Está en la página 1de 17

HC VIN K THUT MT M KHOA AN TON THNG TIN

----

BI TP LN

ti Nghin cu v tm hiu chnh sch bo mt trong th tn in t

GVHD : SVTH :

Nguyn Th Thu Thy Cao Thy Anh Nguyn c Huy Nguyn B Kt Dng Vn Thng

Lp:

AT5B

H NI - 2012

MC LC
LI NI U .................................................................................................................... 1 CHNG 1. BO MT H THNG MY CH TH ............................................ 2 1.1. Cp nht v cu hnh h thng my ch ............................................................ 2 Cp nht v v li h thng...................................................................... 2 Xa b hoc v hiu ha cc ng dng v services khng cn thit ....... 2 Cu hnh xc thc ngi dng ................................................................. 2 Cu hnh kim sot ti nguyn mt cch ph hp ................................... 3 B sung thm cc ci t v cu hnh bo mt ........................................ 4

1.1.1. 1.1.2. 1.1.3. 1.1.4. 1.1.5. 1.2. 1.3. 1.4.

Kim tra an ninh h iu hnh : ......................................................................... 4 Chnh sch truy cp ............................................................................................ 5 Chnh sch bo mt vi my ch ....................................................................... 5

CHNG 2. QUN TR H THNG MAIL ............................................................. 7 2.1. 2.2. 2.3. 2.4. 2.5. Cc thit lp an ton ........................................................................................... 7 Ghi nht k ......................................................................................................... 8 Backup h thng ................................................................................................. 8 Khi phc h thng sau s c ............................................................................ 8 Kim tra bo mt h thng my ch .................................................................. 9 Qut l hng ............................................................................................. 9 Kim tra xm nhp ................................................................................. 11

2.5.1. 2.5.2. 2.6.

Qun tr t xa.................................................................................................... 12

KT LUN ....................................................................................................................... 14 TI LIU THAM KHO ................................................................................................. 15

LI NI U

Bn cht ca mt chnh sch bo mt l thit lp cc hng dn v cc tiu chun cho vic truy cp cc thng tin t chc v h thng ng dng. Khi c s h tng cng ngh tr ln phc tp hn, s cn thit phi ci thin an ninh thng tin tng ln. Mt chnh sch bo mt bng vn bn gip nng cao hiu sut ca cc t chc h thng an ninh v cc h thng kinh doanh in t m h h tr. Mt chnh sch bo mt l mt thng bo r rng cc nguyn tc m theo n ngi c truy nhp ti h thng ca mt t chc v cc ti nguyn thng tin phi tun theo. Mc ch chnh ca chnh sch bo mt l dnh cho ngi s dng, cc nhn vin, v cc nh qun l vi nhng nhu cu bt buc cn thc hin bo v h thng v cc ti nguyn thng tin. Chnh sch bo mt ch r nhng g m ngi s dng c v khng c lm i vi cc thnh phn khc nhau ca h thng. Chnh sch bo mt phi trnh by n gin, r rng trnh s ti ngha hay hiu lm. Bi bo co ny s tm hiu v chnh sch bo mt trong h thng th tn in t. H Ni - 2012

CHNG 1.
1.1.

BO MT H THNG MY CH TH

Cp nht v cu hnh h thng my ch

1.1.1. Cp nht v v li h thng Sau khi ci t h iu hnh, vic ci t v cp nht cc bn v li l tht s cn thit. Cc qun tr vin cn phi lin tc cp nht nhng bn v li mi nht. 1.1.2. Xa b hoc v hiu ha cc ng dng v services khng cn thit
K tn cng c th li dng mt s services hoc ng dng tn cng. V vy nhng ng dng hoc services khng s dng th nn xa b hoc v hiu ha

1.1.3. Cu hnh xc thc ngi dng i vi mail server, ch mt s t qun tr vin c th cu hnh h thng my ch. Xa hoc khng cho php ti khon v nhm mc nh khng cn thit. Mc nh h thng thng cha ci khon khch (c hoc khng c mt khu) administrator hoc root cp ti khon v ti khon lin quan ti mng cc b v dch v mng. Tn v mt khu ca nhng ti khon nyc th b li dng. Xa b hoc v hiu nhng ti khon khng cn thit loi b vic chng b s dng bi nhng k tn cng. Nu gi li ci ti khon th phi b hn ch truy cp v thay i mt khu mc nh ph hp vi chnh sch mt khu ca t chc. i vi ti khon administrator hoc root th phi thay i tn (nu c th) v mt khu mc nh. V hiu ha ti khon khng tng tc To cc nhm ngi dng Gn cho ngi dng cc nhm thch hp, sau gn quyn cho cc nhm nh ti liu trong qu trnh trin khai. Phng php ny thch hp hn gn quyn cho tng ti khon v s lng ti khon rt ln.

