Professional Documents
Culture Documents
IN T - VIN THNG
D N 5
THIT K MC CAO [v1.0]
Ngi lp:
Pham Hng Sn
Ngy lp:
/./......................
Nguyn c Hinh........................
Ngy lp:
/./......................
Ngi duyt:
......................................................
Ngy duyt:
/./......................
10/2014
12.BM.QTPM.EJC, (v1.0)
D an 5
MC LC
1.
1.1.
1.2.
1.3.
1.4.
Mc ch............................................................................................................................................
M t h thng phn mm.................................................................................................................
Ti liu lin quan...............................................................................................................................
Khi nim, thut ng.........................................................................................................................
2.
2.1.
2.2.
2.3.
2.4.
Mi trng Server.............................................................................................................................
Cc mc tiu u tin.........................................................................................................................
Phng n pht trin phn mm.......................................................................................................
Cc rng buc v gi thit khc........................................................................................................
3.
3.1.
3.2.
3.3.
4.
4.1.
4.2.
4.3.
4.4.
4.5.
4.6.
4.7.
4.8.
4.9.
5.
THIT K MODULE........................................................................................................................
5.1.
5.2.
5.3.
5.4.
5.5.
5.6.
5.7.
5.8.
5.9.
5.10
6.9
6.10
6.11
6.12
6.13
6.14
12.BM.QTPM.EJC, (v1.0)
Trang 2/40
D an 5
6.15
6.16
PH LC.........................................................................................................................................
7.9
12.BM.QTPM.EJC, (v1.0)
Trang 3/40
D an 5
LCH S THAY I
TT
12.BM.QTPM.EJC, (v1.0)
Ni dung thay i
Mc
Ngy
Trang 4/40
D an 5
Vai tro ca h thng lp k hoach v quan ly ngun lc l quan ly thng tin chung cc
ngun lc (con ngi, trang thit bi, vt t) hin c v tnh trang sn sng ca ngun
lc, t cung cp cng c trc quan ngi ch huy c th phn b ngun lc cho
tng nhim v c th, h tr ngi ch huy trong vic tao, theo doi, iu chnh, tng
kt, bo co v ton b qu trnh thc hin cc nhim v.
Phn h Quan ly ngun lc
Phn h Quan ly k hoach, nhi m
v
1.3. Ti liu lin quan
Cc ti liu lin quan n vic thit k h thng:
Ti liu SRS, SRD
Ti liu m ta Usecase
1.4. Khai nim, thut ng
STT
Thut ng, t
vit tt
1
2
Tslqs NGN
DDoS
12.BM.QTPM.EJC, (v1.0)
Gii thch
Ghi ch
Trang 5/40
D an 5
3
4
5
6
7
8
Firewall/IPS
QS-QP
12.BM.QTPM.EJC, (v1.0)
Trang 6/40
D an 5
12.BM.QTPM.EJC, (v1.0)
Trang 7/40
D an 5
12.BM.QTPM.EJC, (v1.0)
Trang 8/40
D an 5
H thng am bao an ninh an ton mang xy dng theo tiu chun an ton cng ngh thng
tin v bao m t ca IBM, am bao thi gian thc cc nguy c tn cng an ninh. H thng
c thit k bao gm phn :
u vo :
u vo ca h thng l cc d li u log thu th p v x ly t ng bi h thng SIEM ca
IBM. Cc d li u log (c th l log ca firewall) tai tng i, mang n i b , cc router bin,
firewall h thng c thu th p v x ly t p trung trn core SIEM, sau c phn tch,
phn loai v t chc lai do chnh Core SIEM am nh n. D li u ny c coi l u vo cho
h thng quan ly an ninh Elcom xy dng.
Lp chuyn tip C s d li u - Mediation
y l module chuyn tip d li u t h thng SIEM vo database t p trung. D li u sau
khi thu th p bng h thng SIEM , c phn h mediation phn tch v y vo c s d
li u t p trung. y cung l c s d li u s dng cho h thng gim st an ninh, v quan ly
ngun lc, k hoach.
