Está en la página 1de 40

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

LI M U
Cng vi s pht trin ca cng ngh thng tin, cng ngh mng my tnh v s
pht trin ca mng internet ngy cng pht trin a dng v phong ph. Cc dch v
trn mng thm nhp vo hu ht cc lnh vc trong i sng x hi. Cc thng tin
trn Internet cng a dng v ni dung v hnh thc, trong c rt nhiu thng tin
cn c bo mt cao hn bi tnh kinh t, tnh chnh xc v tnh tin cy ca n.
S ra i ca cng ngh An ninh Mng bo v mng ca bn trc vic nh cp
v s dng sai mc ch thng tin kinh doanh b mt v chng li tn cng bng m
c t vi rt v su my tnh trn mng Internet. Nu khng c An ninh Mng c
trin khai, cng ty ca bn s gp ri ro trc xm nhp tri php, s ngng tr hot
ng ca mng, s gin on dch v, s khng tun th quy nh v thm ch l cc
hnh ng phm php.
Bn cnh , cc hnh thc ph hoi mng cng tr nn tinh vi v phc tp hn.
Do i vi mi h thng, nhim v bo mt c t ra cho ngi qun tr mng l
ht sc quan trng v cn thit. Xut pht t nhng thc t , nhm chng em tm
hiu v ti Tm hiu v An ninh mng v k thut Scanning Network.
Vi s hng dn tn tnh ca thy L T Thanh Khoa khoa hc my tnh
nhm em hon thnh bn bo co ny. Tuy c gng tm hiu, phn tch nhng
chc rng khng trnh khi nhng thiu st. Nhm em rt mong nhn c s thng
cm v gp ca qu Thy c.
Nhm em xin chn thnh cm n!

Thc hin: Nhm 18

Trang i

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

MC LC
LI M U ................................................................................................................. i
MC LC ...................................................................................................................... ii
MC LC HNH NH ................................................................................................ iv
CHNG 1: TNG QUAN V AN NINH MNG ......................................................1
1.1. Gii thiu v An Ninh Mng ................................................................................1
1.1.1. An Ninh mng l g. ......................................................................................1
1.1.2. Cc yu t cn c bo v trong h thng mng.........................................1
1.1.3. Cc yu t m bo an ton thng tin ...........................................................1
1.2. Cc l hng bo mt .............................................................................................3
1.2.1. L hng loi C ...............................................................................................3
1.2.2. L hng loi B ...............................................................................................4
1.2.3. L hng loi A ...............................................................................................4
1.3. Cc kiu tn cng ca hacker ...............................................................................5
1.3.1. Tn cng trc tip ..........................................................................................5
1.3.2. K thut nh la : Social Engineering .........................................................5
1.3.3. K thut tn cng vo vng n ......................................................................6
1.3.4. Tn cng vo cc l hng bo mt ................................................................6
1.3.5. Khai thc tnh trng trn b m ...................................................................6
1.3.6. Nghe trm ......................................................................................................6
1.3.7. K thut gi mo a ch ................................................................................7
1.3.8. K thut chn m lnh ...................................................................................7
1.3.9. Tn cng vo h thng c cu hnh khng an ton .......................................7
1.3.10. Tn cng dng Cookies ...............................................................................8
1.3.11. Can thip vo tham s trn URL .................................................................8
1.3.12. V hiu ha dch v .....................................................................................8
1.3.13. Mt s kiu tn cng khc ...........................................................................8
1.4. Cc bin php bo mt mng ................................................................................9
1.4.1. M ho, nhn dng, chng thc ngi dng v phn quyn s dng ...........9
1.4.2. Bo mt my trm .......................................................................................15
1.4.3. Bo mt truyn thng ..................................................................................16
Thc hin: Nhm 18

Trang ii

ti: Tm hiu v An ninh mng v k thut ScanningNetwork


1.4.4. Cc cng ngh v k thut bo mt .............................................................17
1.5. Nhng cch pht hin h thng b tn cng .......................................................18
CHNG 2: TM HIU K THUT SCANNING NETWORK ...............................20
2.1. Gii thiu v Scanning .......................................................................................20
2.2. Phn loi Scanning .............................................................................................20
2.2.1. Port Scanning ...............................................................................................21
2.2.2. Network Scanning .......................................................................................21
2.2.3. Vulnerability scanning.................................................................................21
2.3. Cc phng php Scanning ................................................................................22
2.3.1. Kim tra h thng. .......................................................................................22
2.3.2. Kim tra cc cng m ..................................................................................22
2.3.3. K thut War DiaLing .................................................................................25
2.3.4. Cng ngh Banner Grabing v Operating System Fingerprint ...................26
2.3.5. Qut l hng ................................................................................................27
2.3.6. Trin khai Proxy Server tn cng ...........................................................27
2.4. Mt s k thut h tr tn cng ..........................................................................27
2.4.1. K thut HTTP TUNNELING ....................................................................27
2.4.2. K thut gi mo IP .....................................................................................28
CHNG 3: DEMO MT S V D V SCANNING .............................................29
3.1. Kim tra h thng ...............................................................................................29
3.2. Kim tra cc cng m .........................................................................................30
3.3. Qut l hng. ......................................................................................................32
3.4. Mt s loi khc. ................................................................................................33
3.4.1. Gi mo IP ...................................................................................................33
3.4.2. Proxy server .................................................................................................34
KT LUN ...................................................................................................................35
TI LIU THAM KHO .............................................................................................36

Thc hin: Nhm 18

Trang iii

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

MC LC HNH NH
Hnh 1.

