Professional Documents
Culture Documents
LI M U
Cng vi s pht trin ca cng ngh thng tin, cng ngh mng my tnh v s
pht trin ca mng internet ngy cng pht trin a dng v phong ph. Cc dch v
trn mng thm nhp vo hu ht cc lnh vc trong i sng x hi. Cc thng tin
trn Internet cng a dng v ni dung v hnh thc, trong c rt nhiu thng tin
cn c bo mt cao hn bi tnh kinh t, tnh chnh xc v tnh tin cy ca n.
S ra i ca cng ngh An ninh Mng bo v mng ca bn trc vic nh cp
v s dng sai mc ch thng tin kinh doanh b mt v chng li tn cng bng m
c t vi rt v su my tnh trn mng Internet. Nu khng c An ninh Mng c
trin khai, cng ty ca bn s gp ri ro trc xm nhp tri php, s ngng tr hot
ng ca mng, s gin on dch v, s khng tun th quy nh v thm ch l cc
hnh ng phm php.
Bn cnh , cc hnh thc ph hoi mng cng tr nn tinh vi v phc tp hn.
Do i vi mi h thng, nhim v bo mt c t ra cho ngi qun tr mng l
ht sc quan trng v cn thit. Xut pht t nhng thc t , nhm chng em tm
hiu v ti Tm hiu v An ninh mng v k thut Scanning Network.
Vi s hng dn tn tnh ca thy L T Thanh Khoa khoa hc my tnh
nhm em hon thnh bn bo co ny. Tuy c gng tm hiu, phn tch nhng
chc rng khng trnh khi nhng thiu st. Nhm em rt mong nhn c s thng
cm v gp ca qu Thy c.
Nhm em xin chn thnh cm n!
Trang i
MC LC
LI M U................................................................................................................i
MC LC..................................................................................................................... ii
MC LC HNH NH................................................................................................iv
CHNG 1: TNG QUAN V AN NINH MNG.....................................................1
1.1. Gii thiu v An Ninh Mng...............................................................................1
1.1.1. An Ninh mng l g......................................................................................1
1.1.2. Cc yu t cn c bo v trong h thng mng........................................1
1.1.3. Cc yu t m bo an ton thng tin..........................................................1
1.2. Cc l hng bo mt...........................................................................................3
1.2.1. L hng loi C.............................................................................................3
1.2.2. L hng loi B.............................................................................................4
1.2.3. L hng loi A.............................................................................................4
1.3. Cc kiu tn cng ca hacker..............................................................................5
1.3.1. Tn cng trc tip........................................................................................5
1.3.2. K thut nh la : Social Engineering........................................................5
1.3.3. K thut tn cng vo vng n.....................................................................6
1.3.4. Tn cng vo cc l hng bo mt...............................................................6
1.3.5. Khai thc tnh trng trn b m..................................................................6
1.3.6. Nghe trm....................................................................................................6
1.3.7. K thut gi mo a ch..............................................................................7
1.3.8. K thut chn m lnh.................................................................................7
1.3.9. Tn cng vo h thng c cu hnh khng an ton.......................................7
1.3.10. Tn cng dng Cookies..............................................................................8
1.3.11. Can thip vo tham s trn URL................................................................8
1.3.12. V hiu ha dch v...................................................................................8
1.3.13. Mt s kiu tn cng khc.........................................................................8
1.4. Cc bin php bo mt mng..............................................................................9
1.4.1. M ho, nhn dng, chng thc ngi dng v phn quyn s dng...........9
1.4.2. Bo mt my trm......................................................................................15
1.4.3. Bo mt truyn thng.................................................................................16
Thc hin: Nhm 18
Trang ii
Trang iii
MC LC HNH NH
Hnh 1.
Hnh 2.
Qu trnh m ho........................................................................................10
Hnh 3.
Hnh 4.
Hnh 5.
Hnh 6.
Hnh 7.
Hot ng ca CHAP.................................................................................14
Hnh 8.
M ha Kerberos........................................................................................15
Hnh 9.
Bo mt FTP..............................................................................................16
Hnh 10.
Hnh 11.
Bo mt bng VPN....................................................................................18
Hnh 12.
Hnh 13.
Hnh 14.
Hnh 15.
C ch bt tay ba bc...............................................................................23
Hnh 16.
Hnh 17.
Hnh 18.
Hnh 19.
Hnh 20.
Kt qu qut mng.....................................................................................30
Hnh 21.
Hnh 22.
Hnh 23.
Hnh 24.
Hnh 25.
Hnh 26.
Hnh 27.
