Professional Documents
Culture Documents
Module 1 Tong Quan
Module 1 Tong Quan
Module 1 Tong Quan
ng cng khng nm ngoi cuc. V th chng ta ni rng, phm vi ca bo mt rt ln, ni khng cn gi gn trong mt my tnh mt c quan m l ton cu.
1.2.
Ti nguyn u tin m chng ta ni n chnh l d liu. i vi d liu, chng ta cn quan tm nhng yu t sau: Tnh bo mt: Tnh bo mt ch cho php ngui c quyn hn truy cp n n. Tnh ton vn d liu: D liu khng c sa i, b xa mt cch bt hp php. Tnh sn sng: Bt c lc no chng ta cn th d liu lun sn sng. Ti nguyn th hai l nhng ti nguyn cn li. l h thng my tnh, b nh, h thng a, my in v nhiu ti nguyn trn h thng my tnh. Bn nn nh rng, ti nguyn my tnh cng c th b li dng. ng ngh rng nu my tnh ca bn khng c d liu quan trng th khng cn bo v. Nhng hacker c th s dng ti nguyn trn my tnh ca bn thc hin nhng cuc tn cng nguy him khc. Uy tn c nhn v nhng thng tin c nhn ca bn cng l mt iu cn thit bo v. Bn cng c th b a vo tnh hung tr tru l tr thnh ti phm bt c d nu nh mt hacker no s dng my tnh ca bn tn cng mc tiu khc.
1.3.
K tn cng l ai ?
K tn cng ngi ta thng gi bng mt ci tn nm na l hacker. Ngay bn thn k tn cng cng t gi mnh nh th. Ngoi ra ngi ta cn gi chng l k tn cng (attracker) hay nhng k xm nhp (intruder). Trc y ngi ta chia hacker ra lm hai loi, nhng ngy nay c th chia thnh ba loi:
Hacker m en
y l tn trm chnh hiu. Mc tiu ca chng l t nhp vo my h thng my tnh ca i tng ly cp thng tin, nhm mc ch bt chnh. Hacker m en l nhng ti phm tht s cn s trng tr ca php lut.
Hacker m trng
H l nhng nh bo mt v bo v h thng. H cng xm nhp vo h thng, tm ra nhng k h, nhng l hng cht ngi, v sau tm cch v li chng. Tt nhin, hacker m trng cng c kh nng xm nhp, v cng c th tr thnh hacker m en.
Hacker m xm
Lai ny c s kt hp gia hai loi trn. Thng thng h l nhng ngi cn tr, mun th hin mnh. Trong mt thi im, h t nhp vo h thng ph phch. Nhng trong thi im khc h c th gi n nh qun tr nhng thng tin v l hng bo mt v xut cch v li.
Ranh gii phn bit cc hacker rt mong manh. Mt k tn cng l hacker m trng trong thi im ny, nhng thi im khc h li l mt tn trm chuyn nghip. Xt trn mt phng din khc, ngi ta phn loi hacker ra thnh cc loi nh sau:
2. NHNG L HNG BO MT
2.1. L hng bo mt
Cc l hng bo mt trn mt h thng l cc im yu c th to ra s ngng tr ca dch v, thm quyn i vi ngi s dng hoc cho php cc truy nhp khng hp php vo h thng. Cc l hng cng c th nm ngay cc dch v cung cp nh sendmail, web, ftp Ngoi ra cc l hng cn tn ti ngay chnh ti h iu hnh nh trong Windows XP, Windows NT, UNIX; hoc trong cc ng dng m ngi s dng thng xuyn s dng nh Word processing, Cc h databases
2.2.
C nhiu t chc khc nhau tin hnh phn loi cc dng l hng c bit. Theo cch phn loi ca B quc phng M, cc loi l hng bo mt trn mt h thng c chia nh sau: L hng loi C: cc l hng loi ny cho php thc hin cc phng thc tn cng theo DoS (Dinal of Services T chi dch v). Mc nguy him thp, ch nh hng ti cht lng dch v, c th lm ngng tr, gin on h thng; khng lm ph hng d liu hoc t c quyn truy nhp bt hp php L hng loi B: Cc l hng cho php ngi s dng c thm cc quyn trn h thng m khng cn thc hin kim tra tnh hp l. Mc nguy him trung bnh; Nhng l hng ny thng c trong cc ng dng trn h thng; c th dn n mt hoc l thng tin yu cu bo mt. L hng loi A: Cc l hng ny cho php ngi s dng ngoi c th truy nhp vo h thng bt hp php. L hng rt nguy him, c th lm ph hy ton b h thng.
