Professional Documents
Culture Documents
---------------------------------------
NGUYN MNH ON
TM TT LUN VN THC S
H NI-2014
a
M U
Trong thi gian gn y, Internet pht trin rt mnh m v phc v cho tt c
cc nhu cu v cng vic cng nh cuc sng. i km theo s pht trin mnh m
l cc yu t: tc , cht lng, bo mt, s a dng cc dch v,... Trong bo mt
l mt trong nhng vn quan trng nht i vi c nh cung cp dch v cng nh
ngi s dng, khng ch i vi cc c nhn m cn c bit quan trng trong cc
nghnh mang tnh c th yu cu v bo mt cao nh qun s, ngn hng, ti chnh
Ngay t khi Internet ra i, vn bo mt c t ra v rt c ch trng. Tri
qua c mt qu trnh di pht trin vi rt nhiu thay i, cc bin php bo mt cng
khng ngng pht trin v tin b c v s lng v cht lng: Firewall, VPN, m
ha, cc phn mm dit virus, Ty theo cc yu cu bo mt cng nh cc mi nguy
c b tn cng m c cc bin php bo mt tng ng. Tuy nhin c s an ton
mng cao nht th cn phi bit kt hp cc phng php bo mt mt cc hiu qu.
Lun vn i su vo tm hiu v nghin cu v h thng pht hin v ngn chn xm
nhp tri php IDS/IPS, qua a ra cc gii php s dng IDS/IPS trong h thng
mng. y l mt phng php bo mt rt quan trng lun c s dng trong mt
h thng mng. IDS/IPS pht hin v ngn chn nhng xm nhp tri php cng nh
cc trng hp dng sai quyn, n khc phc cc vn m cc phng php khc
nh Firewall hay VPN cha lm c.
Lun vn c chia lm 3 phn:
Chng 1: Tng quan v phng chng xm nhp mng.
Chng 2: H thng pht hin v ngn chn xm nhp tri php IDS/IPS.
Chng 3: Xy dng m hnh h thng IDS/IPS s dng cho mng doanh
nghip.
Tc gi xin chn thnh cm n cc thy c c bit l PGS TS. NGUYN
TIN BAN nhit tnh hng dn tc gi hon thnh lun vn ny.
Do thi gian nghin cu c hn, ng thi kin thc cn hn ch, lun vn
khng trnh khi nhng thiu st, tc gi rt mong c cc thy c hng dn v ch
dy thm. Tc gi xin c tip thu v c gng hon thnh tt nht lun vn.
Hc vin
NGUYN MNH ON
1
1.2.2 Sniffers:
Sniffers l mt chng trnh hay thit b c kh nng n bt li cc thng tin
quan trng t giao thng mng n mt a ch ring vi mc ch tch cc hoc tiu
cc.
Chng ta c th ngn nga xm phm tri php s dng sniffers bng cc cch
sau :
c th bt c cc gi d liu m ha.
1.3.2 H thng pht hin v ngn chn xm nhp tri php IDS/IPS:
Cc phng php nhm m bo an ton cho thng tin mng v h thng k
trn u c cc u im v cc nhim v nht nh. Tuy nhin cu hi t ra l lm th
no c th pht hin cc cuc tn cng, s dng sai quyn hn trong h thng?
IDS/IPS l gii php hp l v l cu tr li cho cu hi .
1.4 Kt lun
Chng 1 ca lun vn nu tng quan v phng chng xm nhp mng: nhng
mi e da i vi bo mt, cc phng thc xm nhp v phng chng xm nhp ph
bin (DoS, Sniffers, Port Scan, ARP Spoofing). ng thi tc gi cng nu khi qut
cc phng php bo mt trong an ninh mng hin nay: Fire wall, VPN, m ha,
qua a ra c nhu cu cp thit trong vic s dng h thng IDS/IPS.
Hnh2.1 NIDS
H thng NIDS da trn mng s dng b d v b cm bin ci t trn ton
mng. Nhng b d ny theo di trn mng nhm tm kim nhng lu lng trng vi
nhng m t s lc c nh ngha hay l nhng du hiu. Nhng b cm bin thu
nhn v phn tch lu lng trong thi gian thc. Khi ghi nhn c mt mu lu
lng hay du hiu, b cm bin gi tn hiu cnh bo n trm qun tr v c th
c cu hnh nhm tm ra bin php ngn chn nhng xm nhp xa hn. NIDS l tp
nhiu sensor c t ton mng theo di nhng gi tin trong mng so snh vi
vi mu c nh ngha pht hin l tn cng hay khng.
Li th ca Network-Based IDS:
-
c lp vi OS
Hn ch ca Network-Based IDS:
-
Khng cho bit vic attack c thnh cng hay khng.Mt trong nhng hn ch
l gii hn bng thng. Nhng b d mng phi nhn tt c cc lu lng
mng, sp xp li nhng lu lng cng nh phn tch chng.