Hnh 28.
Trang iv
Trang 1
Tnh sn sng: Thng tin phi lun sn sng tip cn, phc v theo
ng mc ch v ng cch.
Tnh chnh xc: Thng tin phi chnh xc, tin cy.
Tnh khng khc t (chng chi b): Thng tin c th kim chng c
ngun gc hoc ngi a tin.
1.
Xc nh cc l hng h thng
Vic xc nh cc l hng h thng c bt u t cc im truy cp vo h thng
nh:
-
Kt ni mng Internet
Cc im kt ni t xa
Kt ni cc t chc khc
Trang 2
Cc im truy cp khng dy
Social Engineering
1.2. Cc l hng bo mt
C nhiu cc t chc tin hnh phn loi cc dng l hng c bit. Theo b quc
phng M cc loi l hng c phn lm ba loi nh sau:
Trang 3
Trang 4
Trang 5
Trang 6
1.3.7. K thut gi mo a ch
Thng thng, cc mng my tnh ni vi Internet u c bo v bng bc
tng la(fire wall). Bc tng la c th hiu l cng duy nht m ngi i vo nh
hay i ra cng phi qua v s b im mt. Bc tng la hn ch rt nhiu kh
nng tn cng t bn ngoi v gia tng s tin tng ln nhau trong vic s dng to
nguyn chia s trong mng ni b.
S gi mo a ch ngha l ngi bn ngoi s gi mo a ch my tnh ca mnh l
mt trong nhng my tnh ca h thng cn tn cng. H t t a ch IP ca my tnh
mnh trng vi a ch IP ca mt my tnh trong mng b tn cng. Nu nh lm c
iu ny, hacker c th ly d liu, ph hy thng tin hay ph hoi h thng.
Trang 7
Trang 8
Trang 9
2.
Qu trnh m ho
M ho nhm m bo cc yu cu sau:
-
Trang 10
3.
Mt s gii thut bm
4.
Trang 11
c tnh
- S dng mt khi 64 bit hoc mt
kha 56 bit.
C th d dng b b kha.
p dng DES 3 ln.
B thay th bi AES.
S dng Rhine doll c kh nng
khng vi tt c tn cng bit.
5.
Cc gii thut
o RSA (Ron Rivest, Adi Shamir, and Leonard Adleman).
Thc hin: Nhm 18
Trang 12
6.
Trang 13
7.
Hot ng ca CHAP
+ Kerberos
Kerberos l mt giao thc mt m dng xc thc trong cc mng my tnh hot
ng trn nhng ng truyn khng an ton. Giao thc Kerberos c kh nng chng
li vic nghe ln hay gi li cc gi tin c v m bo tnh ton vn ca d liu. Mc
tiu khi thit k giao thc ny l nhm vo m hnh my ch-my khch (clientserver) v m bo nhn thc cho c hai chiu.
Kerberos hot ng s dng mt bn th ba tham gia vo qu trnh nhn thc gi
l key distribution center KDC (KDC bao gm hai chc nng: "my ch xc thc"
(authentication server - AS) v "my ch cung cp v" (ticket granting server - TGS).
"V" trong h thng Kerberos chnh l cc chng thc chng minh nhn dng ca
ngi s dng.). Mi ngi s dng trong h thng chia s mt kha chung vi my
ch Kerberos. Vic s hu thng tin v kha chnh l bng chng chng minh nhn
dng ca mt ngi s dng. Trong mi giao dch gia hai ngi s dng trong h
thng, my ch Kerberos s to ra mt kha phin dng cho phin giao dch .
Trang 14
8.
M ha Kerberos
+ Chng ch (Certificates)
Mt Server (Certificates Authority - CA) to ra cc certificates.
C th l vt l: smartcard
C th l logic: ch k in t
S dng public/private key (bt c d liu no c m ha bng public key ch c
th gii m bng private key). S dng cng ty th 3 chng thc. c s dng
ph bin trong chng thc web, smart cards, ch k in t cho email v m ha
email.
1.4.2. Bo mt my trm
S kim tra u n mc bo mt c cung cp bi cc my ch ph thuc ch
yu vo s qun l. Mi my ch trong mt cng ty nn c kim tra t Internet
pht hin l hng bo mt. Thm na, vic kim tra t bn trong v qu trnh thm
nh my ch v cn bn l cn thit gim thiu tnh ri ro ca h thng, nh khi
firewall b li hay mt my ch, h thng no b trc trc.