Cc l hng loi C
Cc l hng loi ny cho php thc hin cc cuc tn cng DoS. DoS l hnh thc tn cng s dng cc giao thc tng Internet trong b giao thc TCP/IP lm h thng ngng tr dn n tnh trng t chi ngi s dng hp php truy nhp hay s dng h thng. Mt s lng ln cc gi tin c gi ti server trong khong thi gian lin tc lm cho h thng tr nn qu ti, kt qu l server p ng chm hoc khng th p ng cc yu cu t client gi ti. Cc dch v c cha ng l hng cho php thc hin cc cuc tn cng DoS c th c nng cp hoc sa cha bng cc phin bn mi hn ca cc nh cung cp dch v. Hin nay, cha c mt gii php ton din no khc phc cc l hng loi ny v bn thn vic thit k giao thc tng Internet (IP) ni ring v b giao thc TCP/IP cha ng nhng nguy c tim tng ca cc l hng ny. Tuy nhin, mc nguy him ca cc l hng loi ny c xp loi C; t nguy him v chng ch lm gin on cung cp dch v ca h thng trong mt thi gian m khng lm nguy hi n d liu v ngi tn cng cng khng t c quyn truy nhp bt hp php vo h thng.
Mt l hng loi C khc cng thng thy l cc im yu ca dch v cho php thc hin tn cng lm ngng tr h thng ca ngi s dng cui; Ch yu vi hnh thc tn cng ny l s dng dch v Web. Gi s: trn mt Web Server c nhng trang Web trong c cha cc on m Java hoc JavaScripts, lm treo h thng ca ngi s dng trnh duyt Web ca Netscape bng cc bc sau: Vit cc on m nhn bit c Web Browers s dng Netscape Nu s dng Netscape, s to mt vng lp v thi hn, sinh ra v s cc ca s, trong mi ca s ni n cc Web Server khc nhau. Vi mt hnh thc tn cng n gin ny, c th lm treo h thng. y cng l mt hnh thc tn cng kiu DoS. Ngi s dng trong trng hp ny ch c th khi ng li h thng. Mt l hng loi C khc cng thng gp i vi cc h thng mail l khng xy dng cc c ch anti-relay (chng relay) cho php thc hin cc hnh ng spam mail. Nh chng ta bit, c ch hot ng ca dch v th in t l lu v chuyn tip; mt s h thng mail khng c cc xc thc khi ngi dng gi th, dn n tnh trng cc i tng tn cng li dng cc my ch mail ny thc hin spam mail; Spam mail l hnh ng nhm t lit dch v mail ca h thng bng cch gi mt s lng ln cc messages ti mt a ch khng xc nh, v my ch mail lun phi tn nng lc i tm nhng a ch khng c thc dn n tnh trng ngng tr dch v. S lng cc messages c th sinh ra t cc chng trnh lm bom th rt ph bin trn mng Internet.
Cc l hng loi B
L hng loi ny c mc nguy him hn l hng loi C, cho php ngi s dng ni b c th chim c quyn cao hn hoc truy nhp khng hp php. Nhng l hng loi ny thng xut hin trong cc dch v trn h thng. Ngi s dng local c hiu l ngi c quyn truy nhp vo h thng vi mt s quyn hn nht nh. Sau y s phn tch mt s l hng loi B thng xut hin trong ng dng Sendmail: Sendmail l mt chng trnh c s dng rt ph bin trn h thng UNIX thc hin gi th in t cho nhng ngi s dng trong ni b mng. Thng thng, sendmail l mt daemon chy ch nn c kch hot khi khi ng h thng. Trong trng thi hot ng, sendmail m port 25 i mt yu cu ti s thc hin gi hoc chuyn tip th. Sendmail khi c kch hot s chy di quyn root hoc quyn tng ng (v lin quan n cc hnh ng to file v ghi log file). Li dng c im ny v mt s l hng trong cc on m ca sendmail, m cc i tng tn cng c th dng sendmail t c quyn root trn h thng. khc phc li ca sendmail cn tham gia cc nhm tin v bo mt; v sendmail l chng trnh c kh nhiu li; nhng cng c nhiu ngi s dng nn cc l hng bo mt thng c pht