Qu trnh nh gi nguy c ca h thng ......................................................2

Hnh 2.

Qu trnh m ho .........................................................................................10

Hnh 3.

M hnh gii thut bm................................................................................11

Hnh 4.

Gii thut m ho ng b/i xng ...........................................................11

Hnh 5.

Gii thut m ha khng ng b/khng i xng .....................................12

Hnh 6.

Chng thc bng user v password .............................................................13

Hnh 7.

Hot ng ca CHAP ..................................................................................14

Hnh 8.

M ha Kerberos .........................................................................................15

Hnh 9.

Bo mt FTP ................................................................................................16

Hnh 10.

M hnh tng qut firewall ..........................................................................17

Hnh 11.

Bo mt bng VPN ......................................................................................18

Hnh 12.

H thng chng xm nhp IDS ...................................................................18

Hnh 13.

Phn loi scanning .......................................................................................20

Hnh 14.

Cc phng php Scanning .........................................................................22

Hnh 15.

C ch bt tay ba bc ................................................................................23

Hnh 16.

M hnh k thut War DiaLing ...................................................................25

Hnh 17.

Client kt ni n FTP thng qua HTTP TUNNELING.............................28

Hnh 18.

Chn dy IP mun qut ...............................................................................29

Hnh 19.

Chn port mun qut ...................................................................................29

Hnh 20.

Kt qu qut mng .......................................................................................30

Hnh 21.

kim tra my ch hot ng ........................................................................30

Hnh 22.

Nhp tn my ch cn kim tra. ..................................................................31

Hnh 23.

Thit lp cu hnh cn qut ..........................................................................31

Hnh 24.

Xem kt qu qu trnh qut. ........................................................................32

Hnh 25.

La chn phng thc qut .........................................................................32

Hnh 26.

Kt qu qu trnh qut l hng ....................................................................33

Hnh 27.

phn mm Hide My IP ................................................................................33

Hnh 28.

Phm mm thay i Proxy ..........................................................................34

Thc hin: Nhm 18

Trang iv

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

CHNG 1: TNG QUAN V AN NINH MNG


1.1. Gii thiu v An Ninh Mng
1.1.1. An Ninh mng l g.
My tnh c phn cng cha d liu do h iu hnh qun l, a s cc my tnh
nht l cc my tnh trong cng ty, doanh nghip c ni mng Lan v Internet. Nu
nh my tnh, h thng mng ca bn khng c trang b h thng bo v vy chng
khc no bn i khi cn phng ca mnh m qun kha ca, my tnh ca bn s l
mc tiu ca virus, worms, unauthorized user chng c th tn cng vo my tnh
hoc c h thng ca bn bt c lc no.
Vy an ton mng c ngha l bo v h thng mng, my tnh khi s ph hoi
phn cng hay chnh sa d liu (phn mm) m khng c s cho php t nhng
ngi c hay v tnh. An ton mng cung cp gii php, chnh sch, bo v my
tnh, h thng mng lm cho nhng ngi dng tri php, cng nh cc phn mm
cha m c xm nhp bt hp php vo my tnh, h thng mng ca bn.

1.1.2. Cc yu t cn c bo v trong h thng mng


Yu t u tin phi ni n l d liu, nhng thng tin lu tr trn h thng my
tnh cn c bo v do cc yu cu v tnh bo mt, tnh ton vn hay tnh kp thi.
Thng thng yu cu v bo mt c coi l yu cu quan trng i vi thng tin lu
tr trn mng. Tuy nhin, ngay c khi nhng thng tin khng c gi b mt, th yu
cu v tnh ton vn cng rt quan trng. Khng mt c nhn, mt t chc no lng
ph ti nguyn vt cht v thi gian lu tr nhng thng tin m khng bit v tnh
ng n ca nhng thng tin .
Yu t th hai l v ti nguyn h thng, sau khi cc Attacker lm ch c h
thng chng s s dng cc my ny chy cc chng trnh nh d tm mt khu
tn cng vo h thng mng.
Yu t th ba l danh ting mt khi d liu b nh cp th vic nghi ng nhau
trong cng ty l iu khng trnh khi, v vy s nh hng n danh ting ca cng
ty rt nhiu.

1.1.3. Cc yu t m bo an ton thng tin


An ton thng tin ngha l thng tin c bo v, cc h thng v nhng dch v c
kh nng chng li nhng tai ho, li v s tc ng khng mong i. Mc tiu ca an
Thc hin: Nhm 18

Trang 1

ti: Tm hiu v An ninh mng v k thut ScanningNetwork


ton bo mt trong cng ngh thng tin l a ra mt s tiu chun an ton v ng
dng cc tiu chun an ton ny loi tr hoc gim bt cc nguy him.
Hin nay cc bin php tn cng cng ngy cng tinh vi, s e do ti an ton
thng tin c th n t nhiu ni khc nhau theo nhiu cch khc nhau, v vy cc yu
cu cn m bo an ton thng tin nh sau:
-

Tnh b mt: Thng tin phi m bo tnh b mt v c s dng ng i


tng.

