Li ni u [Security365] c xy dng v pht trin t nm 2005.

L mt thng hiu v
An Tan Thng Tin, Qun Tr H Thng v ng Dng Ngun M. Security365 lun i u trong vic p dng nhng cng ngh mi nhm mang n cho cc bn nhng thng tin b ch, cc hng dn thit thc c kh nng ng dng cao. Qua thm d bn c v cc sinh vin yu thch cng ngh thng tin, nhng hc vin, v thnh vin trn www.security365.vn hay www.hoctructuyen.org chng ti nhn thy cc bn tr u rt nng ng, ham hc hi, thch nghin cu nhng k thut mi, kin thc b ch nh cc tp ch bo mt [IN]Secure, Hakin 9 hay cc ti liu khc. Ch c mt tr ngi i vi a s cc bn c l nhng bo hay ti liu ny a s c vit bng ting Anh, li khng c demo (hng dn thc hnh) gy nhiu kh khn trong qu trnh ng dng cho nn chng ti quyt nh cho ra i mt n phm c bit l Tp Ch in T Security365 (S365 EMAG), l mt tp ch in t nn cc bn c th c bt k ni u v c bit l c th tham kho bi hng dn thc hnh trc tip trn trong khi tham kho. y l u im m cha c tp ch no v CNTT cung cp. S365 EMAG l mt tp ch han tan min ph, xut bn 2 chuyn hng thng vo cc ngy 10 v 25. Ban bin tp v i ng k thut l nhng thnh vin tm huyt ca CLB Tin Hc ng Dng (118 Hng Vng, TpBMT). Cc kin ng gp hy gi v a ch BanBienTap@Security365.VN, cc bi vit hy gi v BaiViet@Security365.VN

Cc ch chnh ca SECURITY 365 EMAG 1 8 K Nng Bo Mt Thc Dng ( ng trn pcworld s 10.2010) - ng Dng KeePass Safer Bo V Mt Khu - ng Cc Cng Nhy Cm - S Dng HotPotShield Truy Cp Wifi An Tan - Th Thut Chuyn Tip Mail - Truy Cp n Danh Vi Phn Mm Ngun M TOR Khai Thc L Hng Bo Mt Ca H iu Hnh Windows Kim Li Bo Mt Vi Nessus Tng Quan V FireWall (Phn 1)

8 K nng bo mt thc dng

ng dng ngun m v Bo mt thng tin trong nm 2010 nhn c s quan tm ca tt c mi ngi, t cc cp thm quyn cao nht l th tng chnh ph cho n ngi s dng bnh thng. Nhm bo m s an ton cho nhng d liu nhy cm, ring t ca mnh cc bn cn bit mt s phng php bo mt thc dng da trn ng dng m ngun m v cc th thut ca Security365 sau y : 1.Kha Mn Hnh Khi Khng S Dng My Tnh : Nhng lc gii lao hay tm ngng lm vic cc bn nn kha mn hnh li phng nga ngi khc xem trm thng tin nhy cm trn mn hnh my tnh ca mnh cng nh s dng my tnh ca chng ta tri php, iu ny thc hin kh n gin bng cch nhn t hp phm Ctrl Alt Del v chn Lock Computer trn hp thoi hin th.

Ngoi ra, c mt cch thc hin nhanh hn l ti chng trnh LockScreen ti a ch http://hoctructuyen.org/Security365/LockScreen.exe t ti desktop v ch cn double click vo ng dng trn kha mn hnh ca mnh. (Lu : ng dng c vit bng ngn ng kch bn AutoIT, v vy s b BKAV cnh bo, mc d y l mt ng dng han tan sch v khng b nhng chng trnh phng chng virus khc cnh bo).

2.S Dng Hp Th in T Trung Gian Mi Trng Cng Cng Hy g vo cm t sniff password trn Google s thy rt nhiu kt qu tr v t cc din n hay cc trang thng tin ca Vit Nam vi nhng hng dn chi tit, cn k. Tuy nhin cc hng dn phng nga b mt thng tin nhy cm li rt t. iu ny cho thy kh nng b nh cp cc d liu b mt l rt ln, cho d cc bn s dng my tnh trong vn phng hay cc mng wifi ca qun caf, sn ga, bn tu Vy lm cch no bo v nhng hp th qu gi ca mnh? V nu b chim quyn iu khin cc hp th m chng ta thg dng ng k cc ti khoo ngn hng, hay cc ti khon trc tuyn quan trng nh PayPal, Web Hosting th hacker c kh nng chim lun c nhng ti khon qun tr trn. Gii php thay i mt khu thng xuyn khng gip ch g c trong nhng trng hp ny, m i khi n cn gy ra nhng rc ri v bn khng th nh ni mnh thay i mt khu l g. Cch tt nht l s dng mt hp th trung gian check mail, mt hp th tm m nu b nh cp th s thit hi cng khng ln. y l gii php m ti thng trnh by trong cc chng trnh o to v an ton thng tin cho cc cng ty v nhn c nhiu ngi p dng. Cch thc hin tht s n gin, ly v d cc bn c mt hp th rt quan trng nh asktheguider@gmail.com, cc bn hy to thm mt hp th th cp dng nh doanhnghiep24g@hoctructuyen.org v cu hnh forward nhng email gi n asktheguider@gmail.com v a ch DoanhNghiep24G@HocTrucTuyen.Org . a s cc h thng email u cho php chng ta cu hnh chuyn tip d dng, v d bn s dng email ca Google hay h thng mail Google App th hy ng nhp vo ti khon ca mnh v chn Setting sau chn tab Forwarding and POP/IMAP. Trong Forwarding hy chn Forward a copy of incoming mail to : v nhp a ch email mun chuyn tip.