hin v khc phc nhanh chng. Khi pht hin l hng trong sendmail cn nng cp, thay th phin bn sendmail ang s dng. Mt lot cc vn khc v quyn s dng chng trnh trn UNIX cng thng gy nn cc l hng loi B. V trn h thng UNIX, mt chng trnh c th c thc thi vi 2 kh nng: Ngi ch s hu chng trnh kch hot chy. Ngi mang quyn ca ngi ch s hu ch nhn ca file Cc loi l hng loi B khc Mt dng khc ca l hng loi B xy ra i vi cc chng trnh c m ngun vit bng C. Nhng chng trnh vit bng C thng s dng mt vng m l mt vng trong b nh s dng lu d liu trc khi x l. Nhng ngi lp trnh thng s dng vng m trong b nh trc khi gn mt khong khng gian b nh cho tng khi d liu. V d, ngi s dng vit chng trnh nhp trng tn ngi s dng; qui nh trng ny di 20 k t. Do h s khai bo:
char first_name [20];
Vi khai bo ny, cho php ngi s dng nhp vo ti a 20 k t. Khi nhp d liu, trc tin d liu c lu vng m; nu ngi s dng nhp vo 35 k t; s xy ra hin tng trn vng m v kt qu 15 k t d tha s nm mt v tr khng kim sot c trong b nh. i vi nhng ngi tn cng, c th li dng l hng ny nhp vo nhng k t c bit, thc thi mt s lnh c bit trn h thng. Thng thng, l hng ny thng c li dng bi nhng ngi s dng trn h thng t c quyn root khng hp l. Vic kim sot cht ch cu hnh h thng v cc chng trnh s hn ch c cc l hng loi B.
Cc l hng loi A
Cc l hng loi A c mc rt nguy him; e da tnh ton vn v bo mt ca h thng. Cc l hng loi ny thng xut hin nhng h thng qun tr yu km hoc khng kim sot c cu hnh mng. Mt v d thng thy l trn nhiu h thng s dng Web Server l Apache, i vi Web Server ny thng cu hnh th mc mc nh chy cc scripts l cgi-bin; trong c mt Scripts c vit sn th hot ng ca apache l test-cgi. i vi cc phin bn c ca Apache (trc version 1.1), c dng sau trong file test-cgi:
echo QUERY_STRING = $QUERY_STRING
Bin mi trng QUERY_STRING do khng c t trong c du (quote) nn khi pha client thc hin mt yu cu trong chui k t gi n gm mt s k t c bit; v d k t *, web server s tr v ni dung ca ton b th mc hin thi (l cc th mc cha cc scipts cgi).
Ngi s dng c th nhn thy ton b ni dung cc file trong th mc hin thi trn h thng server. Mt v d khc cng xy ra tng t i vi cc Web server chy trn h iu hnh Novell; Cc web server ny c mt scripts l convert.bas, chy scripts ny cho php c ton b ni dung cc files trn h thng. Nhng l hng loi ny ht sc nguy him v n tn ti sn c trn phn mm s dng; ngi qun tr nu khng hiu su v dch v v phn mm s dng s c th b qua nhng im yu ny. i vi nhng h thng c, thng xuyn phi kim tra cc thng bo ca cc nhm tin v bo mt trn mng pht hin nhng l hng loi ny. Mt lot cc chng trnh phin bn c thng s dng c nhng l hng loi A nh: FTP, Gopher, Telnet, Sendmail, ARP, finger
CIAC c nh gi l mt kho d liu y nht v cc vn lin quan n bo mt h thng. a ch web site ca CIAC : http://ciac.llnl.org/ FIRST (The Forum of Incident Response and Security Teams): y l mt din n lin kt nhiu t chc x hi v t nhn, lm vic tnh nguyn gii quyt cc vn v an ninh ca mng Internet. a ch Web site ca FIRST: http://www.first.org./ Mt s thnh vin ca FIRST gm: o CIAC o NASA Automated Systems Incident Response Capability. o Purdue University Computer Emergency Response Team o Stanford University Security Team o IBM Emergency Response Team
3.1.
S dng mt my tnh tn cng mt my tnh khc vi mc ch d tm mt m, tn ti khon tng ng, . H c th s dng mt s chng trnh gii m gii m cc file cha password trn h thng my tnh ca nn nhn. Do , nhng mt khu ngn v n gin thng rt d b pht hin. Ngoi ra, hacker c th tn cng trc tip thng qua cc li ca chng trnh hay h iu hnh lm cho h thng t lit hoc h hng. Trong mt s trng hp, hacker ot c quyn ca ngi qun tr h thng.