Tnh ton vn: Thng tin phi m bo y , nguyn vn v cu trc,


khng mu thun.

Tnh sn sng: Thng tin phi lun sn sng tip cn, phc v theo
ng mc ch v ng cch.

Tnh chnh xc: Thng tin phi chnh xc, tin cy.

Tnh khng khc t (chng chi b): Thng tin c th kim chng c
ngun gc hoc ngi a tin.

Nguy c h thng (Risk) c hnh thnh bi s kt hp gia l hng h thng v


cc mi e do n h thng, nguy c h thng c th nh ngha trong ba cp thp,
trung bnh v cao. xc nh nguy c i vi h thng trc tin ta phi nh gi
nguy c h thng theo s sau.

Hnh 1. Qu trnh nh gi nguy c ca h thng


Xc nh cc l hng h thng
Vic xc nh cc l hng h thng c bt u t cc im truy cp vo h thng
nh:
-

Kt ni mng Internet

Cc im kt ni t xa

Kt ni cc t chc khc

Thc hin: Nhm 18

Trang 2

ti: Tm hiu v An ninh mng v k thut ScanningNetwork


-

Cc mi trng truy cp vt l h thng

Cc im truy cp ngi dng

Cc im truy cp khng dy

mi im truy cp, ta phi xc nh c cc thng tin c th truy cp v mc


truy cp vo h thng.
Xc nh cc mi e o
y l mt cng vic kh khn v cc mi e da thng khng xut hin r rng
(n), thi im v quy m tn cng khng bit trc. Cc hnh thc v k thut tn
cng a dng nh:
-

DoS/DDoS, BackDoor, Trn b m,

Virus, Trojan Horse, Worm

Social Engineering

Cc bin php an ton h thng


Cc bin php an ton h thng gm cc bin php: Nh firewall, phn mm dit
virut, iu khin truy cp, h thng chng thc (mt khu, sinh trc hc, th nhn
dng), m ho d liu, h thng xm nhp IDS, cc k thut khc, thc ngi dng,
h thng chnh sch bo mt v t ng v l h thng

1.2. Cc l hng bo mt
C nhiu cc t chc tin hnh phn loi cc dng l hng c bit. Theo b quc
phng M cc loi l hng c phn lm ba loi nh sau:

1.2.1. L hng loi C


Cho php thc hin cc hnh thc tn cng theo DoS (Denial of Services- T chi
dch v) Mc nguy him thp ch nh hng ti cht lng dch v, lm ngng tr
gin on h thng, khng lm ph hng d liu hoc t c quyn truy cp bt hp
php.
DoS l hnh thc tn cng s dng cc giao thc tng Internet trong b giao thc
TCP/IP lm h thng ngng tr dn n tnh trng t chi ngi s dng hp php
truy nhp hay s dng h thng.
Cc dch v c l hng cho php cc cuc tn cng DoS c th c nng cp hoc
sa cha bng cc phin bn mi hn ca cc nh cung cp dch v. Hin nay cha c
mt bin php hu hiu no khc phc tnh trng tn cng kiu ny v bn thn thit
Thc hin: Nhm 18

Trang 3

ti: Tm hiu v An ninh mng v k thut ScanningNetwork


k tng Internet (IP) ni ring v b giao thc TCP/IP ni chung n cha nhng
nguy c tim tang ca cc l hng loi ny.

1.2.2. L hng loi B


Cho php ngi s dng c thm cc quyn trn h thng m khng cn kim tra
tnh hp l dn n mt mt thng tin yu cu cn bo mt. L hng ny thng c
trong cc ng dng trn h thng . C mc nguy him trung bnh.
L hng loi B ny c mc nguy him hn l hng loi C. Cho php ngi s dng
ni b c th chim c quyn cao hn hoc truy nhp khng hp php.Nhng l
hng loi ny thng xut hin trong cc dch v trn h thng. Ngi s dng local
c hiu l ngi c quyn truy nhp vo h thng vi mt s quyn hn nht
nh.
Mt dng khc ca l hng loi B xy ra vi cc chng trnh vit bng m ngun
C. Nhng chng trnh vit bng m ngun C thng s dng mt vng m, mt
vng trong b nh s dng lu tr d liu trc khi x l. Ngi lp trnh thng
s dng vng m trong b nh trc khi gn mt khong khng gian b nh cho
tng khi d liu. V d khi vit chng trnh nhp trng tn ngi s dng quy nh
trng ny di 20 k t bng khai bo:
Char first_name [20]; Khai bo ny cho php ngi s dng nhp ti a 20 k t.
Khi nhp d liu ban u d liu c lu vng m. Khi ngi s dng nhp nhiu
hn 20 k t s trn vng m. Nhng k t nhp tha s nm ngoi vng m khin
ta khng th kim sot c. Nhng i vi nhng k tn cng chng c th li dng
nhng l hng ny nhp vo nhng k t c bit thc thi mt s lnh c bit
trn h thng. Thng thng nhng l hng ny c li dng bi nhng ngi s
dng trn h thng t c quyn root khng hp l. hn ch c cc l hng
loi B phi kim sot cht ch cu hnh h thng v cc chng trnh.