Lc ny cc bn c th cu hnh Outlook hay ThunderBird nhn mai t hp mail ph. V cc bn vn c th s dng hp ph ny giao dch bng cch thit lp cc tham s ti thch hp, v t a ch Reply-to-Address l hp th chnh ca bn nh hnh minh ha sau:

Cu hnh Account Name v Reply-toAddress trn ng dng ngun m ThunderBird Nh vy cc bn c th yn tm hn khi cn check mail nhng mi trng cng cng, v trong tnh hung xu nht th chng ta cng ch b mt ti khon ph cn ti khon th in t chnh vn khng sao, v ng nhin l ta c th to mt ti khon ph khc. 3. Ngn Nga Tn Cng Hijacking Trong Mi Trng Wifi Hijacking theo ngha en l khng tc, lm chng ta lin tng n v khng b kinh hong xy ra vo ngy 11.9.2001. Tuy nhin trong khng gian s th y l mt thut ng ni v dng tn cng theo kiu nh cp cookie v chim phin lm vic ca ngi dng thng c cc hacker s dng trong mi trng mng Wifi. V d khi cc bn truy cp vo ti khon Yahoo, HotMail c m ha vi https th cc attacker vn c th t nhp vo ti khon ca bn thng qua qu trnh nh cp cookie m khng cn phi tin hnh xc thc nh hnh minh ha sau y:

Hacker nh cp cookie ti khon asktheguider@gmail.com

Sau dt nhp vo bn trong ti khon m khng cn xc thc Vy lm cch no c th ngn nga trng hp tn cng trn? Hy nhn trc ng sau xem c k kh nghi no hay khng trc khi ng nhp? Cch ny r rng l khng hiu qu v cc hacker rt bit cch n mnh. Vy chng ta hy th dng mt gii php c a chun l ng dng cc h thng VPN min ph cho cc mng wifi nh Hot Pot Shiel, mt l chn ng ngha gip bn bo v thng tin ca mnh thng qua mt mng ring o m cc attacker khng th no tng tc vo c. Hy ti chng trnh hot pot shield ti a ch sau

v tin hnh ci t theo hng dn trong video sau:

chc chn kt ni thnh cng vi VPN Server hy kim tra li ipvi lnh IPCONFIG /ALL, nh hnh minh ha sau y ta thy my tnh c thm mt a ch mi trong VPN l 10.10.128.73, lc ny cc bn hon ton yn tm truy cp.

4. Tm Thi ng Cc Cng Nhy Cm Khi my tnh hot ng, c mt s cng nhy cm c m mc nh c th l ming mi ngon cho hacker, virus. V vy, nhng lc online trong cc mi trng cng cng cc bn nn tm thi ng cc cng ny li v ch m ra khi trong mi trng Trusted - Zone (nh trong c quan hay nh). Bn c th tr nn tng hnh bng cch ng cng dnh cho dch v NetBios, y l mt trong nhng im nhy cm tng c thng k b cc hacker v virus tn cng nhiu nht. iu ny c th thc hin d dng trn cc my tnh chy h iu hnh Windows bng cch m khung thuc tnh ca card mng v chn chc nng Advance sau trong tab WINS hy chn Diasable Netbios Over TCP/IP v nhn OK nh hnh minh ha sau :

thao tc d dng hn, hy ti v cng c Block_NullSession ti a ch

http://hoctructuyen.org/Security365/Block_Nullsession.exe http://hoctructuyen.org/Security365/Enable_Nullsession.exe Hy to mt th mc t tn Security365 trn my tnh v lu tr cc ng dng trn, khi mun tt chc nng null session hy double click vp tp tin Block_Nullsession.exe, ngc li hy chy Enable_Nullsession.exe c th chia s file, my in Vi tnh nng kha cht cc dch v kt ni khng thng qua xc thc nh trn chng ta cn ngn nga c kh nhiu mi him nguy khi ang truy cp internet, hn ch c nhng cp mt t m lun rnh rp n nh cp d liu ca bn hay chc ph bng cch ngt kt ni 5. Kim tra cc l hng h thng vi Nessus Nu kp thi cp nht cc bn v, bt cc l hng bo mt th kh nng b tn cng bi virus hay hacker c th hn ch mc ti a. Nhng lm sao c th bit c tnh trng cc bn v cho my tnh ca bn hay ton mng my tnh ca cng ty mt cch nhanh chng, chnh xc? ng dng bo mt ngun m Nessus chnh l p n cho cu hi ny, y cng l nguyn nhn m Nessus c c cc hacker v nh qun tr bnh chn l cng c bo mt s 1 th gii trong danh sch 100 cng c hng u, cc bn c th tham kho danh sch nhng ng dng ny ti y www.sectools.org. 6. Qun tr mt khu an ton hn vi phn mm ngun m KeePassSafe