3.2.
y l th thut c nhiu hacker s dng cho cc cuc tn cng v thm nhp vo h thng mng v my tnh bi tnh n gin m hiu qu ca n. Thng c s dng ly cp mt khu, thng tin, tn cng vo v ph hy h thng. V d : k thut nh la Fake Email Login. V nguyn tc, mi khi ng nhp vo hp th th bn phi nhp thng tin ti khon ca mnh bao gm username v password ri gi thng tin n Mail Server x l. Li dng vic ny, nhng ngi tn cng thit k mt trng web ging ht nh trang ng nhp m bn hay s dng. Tuy nhin, l mt trang web gi v tt c thng tin m bn in vo u c gi n cho h. Kt qu, bn b nh cp mt khu !
Nu l ngi qun tr mng, bn nn ch v d chng trc nhng email, nhng messengers, cc c in thoi yu cu khai bo thng tin. Nhng mi quan h c nhn hay nhng cuc tip xc u l mt mi nguy him tim tng.
3.3.
Nhng phn b du i trong cc website thng cha nhng thng tin v phin lm vic ca cc client. Cc phin lm vic ny thng c ghi li my khch ch khng t chc c s d liu trn my ch. V vy, ngi tn cng c th s dng chiu chc View Source ca trnh duyt c phn u i ny v t c th tm ra cc s h ca trang Web m h mun tn cng. T , c th tn cng vo h thng my ch. V d: Mt website cho php bn sa cc cp thnh vin Mod, Members, Banned nhng khng cho php bn sa ln cp Admin. Bn th View Code ca website ny, bn c th thy nh sau :
<form action= method=post name=settings> <select class=search name=status> <option value=1> Moderator</option> <option value=2>Member</option> <option value=3>Banned</option> </select>
T dng m trn, bn c th suy lun nh sau: Banned s mang gi tr l 3, Member mang gi tr 2, Moderator mang gi tr 1. Vy bn c th suy lun Admin c gi tr l 0 chng hn. Tip tc, bn lu trang setting member , sau chuyn sang mt trnh text hiu chnh on code nh sau :
<form action= method=post name=settings> <select class=search name=status> <option value=0> Admin</option> <option value=1> Moderator</option> <option value=2>Member</option> <option value=3>Banned</option> </select>
n y, bn m trang web v nhn submit. Lc ny vn khng c chuyn g xy ra. Nhng bn nn lu n mt chiu thc ny khai thng l hng ca n : dng lnh V d : http://www.hcmut.edu.vn/sinhvien/xemdiem.php sa code nh sau :
<form action= http://www.hcmut.edu.vn/sinhvien/xemdiem.php method=post name=settings> . <select class=search name=status> <option value=0> Admin</option> <option value=1> Moderator</option> <option value=2>Member</option> <option value=3>Banned</option> </select>
3.4.
Tn cng vo cc l hng bo mt
Hin, nay cc l hng bo mt c pht hin cng nhiu trong cc h iu hnh, cc web server hay cc phn mm khc, ... V cc hng sn xut lun cp nht cc l hng v a ra cc phin bn mi sau khi v li cc l hng ca cc phin bn trc. Do , ngi s dng phi lun cp nht thng tin v nng cp phin bn c m mnh ang s dng nu khng cc hacker s li dng iu ny tn cng vo h thng. Thng thng, cc forum ca cc hng ni ting lun cp nht cc l hng bo mt v vic khai thc cc l hng nh th no th ty tng ngi.
3.5.
Trn b m l mt tnh trng xy ra khi d liu c gi qu nhiu so vi kh nng x l ca h thng hay CPU. Nu hacker khai thc tnh trng trn b m ny th h c th lm cho h thng b t lit hoc lm cho h thng mt kh nng kim sot. khai thc c vic ny, hacker cn bit kin thc v t chc b nh, stack, cc lnh gi hm. Shellcode. Khi hacker khai thc li trn b m trn mt h thng, h c th ot quyn root trn h thng . i vi nh qun tr, trnh vic trn b m khng my kh khn, h ch cn to cc chng trnh an ton ngay t khi thit k.
3.6.
Nghe trm
Cc h thng truyn t thng tin qua mng i khi khng chc chn lm v li dng iu ny, hacker c th truy cp vo data paths nghe trm hoc c trm lung d liu truyn qua. Hacker nghe trm s truyn t thng tin, d liu s chuyn n sniffing hoc snooping. N s thu thp nhng thng tin qu gi v h thng nh mt packet cha password v username ca mt ai . Cc chng trnh nghe trm cn c gi l cc sniffing. Cc sniffing ny c nhim v lng nghe cc cng ca mt h thng m hacker mun nghe trm. N s thu thp d liu trn cc cng ny v chuyn v cho hacker.