Khi thnh phn phn ng s kch hot tng la thc hin chc nng ngn
chn cuc tn cng, hay cnh bo ti ngi qun tr:
Cnh bo thi gian thc: gi cc cnh bo thi gian thc n ngi qun tr
h nm c chi tit cc cuc tn cng, c im thng tin v chng.
2. 3 IPS
IPS c hai chc nng chnh l pht hin cc cuc tn cng v chng li cc cuc
tn cng . Phn ln h thng IPS c t vnh ai mng, kh nng bo v tt
c cc thit b trong mng.
2. 3.1 Kin trc chung ca cc h thng IPS:
Module phn tch lung d liu:
Modul pht hin tn cng:
Modul phn ng
Khi c du hiu ca s tn cng hoc thm nhp, modul pht hin tn cng s
gi tn hiu bo hiu c s tn cng hoc thm nhp n modul phn ng. Lc
modul phn ng s kch hot tng la thc hin chc nng ngn chn cuc tn cng
hay cnh bo ti ngi qun tr. Ti modul ny, nu ch a ra cc cnh bo ti cc
ngi qun tr v dng li th h thng ny c gi l h thng phng th b
ng. Modul phn ng ny ty theo h thng m c cc chc nng v phng php
ngn chn khc nhau. Di y l mt s k thut ngn chn:
-
Thay i cc chnh sch ca tng la: K thut ny cho php ngi qun tr
cu hnh li chnh sch bo mt khi cuc tn cng xy ra. S cu hnh li l tm
thi thay i cc chnh sch iu khin truy nhp bi ngi dng c bit trong
khi cnh bo ti ngi qun tr.
Cnh bo thi gian thc: Gi cc cnh bo thi gian thc n ngi qun tr
h nm c chi tit cc cuc tn cng, cc c im v thng tin v chng.
2.4 Cch pht hin v ngn chn cc kiu tn cng thng dng ca h thng
IDS/IPS
Denial of Service attack (Tn cng t chi dch v)
Gii php ca IDP: Mt firewall dng proxy rt hiu qu ngn chn cc gi tin
khng mong mun t bn ngoi, tuy nhin Network IDS c th pht hin c cc tn
cng dng gi tin.
Scanning v Probe (Qut v thm d)
Gii php ca IDP: Network-based IDP c th pht hin cc hnh ng nguy him
trc khi chng xy ra. Yu t time-to-response rt quan trng trong trng hp ny
c th chng cc kiu tn cng nh vy trc khi c thit hi. Host-based IDS cng
c th c tc dng i vi kiu tn cng ny, nhng khng hiu qu bng gii php
da trn mng.
Password attack (Tn cng vo mt m)
Gii php ca IDP: Mt Network-based IDP c th pht hin v ngn chn c gng
on m (c th ghi nhn sau mt s ln th khng thnh cng), nhng n khng c
hiu qu trong vic pht hin truy nhp tri php ti file m ha cha mt m hay chy
cc chng trnh b kha. Trong khi Host-based IDP li rt c hiu qu trong vic
pht hin vic on mt m cng nh pht hin truy nhp tri php ti file cha mt
m.
Privilege-grabbing (Chim c quyn)
Gii php ca IDP: C Network v Host-based IDP u c th xc nh vic thay i
c quyn tri php ngay lp tc, cp phn mm, do vic xy ra trn thit b ch.
Do Host-based IDP c th tm kim c nhng ngi dng khng c c quyn t
13
nhin tr thnh c c quyn m khng qua h thng thng thng, Host-based IDP
c th ngng hnh ng ny. Ngoi ra hnh ng chim c quyn ca h iu hnh
v ng dng c th c nh ngha trong tp cc du hiu tn cng ca Networkbased IDP nhm ngn chn vic tn cng xy ra.
Hostile code insertion (Ci t m nguy him)
Gii php ca IDP: Ci t cc phn mm bo mt c tc dng chng virus v cc
on m nguy him ln gateway, server v workstation l phng php hiu qu nht
gim mc nguy him. Cc file quan trng c qun l bng Host IDP c th
m bo rng chng trnh v file quan trng ca h iu hnh khng b iu khin.
Kt hp vi cc s kin khc, IDP c th xc nh c c gng ci on m nguy
him, v d nh n c th pht hin c ai nh thay chng trnh ghi log bng
mt backdoor. Network-based IDP cng c th c ch th qun l h thng v file
nh cho mc ch kim tra tnh ton vn.
Cyber vandalism (Hnh ng ph hoi trn my mc)
Gii php ca IDP: i vi gii php ca Host-based IDP, ci t v cu hnh cn
thn c th xc nh c tt c cc vn lin quan n cyber vandalism. V d nh
mi thay i i vi trang web c th c ghi li ti bin bn kim k ca thit b m
trang web nm trn . Khng ch c cu hnh qun l mi thay i trn trang
web, Host-based IDP cn c th thc hin cc hnh ng i ph, l nhng hnh ng
c Security Administrator cu hnh. Network-based IDP th c th s dng du hiu
tn cng c nh ngha trc pht hin chnh xc vic truy nhp tri php vo h
iu hnh, ng dng cng nh xa file v thay i trang web.