Hy thng xuyn thay i mt khu (password) l li khuyn ca cc chuyn gia bo mt.Nhng ti khng chc l bn s nh ht cc mt khu m bn to ra, vy hy s dng Kee Pass lu tr tt c cc mt m ny theo hng dn sau: Ti v Kee Pass Portable: http://hoctructuyen.org/Security365/ KeePassPortable.rar. Sau khi gii nn v chy ng dng ln u hy chn New trn thanh cng c.

t Master Password, cc bn ch cn nh mt m ny m d liu lu tr tt c cc mt m cn li. Tip theo, cc bn hy lu tr cc thng tin mt khu ca nhng dch v vo cc th mc tng ng, v d bn c cc ti khon email vi nhng password khc nhau vy hy chn eMail v nhn chut phi vo khung bn phi v chn Add Entry. Nhp cc thng tin ca hp th vo cc tng ng v d User name l asktheguider, nhp mt khu vo khung Password v xc nhn trong Repeat. Trong URL l ng dn n trang web Gmail, sau khi hon tt hy chn OK, trc khi thot khi ng dng nh nhn nt Save lu li thay i. Nh vy, khi cn truy cp vo cc ti khon trong mi trng Un-Trust Zone chng ta ch cn m ng dng Kee Pass nm trn USB v nhp vo Master Password, chn ti khon tng ng ri tin hnh copy User name v Password vo trang ng nhp, hoc bn c th chn Open URL v sau tin hnh Perform Auto-Type chng trnh t ng nhp thng tin ti khon. Vi phng php ny bn khng lo vic qun mt khu m cn bo m an ton ti a cho cc thng tin b mt. y chnh l l do m Kee Pass c ti v nhiu nht trn trang web cung cp cc ng ng m ngun m Sourceforge.

7. n danh trn mi trng Internet vi phn mm ngun m TOR

i khi chng ta mun hon ton n danh khi truy cp Internet nh giu a ch IP hay xa sch du vt. Hy s dng ng dng ngun m v hon ton min ph Tor, vi Tor cc thng tin truy cp ca bn tuyt i b mt, cho d hacker c t nhp c vo cc my ch trung gian m bn i qua th vn khng tm kim c g v cc du vt u c m ha v Tor lin tc thay i my ch trung gian nh cc hnh mnh ha cc gi tin c bt gi vi WireShare sau y: Khi truy cp trang web www.hoctructuyen.org khng dng Tor, ta thy r qu trnh three-wayhandshake gia 192.168.11.5 vi my ch 208.113.162.27. Khi ng dng Tor truy cp li trang web trn th ta thy thng tin hon ton khc hn, kt ni thng qua my ch trung gian 62.212.74.134. Ln truy cp tip theo cc bn li thy cc thng tin m ha qua SSH vi my ch 86.214.160.7. Nh vy cc thng tin truy cp hon ton c du kn, rt an ton nhng c im hn ch l tc truy cp s chm hn so vi bnh thng. Nhng nu cc bn dnh u tin s b mt ln hng u th hy ti v trnh duyt Opera c tch hp Tor l Opera Tor ti a ch: http://hoctructuyen.org/Security365/OperaTor-3.5.zip, y l ng dng portable v vy cc bn ch cn gii nn v s dng m khng cn ci t.

8. Giao dch trc tuyn vi th Debit kt hp Paypal Khi mua hng trc tuyn, tht kh c th bo m an ton tuyt i cho ti khon ngn hng ca mnh, cho d cc bn tun th y cc nguyn tc bo mt. V cc thng tin nh credit card hay ti khon PayPal ca chng ta u c lu gi trong database ca nh cung cp. Tuy nhin, chng ta c th an ton hn nu nh khng c g mt. iu ny nghe hi kh hiu nhng tht s n gin.