3.7.
K thut gi mo a ch
Thng thng, cc mng my tnh ni vi Internet u c bo v bng bc tng la(fire wall). Bc tng la c th hiu l cng duy nht m ngi i vo nh hay i ra cng phi qua v s b im mt. Bc tng la hn ch rt nhiu kh nng tn cng t bn ngoi v gia tng s tin tng ln nhau trong vic s dng to nguyn chia s trong mng ni b. S gi mo a ch ngha l ngi bn ngoi s gi mo a ch my tnh ca mnh l mt trong nhng my tnh ca h thng cn tn cng. H t t a ch IP ca my tnh mnh trng vi a ch IP ca mt my tnh trong mng b tn cng. Nu nh lm c iu ny, hacker c th ly d liu, ph hy thng tin hay ph hoi h thng.
3.8.
Mt k thut tn cng cn bn v c s dng cho mt s k thut tn cng khc l chn m lnh vo trang web t mt my khch bt k ca ngi tn cng. K thut chn m lnh cho php ngi tn cng a m lnh thc thi vo phin lm vic trn web ca mt ngi dng khc. Khi m lnh ny chy, n s cho php ngi tn cng thc hin nhiu nhiu chuyn nh gim st phin lm vic trn trang web hoc c th ton quyn iu khin my tnh ca nn nhn. K thut tn cng ny thnh cng hay tht bi ty thuc vo kh nng v s linh hot ca ngi tn cng.
3.9.
Cu hnh khng an ton cng l mt l hng bo mt ca h thng. Cc l hng ny c to ra do cc ng dng c cc thit lp khng an ton hoc ngi qun tr h thng nh cu hnh khng an ton. Chng hn nh cu hnh my ch web cho php ai cng c quyn duyt qua h thng th mc. Vic thit lp nh trn c th lm l cc thng tin nhy cm nh m ngun, mt khu hay cc thng tin ca khch hng. Nu qun tr h thng cu hnh h thng khng an ton s rt nguy him v nu ngi tn cng duyt qua c cc file pass th h c th download v gii m ra, khi h c th lm c nhiu th trn h thng.
Thay i d liu
Sau khi nhng ngi tn cng c c d liu ca mt h thng no , h c th thay i d liu ny m khng quan tm n ngi gi v ngi nhn n. Nhng hacker c th sa i nhng thng tin trong packet d liu mt cch d dng.
Password-base Attact
Thng thng, h thng khi mi cu hnh c username v password mc nh. Sau khi cu hnh h thng, mt s admin vn khng i li cc thit lp mc nh ny. y l l hng gip nhng ngi tn cng c th thm nhp vo h thng bng con ng hp php. Khi ng nhp vo, hacker c th to thm user, ci backboor cho ln vin thm sau.
Identity Spoofing
Cc h thng mng s dng IP address nhn bit s tn ti ca mnh. V th a ch IP l s quan tm hng u ca nhng ngi tn cng. Khi h hack vo bt c h thng no, h u bit a ch IP ca h thng mng . Thng thng, nhng ngi tn cng gi mo IP address xm nhp vo h thng v cu hnh li h thng, sa i thng tin, Vic to ra mt kiu tn cng mi l mc ch ca cc hacker. Trn mng Internet hin nay, c th s xut hin nhng kiu tn cng mi c khai sinh t nhng hacker thch my m v sng to. Bn c th tham gia cc din n hacking v bo mt m rng kin thc.