Lp phn mm ng dng nghi p v
Bao gm cc phn h : Phn h bo co an ninh t p trung, phn h quan ly ngun lc, phn
h quan ly k hoach v iu phi, phn h quan tri h thng
Lp dich v v trinh din
Bao gm cc bo co, mn hnh ch huy, mn hnh thng k, ng dng trc quan ha d li u
(Visualization), giao di n v n hnh khai thc
u ra
Cc mn hnh lp trnh din c hin thi qua mn hnh ln, ho c qua web browser ca
mang n i b .
12.BM.QTPM.EJC, (v1.0)
Trang 9/40
D an 5
12.BM.QTPM.EJC, (v1.0)
Trang 10/40
D an 5
3.3. M hinh vt l
12.BM.QTPM.EJC, (v1.0)
Trang 11/40
D an 5
12.BM.QTPM.EJC, (v1.0)
Trang 12/40
D an 5
12.BM.QTPM.EJC, (v1.0)
Trang 13/40
D an 5
12.BM.QTPM.EJC, (v1.0)
Trang 14/40
D an 5
Figure 6 : Qun l vt t
Figure 7 : S t chc n v
12.BM.QTPM.EJC, (v1.0)
Trang 15/40
D an 5
Figure 9 : Lp k hoch
12.BM.QTPM.EJC, (v1.0)
Trang 16/40
D an 5
12.BM.QTPM.EJC, (v1.0)
Trang 17/40
D an 5
5. THIT K MODULE
5.1. Module thu th p v qun l Log Firewall qua h thng SIEM
SIEM l giai php c kt hp bi 2 giai php SIM v SEM. SIEM l mt giai php hon
chnh, y cho php cc t chc thc hin vic gim st cc s kin an ton thng tin cho
mt mang li. Cc thnh phn chnh ca SIEM bao gm: thnh phn thu thp nht ky, thnh
phn phn tch, thnh phn lu tr, thnh phn quan tri tp trung. Ngoi ra con c cc thnh
phn khc nh: thnh phn gim st Network Package mc lp 7 trong m hnh OSI, cc
module tao bo co (Complaince Report).
H thng s thu thp v x ly nhanh thng tin t tt ca cc ngun thng tin canh bo
t tt ca cc thit bi an ninh mang: FW, IPS/IDS
H thng gim st an ton mang tp trung thng bao gm cc thnh phn sau y:
a. Thnh phn thu thp log (log collector):
Thnh phn thu thp log ng vai tron nh l giao din kt ni trc tip n cc thit
bi cn thu thp v quan ly log. Cc log s c thu thp v lu tr tam thi tai Event
Collector, sau s c chuyn n Thit bi Event Processor tin hnh phn tch, so snh
12.BM.QTPM.EJC, (v1.0)
Trang 18/40
D an 5
tng quan. Mt khc, cc thit bi t tai trung tm c th y log trc tip ln thit bi phn
tch s kin Event Processor. Cc chc nng chnh ca thnh phn Log collector bao gm:
-
Thu thp ton b d liu nht ky t cc ngun thit bi, ng dng bao gm ca cc
thit bi vt ly v thit bi ao.
H tr thu thp log qua Syslog hoc bng cc giao thc nh: JDBC, SNMP, SDEE,
OPSEC...
C th cu hnh y log theo thi gian hoc theo iu kin bng thng inh trc.
Chuyn ton b cc s kin sau khi thu thp n thit bi Event Processor
b. Thnh phn phn tch s kin (Event Processor):
Thnh phn phn tch s kin (Event procesor) bao gm cc cc m un thu thp, m
un phn tch, m un lu tr.
-
M un thu thp s kin (Event Collector): l giao din lm vic trc tip n cc h
thng/thit bi cn thu thp v quan ly s kin. Tai y, cc log s c thu thp v
c chuyn n thnh phn phn tch tin hnh phn tch, so snh tng quan.
M un phn tch: thc hin vic phn tch s tng quan theo thi gian thc gia cc
s kin an ninh da vo mu v phn tch hnh vi;
Thnh phn phn tch s kin (Event procesor) c engine phn tch c h tr
bi hng ngn cc lut inh ngha trc cung nh kha nng tu bin mang lai kt qua
phn tch chnh xc nht.