1.2.3. L hng loi A


Cho php ngi ngoi h thng c th truy cp bt hp php vo h thng. C th
lm ph hu ton b h thng. Loi l hng ny c mc rt nguy him e da tnh
ton vn v bo mt ca h thng. Cc l hng ny thng xut hin nhng h thng
qun tr yu km hoc khng kim sot c cu hnh mng. V d vi cc web server
chy trn h iu hnh Novell cc server ny c mt scripst l convert.bas chy scripst
ny cho php c ton b ni dung cc file trn h thng.
Thc hin: Nhm 18

Trang 4

ti: Tm hiu v An ninh mng v k thut ScanningNetwork


Nhng l hng loi ny ht sc nguy him v n tn ti sn c trn phn mm s
dng, ngi qun tr nu khng hiu su v dch v v phn mm s dng c th b
qua im yu ny. V vy thng xuyn phi kim tra cc thng bo ca cc nhm tin
v bo mt trn mng pht hin nhng l hng loi ny. Mt lot cc chng trnh
phin bn c thng s dng c nhng l hng loi A nh: FTP, Gopher, Telnet,
Sendmail, ARP, finger...

1.3. Cc kiu tn cng ca hacker


1.3.1. Tn cng trc tip
S dng mt my tnh tn cng mt my tnh khc vi mc ch d tm mt m,
tn ti khon tng ng, . H c th s dng mt s chng trnh gii m gii m
cc file cha password trn h thng my tnh ca nn nhn. Do , nhng mt khu
ngn v n gin thng rt d b pht hin.
Ngoi ra, hacker c th tn cng trc tip thng qua cc li ca chng trnh hay h
iu hnh lm cho h thng t lit hoc h hng. Trong mt s trng hp, hacker
ot c quyn ca ngi qun tr h thng.

1.3.2. K thut nh la : Social Engineering


y l th thut c nhiu hacker s dng cho cc cuc tn cng v thm nhp
vo h thng mng v my tnh bi tnh n gin m hiu qu ca n. Thng c s
dng ly cp mt khu, thng tin, tn cng vo v ph hy h thng.
V d : k thut nh la Fake Email Login.
V nguyn tc, mi khi ng nhp vo hp th th bn phi nhp thng tin ti
khon ca mnh bao gm username v password ri gi thng tin n Mail Server x
l. Li dng vic ny, nhng ngi tn cng thit k mt trng web ging ht nh
trang ng nhp m bn hay s dng. Tuy nhin, l mt trang web gi v tt c
thng tin m bn in vo u c gi n cho h. Kt qu, bn b nh cp mt
khu !
Nu l ngi qun tr mng, bn nn ch v d chng trc nhng email, nhng
messengers, cc c in thoi yu cu khai bo thng tin. Nhng mi quan h c nhn
hay nhng cuc tip xc u l mt mi nguy him tim tng.

Thc hin: Nhm 18

Trang 5

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

1.3.3. K thut tn cng vo vng n


Nhng phn b du i trong cc website thng cha nhng thng tin v phin lm
vic ca cc client. Cc phin lm vic ny thng c ghi li my khch ch
khng t chc c s d liu trn my ch. V vy, ngi tn cng c th s dng chiu
chc View Source ca trnh duyt c phn u i ny v t c th tm ra cc s
h ca trang Web m h mun tn cng. T , c th tn cng vo h thng my ch.

1.3.4. Tn cng vo cc l hng bo mt


Hin, nay cc l hng bo mt c pht hin cng nhiu trong cc h iu hnh,
cc web server hay cc phn mm khc, ... V cc hng sn xut lun cp nht cc l
hng v a ra cc phin bn mi sau khi v li cc l hng ca cc phin bn
trc. Do , ngi s dng phi lun cp nht thng tin v nng cp phin bn c m
mnh ang s dng nu khng cc hacker s li dng iu ny tn cng vo h
thng.
Thng thng, cc forum ca cc hng ni ting lun cp nht cc l hng bo mt
v vic khai thc cc l hng nh th no th ty tng ngi.

1.3.5. Khai thc tnh trng trn b m


Trn b m l mt tnh trng xy ra khi d liu c gi qu nhiu so vi kh
nng x l ca h thng hay CPU. Nu hacker khai thc tnh trng trn b m ny th
h c th lm cho h thng b t lit hoc lm cho h thng mt kh nng kim sot.
khai thc c vic ny, hacker cn bit kin thc v t chc b nh, stack, cc
lnh gi hm. Shellcode.
Khi hacker khai thc li trn b m trn mt h thng, h c th ot quyn root
trn h thng . i vi nh qun tr, trnh vic trn b m khng my kh khn, h
ch cn to cc chng trnh an ton ngay t khi thit k.

1.3.6. Nghe trm


Cc h thng truyn t thng tin qua mng i khi khng chc chn lm v li
dng iu ny, hacker c th truy cp vo data paths nghe trm hoc c trm
lung d liu truyn qua.
Hacker nghe trm s truyn t thng tin, d liu s chuyn n sniffing hoc
snooping. N s thu thp nhng thng tin qu gi v h thng nh mt packet cha
password v username ca mt ai . Cc chng trnh nghe trm cn c gi l cc
Thc hin: Nhm 18

Trang 6

ti: Tm hiu v An ninh mng v k thut ScanningNetwork


sniffing. Cc sniffing ny c nhim v lng nghe cc cng ca mt h thng m
hacker mun nghe trm. N s thu thp d liu trn cc cng ny v chuyn v cho
hacker.