Kim tra hiu nng ca h thng. S dng cc tin ch theo di ti nguyn v cc tin trnh ang hot ng trn h thng nh ps hoc top Kim tra hot ng ca cc dch v m h thng cung cp. Chng ta bit rng mt trong cc mc ch tn cng l lm cho t lit h thng (Hnh thc tn cng DoS). S dng cc lnh nh ps, pstat, cc tin ch v mng pht hin nguyn nhn trn h thng. Kim tra truy nhp h thng bng cc account thng thng, phng trng hp cc account ny b truy nhp tri php v thay i quyn hn m ngi s dng hp php khng kim sat c. Kim tra cc file lin quan n cu hnh mng v dch v nh /etc/inetd.conf; b cc dch v khng cn thit; i vi nhng dch v khng cn thit chy di quyn root th khng chy bng cc quyn yu hn. Kim tra cc phin bn ca sendmail, /bin/mail, ftp; tham gia cc nhm tin v bo mt c thng tin v l hng ca dch v s dng
5. CC QUY TC BO MT
Ti trung tm hi p v an ton bo mt thng tin ca hng Microsoft, hng nghn cc bn bo co v an ninh h thng c nghin cu trong mi nm. Trong mt s trng hp, kt qu v mc an ton ca h thng xut pht t li trong sn phm. iu ny c ngha l s c mt bn sa li pht trin ngay sau khc phc li va tm c. Trong mt s trng hp, cc vn c bo co l kt qu n gin do li ca ai to ra trong qu trnh s dng sn phm. Nhng li c rt nhiu trng hp m khng ri vo hai trng hp trn. chnh l cc vn an ton bo mt thng tin thc s, nhng cc vn ny li khng do cc thiu st t sn phm. Theo nm thng, mt danh sch v nhng vn nh vy c pht trin gi l Mi quy tc then cht v an ton v bo mt. ng gi h thng ca bn hot ng trong khi ch i mt phin bn sa li mi, m hy bo v bn t cc vn m chng ti a ra di y. Cc li ny khng th do Microsoft hay bt k cc nh sn xut phn mm no c th sa c, bi v chng c to ra do chnh cch hot ng ca cc my tnh. Nhng cng ng nh mt ht hi vng - iu ny ph thuc vo chnh bn thn bn vi cc li ny, v nu bn gi chng trong u mnh, bn c th ci thin mt cch ng k cc h thng bo mt ca bn. Di y l Mi Quy Tc Then Cht Trong Bo Mt m bn nn tham kho: Quy tc 1 : Nu mt ngi no c th thuyt phc bn chy chng trnh ca anh ta trn my tnh ca bn, N s khng cn l my tnh ca bn na. Quy tc 2: Nu mt ngi no c th sa i h iu hnh trn my tnh ca bn, N s khng cn l my tnh ca bn na. Quy tc 3: Nu mt ngi no truy cp vt l khng hn ch ti my tnh ca bn. N s khng cn l my tnh ca bn na.
Quy tc 4: Nu bn cho php mt ngi no y cc chng trnh ti website ca bn. N s khng cn l website ca bn. Quy tc 5: Cc mt khu d nhn c th lm hng h thng bo mt mnh. Quy tc 6: Mt h thng ch c an ton nh s tin tng nh qun tr. Quy tc 7: D liu c m ho ch nh cha kho gii m. Quy tc 8: Mt h thng qut virus ht hn th cng cn tt hn khng c h thng dit virus no. Quy tc 9: Tnh trng du tn hon ton khng thc t. Quy tc 10: Cng ngh khng phi l tt c Xem phn tch chi tit mi quy tc ny trong phn ph lc.
6.1.
Cc bc chun b
Trong cc bc xy dng mt chnh sch bo mt i vi mt h thng, nhim v u tin ca ngi qun tr l xc nh c ng mc tiu cn bo mt. Vic xc nh nhng mc tiu ca chnh sch bo mt gip ngi s dng bit c trch nhim ca mnh trong vic bo v cc ti nguyn thng tin trn mng, ng thi gip cc nh qun tr thit lp cc bin php m bo hu hiu trong qu trnh trang b, cu hnh v kim sot hot ng ca h thng. Nhng mc tiu bo mt bao gm:
Xc nh i tng cn bo v
y l mc tiu u tin v quan trng nht trong khi thit lp mt chnh sch bo mt. Ngi qun tr h thng cn xc nh r nhng i tng no l quan trng nht trong h thng cn bo v; xc nh r mc u tin i vi nhng i tng . V d cc i tng cn bo v trn mt h thng c th l: Cc my ch dch v, cc router, cc im truy nhp h thng, cc chng trnh ng dng, h qun tr CSDL, cc dch v cung cp Trong bc ny cn xc nh r phm vi v ranh gii gia cc thnh phn trong h thng khi xy ra s c trn h thng c th c lp cc thnh phn ny vi nhau, d dng d tm nguyn nhn v cch khc phc. C th chia cc thnh phn trn mt h thng theo cc cch sau:
Phn tch cc dch v ty theo mc truy cp v tin cy Phn tch h thng theo cc thnh phn vt l nh cc my ch (server), router, cc my trm (workstation) Phn tch theo phm vi cung cp ca cc dch v nh: cc dch v bn trong mng (NIS, NFS ) v cc dch v bn ngoi nh Web, FTP, Mail
Xc nh nguy c i vi h thng
Cc nguy c i vi h thng chnh l cc l hng bo mt ca cc dch v, h thng cung cp. Vic xc nh ng n cc nguy c ny gip ngi qun tr c th trnh c nhng cuc tn cng mng, hoc c bin php bo v ng n. Thng thng, mt s nguy c ny nm cc thnh phn sau trn h thng:
1. Cc im truy nhp
Cc im truy nhp ca h thng bt k (Access Points) thng ng vai tr quan trng i vi mi h thng v y l im u tin m ngi s dng cng nh nhng ngi tn cng mng quan tm ti. Thng thng cc im truy nhp thng phc v hu ht ngi dng trn mng, khng ph thuc vo quyn hn cng nh dch v m ngi s dng dng. Do , cc im truy nhp thng l thnh phn c tnh bo mt lng lo. Mt khc, i vi nhiu h thng cn cho php ngi s dng dng cc dch v nh Telnet, login truy nhp vo h thng, y l nhng dch v c nhiu l hng bo mt.