Bn hy ng k ti khon ngn hng v th tn dng, v d nh ACB Visa Debit, sau to mt ti khon PayPal min ph ti a ch www.paypal.com ri lin kt ti khon PayPal va to vi th ACB Visa Debit ca bn, vic ny tng i d dng. Mi ln mua hng bn hy chuyn khon va s tin thanh ton vo ti khon th v s dng PayPal mua hng t website ca nh cung cp. iu ny gip giao dch din ra nhanh chng hn v cc website thng mi trn th gii u tin tng PayPal, s khng yu cu bn phi xc nhn thng tin bng cch chp hnh th hay nhng thao tc rc ri khc. Trong tnh hung xu nht, nu hacker chim c thng tin ti khon ca bn v s dng vo mc ch phi php th vn khng th ly c g do th ghi n ca chng ta hon ton trng. Nu cc bn thng xuyn giao dch trc tuyn th hy th ng dng phng php ny nh! y l mt s kinh nghim thc t c kt t qu trnh lm vic, hy vng s gip bn c c thm nhng kin thc trong vn bo mt thng tin, an ton d liu. Nu bn c c cu hi lin quan n bi vit xin gi n a ch emag@security365.vn c gii p.

H THNG CA BN C AN TAN KHNG ? HY KIM TRA VI NESSUS POWER TOOL Ngy xa, trc mi trn chin th cc tng lnh thng cho qun s i thm thnh cc im yu ca i phng c th ra cc chin sch thch hp. Ngc li, nhng ch huy ti ba cng phi bit c nhng im trng yu ca mnh c th cng c li tuyn phng th cho vng chc hn.V vy Tn T, nh qun s ti ba c cu Bit Ngi Bit Ta Trm Trn Khng Nguy, cu ni ny vn ng ngay c trong thi i cng ngh thng tin hin nay, c bit trong vn bo m an tan cho h thng trc cc t tn cng ca hacker, virus, trojan... Mt trong nhng mi quan tm hng u ca cc nh qun tr h thng l lm sao bit c h thng ca mnh b hng ch no c th v li hoc tn cng hay t nhp vo nu ngi quan tm n chng l cc hacker. C rt nhiu cng c tr gip trong vic xc nh cc li bo mt v nhng im nhy cm ca h thng nh Retina ca Eeye, hay GFI N.S.S ca GFI Nhng cng c c cc hacker v nhng nh qun tr h thng yu thch hn c vn l nessus, cng c c xp hng th nht trong 75 cng c bo mt c nh gi bi t chc Insecure (www.insecure.org). L do m nessus c yu thch nh vy bi v chng c mt c s d liu rt ln v l hng h thng c cp nht thng xuyn, giao din d s dng v kt qu c th c lu li di nhiu dng khc nhau nh biu , XML hay PDF c th d dng tham kho. Ngai ra khi s dng nessus chng ta khng phi lo lng v vn bn quyn v y l mt chng trnh min ph. Trong bi vit ny ti s trnh by phng php cu hnh v ci t nessus trn mt h thng Linux FC2 v tin hnh kim tra li ca mt s my ch chy h iu hnh Windows, cng vi gii php phng chng nessus cng nh cc trng hp tn cng DOS da vo honeypot. nm cch s dng cng c s 1 trong danh sch 100 tool hng u th gii cc bn hy tham kho bi hng dn sau:

H THNG CA BN C AN TAN KHNG ? HY KIM TRA VI NESSUS POWER TOOL Ngy xa, trc mi trn chin th cc tng lnh thng cho qun s i thm thnh cc im yu ca i phng c th ra cc chin sch thch hp. Ngc li, nhng ch huy ti ba cng phi bit c nhng im trng yu ca mnh c th cng c li tuyn phng th cho vng chc hn.V vy Tn T, nh qun s ti ba c cu Bit Ngi Bit Ta Trm Trn Khng Nguy, cu ni ny vn ng ngay c trong thi i cng ngh thng tin hin nay, c bit trong vn bo m an tan cho h thng trc cc t tn cng ca hacker, virus, trojan... Mt trong nhng mi quan tm hng u ca cc nh qun tr h thng l lm sao bit c h thng ca mnh b hng ch no c th v li hoc tn cng hay t nhp vo nu ngi quan tm n chng l cc hacker. C rt nhiu cng c tr gip trong vic xc nh cc li bo mt v nhng im nhy cm ca h thng nh Retina ca Eeye, hay GFI N.S.S ca GFI Nhng cng c c cc hacker v nhng nh qun tr h thng yu thch hn c vn l nessus, cng c c xp hng th nht trong 75 cng c bo mt c nh gi bi t chc Insecure (www.insecure.org). L do m nessus c yu thch nh vy bi v chng c mt c s d liu rt ln v l hng h thng c cp nht thng xuyn, giao din d s dng v kt qu c th c lu li di nhiu dng khc nhau nh biu , XML hay PDF c th d dng tham kho. Ngai ra khi s dng nessus chng ta khng phi lo lng v vn bn quyn v y l mt chng trnh min ph. Trong bi vit ny ti s trnh by phng php cu hnh v ci t nessus trn mt h thng Linux FC2 v tin hnh kim tra li ca mt s my ch chy h iu hnh Windows, cng vi gii php phng chng nessus cng nh cc trng hp tn cng DOS da vo honeypot. nm cch s dng cng c s 1 trong danh sch 100 tool hng u th gii cc bn hy tham kho bi hng dn sau:

Sau khi tham kho bi ISA 2006 LAB, nhiu bn cho rng ISA Server 2006 Firewall qu tht l mnh m trong vn bo v h thng cng nh qun l ngi dng ngai tr chi ph bn quyn qu cao so vi chng ta, khi m Vit Nam sp sa gia nhp WTO.