1.3.7. K thut gi mo a ch
Thng thng, cc mng my tnh ni vi Internet u c bo v bng bc
tng la(fire wall). Bc tng la c th hiu l cng duy nht m ngi i vo nh
hay i ra cng phi qua v s b im mt. Bc tng la hn ch rt nhiu kh
nng tn cng t bn ngoi v gia tng s tin tng ln nhau trong vic s dng to
nguyn chia s trong mng ni b.
S gi mo a ch ngha l ngi bn ngoi s gi mo a ch my tnh ca mnh l
mt trong nhng my tnh ca h thng cn tn cng. H t t a ch IP ca my
tnh mnh trng vi a ch IP ca mt my tnh trong mng b tn cng. Nu nh lm
c iu ny, hacker c th ly d liu, ph hy thng tin hay ph hoi h thng.

1.3.8. K thut chn m lnh


Mt k thut tn cng cn bn v c s dng cho mt s k thut tn cng khc
l chn m lnh vo trang web t mt my khch bt k ca ngi tn cng.
K thut chn m lnh cho php ngi tn cng a m lnh thc thi vo phin lm
vic trn web ca mt ngi dng khc. Khi m lnh ny chy, n s cho php ngi
tn cng thc hin nhiu nhiu chuyn nh gim st phin lm vic trn trang web
hoc c th ton quyn iu khin my tnh ca nn nhn. K thut tn cng ny thnh
cng hay tht bi ty thuc vo kh nng v s linh hot ca ngi tn cng.

1.3.9. Tn cng vo h thng c cu hnh khng an ton


Cu hnh khng an ton cng l mt l hng bo mt ca h thng. Cc l hng
ny c to ra do cc ng dng c cc thit lp khng an ton hoc ngi qun tr h
thng nh cu hnh khng an ton. Chng hn nh cu hnh my ch web cho php ai
cng c quyn duyt qua h thng th mc. Vic thit lp nh trn c th lm l cc
thng tin nhy cm nh m ngun, mt khu hay cc thng tin ca khch hng.
Nu qun tr h thng cu hnh h thng khng an ton s rt nguy him v nu ngi
tn cng duyt qua c cc file pass th h c th download v gii m ra, khi h
c th lm c nhiu th trn h thng.

Thc hin: Nhm 18

Trang 7

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

1.3.10. Tn cng dng Cookies


Cookie l nhng phn t d liu nh c cu trc c chia s gia website v trnh
duyt ca ngi dng.
Cookies c lu tr di nhng file d liu nh dng text (size di 4KB).
Chng c cc site to ra lu tr, truy tm, nhn bit cc thng tin v ngi dng
gh thm site v nhng vng m h i qua trong site. Nhng thng tin ny c th
bao gm tn, nh danh ngi dng, mt khu, s thch, thi quen,
Cookies c Browser ca ngi dng chp nhn lu trn a cng ca my tnh,
khng phi Browser no cng h tr cookies.

1.3.11. Can thip vo tham s trn URL


y l cch tn cng a tham s trc tip vo URL. Vic tn cng c th dng
cc cu lnh SQL khai thc c s d liu trn cc my ch b li. in hnh cho k
thut tn cng ny l tn cng bng li SQL INJECTION.
Kiu tn cng ny gn nh nhng hiu qu bi ngi tn cng ch cn mt cng c tn
cng duy nht l trnh duyt web v backdoor.

1.3.12. V hiu ha dch v


Kiu tn cng ny thng thng lm t lit mt s dch v, c gi l DOS
(Denial of Service - Tn cng t chi dch v).
Cc tn cng ny li dng mt s li trong phn mm hay cc l hng bo mt trn h
thng, hacker s ra lnh cho my tnh ca chng a nhng yu cu khng u vo
u n cc my tnh, thng l cc server trn mng. Cc yu cu ny c gi n
lin tc lm cho h thng nghn mch v mt s dch v s khng p ng c cho
khch hng.
i khi, nhng yu cu c trong tn cng t chi dch v l hp l. V d mt
thng ip c hnh vi tn cng, n hon ton hp l v mt k thut. Nhng thng
ip hp l ny s gi cng mt lc. V trong mt thi im m server nhn qu nhiu
yu cu nn dn n tnh trng l khng tip nhn thm cc yu cu. l biu hin
ca t chi dch v.

1.3.13. Mt s kiu tn cng khc


L hng khng cn login: Nu nh cc ng dng khng c thit k cht ch,
khng rng buc trnh t cc bc khi duyt ng dng th y l mt l hng bo mt
Thc hin: Nhm 18

Trang 8

ti: Tm hiu v An ninh mng v k thut ScanningNetwork


m cc hacker c th li dng truy cp thng n cc trang thng tin bn trong m
khng cn phi qua bc ng nhp.
Thay i d liu: Sau khi nhng ngi tn cng c c d liu ca mt h thng
no , h c th thay i d liu ny m khng quan tm n ngi gi v ngi
nhn n. Nhng hacker c th sa i nhng thng tin trong packet d liu mt cch
d dng.
Password-base Attact: Thng thng, h thng khi mi cu hnh c username v
password mc nh. Sau khi cu hnh h thng, mt s admin vn khng i li cc
thit lp mc nh ny. y l l hng gip nhng ngi tn cng c th thm nhp
vo h thng bng con ng hp php. Khi ng nhp vo, hacker c th to thm
user, ci backboor cho ln vin thm sau.
Identity Spoofing: Cc h thng mng s dng IP address nhn bit s tn ti
ca mnh. V th a ch IP l s quan tm hng u ca nhng ngi tn cng. Khi h
hack vo bt c h thng no, h u bit a ch IP ca h thng mng . Thng
thng, nhng ngi tn cng gi mo IP address xm nhp vo h thng v cu
hnh li h thng, sa i thng tin,
Vic to ra mt kiu tn cng mi l mc ch ca cc hacker. Trn mng Internet
hin nay, c th s xut hin nhng kiu tn cng mi c khai sinh t nhng hacker
thch my m v sng to. Bn c th tham gia cc din n hacking v bo mt m
rng kin thc.