1. Tnh ng n
y l tiu ch u tin v quan trng nht la chn mt chnh sch bo mt. N m bo cho s thnh cng ca chnh sch . V d, nu nh mt h thng thng xuyn c cc nguy c b tn cng t bn ngoi, mt chnh sch bo mt cn phi m bo kim sot c cc truy nhp ca khch hng vo h thng bng vic xy dng cc th tc qun l ti khon ngi dng cht ch v k cng.
3. Tnh hiu qu
Sau cng, mt chnh sch bo mt c quyt nh bi cc nh qun l; h quan tm n hiu qu m chnh sch mang li. Mt chnh sch bo mt c th m bo h thng an ton, tin cy, nhng li cn c chi ph qu cao so vi li nhun m h thng em li s khng c quyt nh thc thi. Tuy nhin, trong mt kha cnh khc, c th cc chnh sch khng th em li hiu qu ngay, do cn xem xt mc chi ph bo mt h thng i vi mt thi gian di cng vi cc li nhun khc em li t h thng bo mt nh nng cao cht lng dch v bng tnh n nh ca h thng,
6.2.
Thit lp cc quy tc
Cc cng c logging: V d cc cng c theo di logfile, hu ht cc h iu hnh u h tr mt s lng ln cc cng c ghi log vi nhiu thng tin b ch. pht hin nhng hot ng truy nhp khng hp l, mt s qui tc khi phn tch logfile nh sau: o So snh cc hot ng trong logfile vi cc log trong qu kh. i vi cc hot ng thng thng, cc thng tin trong logfile thng c chu k ging nhau; v d thi im ngi s dng login hoc log out, thi gian s dng cc dch v trn h thng o Nhiu h thng s dng cc thng tin trong logfile to ha n cho khch hng. C th da vo cc thng tin trong ha n thanh ton xem xt cc truy nhp khng hp l nu thy trong ha n c nhng im bt thng nh thi im truy nhp, s in thoi l o Da vo cc tin ch nh syslog xem xt, c bit l cc thng bo li login khng hp l (bad login) trong nhiu ln. o Da vo cc tin ch km theo h iu hnh theo di cc tin trnh ang hot ng trn h thng; pht hin nhng tin trnh l, hoc nhng chng trnh khi to khng hp l S dng cc cng c gim st khc: V d s dng cc tin ch v mng theo di cc lu lng, ti nguyn trn mng pht hin nhng im nghi ng. Xy dng k hoch gim st: Do c nhiu cng vic phi gim st, nn ngi qun tr cn xy dng k hoch gim st thng qua cc cng c trn h thng nh cron, to schedule Mt khc, k hoch ny m bo cc cng c gim st khng chim nhiu ti nguyn h thng. To cc bo co t cc thng tin gim st: C th s dng nhng thng tin t logfile vo mt CSDL; t xy dng cc mu bo co theo k hoch gim st. Da vo cc bo co ny ngi qun tr c th pht hin nhng im yu trn mng, ng thi d bo c hng pht trin mng trong tng lai. 2. Cc phn ng ca h thng Da vo cc bc trn xc nh h thng b tn cng. Khi pht hin cn thc hin cc cng vic sau: Xc nh mc nguy him: nh gi mc nguy hi v nh hng ca n. Xc nh cc hnh ng ph hoi Trong mt s trng hp, c th da vo php lut hin hnh x l.