Chnh v vy chng ti cover li bi vit ng trn PC World ca Nguyn Trn Tng Vinh v vic xy dng 1 Firewall cng mnh m khng km nhng khng i hi cu hnh my tnh phi mnh m v han tan min ph. Lu , y l bi Lab tham kho cc bn hy cn thn khi trin khai v qu trnh ci t s format tan b cng c th gy mt mt d liu.

www.ipcop.org

TI U HA BNG THNG V TNG CNG BO MT NG DNG VI IPCOP FIREWALL/ROUTER

Phn I : Ci t V Cu Hnh IPCOP Firewall Thi gian, chi ph v hiu qu l 3 yu t hng u c cc doanh nghip v t chc quan tm khi ng dng cc sn phm, gii php cng ngh thng tin cho h thng ca mnh. V mt trong nhng gii php c quan tm nhiu nht l lm sao Ti u ha bng thng v Tng cng bo mt cho cc ng dng. thc hin iu ny, chng ta c th s dng cc thit b phn cng ca hng bo mt ni ting Juniper, hay Cisco, CheckPoint hoc cc thit b phn mm nh ISA Server 2004 ca Microsoft. Mi sn phm c nhng mt mnh, yu ring. Tuy nhin, tt c u l nhng sn phm thng mi c gi tr bn quyn cao v i hi yu cu phn cng mnh m. V vy, i vi cc cng ty mun tit kim chi ph chng ta c th dng mt sn phm m ngun m thay th l IPCop Firewall, mt gii php ti u cho vic tit kim bng thng v tng cng bo mt, gip xa tan nhng lo u v vn chi ph bn quyn khi Vit Nam ang ng trc ngng ca gia nhp sn chi Thng mi Quc t WTO . IPCop l mt bn phn phI Linux thun ty c nh km nhiu chc nng mnh m ca mt firewall chuyn nghip nhm bo v h thng mng ca mt t chc trc cc nguy c v hacker, virus v nhng s xm nhp bt hp php thng qua cc chc nng d tm v pht hin xm phm. Ngai ra, IPCop Firewall khng i hi phi c mt my ch cu hnh cao m c th c ci t trn nhng my tnh i c vi cu hnh thp nh PC i486, iu ny cho php bn tn dng cc my tnh c c ct vo kho hay khng cn dng n na. Tuynhin, trc khi ci t v trin khai IPCop cho h thng ca mnh, cc bn nn tham kho danh sch cc phn cng tng thch vi IPCop ti a ch trang web: http://ipcop.sourceforge.net/cgi-bim/twiki/view/IPCopHCLv01 Cu hnh phn cng ti thiu ca my tnh dng ci t IPCop nh sau:

H thng PC 386 vi 16MB Ram (nn c nhiu hn nu s dng chc nng IDS ca Snort, v tng tc truy cp internet ca Squid) a cng ATA dung lng ti thiu125MB + 2x RAM Ngai ra IPCop l mt h thng firewall cho nn cn c t nht 2 NIC mt cho mi trng bn ngai (RED) v mt cho h thng ni b (GREEN).

tng cng bo mt cho cc ng dng v ti u ha bng thng, IPCop tch hp nhng chng trnh bo mt hng u vi nhng tnh nng hu ch nh: 1.Linux Netfilter - Stateful Packet Inspection: l mt ng dng Firewall ni ting v mnh m c xy dng trn h thng Linux bo v h thng trc cc s tn cng v xm nhp ca hacker, virus..

2. Snort -Network IDS : h thng d tm v pht hin s xm nhp tri php ca cc phn mm nguy him, trojan, attacker... 3. Squid Web Proxy : chng trnh kim sat v tng tc truy cp internet c nhiu ngi yu thch v p dng, gip tit kim ng truyn. 4. H tr FreeS/WAN IPSec cho php chng ta xy dng cc my ch VPN cung cp truy cp ti nguyn ni b cho ngi dng t xa thng qua cc phin truyn c m ha v chng thc cht ch. 5. Ngai ra cn c cc dch v mng ph bin v quan trng nh DHCP server cung cp a ch IP ng, h tr chc nng ng k tn min t ng thng qua c ch Dynamic DNS,.. 6. Giao din qun l, cu hnh thn thin v d s dng thng qua mi trng Web. 7. C ch t v li v cp nht cc chnh sch bo mt mt cch t ng. 8. Cho php Backup v Restore cc thng tin cu hnh ca IPCop khi c s c xy ra mt cch nhanh chng. Chng ta d dng nhn thy IPCop Firewall/Router c nhiu tnh nng mnh m m ngay c nhng sn phm tng la thng mi hng u nh ISA Server cng khng c c nh h thng phn phi cc a ch IP ng client c th d dng, nhanh chng truy cp internet. t cc gii hn downlaod/upload. Bn cnh IPCop cn c kh nng pht hin d tm xm nhp bt hp php hay cc chng trnh kh nghi trn mng nh ettercap, dsniff thng qua h thng SNORT Network IDS, t ng cp nht cc chnh sch, quy tc bo mt