1.4. Cc bin php bo mt mng


1.4.1. M ho, nhn dng, chng thc ngi dng v phn quyn s dng
M ho
M ho l c ch chnh cho vic bo mt thng tin. N bo v chc chn thng tin
trong qu trnh truyn d liu, m ho c th bo v thng tin trong qu trnh lu tr
bng m ho tp tin. Tuy nhin ngi s dng phi c quyn truy cp vo tp tin ny,
h thng m ho s khng phn bit gia ngi s dng hp php v bt hp php nu
c hai cng s dng mt key ging nhau. Do m ho chnh n s khng cung cp
bo mt, chng phi c iu khin bi key m ho v ton b h thng.

Thc hin: Nhm 18

Trang 9

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

Hnh 2. Qu trnh m ho
M ho nhm m bo cc yu cu sau:
-

Tnh b mt (confidentiality): d liu khng b xem bi bn th 3.

Tnh ton vn (Integrity): d liu khng b thay i trong qu trnh truyn.

Tnh khng t chi (Non-repudiation): l c ch ngi thc hin hnh ng khng


th chi b nhng g mnh lm, c th kim chng c ngun gc hoc ngi a
tin.
Cc gii thut m ho
-

Gii thut bm (Hashing Encryption)

L cch thc m ho mt chiu tin hnh bin i vn bn nhn dng (cleartext)


tr thnh hnh thi m ho m khng bao gi c th gii m. Kt qu ca tin trnh
hashing cn c gi l mt hash (x l bm), gi tr hash (hash value), hay thng
ip c m ho (message digest) v tt nhin khng th ti to li dng ban u.
Trong x l hm bm d liu u vo c th khc nhau v di, th nhng di
ca x l Hash li l c nh. Hashing c s dng trong mt s m hnh xc thc
password. Mt gi tr hash c th c gn vi mt thng ip in t (electronic
message) nhm h tr tnh tch hp ca d liu hoc h tr xc nh trch nhim
khng th chi t (non-repudiation).

Thc hin: Nhm 18

Trang 10

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

Hnh 3. M hnh gii thut bm


Mt s gii thut bm
MD5 (Message Digest 5): gi tr bm 128 bit.
SHA-1 (Secure Hash Algorithm): gi tr bm 160 bit.
-

Gii thut m ho ng b/i xng (Symmetric)

M ho i xng hay m ho chia s kho (shared-key encryption) l m hnh m


ho hai chiu c ngha l tin trnh m ho v gii m u dng chung mt kho. Kho
ny phi c chuyn giao b mt gia hai i tng tham gia giao tip. C th b
kho bng tn cng vt cn (Brute Force).

Hnh 4. Gii thut m ho ng b/i xng


Cch thc m ho nh sau:
o Hai bn chia s chung 1 kho (c gi b mt).
o Trc khi bt u lin lc hai bn phi trao i kho b mt cho nhau.
o Mi pha ca thnh phn lin lc yu cu mt kho chia s duy nht,
kho ny khng chia s vi cc lin lc khc.
Bng di y cho thy chi tit cc phng php m ha i xng thng dng.
Thc hin: Nhm 18

Trang 11

ti: Tm hiu v An ninh mng v k thut ScanningNetwork


Cc loi m ha

c tnh

Data Encryption Standard (DES)

S dng mt khi 64 bit hoc mt


kha 56 bit.

Triple DES (3DES)

Advanced Encryption Standard (AES)

C th d dng b b kha.

p dng DES 3 ln.

S dng mt kha 168bit.

B thay th bi AES.

S dng Rhine doll c kh nng


khng vi tt c tn cng bit.

Dng mt kha v kha chiu di c


th thay i (128-192 hoc 256 bit).

Gii thut m ha khng ng b/khng i xng (Asymmetric)

M ha bt i xng, hay m ha kha cng khai(public-key encryption), l m


hnh m ha 2 chiu s dng mt cp kha l kha ring (private key) v kha cng
(public keys). Thng thng, mt thng ip c m ha vi private key, v chc
chn rng key ny l ca ngi gi thng ip (message sender). N s c gii m
vi public key, bt c ngi nhn no cng c th truy cp nu h c key ny. Ch ,
ch c public key trong cng mt cp kha mi c th gii m d liu m ha vi
private key tng ng. V private key th khng bao gi c chia s vi bt k ai v
do n gi c tnh bo mt, vi dng m ha ny c ng dng trong ch k
in t.

