vo trong.
  59. 59. Ti liu v Bo mt Version 1 2012 7, 2012 Page | 59 Copyright by Tocbatdat Theo di lung d liu mng gia Internet v Intranet Kim sot a ch truy nhp, cm a ch truy nhp Kim sot ngi s dng v vic truy cp ca ngi s dng. Kim sot ni dung thng tin lu chuyn trn mng. Mt firewall kho st tt c cc lung lu lng gia hai mng xem n c t chun hay khng. Nu n t, n c nh tuyn gia cc mng, ngc li n b hy. Mt b lc firewall lc c lu lng ra ln lu lng vo. N cng c th qun l vic truy cp t bn ngoi vo ngun ti nguyn mng bn trong. N c th c s dng ghi li tt c cc c gng vo mng ring v a ra cnh bo nhanh chng khi k th hoc k khng c phn quyn t nhp. Firewall c th lc cc gi da vo a ch ngun, a ch ch v s cng ca chng. iu ny cn c gi l lc a ch. Firewall cng c th lc cc loi c bit ca lu lng mng. iu ny c gi l lc giao thc bi v vic ra quyt nh cho chuyn tip hoc t chi lu lng ph thuc vo giao thc c s dng, v d HTTP, FTP hoc Telnet. Firewall cng c th lc lung lu lng thng qua thuc tnh v trng thi ca gi. Mt s firewall c chc nng th v v cao cp, nh la c nhng k xm nhp rng h ph v c h thng an ton. V c bn, n pht hin s tn cng v tip qun n, dn dt k tn cng i theo bng tip cn nh phn chiu (hall of mirrors). Nu k tn cng tin rng h vo c mt phn ca h thng v c th truy cp xa hn, cc hot ng ca k tn cng c th c ghi li v theo di. Nu c th gi k ph hoi trong mt thi gian, ngi qun tr c th ln theo du vt ca h. V d, c th dng lnh finger theo vt k tn cng hoc to tp tin by mi h phi mt thi gian truyn lu, sau theo vt vic truyn tp tin v ni ca k tn cng qua kt ni Internet. c. Nguyn l hot ng ca Firewall Cc rule ca Firewall hot ng tng t nh Access Control List ca Router, Rule ca firewall c kh nng lc gi tin su hn ACL. Firewall hot ng cht ch vi giao thc TCP/IP, v giao thc ny lm vic theo thut tn chia nh cc d liu nhn c t cc ng dng trn mng, hay ni chnh xc hn l cc dch v chy trn cc giao thc (Telnet, SMTP, DNS, SMNP, NFS ) thnh cc gi d liu (data packets) ri gn cho cc packet ny nhng a ch c th nhn dng, ti lp li ch cn gi n, do cc loi Firewall cng lin quan rt nhiu n cc packet v nhng con s a ch ca chng.

FIT - Xay Dung He Thong an Ninh Mang - Firewall

FIT - Xay Dung He Thong an Ninh Mang - Firewall

Documents
tuoitrebinhchanh.org.vntuoitrebinhchanh.org.vn/data/news/2018/10/17381/de thi luat an ninh mang.pdfA. Tuân thü quy din.h cùa pháp luat va an ninh mang; Cành báo khà näng mát

tuoitrebinhchanh.org.vntuoitrebinhchanh.org.vn/data/news/2018/10/17381/de thi luat an ninh mang.pdfA. Tuân thü quy din.h cùa pháp luat va an ninh mang; Cành báo khà näng mát

Documents
Slide Bao Cao an Ninh Mang

Slide Bao Cao an Ninh Mang

Documents
an ninh mang tuan 2

an ninh mang tuan 2

Documents
 · thiét bi giám sát an ninh và dúng thú 5 trên toàn câu vè sån phåm này. Công ty có 27 mang luói trên Công ty có 27 mang luói trên toàn thé giói

 · thiét bi giám sát an ninh và dúng thú 5 trên toàn câu vè sån phåm này. Công ty có 27 mang luói trên Công ty có 27 mang luói trên toàn thé giói