Chnh sch mt khu: di mt khu t nht l 8 k t, mt khu phi bao gm c ch hoa, ch thng, s v t nht mt k t c bit, yu cu ngi dng thay i mt khu ca h nh k. i vi administrator hoc root th phi thay i mi 30 120 ngy. Cu hnh h thng ngn chn vic on mt khu: Khng cho php ng nhp nu ng nhp sai qu 3 ln. C th thit lp thi gian kha hoc v hiu ha ng nhp cho n khi ngi c thm quyn cho php. Vic t chi ng nhp i hi ngi qun tr phi cn bng gia an ninh v thun tin. Thc hin t chi ng nhp c th ngn nga mt s loi tn cng, nhng n cng c th cho php k tn cng ngn chn ngi dng ng nhp bng cch c gng ng nhp sai qu s ln quy nh. Ci t v cu hnh c ch bo mt khc tng cng xc thc. S dng cc c ch xc thc nh sinh trc hc, th thng minh, giy chng nhn hoc h mt khu mt ln. Vic ny c th t hn v kh thc hin nhng n c th m bo an ton hn. S dng cc cng ngh m ha v xc thc nh Secure Sockets Layer (SSL) / Transport Layer Security (TLS), Secure Shell (SSH), mng ring o (VPN) (cho ngi dng t xa), bo v mt khu trong qu trnh truyn. 1.1.4. Cu hnh kim sot ti nguyn mt cch ph hp Tt c cc h iu hnh my ch hin i u cung cp kh nng xc nh cc c quyn truy cp cho cc tp tin, th mc, cc thit b v cc ti nguyn tnh ton. Bng cch ci t cc iu khin truy cp v t chi ngi dng truy nhp bt hp php. Qun tr my ch th c th lm gim cc vi phm v an ninh.V d nh nhm bo v b mt v s ton vn ca thng tin th ngi qun tr c th t chi cc truy nhp c tp tin, th mc. hn ch vic thc thi cc c quyn ca hu ht cc cng c lin quan n h thng th ngi qun tr vin c thm quyn c th ngn chn vic ngi dng thay i cu hnh lm gim an ninh ca h thng v cng nh hn ch kh nng tn cngvo h thngbng cch s dng cc cng c ca nhng k tn cng trn mng.

1.1.5. B sung thm cc ci t v cu hnh bo mt H iu hnh thng khng bao gm tt c cc kim sot an ninh cn thit m bo iu hnh c y cc ng dng, dch v. Trong nhng trng hp nh vy, cc qun tr vin cn phi la chn cc phn mm ci t, cu hnh b sung cung cp cc iu khin b thiu. iu khin cn thit thng thng bao gm cc kim sot an ninh sau y : Phn mm Anti-malware :phn mm dit virut, phn mm chng gin ip, phn mm bo v h thng chng m c hi.. Tng la : bo v my ch chng s truy nhp tri php Phn mm qun l bn v : xc nh cc l bo mt mi trong h iu hnh, dch v mail server v cc ng dng m bo cc l hng c gii quyt kp thi. Mt s qun tr vin my ch th ci t mt hoc nhiu hnh thc phn mm pht hin xm nhp trn my ch da trn my ca h. V d phn mm kim tra tnh ton vn ca tp tin c th xc nh c cc thay i i vi tp tin quan trng trong h thng. Khi lp k hoch kim sot an ninh cc qun tr vin ca my ch mail nn xem xt cc ti nguyn an ninh s dng 1.2. Kim tra an ninh h iu hnh :

Kim tra an ninh ca h iu hnh mt cch nh k l mt cch quan trng pht hin cc l hng v m bo rng cc bin php an ninh ang c s dng c hiu qu. Cc phng php s dng kim tra h iu hnh gm qut v th nghim xm nhp. Th nghim xm nhp l qu trnh th nghim c thit k gy tn hi cho mng bng cch s dng cc cng c v phng php ca k tn cng. N lin quan n vic lp i lp li xc nh v khai thc cc khu vc yu nht ca mng nhm truy cp n cc phn cn li ca mng dn n nh hng ti an ninh h thng mng.

1.3.