tr ngi s dng, mt khc ngi s dng cn nhn thc tm quan trng ca cc chnh sch bo mt v c trch nhim thc hin n; mt s cng vic ngi dng cn lu : S dng ti khon hp l: Ngi s dng cn nhn thc c li ch khi s dng mt ti khon hp l. i vi nh qun tr h thng cn c chnh sch u i, khuyn khch ngi s dng dng nhng ti khon hp l. Qun l ti khon: Ngi s dng nhn thc c vai tr quan trng trong vic bo v ti khon ca mnh. Cc hot ng qun l ti khon bao gm vic bo v mt khu, thay i mt khu nh k, ng k thi im, S dng cc phn mm bo v my trm ca ngi s dng, log out khi h thng sau mt thi gian time-out Pht hin ti khon s dng tri php: Ngi dng cn c hun luyn v cc cch pht hin ti khon ca mnh s dng tri php nh th no. Ngi s dng cn thng xuyn kim tra cc hot ng ca mnh m bo khng c ngi khc li dng ti khon thc hin nhng hnh ng khc. Th tc to bo co khi c s c: Ngi s dng phi c thi quen thng bo s c n ngi qun tr khi pht hin nghi vn i vi ti khon ca mnh. Trong chnh sch bo mt cn xy dng cc mu bo co ny cung cp cho ngi dng.
6.3.
Thit lp cc th tc bo v h thng
Ngoi ra, c cc bin php khc nh: hn ch ti khon truy nhp theo thi im, theo a ch my trm, cc thng tin ti khon r rng, hp l.
Th tc qun l mt khu
Trong hu ht cc h thng hin nay u xc thc truy nhp qua mt khu ngi dng, v vy cc th tc qun l mt khu l ht sc quan trng v cn thit. Cc cng vic lin quan n qun l mt khu bao gm: La chn mt khu: Nh chng ta bit c mt s hnh thc tn cng mng, phng thc ph mt khu kh mnh v hu hiu i vi cc mt khu yu. khc phc cn la chn mt khu mnh. Mt s qui tc la chn mt khu nh sau: o Khng s dng tn ngi truy nhp lm mt khu. o Khng s dng bt c thng tin no lin quan n gia nh, c nhn ngi s dng nh ngy sinh, s in thoi lm mt khu o Khng s dng mt khu ch gm ton b cc ch hoc cc s o Khng s dng nhng t trong t in, nhng danh sch tun t lm mt khu o Khng s dng mt khu t hn 6 k t o To mt khu gm c ch hoa v ch thng o To mt khu kt hp c ch, s v cc k t c bit o To mt khu c th g nhanh m khng cn nhn vo bn phm Sau khi to xong mt khu, cn c chnh sch buc ngi s dng thay i mt khu trong mt thi gian nht nh. Hu ht cc h thng hin nay u h tr c ch ny; nu khng thay i mt khu, ti khon khng cn gi tr trn h thng Trong trng hp ngi s dng b mt mt khu, cp li mt khu mi cn c cc th tc khc xc thc ngi s dng Cn gim st v theo di cht ch cc chng trnh i mt khu; y thng l mc tiu tn cng.
Th tc bo co s c
i vi ngi qun l, ngi qun tr h thng cn xy dng cc mu thng bo s c ti ngi s dng kp thi, trong xc nh r mc nh hng v nguyn nhn, cch khc phc s c; Cc thng bo ny c th gi qua email hoc ng th tn. i vi ngi s dng, khi pht hin cc hnh ng tn cng t ti khon ngi dng, cn thng bo n ngi dng vic ti khon ca h b s dng khng hp l v yu cu c bin php thch hp bo v ti khon ngi dng.
7. TNG KT
Kt thc chng ny, bn nn nhn li nhng ni dung c tho lun. Bo mt l mt xu hng tt yu hin nay. D cho cng ty ln hay nh, n c ngi dng c nhn cng phi bo v ti liu ca h. Hiu c nhng l hng bo mt ch yu. Chi thnh ba loi : A,B,C. Mi loi c mt cp khc nhau v nhng k thut khc nhau. Hiu s lc v cc kiu tn cng ca hacker. Bao gm tn cng trc tip, kiu la o, kiu khai thc l hng, khai thc li trn b im Trnh by cc bin php bo mt c bn, cc quy tc xy dng chnh sch bo mt.