Cc log sau khi thu thp s c chun ho v tin hnh phn tch, so snh
tng quan theo thi gian thc nhm a ra canh bo tc thi cho ngi quan tri. Bn
canh kha nng so snh theo thi gian thc, Event Processor cho php phn tch cc d
liu trong qu kh nhm cung cp cho ngi quan tri mt bc tranh ton canh v an ninh
thng tin theo thi gian.
Event Processor u tr ca 2 dang log: log th v log sau khi c chun ha,
h tr nn v c th lu tr ln n 16 TB. Ngoi ra thnh phn Event Processor con h
tr kt ni n cc h thng SAN, iu ny gip cc t chc nng cao kha nng lu tr v
xy dng k hoach d phong chng mt mt d liu.
Event Processor cho php trin khai theo m hnh tp trung hoc phn tn am
bao an ton kt ni gia cc thnh phn, khng lm thay i kin trc mang. iu ny
gip doanh nghip bao v c vn u t, ng thi ln k hoach m rng theo tng l
trnh pht trin.
c. Thnh phn thu thp Flow mng (Flow Collector):
12.BM.QTPM.EJC, (v1.0)
Trang 19/40
D an 5
Thnh phn ny s kt ni vi thit bi chuyn mach (switch) qua cng Span port
thu thp flow ca cc thit bi trn mang li, sau gi flow ti thnh phn Flow Processor
phn tch flow mang lp 7 - Lp ng dng.
Lu y: (Trong phase 01 ca d n s khng lm phn flow mang)
d. Thnh phn phn tch flow mng:
Thnh phn ph tch flow mang s tip nhn flow t thit bi Flow Collector tin
hnh phn tch lp 7 (lp ng dng) nhm bc tch cc thng tin trong gi tin mang bao
gm: ia ch IP ngun, ia ch IP ch, giao thc truyn d liu, ia ch cng ngun, ia ch
cng ch, thng tin v ng dng, thng k lu lng, ni dung tai tin. Qua , n gip pht
hin cc tn cng phc tap nh Zero-day attack, kim sot tun th cc chnh sch an ninh, v
d: a ra canh bo v vic gi/nhn lu lng t nhng vng ng nghi ng hoc gi/nhn
lu lng qua cc giao thc khng an ton.
Bn canh , vic phn tch flow mang lp 7 cung s cung cp thm cc thng tin
chnh xc a ra canh bo nh vic so snh tng quan gia flow mang v log ca cc
thit bi.
Lu y: (Trong phase 01 ca d n s khng lm phn flow mang)
Cung cp giao din quan tri tp trung cho ton b h thng SIEM (Security Operation
Center), cc giao din c phn quyn theo vai tro ca ngi quan tri.
H tr sn hng ngn cc lut mu (rules), cc giao din theo doi tng hp trc quan
(dashboard), cc iu kin lc (filter) ngi quan tri c th s dng lun cc cng
c ny. Ngoi ra cc cng c ny u cho php ty bin, thay i hay tao mi mt
cch d dng, cho php ngi quan tri tao lp cc cng c mi ph hp vi h thng
ca mnh.
Kha nng drill down hin thi chi tit tng incident.
12.BM.QTPM.EJC, (v1.0)
Trang 20/40
D an 5
Kha nng kt ni vi thnh phn phn tch flow: cho php phn tch flow mang lp 7 - Lp
ng dng nhm phn tch su v chnh xc h thng mang ca khch hng, xc inh cc mi
e doa v cc bt thng ca mang
5.2. Module Mediation Services
Module Mediation l lp trung gian, giao tip vi h thng SIEM nhm thu th p, t chc,
ly d li u log, sau y d li u vo c s d li u t p chung.
Module Mediation s thc hi n vi c truy sut inh k vo Database ca h thng SIEM,
am bao tnh thi gian thc, thi gian truy sut c th l 1s. H thng mediation thit k am
bao tnh n inh, tnh thng sut v chiu tai tt.