Documents
Bao Mat May Tinh Va Mang 5111

Bao Mat May Tinh Va Mang 5111

Documents
HA thAng phát hiAn khuôn mAt dAa trên mAng neural và phuong pháp vân vùng màu da

HA thAng phát hiAn khuôn mAt dAa trên mAng neural và phuong pháp vân vùng màu da

Documents
Ung Dung Microsoft Forefront TMG 2010 Trong Bao Mat Mang Doanh Nghiep

Ung Dung Microsoft Forefront TMG 2010 Trong Bao Mat Mang Doanh Nghiep

Documents
qd1125 - Long Biên District · 2015-09-04 · máy quét tôc dê cao 2 mat, máy in mang, máy Fax, máy photocopy, máy chiêu. - Ðåm båo an ninh, båo mat: Trang bi cho các

qd1125 - Long Biên District · 2015-09-04 · máy quét tôc dê cao 2 mat, máy in mang, máy Fax, máy photocopy, máy chiêu. - Ðåm båo an ninh, båo mat: Trang bi cho các

Documents
Bao Mat He Thong Va Mang May Tinh -Sachvn247

Bao Mat He Thong Va Mang May Tinh -Sachvn247

Documents
Nghien Nghien cuu van de an ninh mang Internet khong day va ung dungCuu Van de an Ninh Mang Internet Khong Day Va Ung Dung

Nghien Nghien cuu van de an ninh mang Internet khong day va ung dungCuu Van de an Ninh Mang Internet Khong Day Va Ung Dung

Documents
congdoanhanoi.org.vncongdoanhanoi.org.vn/Uploads/documents/QD359.pdf · TÀI LIVU TUYÊN TRUYÊN vÊ AN NINH NG 1. Sv can thiet phåi ban hành Luât An ninh ô g gian mang Vói sv

congdoanhanoi.org.vncongdoanhanoi.org.vn/Uploads/documents/QD359.pdf · TÀI LIVU TUYÊN TRUYÊN vÊ AN NINH NG 1. Sv can thiet phåi ban hành Luât An ninh ô g gian mang Vói sv

Documents
Thiet Ke Giao Cu Cho Bo Mon Thiet Ke Va Bao Mat Mang

Thiet Ke Giao Cu Cho Bo Mon Thiet Ke Va Bao Mat Mang

Documents
An Ninh Mang Minh 2015

An Ninh Mang Minh 2015

Documents
Bao Mat Mang May Tinh Va Tuong Lua 536

Bao Mat Mang May Tinh Va Tuong Lua 536

Documents
BQ NGHI~P CQNGHOA xA HQI CHUNGHiA VI~T NAM ...Ctieu khai cac giai phap an toan an ninh thong tin tren Mthong mang LAN, WAN cua BQ;Ding cuong cac irng dung bao mat, ra soat va giam

BQ NGHI~P CQNGHOA xA HQI CHUNGHiA VI~T NAM ...Ctieu khai cac giai phap an toan an ninh thong tin tren Mthong mang LAN, WAN cua BQ;Ding cuong cac irng dung bao mat, ra soat va giam

Documents
An Ninh Mang

An Ninh Mang

Documents
Xay Dung Va Bao Mat He Thong Mang VPN Tren Linux

Xay Dung Va Bao Mat He Thong Mang VPN Tren Linux

Documents
An Toan Bao Mat Mang

An Toan Bao Mat Mang

Documents
NGHIÊN CỨU VẤN ĐỀ AN NINH MẠNG INTERNET KHÔNG ...i.vndoc.com/data/file/2015/Thang07/18/an-ninh-mang-khong...ĐẠI HỌC THÁI NGUYÊN KHOA CÔNG NGHỆ THÔNG TIN …………..*…………