TRIN KHAI IPCOP FIREWALL /ROUTER

Ch : khi ci t IPCop trn mt a cng ang dng th tan b d liu s b xa do a cng s b format v phn vng li Ly m hnh mng Cng ty iICT c 1 ng truyn ADSL vi a ch modem ADSL l 192.168.8.1 v h thng ca cng ty c chia lm 4 phn nh sau: Red : lp mng giao tip vi h thng bn ngoi nh internet, kt ni vi IPCop qua NIC red 192.168.8.2

 Orange : y l vng DMZ cha cc server quan trng ca cng ty nh web server, mail serevr kt ni vi IPCop qua NIC orange 192.168.3.1 Blue : y l vng dnh ring cho cc thit b wireless nhm tng cng tnh nng an tan cho cc my tnh v d liu c truyn thng trong mi trng ny, giao tip vi IPCop qua NIC blue 192.168.2.1 Green : h thng mng ni b ca cng ty, gm my tnh ca cc nhn vin, cc phng ban, t chc .. kt ni vi IPCop qua NIC green 192.168.1.1

M hnh mng LAN Ca cng ty IICT

1.Download v Ci t IPCop Firewall:

Ch : khi ci t IPCop trn mt a cng ang dng th tan b d liu s b xa do a cng s b format v phn vng li

Chng ta c th download tp tin ci t IPCop t web site www.ipcop.org sau dng chng trnh ghi a nh Nero Burn ghi tp tin image ny ln a CD. Khi ng my tnh dng lm IPCop Firewall/Router (c t nht 2 card mng cho Green v Red) t a CD Rom mn hnh ci t vi thng bo s xa sch tan b d liu c hin th nh sau:

Nhn Enter tip tc qu trnh ci t, cc thng s khi ng s xut hin, sau chng ta cn xc nh ngn ng hin th cho IPCop, chng ta chn English v nhn OK.

Chng trnh ci t s xc nhn li mt ln na, nhn OK tip tc, v sau chn ci t t CD ROM trn khung Select installation media

Thng bo cui cng s xut hin, nhn OK tip tc tin trnh ci t IPCop Firewall v tin hnh phn chia partition/dev/had cho a cng trn IPCop Firewall

Sau khi h thng tp tin c khi to, mt mn hnh nhc nh c cn phc hi IPCop Firewall t mt a mm lu gi cc thn gtin cu hnh ca h thng OPCop Firewall trc hay khng, y ta chn Skip.

Tip theo chng ta cn xc nh cc driver v tham s cho cc giao tip mng ca mnh nh GREEN, RED, chn Probe h thng t ng d tm hoc chn Select nu nh mun t mnh xc nh.

Sau khi trnh iu khin cho GREEN interface c np, chng ta s cu hnh cc tham s TCP/IP cho card mng ny, theo m hnh trn chng ta s nhp vo: IP address : 192.168.1.1 Network mask : 255.255.255.0

Lc ny tt c cc thnh phn cn thit ca IPCop c ci t, thng bo Remove CDROM s xut hin, hy nhn OK bt u khi to cc thng tin cu hnh c bn.

Hy chn kiu keyboard l us v chn time zone thch hp, c th tham kho v time zone trang web http://www.ipcop.org xc nh time zone theo mnh.

t tn v domain cho IPCop Firewall ca mnh, v d IPCop v local domain chn OK, chng ta c th thay i cc thng tin ny trong phn qun tr IPCop

Trong trng hp ny chng ta s dng ng truyn ADSL nn ti chn disable ISDN

Sau chng ta xc nh thm v cc thng tin nh TCP/IP ca RED interface, dy a ch ng cp cho cc client, a ch DNS, gateway, mt m ng nhp h thng v web site qun tr (nhng phn ny ti s trnh by trong phn qun tr IPCop) v khi ng li h thng. Nh vy,trong vng 15 pht chng ta xy dng xong mt h thng phng th mnh m da trn IPCOP. Gip cho h thng truy cp Internet nhanh chng v an tan hn ng thi vn tit kim c chi ph v c th trin khai phn mm IPCop Firewall/Router han tan min ph, ng thi tn dng c cc h thng my tnh c vi cu hnh yu, mt iu khng th khi cc bn s dng nhng sn phm tng la thng mi khc nh ISA 2004 Firewall, Check Point Firewall..