Chnh sch truy cp

Ngi dng s ch c phn quyn ti thiu cho php h thc hin chc nng ca mnh. Khng chia s tn s dng v mt khu cho ngi khc. Khng vit mt khu ra giy hoc u tng t. Truy cp n mng hoc my ch s phi xc thc bng tn ngi dng v mt khu hoc smart card, m PIN, sinh trc hc Tun th chnh sch mt khu, chnh sch ng nhp. Khi nhn vin ri khi cng vic ca mnh th s xa b quyn ca ti khon nhn vin . m bo mt khu mc nh c thay i. Tp tin h thng phi bo v ti . Truy cp vo mng hoc my ch s phi c gii hn. 1.4. Chnh sch bo mt vi my ch H iu hnh phi c cp nht v v li. My ch phi qut virut hng ngy. My ch phi c kha trong phng an ton. Truy cp ti d liu v ng dng phi c gii hn bi tnh nng kim sot truy cp. Kch hot h thng c ch kim ton. Ngi dng phi logout hoc kha my ca mnh li khi ri khi bn lm vic. Tt c my trm khng s dng phi c tt b ngoi gi lm vic Thit b lu tr phi c qut virut trc khi s dng. Khng nn s dng phn mm chia s v n l ngun d b ly nhim, nu nht thit phi s dng th phi qut trit trc khi s dng. Cc file nh km phi c scan virut v gii hn cc loi file c php nh km.

CHNG 2.

QUN TR H THNG MAIL

Sau khi trin khai mt my ch mail, cc qun tr vin cn phi duy tr an ninh lin tc. Phn ny cung cp cc khuyn ngh chung cho an ton qun l cc my ch mail. Hot ng quan trng bao gm x l v phn tch cc file log, thc hin sao lu mail server thng xuyn v thc hin qun tr t xa mt cch an ton. 2.1. Cc thit lp an ton

Mc ch chnh ca vic qun tr l m bo an ton cho mng cng nh ngi dng, trnh cho vic lng ph ti nguyn mng v ngi dng b qu ti thng tin khng cn thit... Ngy ny hu ht cc phn mm th in t u cui (mail client) u cho php to cc quy tc hn ch vic gi v nhn th v cng nh vy ti my ch cng c cc tnh nng lc cc th c php gi, nhn v nhiu cc tin ch cung cp tnh nng cho ngi dng. Trn my ch cng c cung cp cc chnh sch ngn chn th, chng li virus i km th, hn ch spam, d dng nh hng th cho nhiu ngi v t chi cc th khng mong mun tch kim ti nguyn mng. Sau y l cc tnh nng c bn m ngi qun tr my ch th in t s dng m bo an ton cho h thng : Chng relay hoc ch cho php mt s a ch IP hoc domain c php relay S dng filter chn cc a ch v ni dung th khng ph hp Qut v dit virus th in t Thit lp s lng th gi ra, vo ng thi cho h thng Thit lp phi xc thc trc khi c php gi th m bo an ton cho my ch v h iu hnh Xy dng h thng c kh nng backup trong trng hp my ch c s c.

2.2.

Ghi nht k

Vic ghi li cc s kin tc ng ln h thng l vic lm rt quan trng tm ra l hng sa cha lm cho h thng an ton hn. File log phi c lu tr v backup thng xuyn, cn c c ch bo v file log ch cho php ngi qun tr mi c th sa, xa file log.

Cc s kin cn ghi li
Ghi nht k lin quan n my ch cc b: o Li thit lp IP o S c phn gii cu hnh (DNS, NIS) o Li cu hnh mail server o Thiu ti nguyn h thng (diskspace, memory, CPU) o C s d liu bit danh c to li Ghi nht k lin quan n cc kt ni: o ng nhp tht bi v thnh cng o Vn bo mt (Spamming) o Mt kt ni o Li giao thc o Kt ni ht hn o Ngt kt ni

2.3.

Backup h thng

Mt trong nhng iu quan trng nht ca mt my ch mail l duy tr tnh ton vn ca d liu trn my ch. Cc nh qun tr cn thc hin sao lu d liu mt cch thng xuyn. Tt c cc t chc cn phi to ra mt chnh sch sao lu my ch mail. Tn ti ba kiu backup chnh: y , gia tng v khc bit. Ty tng yu cu m chn kiu bakup ph hp.

2.4.