Proprietary data theft (n trm d liu quan trng)
Gii php ca IDP: M hnh Host-based IDP thc hin vic qun l cc d liu quan
trng c th pht hin cc file b sao chp bt hp php. Trong mt s trng hp IDP
c th da vo bin bn ca h iu hnh, nhng trong nhiu trng hp vic ghi bin
bn c cha qu nhiu overhead (nh vi Winddows NT). Trong cc trng hp ,
Host-based IDP cn phi thc hin vic qun l ring bit vi cc file quan trng. Cn
Network-based IDP c th c chnh sa qun l vic truy nhp vo cc file quan
trng v xc nh vic truyn thng c cha key word. Trong mt s trng hp rt
kh c th pht hin c mt host nghe trm trn mng, th phn mm IDP trn host
14
c th pht hin c host b t trng thi ngu nhin v ang nghe trm vic
tuyn thng.
Fraud, waste, abuse (Gian ln, lng ph v lm dng)
Gii php ca IDP: Network-based IDP c th c thay i nhm ngn cc URL,
tuy nhin cc chng trnh chuyn dng ngn URL c lin h vi firewall c th
hot ng hiu qu hn, c th duy tr mt danh sch URL ng v chnh sch lm
dng da trn USERID. Host-based IDP c th thc thi mt chnh sch do cng ty t
ra, cc truy nhp tri php v sa i file h thng c th c pht hin thng qua
host-based IDP cng nh network-based IDP. Bt c thay i c th ngay lp tc c
ghi trong bin bn h thng, agent c th d dng theo di cc hnh ng .
2.5 Kt lun
Trong chng 2, tc gi a ra cc khi nim rt chi tit v c th v xm
nhp tri php, pht hin v ngn chn xm nhp tri php. Cc h thng pht hin v
ngn chn xm nhp tri php cng c trnh by c th v cu trc, chc nng, v tr
v nguyn tc hot ng nhm a ra cc nhn trc din v r rng nht.
15
17
18
Vng DMZ gm cc Server cho cc dch v trc tuyn nh Web site, Email,
cc ng dng Online Brokerage, Online OTC
Vng mng LAN bao gm khi vn phng, nghip v v h thng thng tin IP.
Cc vng mng s c quy hoch trn cc di IP ring bit. H thng Firewall
s kim sot lung d liu i qua bao gm: Truy cp t ngoi Internet vo vng dch
v trc tuyn, ngi dng mng LAN truy cp Internet qua ng LeasedLine,
ADSL hoc Wireless, ngi dng mng LAN truy cp vo vng Server ng dng v
c s d liu. Firewall s kim sot, xc thc v ngn chn nhng truy cp khng hp
l, nhng tn cng ca hacker t ngoi Internet hoc trc tip xut pht t bn trong
19
3.3 Kt lun
Chng 3 gii thiu mt s gii php pht hin v ngn chn xm nhp: Snort(
phn mm), cc sn phm phn cng ca Cisco, ISSBn cnh tc gi cng trnh
by gii php s dng IDS/IPS trong mt h thng bo mt ca mt trng hp c
th(h thng an ton thng tin ca mt cng ty chng khon). Nhm lm tng thm
tnh thc t v r rng, tc gi trnh by phn m phng h thng IDS/IPS(ca Cisco)
trn GNS3 trong phn mc lc cui lun vn.
22
KT LUN
Chng ta c th thy rng khng th c mt bin php bo mt hon ho v
ton vn no c th gii quyt ht tt c cc vn v bo mt ca mt mng my
tnh. c mt s an ton cao nht cho mng my tnh cn phi s dng mt h thng
bo mt bao gm nhiu bin php bo mt v phi bit kt hp chng mt cch hp l
v hiu qu nht.. Lun vn tm hiu v i su vo nghin cu IDS/IPS v trnh
by c cc khi nim , c im, cu trc, chc nng v cc gii php s dng
IDS/IPS mt cch hiu qu nht, ng thi tc gi cng m phng IDS/IPS ca Cisco
thng qua GNS3 nhm a ra ci nhn trc quan v IDS/IPS. IDS/IPS l mt bin
php hiu qu nhm pht hin v ngn chn xm nhp tri php cng nh s dng sai
quyn. IDS/IPS l mt la chn ph hp khi mun phng chng Dos cng nh bo
v cc server ng dng v d liu quan trong trong vng DMZ. Bn cnh cc bin
php bo mt khc nh: Firewall , VPN,th IDS/IPS l mt bin php khng th
thiu ca mt h thng an ninh mng. Ty vo tng m hnh mng cng nh cc yu
cu v bo mt m chng ta c cc phng php s dng IDS/IPS cho hp l v hiu
qu.
Lun vn l nn tng cho cc nghin cu tip theo v h thng an ninh mng
ni chung cng nh h thng ngn chn xm nhp ni ring.
23