Hnh 5. Gii thut m ha khng ng b/khng i xng

Thc hin: Nhm 18

Trang 12

ti: Tm hiu v An ninh mng v k thut ScanningNetwork


Cc gii thut
o RSA (Ron Rivest, Adi Shamir, and Leonard Adleman).
o DSA (Digital Signature Standard).
o Diffie-Hellman (W.Diffie and Dr.M.E.Hellman).
Chng thc ngi dng
L qu trnh thit lp tnh hp l ca ngi dng trc khi truy cp thng tin trong
h thng. Cc loi chng thc nh:
+ Username/password: L loi chng thc ph bin nht v yu nht ca chng
thc, username/password c gi nguyn dng chuyn n Server.

Hnh 6. Chng thc bng user v password


Tuy nhin phng php ny xut hin nhng vn nh d b nh cp trong qu
trnh n server
+ Gii php
o t mt khu di ti thiu l tm k t, bao gm ch ci, s, biu tng.
o Thay i password: 01 thng/ln.
o

Khng nn t cng password nhiu ni.

Xem xt vic cung cp password cho ai.

+ CHAP (Challenge Hanshake Authentication Protocol): Dng m ha mt khu


khi ng nhp, dng phng php chng thc th thch/hi p. nh k kim tra li
cc nh danh ca kt ni s dng c ch bt tay 3 bc v thng tin b mt c m
ha s dng MD5. Hot ng ca CHAP nh sau:

Thc hin: Nhm 18

Trang 13

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

Hnh 7. Hot ng ca CHAP


+ Kerberos
Kerberos l mt giao thc mt m dng xc thc trong cc mng my tnh hot
ng trn nhng ng truyn khng an ton. Giao thc Kerberos c kh nng chng
li vic nghe ln hay gi li cc gi tin c v m bo tnh ton vn ca d liu. Mc
tiu khi thit k giao thc ny l nhm vo m hnh my ch-my khch (clientserver) v m bo nhn thc cho c hai chiu.
Kerberos hot ng s dng mt bn th ba tham gia vo qu trnh nhn thc gi
l key distribution center KDC (KDC bao gm hai chc nng: "my ch xc thc"
(authentication server - AS) v "my ch cung cp v" (ticket granting server - TGS).
"V" trong h thng Kerberos chnh l cc chng thc chng minh nhn dng ca
ngi s dng.). Mi ngi s dng trong h thng chia s mt kha chung vi my
ch Kerberos. Vic s hu thng tin v kha chnh l bng chng chng minh nhn
dng ca mt ngi s dng. Trong mi giao dch gia hai ngi s dng trong h
thng, my ch Kerberos s to ra mt kha phin dng cho phin giao dch .

Thc hin: Nhm 18

Trang 14

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

Hnh 8. M ha Kerberos
+ Chng ch (Certificates)
Mt Server (Certificates Authority - CA) to ra cc certificates.
C th l vt l: smartcard
C th l logic: ch k in t
S dng public/private key (bt c d liu no c m ha bng public key ch c
th gii m bng private key). S dng cng ty th 3 chng thc. c s dng
ph bin trong chng thc web, smart cards, ch k in t cho email v m ha
email.

1.4.2. Bo mt my trm
S kim tra u n mc bo mt c cung cp bi cc my ch ph thuc ch
yu vo s qun l. Mi my ch trong mt cng ty nn c kim tra t Internet
pht hin l hng bo mt. Thm na, vic kim tra t bn trong v qu trnh thm
nh my ch v cn bn l cn thit gim thiu tnh ri ro ca h thng, nh khi
firewall b li hay mt my ch, h thng no b trc trc.
Hu ht cc h iu hnh u chy trong tnh trng thp hn vi mc bo mt ti
thiu v c rt nhiu l hng bo mt. Trc khi mt my ch khi a vo sn xut, s
c mt qu trnh kim tra theo mt s bc nht nh. Ton b cc bn sa li phi
c ci t trn my ch, v bt c dch v khng cn thit no phi c loi b.
iu ny lm trnh ri ro xung mc thp nht cho h thng.
Vic tip theo l kim tra cc log file t cc my ch v cc ng dng. Chng s
cung cp cho ta mt s thng tin tt nht v h thng, cc tn cng bo mt. Trong rt
nhiu trng hp, chnh l mt trong nhng cch xc nhn quy m ca mt tn
cng vo my ch.
Thc hin: Nhm 18

Trang 15

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

1.4.3. Bo mt truyn thng


Tiu biu nh bo mt trn FTP, SSH..
o Bo mt truyn thng FTP

Hnh 9. Bo mt FTP
FTP l giao thc lp ng dng trong b giao thc TCP/IP cho php truyn d liu
ch yu qua port 20 v nhn d liu ti port 21, d liu c truyn di dng cleartext, tuy nhin nguy c b nghe ln trong qu trnh truyn file hay ly mt khu trong
qu trnh chng thc l rt cao, thm vo user mc nh Anonymous khng an ton
to iu kin cho vic tn cng trn b m.
Bin php t ra l s dng giao thc S/FTP (S/FTP = FTP + SSL/TSL) c tnh
bo mt v nhng l do sau:
S dng chng thc RSA/DSA .
S dng cng TCP 990 cho iu khin, cng TCP 989 cho d liu.
Tt chc nng Anonymous nu khng s dng.
S dng IDS pht hin tn cng trn b m.
S dng IPSec m ha d liu.
o Bo mt truyn thng SSH
SSH l dng m ha an ton thay th cho telnet, rlogin..hot ng theo m hnh
client/server v s dng k thut m ha public key cung cp phin m ha, n ch
cung cp kh nng chuyn tip port bt k qua mt kt ni c m ha. Vi telnet
hay rlogin qu trnh truyn username v password di dng cleartext nn rt d b
nghe ln, bng cch bt u mt phin m ha.
Khi my client mun kt ni phin an ton vi mt host, client phi bt u kt ni
bng cch thit lp yu cu ti mt phin SSH. Mt khi server nhn dc yu cu t
client, hai bn thc hin c ch three-way handshake trong bao gm vic xc minh
Thc hin: Nhm 18