---- Xem Tip Phn 2 ----

TI U HA BNG THNG V TNG CNG BO MT NG DNG VI IPCOP FIREWALL/ROUTER

Phn II: Qun Tr IPCop Firewall/Router Trong phn trc chng ta ci t h thng IPCop Firewall/Router gip cho cc doanh nghip va v nh c th bo v h thng mng ni b ca mnh khi kt ni vi Internet. Tuy nhin, cng nh cc h thng khc, chng hat ng hiu qu v ph hp vi nhu cu t chc th chng ta cn phi thng xuyn gim st v qun tr h thng Firewall ca mnh, cp nhp cc bn v li mi Chng ta c th qun tr IPCOP bng giao din web t bt c my tnh no trn h thng ca ,ngai tr chnh n. V l mt Firewall nn cc bn c th tho b cc thit b ngai vi nh chut, bn phm v c mn hnh khi IPCop Firewall tit kim chi ph v nng cao tnh bo mt. T trn my tnh dng qun tr, hy nhp vo a ch sau http://ipcop:81 hoc http://192.168.1.1:81 ty theo a ch mng trong ca firewall ng nhp vo mn hnh qun tr. Sau khi cung cp thng tin ti khon qun tr IPCop hp l chng ta s kt ni vi IPCop tinhnh cc thao tc qun tr ca mnh.

Lc ny h thng kt ni vi Internet nn chng ta thy xut hin dng ch Connected, nu khng cc bn phi nhn vo Connect kt ni thit b ADSL ca mnh vi nh cung cp dch v.

Giao din web ny c dng qun tr h thng IPCOP Firewall ca chng ta, trn thanh cng c chng ta thy c cc menu iu khin nh sau: 1 - System : Trong trnh n ny s c cc cng c Home dng quay v trang qun tr chnh. Updates chng ta cp nht nhng bn v mi cho firewall camnh. Password dng thay i thng tin ti khan qun tr. SSH Access dng enable/disable SecureShell c th kt ni n IPCop bng cc tin ch SSH Client nh Putty tin hnh cc thay i trc tip trn nhng tp tin cu hnh ca Firewall. Ngai ra trong trnh n nu cn c cc nt iu khin khc nh Shutdown chp php chngta tt firewall, hay Backup dng sao lu tan b thng tin cu hnh IPCop nhm phng khi c s c xy ra.V nu nh bn munthay i giao din trang Web qun tr ca IPCop thnh ting Vit th c th chn GUI Settings. Updates: cp nht h thng IPCop ca mnh, cc bn hy nhn vo Updates trong menu System:

Trong dng Available Updates chng ta thy c nhng bn cp nht mi, hy truy cp vo web site www.ipcop.org v ti v tp tin cp nht ny v lu chng trn my dng qun tr. Sau chn nt Browse trong phn Install new update chn tp tin ny v Upload chng ln Firewall tin trnh ci t s t ng thc thi. Ty theo bn cp nht m chng at c cn phi reboot li h thng firewall ca mnh hay khng. SSH Access: Nhm h tr cho qu trnh qun tr IPCop firewall./router mc syu hn chng ta cn phi enable SSH Server thng qua menu SSH Access v chn enable (mc nh disaable):

Lu : SSH server trn IPCop s dng port 222 cho nn chg ta cn phi kt ni SSH Client n port 222 thay v port 22 nh th6ng thng v d $ ssh p 222 root@192.168.1.192 vi 192.168.1.192 l a ch mng trong ca firewall. GUI Settings: Nu cc bn munthay i sang giao din ting Vit th c th chn GUI Settings v chn ngng ng VietNamese trong phn Select the language you wish IPCop to display in v chn Save.

Backup: c th phc hi khi c s c xy ra, chng ta nn backup cc thng tin cu hnh ca IPCop ra mt a mm thng qua menu Backup trong System

Hy chn Create v chn Backup to floopy ri a a mm c nh dng bng Linux vo ri chn backup to floopy(dng lnh nh dng a mm trn h thng Linux #fdfomat /dev/fd0, cc bn c th chy thng qua SSH Client)

2. Status Khi h thng hat ng, chng ta cn xem xt trng thi hin ti ca firewall, nhng dch v no ang chy .. cc bn hy chn phn Satus t trang web qun tr chnh. Trong menu ny c nhiu menu con, v d gim st nhng dch v ang hat ng trn IPCop, qu trnh s dng b nh, a.. chng ta chn System Status 2.1 System Status Cc dch v ang hat ng:

Qu trnh s dng b nh:

Qu trnh s dng a cng:

Nhng module c np:

Phinbn hin hnh ca kernel

2.2 Network Satus: Trong phn Network Satus s trnh by nhgn giao tip mng v a ch IP ca chng v mt s thng s trong qua 1 trnh hat ng.

Trong phn ny chng ta c th gim st nhng a ch IP ng c thu bao bi cc client trong phn Curent Dynamic Lease. Tuy nhin bn phi enable DHCP Server cng vi cc thng s y chng ta mi thy cphn ny.