Hu ht cc h iu hnh u chy trong tnh trng thp hn vi mc bo mt ti
thiu v c rt nhiu l hng bo mt. Trc khi mt my ch khi a vo sn xut, s
c mt qu trnh kim tra theo mt s bc nht nh. Ton b cc bn sa li phi
c ci t trn my ch, v bt c dch v khng cn thit no phi c loi b.
iu ny lm trnh ri ro xung mc thp nht cho h thng.
Vic tip theo l kim tra cc log file t cc my ch v cc ng dng. Chng s
cung cp cho ta mt s thng tin tt nht v h thng, cc tn cng bo mt. Trong rt
nhiu trng hp, chnh l mt trong nhng cch xc nhn quy m ca mt tn
cng vo my ch.
Trang 15
9.
Bo mt FTP
FTP l giao thc lp ng dng trong b giao thc TCP/IP cho php truyn d liu
ch yu qua port 20 v nhn d liu ti port 21, d liu c truyn di dng cleartext, tuy nhin nguy c b nghe ln trong qu trnh truyn file hay ly mt khu trong
qu trnh chng thc l rt cao, thm vo user mc nh Anonymous khng an ton
to iu kin cho vic tn cng trn b m.
Bin php t ra l s dng giao thc S/FTP (S/FTP = FTP + SSL/TSL) c tnh bo
mt v nhng l do sau:
S dng chng thc RSA/DSA .
S dng cng TCP 990 cho iu khin, cng TCP 989 cho d liu.
Tt chc nng Anonymous nu khng s dng.
S dng IDS pht hin tn cng trn b m.
S dng IPSec m ha d liu.
o Bo mt truyn thng SSH
SSH l dng m ha an ton thay th cho telnet, rlogin..hot ng theo m hnh
client/server v s dng k thut m ha public key cung cp phin m ha, n ch
cung cp kh nng chuyn tip port bt k qua mt kt ni c m ha. Vi telnet
hay rlogin qu trnh truyn username v password di dng cleartext nn rt d b
nghe ln, bng cch bt u mt phin m ha.
Khi my client mun kt ni phin an ton vi mt host, client phi bt u kt ni
bng cch thit lp yu cu ti mt phin SSH. Mt khi server nhn dc yu cu t
client, hai bn thc hin c ch three-way handshake trong bao gm vic xc minh
Thc hin: Nhm 18
Trang 16
10.
Trang 17
11.
Bo mt bng VPN
12.
Trang 18
Trang 19
13.
Trang 20
Trang 21
14.
Trang 22
15.
C ch bt tay ba bc
Trang 23
Trang 24
16.
Trang 25
Trang 26
Trang 27
17.
2.4.2. K thut gi mo IP
Mt hacker c th gi mo a ch IP khi qut my h thng hn ch thp
nht kh nng b pht hin. Khi nn nhn (Victim) gi tr li v a ch IP, n s
khng gi n a ch gi mo c. Mt nhc im ca gi mo IP l mt
phin TCP khng th hon thnh c, do khng th gi hi p ACK.
Source routing cho php k tn cng ch nh vic nh tuyn mt gi tin c
thng qua Internet. iu ny cng c th gim thiu c hi pht hin bng cch
b qua IDS v tng la. Source routing c ci t trong giao thc TCP/IP
vi hai hnh thc:
Loose Source routing (LSR): Routing khng chnh xc. Ngi gi gi mt
danh sch ip trong bao gm ip ca mnh.
Strict Source routing (SSR): Routing chnh xc. Ngi gi ch ra mt
Trang 28
18.
19.
Trang 29
20.
Kt qu qut mng
Sau khi qu trnh qut hon tt, chng ta c th kim tra cc my ch mu xanh
l cy bng cc ng dng h tr ca phn mm nh: ping, share forder, trace route,
telnet
21.
Trang 30
22.
23.
Trang 31
24.
25.
Trang 32
26.
3.4.1. Gi mo IP
S dng phn mm Hide My IP
27.
phn mm Hide My IP
Trang 33
28.
Trang 34
KT LUN
Kt qu t c
Nm c tnh hnh an ninh mng, cc khi nim v mt s kin thc c bn v
an ninh mng
Tm hiu c khi nim, phn loi, mc ch, pht hin v cch phng chng
Scanning.
Hn ch
Do iu kin thc hnh nn vn cn mt s k thut Scanning Network cha
demo thc t c.
Hng pht trin.
Tip tc tm hiu k thut Scanning Network v tt c cc k thut cn li trong
b CEH ny c th nm r h thng mng ca mnh hn t a ra cc bin php
phng chng hacker mt cch hiu qu cho h thng.
Trang 35
Trang 36