Mn hnh khng gian mang: Th hin khng gian tc chin, bao gm tt ca cc thc
12.BM.QTPM.EJC, (v1.0)
Trang 21/40
D an 5
Khng gian mang : h tr ngi quan tri theo doi gim st tnh trang an ninh trn ton
h thng theo thi gian thc. S dng biu Vit Nam th hin khng gian an
ton mang.
S kin mang : H tr ngi quan tri theo doi mt cch trc quan din bin hnh vi
ca ton h thng mang. S kin mang c biu din gia hai im trn ban Vit
Nam
Topo mang : Gim st theo topo th hin m hnh mang ca tng n vi, trn c
cc kt ni gia cc thnh phn mang v cc thng tin ca tng thit bi cung nh
thng tin ca cc kt ni.
Hin thi danh sch s kin theo thi gian thc. Ngi dng c th thc hin pause/play danh
sch s kin. Chc nng ny cho php ngi dng c th lc theo cc tiu ch nh theo thi
gian v mc nguy him, xem chi tit thng tin ca mt s kin, thc hin iu tra vi d
liu ly t s kin hoc tao mt nhim v cho s kin v k hoach chi tit thc hin
nhim v
5.5.2 Thng k s kin
Mc tiu: Chc nng cho php tng hp, thng k phn loai s kin v biu din dang biu
gip ngi ch huy c ci nhn tng quan v tnh trang an ninh ca h thng, t a ra
cc quyt inh giai quyt s c kip thi. C cc loai thng k nh thng k top ip ngun, top
ip ch, loai s kin, ngng v mc nguy him
12.BM.QTPM.EJC, (v1.0)
Trang 22/40
D an 5
5.5.3 iu tra
Mc tiu: Chc nng ny h tr ngi dng thc hin iu tra theo i tng, dich v, theo
cn b quan ly, kt qua nhn c l danh sch cc s kin tng ng v topo th hin s
kin c bt u t u v i cc cc thit bi no trong h thng mang.
Qun l n v
Qun l cn b
12.BM.QTPM.EJC, (v1.0)
Trang 23/40
D an 5
Qun l cu hinh
Chc nng ny cho php ngi dng cu hnh ngng canh bo(mc thng tin/canh bo/nguy
him) cung nh phng thc canh bo (qua giao din/ email).
12.BM.QTPM.EJC, (v1.0)
Trang 24/40
D an 5
5.9.2.3
C s d liu tp trung
Xy dng trn nhng nn tang ca h quan tri c s d liu thuc loai manh nht hin
nay l Oracle, truy cp nhanh v c cu trc phn quyn LDAP. C th quan tri c
lng d liu ln vi cc i tng khc nhau. Cc i tng quan ly d dng thm
bt cc thuc tnh v i tng con theo nhiu mc su ty y.
p ng c vic ti u ha gia lu tr thng tin v x ly chn lc d liu ti
qua.
am bao tnh c lp d liu hay s bt bin ca chng trnh ng dng i vi cc
nhiu ngi s dng tai cng mt thi im, han ch kha nng truy nhp n cc d
liu bi nhng ngi s dng khng c cp php v c kha nng kim tra tnh ng
n ca CSDL.
p ng kha nng phc hi d liu, khng lm mt mt d liu vi cc li h thng.
p ng cc yu cu v thao tc d liu bao gm:
o Tm kim thng tin c lu tr trong CSDL.
12.BM.QTPM.EJC, (v1.0)
Trang 25/40
D an 5
canh bo
Phn h Quan ly ngun lc: d liu ngun lc
Phn h Quan ly k hoach v iu phi: d liu nhim v
D liu quan tri h thng: file cu hnh, d liu hoat ng, log h thng
12.BM.QTPM.EJC, (v1.0)
Trang 26/40
D an 5
6
6.9
CC YU CU CHC NNG
Khi chc nng mediation
12.BM.QTPM.EJC, (v1.0)
Trang 27/40
D an 5
a.Bng qidmap
- Mc tiu : ng b bng qidmap t db Postgres trong h thng SIEM v db Oracle.
- M t : bng qidmap l bng m t cc event v flow trong h thng SIEM.