2.3 Conecctions Trong Status menu cc bn cn c th gim st cc my tnh ang truy cp v kt ni vi Fiewall thng qua menu Connections

Trong menu Network t trang qun tr cc bn c th tin hnh nhng thao tc cu hnh v chnh sa cho thit b Dial-Up hay Modem ADSL ca mnh nh cp nht cc trnh iu khin, upload nhng phn mm firmware mi hay thay i cc thng tin kt ni vi nh cung cp dch v... 3. Services y l menu dng qun l cc dch v nh Web Proxy, Instruction Detect, DHCP vi nhng submenu nh sau: 3.1 Qun tr Web Proxy : Thng qua giao din ny cc bn c th xc nh kch thc cache, bt tt chc nng web proxy trn cc giao din Green (mc nh enable) v Blue (mc nh disable)

3.2 Qun tr DHCP Server: Chng ta c th thay i cu hnh my ch DHCP dng cp pht a ch IP ng thng qua trang qun tr DHCP. Cc bn c th xc nh dy a ch IP cho h thng mng ca mnh bt u trong phn Start address v d 192.168.1.2 v kt thc End address v d 192.168.1.254. Bn cnh bn cn c th gn thm cc thng s khc cho DHCP client nh a ch DNS dng phn gii tn, chng ta c th s dng DNS Server ni b hoc ca nh cung cp nh 203.162.4.191, 210.245.31.130..

Trong trng hp c bit, i vi mt s DHCP Client chng ta khng mun thay i IP ca chng th cc bn chn Add a new fixed lease v nhp vo MAC Address ca DHCP Client ny trong MAC Address v a ch IP ng vi thi gian thu bao v hn trong IP Address. xem MAC Address ca cc DHCP Client cc bn s dng dng lnh ipconfig /all trn cc my chy Windows hoc ifconfig trn nhng my dng h iu hnh Linux/Unix.

3.4 Instruction Detect System Vi tnh nng mnh m ca mnh IPCop h tr dch v Network Instruction Detect System da trn phn mm pht hin v d tm xm nhp ni ting SNORT phng nga v pht hin cc trng hp tn cng ca hacker/attacker, mc nh h thng IDS ch hat ng trn Red Interface, theo ti chng ta nn enable Snort cho c GREEN v BLUE interface v theo thng k c n 80% cc trng hp tn cng, xm nhp tri php v c bit l nghe ln vi nhng phn mm nh dsniff c ngun gc t ni b. cp nht cc Rule mi ca IDS h s dng chc nng Download new ruleset

Trong qu trnh s dng IPCop cho h thng ca mnh ti nhn thy rng y l mt h thng Firewall/VPN rt hiu qu c th p ng y cc nhu cu bo mt v chia s Internet cho cc doanh nghip va v nh Vit Nam . c bit trong qu trnh h tr cho DHCP Client s n gin v hiu qu hn so vi khi chng ta s dng phn mm Firewall/Proxy thng mi nh ISA Server v khng cn phi thc hin thm bt k thao tc no nh cu hnh WPAD hay thay i port ca proxy server..Khi h thng ni b c nhng hat ng tri php nh Spoofing ARP hay nghe ln password, bt gia tp tin.. vi cc phn mm nguy him th IPCop u c th pht hin v a ra cnh bo cho SysAdmin rt hiu qu. Tuy nhin i vi cc h thng ln i hi c s p ng cho hng ngn user kt ni Internet, truy cp t xa qua IPSEC/VPN th chng ta cng c nhng gii php tng t cc thhit b Firewall, IPSEC/VPN ca hng bo mt JUNIPER nh NetScreen 5000, J-Serires..

Li kt Trong s m u chng ti ng ti mt s ch c nhiu ngi quan tm nh Firewall, An Tan Thng Tin, Bo v mt khu Trong s ti chng ti s gii thiu cc kin thc v mng v an ton thng tin theo cc bc c bn n nng cao mi ngi d dng theo di v tip cn vn . xem cc video hng dn trc tip trn tp ch cc bn cn ci t chng trnh c file Acrobat l Acrobat Reader (y l ng dng han tan min ph, cc bn c th ti v t trang ch ca Acrobat hoc t website www.security365.vn) Mc d, Security365 emagazine l mt chuyn min ph nhng chng ti s c gng thc hin tp ch mt cch y , chuyn nghip nht. Nu cc bn c nhng bi vit hay mun gi ng hy gi bi vit ca mnh v a ch DongDuongICT@Gmail.Com. Nu cc bn mun tham gia vo i ng bin tp vin hay cng tc vin xin vui lng gi h s v cho anh Nguyn Trn Tng Vinh qua a ch nttvinh@gmail.com. Thay mt Cu Lc B Tin Hc ng Dng v nhng thnh vin trong ban bin tp, i ng k thut thc hin chuyn chng ti xin gi li cm n n tt c cc bn c gi quan tm v dnh thi gian n c, theo di chuyn ca Security365.