Khi phc h thng sau s c

Nh qun tr cn thc hin theo cc chnh sch v th tc ca t chc x l s c. Cc bc thng c thc hin nh sau:
Bo co s vic vi t chc ng ph s c. C lp cc h thng b tn cng hoc cc bin php khc ly thm thng tin ca cuc tn cng. Phn tch tn cng:

o o o -

Nm bt trng thi hin ti ca h thng (cc kt ni hin ti, trng thi b nh, file tem thi gian, log file, ) Cc sa i vi phn mm h thng v cu hnh Cc sa i vi d liu

o Cng c hoc d liu k tn cng s dng Khi phc h thng o o o o Khi phc t file backup Tt services khng cn thit Thay i tt c mt khu

Cu hnh li cc thnh phn an ninh mng (tng la, router, IPS) cung cp bo v b sung Kim th h thng nhm m bo an ton Kt ni li vo mng Gim st h thng v mng m bo rng k tn cng khng th tn cng li. Rt ra bi hc kinh nghim

2.5.

Kim tra bo mt h thng my ch

Kim tra bo mt nh k cc my ch mail cng cng l rt quan trng. Nu khng c kim tra nh k th s khng th m bo rng cc bin php bo v ang lm vic hin ti hoc cc bn v m cc qun tr vin my ch th s dng ang hot ng bnh thng. 2.5.1. Qut l hng Trnh qut l hng l nhng cng c c s dng t ng xc nh l hng v li cu hnh ca cc my ch.Trnh qut cng lm gim thiu cung cp thng tin v vic pht hin cc l hng. Trnh qut c gng xc nh cc l hng trong cc my ch m n qut, gip xc nh cc phin bn phn mm thiu cc bn v li hng ngy hoc nng cp h thng v xc nhn s chnh lch ca vic tun th chnh sch bo mt ca h thng. thc hin n lc ny, trnh qut l hng xc nh h iu hnh ln cc phn mm ng dng ang chy trn my ch v kt hp chng vi cc l hng c bit n. Trnh qut mc tn thng s dng c s d liu ln ca cc l hng xc nh cc l hng lin quan n h iu hnh v cc ng dng thng c
9

s dng. Tuy nhin, trnh qut mc tn thng c mt s nhc im ng k l xc nh c cc l hng b mt nhng khng c kh nng gii quyt cc mc ri ro tng th ca mt my ch th c qut. Mc d bn thn qu trnh qut t ng ha cao nhng trnh qut t ng c mt t l li cao (bo l hng khi khng tn ti). iu ny c ngha l mt c nhn c chuyn mn trong bo mt v qun l my ch th phi gii thch kt qu sau khi qut. Hn na trnh qut mc tn thng khng th xc nh cc l hng trong on m ty chnh hoc cc ng dng. Trnh qut mc tn thng da vo vic cp nht nh k cc c s d liu d tn thng nhn ra l hng mi nht. Trc khi chy bt k mt trnh qut mc tn thng no cho c s d liu, cc qun tr vin my ch th nn ci t cc bn cp nht mi nht cho h thng. Mt s trnh qut l hng bo mt c s d liu c cp nht thng xuyn hn so vi nhng loi khc (khi la chn trnh qu l hng tn sut ca bn cp nht phi c u tin xem xt). Ngoi ra, cc nh sn xut mun gi tc ca trnh qut (yu cu kim tra pht hin nhiu l hng hn m khng lm gim qu trnh qut tng th). Trnh qut mc tn thng thng cung cp nhng kh nng sau y : - Xc nh cc my ch ang hot ng trn mng - Xc nh cc dch v (cng) d b tn cng ang hot ng trn my ch th. - Xc nh cc ng dng v cc banner. - Xc nh h iu hnh. - Xc nh cc l hng lin quan n ng dng v h iu hnh. Kim tra cc ng dng bo mt s dng trn my ch th ph hp vi cc chnh sch an ninh. Cc t chc nn tin hnh trnh qut mc tn thng xc nhn rng h iu hnh v cc ng dng trn my ch th c cp nht cc bn v bo mt. Trnh qut mc tn thng l mt hot ng i hi s tham gia ca con ngi mc cao gii thch kt qu. N cng c th gy gin on cho cc hot ng bng cch chim bng thng mng, lm chm thi gian phn ng ca mng v c kh nng nh hng n s sn c ca cc ng dng hoc cc my
10