NGHIÊN CỨU VẤN ĐỀ AN NINH MẠNG INTERNET KHÔNG ...i.vndoc.com/data/file/2015/Thang07/18/an-ninh-mang-khong...ĐẠI HỌC THÁI NGUYÊN KHOA CÔNG NGHỆ THÔNG TIN …………..*…………

Documents
Do An - Mang Lan Va Cac Phuong Phap Bao Mat

Do An - Mang Lan Va Cac Phuong Phap Bao Mat

Documents
NGHIÊN CỨU VẤN ĐỀ AN NINH MẠNG INTERNET KHÔNG DÂY …i.vietnamdoc.net/data/file/2015/Thang07/18/an-ninh-mang-khong-da… · ĐẠi hỌc thÁi nguyÊn khoa cÔng nghỆ

NGHIÊN CỨU VẤN ĐỀ AN NINH MẠNG INTERNET KHÔNG DÂY …i.vietnamdoc.net/data/file/2015/Thang07/18/an-ninh-mang-khong-da… · ĐẠi hỌc thÁi nguyÊn khoa cÔng nghỆ

Documents
CONG . HOA DocHip- Tu - ninhbinh.edu.vnninhbinh.edu.vn/upload/19216/20190514/CV_van_nghe.pdfTinh Doan Ninh Binh vSviec t6chircLienhoan cakhuc each mang tinhNinh Binh nam 2019; KShoach

CONG . HOA DocHip- Tu - ninhbinh.edu.vnninhbinh.edu.vn/upload/19216/20190514/CV_van_nghe.pdfTinh Doan Ninh Binh vSviec t6chircLienhoan cakhuc each mang tinhNinh Binh nam 2019; KShoach

Documents
Slide An Ninh Mang Chuong 3

Slide An Ninh Mang Chuong 3

Documents
online.vpbank.com.vn · trang thiet bi phân cúng, phan mêm, cc sð dü liêu, hê thông mang truyên thông và an ninh båo mat mà Ngân Hàng sir dung dê sån xuât, truyèn

online.vpbank.com.vn · trang thiet bi phân cúng, phan mêm, cc sð dü liêu, hê thông mang truyên thông và an ninh båo mat mà Ngân Hàng sir dung dê sån xuât, truyèn

Documents
ninhbinh.edu.vnninhbinh.edu.vn/upload/19216/20190508/PB_201905070313483230_000_00_09... · ÐÁp ÁN cÂU HOI CUOC THI "TìM HIÊU AN NINH MANG" TRÊN ÐIA BAN TiNH NINH BìNH 1

ninhbinh.edu.vnninhbinh.edu.vn/upload/19216/20190508/PB_201905070313483230_000_00_09... · ÐÁp ÁN cÂU HOI CUOC THI "TìM HIÊU AN NINH MANG" TRÊN ÐIA BAN TiNH NINH BìNH 1

Documents
Quy trình đánh giá An ninh mang

Quy trình đánh giá An ninh mang

Technology
An toàn và An ninh mạng - dulieu.tailieuhoctap.vndulieu.tailieuhoctap.vn/books/cong-nghe-thong-tin/an-ninh-bao-mat/file... · 3 Một số ví dụ – Trao ñổi thông ñiệp

An toàn và An ninh mạng - dulieu.tailieuhoctap.vndulieu.tailieuhoctap.vn/books/cong-nghe-thong-tin/an-ninh-bao-mat/file... · 3 Một số ví dụ – Trao ñổi thông ñiệp

Documents
kimson.ninhbinh.gov.vn · 2020. 2. 28. · 1. (Ju tiên båo vê an ninh mang trong quôc phòng, an ninh, phát triên kinh tê - xã khoa hoc, công nghê và dôi ngoqi. 2. Xây

kimson.ninhbinh.gov.vn · 2020. 2. 28. · 1. (Ju tiên båo vê an ninh mang trong quôc phòng, an ninh, phát triên kinh tê - xã khoa hoc, công nghê và dôi ngoqi. 2. Xây

Documents
Slide an Ninh Mang

Slide an Ninh Mang

Documents