D liu mu :
Khi c mt s kin thay i, nh update, delete, insert bn ghi vo bng qidmap, d liu s t ng
sync vi bng qidmap trn oracle. tr cho php l 5 -> 10s
b.Bng Category _type
- Mc tiu : ng b bng category type t db Postgres trong h thng SIEM v db Oracle.
- M t : D liu bng category khi c thay i nh insert, update, delete s c t ng ng b
sang db oracle. Thi gian cho php t 5 ->10s. Bng category type m t category cc s kin trn
h thng SIEM
D liu mu :
12.BM.QTPM.EJC, (v1.0)
Trang 28/40
D an 5
c. Bng sensordevice
- Mc tiu : ng b bng sensordevice t db Postgres trong h thng SIEM v db Oracle.
- M t : bng sensordevice l bng m t cc log source trong event v flow ca h thng
SIEM. D liu s t ng c ng b sang db Oracle khi c bt c mt thay i no trn db
Postgres (Insert, Delete)
- D liu mu :
12.BM.QTPM.EJC, (v1.0)
Trang 29/40
D an 5
D liu mu :
Bng Flow
12.BM.QTPM.EJC, (v1.0)
Trang 30/40
D an 5
6.10
ID
Chc nng
M t chc nng
FU_CH_001
FU_CH_002
Gim st theo s
kin mng
FC
FU_CH_003
FC
FU_CH_004
FC
FU_CH_005
Gim st k hoch
NC
FU_TC_006
Gim st cnh bo
NC
6.11
Mc u tin
FC
Phn h chc nng gim st h thng chia ra lm 3 khi chc nng chnh :
Topo mang
6.11.1 Khng gian mng
ID
M t chc nng
Mc u tin
Hin th thit b
mng
FC
FU_GH_002
Hin th kt ni
mng
FC
FU_GH_003
FC
FU_GH_004
Lc theo n v
FC
FU_GH_005
NC
FU_GH_006
NC
M t chc nng
Mc u tin
FU_GH_001
Chc nng
Chc nng
Hin th tia mng
12.BM.QTPM.EJC, (v1.0)
Trang 31/40
FC
D an 5
Lc theo server
FC
FU_GH_009
FC
FU_GH_010
FC
FU_GH_011
Lc theo dch v
NC
Chc nng
M t chc nng
Mc u tin
FC
FU_GH_012
V topo mng
FU_GH_013
FU_GH_014
Hin th cnh bo
6.12
FC
FC
Bao gm cc chc nng con l Danh sch s kin, Thng k s kin v iu tra
ID
FU_D5_EVM_001
FU_D5_EVM_002
FU_D5_EVM_003
Chc nng
Danh sch s
kin
Xem thng tin
chi tit s kin
Thng k top ip
ngun
12.BM.QTPM.EJC, (v1.0)
M t chc nng
Mc u
tin
FC
FC
FC
Trang 32/40
D an 5
FU_D5_EVM_004
Thng k top ip
ch
FU_D5_EVM_005
Thng k theo
loai s kin
FU_D5_EVM_006
Thng k
ngng
FU_D5_EVM_007
Thng k theo
mc nguy
him
FU_D5_EVM_008
6.13
di dang ct
Chc nng ny thng k 10 ip ch c nhiu
s kin nht c sp xp theo th t giam
dn, biu thng k theo dang ct
Chc nng ny thng k 5 loai s kin xut
hin nhiu nht c sp xp theo th t
giam dn, biu thng k dang Pie
Chc nng ny thng k cc s kin c
managitude >=8 v <= 10 ca mi mt
firewall c cho php hin thi trong h
thng
Chc nng ny thng k xem mi mc
nguy him c bao nhiu s kin
Chc nng ny cho php thc hin iu tra
theo i tng, dich v hay cn b, kt qua
nhn c l danh sch cc s kin lin
quan v topo iu tra
iu tra
FC
FC
FC
FC
FC
Chc nng
Li t k bao co
quan ly thit bi
12.BM.QTPM.EJC, (v1.0)
M t chc nng
Chc nng ny cho php hin thi tt ca cc bo
co v trang thit bi do ngi quan tri nh p
Mc u tin
FC
Trang 33/40
D an 5
trc :
- Bo co hong thit bi
- Bo co nhp mi thit bi
- Bo co bn giao thit bi
Chc nng ny cho php lit k danh sch cc
thit bi theo cc thuc tnh nh:
FU_D5_002
FU_D5_004
FU_D5_005
Quan ly danh
sch thit bi
Quan ly tng
thit bi
M thit bi
Loai thit bi
n vi quan ly
Ngy nhp thit bi
Tnh trang thit bi
Gi khi nhp
Lich s s dng thit bi
Ngy c available (nu ang c s
dng)
- M ta thit bi
- Ch thch
Chc nng ny cho php theo doi tnh trang ca
thit bi theo thi gian theo cc tham s:
-
FU_D5_006
Tao mi t in
danh mc
FU_D5_007
Sa, xa t in
danh mc
FU_D5_008
- n vi quan ly
- n vi tip nhn
- Loai thit bi
- Cht lng thit bi
- Tnh trang s dng ca thit bi
Chc nng ny cho php thm, sa, xa thit bi.