ch qut. Tuy nhin vic thc hin trnh qut mc tn thng sm nht c th v cng quan trng v n m bo cc l hng c gim nh trc khi chng c pht hin v khai thc bi k tn cng, nn thc hin trnh qut vo hng tun hoc hng thng.Cc t chc nn chy trnh qut cho my ch th bt c khi no mt c s d liu l hng mi c pht hnh cho cc ng dng ca trnh qut. Cn lp h s sa cha nhng thiu st c pht hin trong qu trnh qut.T chc cng nn xem xt chy nhiu hn mt trnh qut l hng. My qut khng th pht hin tt c cc l hng bit, s dng hai trnh qut thng lm tng s lng cc l hng c pht hin. 2.5.2. Kim tra xm nhp Mc ch ca vic kim tra xm nhp l thc hin bo v h thng bi nhng k tn cng (phn ng c bit ca con ngi i vi tn cng) bng cch s dng cc cng c k thut ph bin. Th nghim ny c khuyn co cho cc h thng phc tp hoc quan trng. Thm nhp th nghim c th l mt k thut v gi cho bt k chng trnh thng tin no ca t chc an ninh. Tuy nhin, n l mt hot ng chuyn su i hi con ngi c chuyn mn cao nh gi gim thiu ri ro cho h thng. mc ti thiu n c th lm chm thi gian phn ng mng. Hn na, tn ti kh nng m h thng c th b h hng hoc khng th hot ng trong qu trnh th nghim xm nhp. Mc d nguy c ny c gim nh bng vic x dng cc th nghim xm nhp c uy tn nhng cng khng bao gi loi b c hon ton. Thm nhp th nghim cung cp nhng li ch sau : - Kim tra mng bng cch s dng cc phng php v cng c tng t c s dng bi nhng k tn cng. - Xc minh xem cc l hng c tn ti hay khng ? - Vt xa cc l hng b mt v tm cch c th khai thc lp i lp li l hng ny truy cp nhiu hn. - Chng min rng l hng khng hon ton l l thuyt - Cung cp tnh hin thc cn thit ca cc vn an ninh

11

- Cho php kim tra cc th tc v tnh nhy cm ca con ngi, x hi n cng ngh. 2.6. Qun tr t xa

Cho php qun tr t xa mt my ch th c khuyn khch s dng khi xem xt cn thn v nhng ri ro. Vic cu hnh an ton nht l khng cho php bt k mt iu khin t xa no. Tuy nhin iu c th khng kh thi cho tt c cc t chc. Nguy c ca vic cho php qun l t xa khc nhau ty thuc ng k vo v tr ca cc my ch th trn mng. i vi mt my ch th nm ng sau tng la th vic qun l t xa c th c thc hin tng i an ton t mng ni b nhng khng phi l khng c thm ri ro. Khng nn qun tr t xa t mt my ch nm ngoi mng li ca t chc, tr khi thc hin t mt my tnh c t chc kim sot thng qua cc gii php truy cp t xa ca t chc nh mt mng ring o. Nu mt t chc xc nh vic qun tr t xa mt my ch th l cn thit, th cn m bo rng n c thc hin theo nhng bc c th l an ton sau y : - S dng mt c ch xc thc mnh - Hn ch cc my ch c th c s dng qun tr t xa cc my ch th : hn ch b ngi dng c thm quyn, hn ch a ch Ip (khng phi tn my), v d nh truy cp c th c hn ch vi mt s hoc tt c cc host trn mng ni b hoc my ch bng cch s dng gii php truy nhp t xa ca cc t chc doanh nghip. - S dng cc giao thc an ton c th cung cp m ha cho c mt khu v d liu - Thc thi cc khi nim c quyn ti thiu v qun l t xa - Khng cho php qun l t xa t Internet thng qua tng la tr khi thc hin thng qua cc c ch mnh m nh VPN . - Thay i bt k ti khon mc nh hoc mt khu qun l t xa t cc tin ch hoc ng dng . - Khng gn kt, chia s bt c tp tin no trn mng ni b t my ch th hoc ngc li.
12

13

KT LUN

Vn bo mt h thng mail cho cc doanh nghip hin nay tr nn cn thit v hng ngy cc th rc (spam mail) c th lm trn ngp hp th dn n s tr tr trong cng vic nh hng xu n nng sut ca cng ty, cng nh li dng cc th rc hay th hp php thc hin tn cng DoS, hay nh cp cc thng tin c nhn, c th li dng cc thng tin ny thc hin cc giao dch ngoi mun, ngoi ra khi nhn c cc email vi ni dung v cc hnh nh khng lnh mnh gy ra s kh chu cho cc nhn vin v nh hng n cng vic. Qua vic tm hiu cc chnh sch bo mt ca h thng th tn in t chng ta bit c thm cc cch thc m bo an ton cho h thng th in t. Nng cao tm hiu bit ca ngi dng.

14

TI LIU THAM KHO

1. Guidelines on Electronic Mail Security NIST - Special Publication 800-45 Version 2 2. Securing Network Servers - Julia Allen 2000 3. Guide to Computer Security Log Management - Karen Kent and Murugiah Souppaya, NIST Special Publication 800-92

15

Calificar