Cc thuc tnh ca 1 thit bi nh:
Quan ly iu
phi
12.BM.QTPM.EJC, (v1.0)
FC
FC
FC
FC
FC
m thit bi
tnh trang thit bi
Trang 34/40
D an 5
s lng thit bi
n vi ch quan
n vi tip nhn
ngy phn b
ngy ht han
ch thch
b. QUN L T CHC CN B
ID
Chc nng
FU_D5_009
FU_D5_010
Quan ly t bao am
ky thut c ng
(BKTC)
FU_D5_011
Quan ly bo co
thng k
12.BM.QTPM.EJC, (v1.0)
M t chc nng
Chc nng ny cho php quan ly thng
tin c nhn:
- Tn, tui
- Gii tnh
- Qu qun
- Ni hin nay
- n vi lm vic
- Ngy bt u lm vic
- Tnh trang hn nhn
- Tnh trang sc khoe
- Ch thch
Chc nng ny cho php hin thi cn b
theo s t chc:
- Hin thi nhng cn b no free
cp no
- Hin thi nhng cn b no ang
busy cp no
Chc nng ny cho php hin thi tt ca
cc loai bo co v vic iu phi con
ngi do ngi quan tri nh p trc :
- Bo co thng tin cn b mi
- Bo co cc cng vic lm ca
1 cn b (trong khoang thi gian)
- Bo co nhn nhim v mi
- Bo co tin cng vic hin tai
Mc u
tin
FC
FC
FC
Trang 35/40
D an 5
6.14
6.15
ID
FU_D5_PL_001
FU_D5_PL_002
M t chc nng
Chc nng
Li t k danh sch
k hoach
FU_D5_PL_003
Sa i k hoach
FU_D5_PL_004
Duyt k hoach
12.BM.QTPM.EJC, (v1.0)
Mc u
tin
Trang 36/40
FC
FC
D an 5
FU_D5_PL_007
Cp nhp tin
k hoach
FC
ng k hoach
FC
Lp k hoach
FC
Bo co k hoach
FC
FU_D5_PL_008
FU_D5_PL_009
FC
12.BM.QTPM.EJC, (v1.0)
Trang 37/40
D an 5
6.16
ID
FU_D5_ST_001
FU_D5_ST_002
FU_D5_ST_003
FU_D5_ST_004
Chc nng
Ngi dng
ng nhp
Ngi dng
ng xut
Thm mi sa
xa ngi
dng
FU_D5_ST_005
Cu hnh
Mediation
FU_D5_ST_006
Cu hnh SIEM
12.BM.QTPM.EJC, (v1.0)
M t chc nng
Mc u
tin
FC
FC
FC
FC
FC
Trang 38/40
D an 5
FU_D5_ST_007
Cu hnh canh
bo
FU_D5_ST_08
Cu hnh Log
Source
12.BM.QTPM.EJC, (v1.0)
FC
FC
Trang 39/40
D an 5
7
7.9
PH LC
Tiu chun lp trinh
Tun theo cc tiu chun code Convention ca cc ngn ng:
Java
Oracle
12.BM.QTPM.EJC, (v1.0)
Trang 40/40