Trang 16

ti: Tm hiu v An ninh mng v k thut ScanningNetwork


cc giao thc, kha phin s c thay i gia client v server, khi kha phin
trao i v xc minh i vi b nh cache ca host key, client lc ny c th bt u
mt phin an ton.

1.4.4. Cc cng ngh v k thut bo mt


o Bo mt bng firewall
L mt hng ro gia hai mng my tnh, n bo v mng ny trnh khi s xm
nhp t mng kia, i vi nhng doang nghip c va l ln th vic s dng firewall
l rt cn thit, chc nng chnh l kim sot lung thng tin gia mng cn bo v v
Internet thng qua cc chnh sch truy cp c thit lp.
Firewall c th l phn cng, phn mm hoc c hai. Tt c u c chung mt
thuc tnh l cho php x l da trn a ch ngun, bn cnh n cn c cc tnh
nng nh d phng trong trng hp xy ra li h thng.

Hnh 10. M hnh tng qut firewall


Do vic la chn firewall thch hp cho mt h thng khng phi l d dng.
Cc firewall u ph thuc trn mt mi trng, cu hnh mng, ng dng c th. Khi
xem xt la chn mt firewall cn tp trung tm hiu tp cc chc nng ca firewall
nh tnh nng lc a ch, gi tin.
o Bo mt bng VPN (Vitual Private Network)
VPN l mt mng ring o c kt ni thng qua mng cng cng cung cp c
ch bo mt trong mt mi trng mng khng an ton. c im ca VPN l d liu
trong qu trnh truyn c m ha, ngi s dng u xa c chng thc, VPN s
Thc hin: Nhm 18

Trang 17

ti: Tm hiu v An ninh mng v k thut ScanningNetwork


dng a giao thc nh IPSec, SSL nhm tng thm tnh bo mt ca h thng, bn
cnh tit kim c chi ph trong vic trin khai.

Hnh 11. Bo mt bng VPN


Bo mt bng IDS (Pht hin tn cng)
IDS (Intrusion Detection System) l h thng pht hin xm nhp, h thng bo
mt b sung cho firewall vi cng ngh cao tng ng vi h thng chung bo
ng c cu hnh gim st cc im truy cp c th theo di, pht hin s xm
nhp ca cc attacker. C kh nng pht hin ra cc on m c hi hot ng trong
h thng mng v c kh nng vt qua c firewall. C hai dng chnh l
network based v host based

Hnh 12. H thng chng xm nhp IDS


1.5. Nhng cch pht hin h thng b tn cng
Khng c mt h thng no c th m bo an ton tuyt i; bn thn mi dch v
u c nhng l hng bo mt tim tng. ng trn gc ngi qun tr h thng,
ngoi vic tm hiu pht hin nhng l hng bo mt cn lun phi thc hin cc bin
php kim tra h thng xem c du hiu tn cng hay khng. Cc bin php l:

Thc hin: Nhm 18

Trang 18

ti: Tm hiu v An ninh mng v k thut ScanningNetwork


Kim tra cc du hiu h thng b tn cng: h thng thng b treo hoc b
crash bng nhng thng bo li khng r rng. Kh xc nh nguyn nhn do thiu
thng tin lin quan. Trc tin, xc nh cc nguyn nhn v phn cng hay khng,
nu khng phi phn cng hy ngh n kh nng my b tn cng
Kim tra cc ti khon ngi dng mi trn h thng: mt s ti khon l, nht
l uid ca ti khon c uid= 0
Kim tra xut hin cc tp tin l. Thng pht hin thng qua cch t tn cc
tp tin, mi ngi qun tr h thng nn c thi quen t tn tp tin theo mt mu
nht nh d dng pht hin tp tin l. Dng cc lnh ls -l kim tra thuc tnh
setuid v setgid i vi nhng tp tinh ng ch (c bit l cc tp tin scripts).
Kim tra thi gian thay i trn h thng, c bit l cc chng trnh login, sh
hoc cc scripts khi ng trong /etc/init.d, /etc/rc.d
Kim tra hiu nng ca h thng. S dng cc tin ch theo di ti nguyn v
cc tin trnh ang hot ng trn h thng nh ps hoc top
Kim tra hot ng ca cc dch v m h thng cung cp. Chng ta bit
rng mt trong cc mc ch tn cng l lm cho t lit h thng (Hnh thc tn
cng DoS). S dng cc lnh nh ps, pstat, cc tin ch v mng pht hin
nguyn nhn trn h thng.
Kim tra truy nhp h thng bng cc account thng thng, phng trng
hp cc account ny b truy nhp tri php v thay i quyn hn m ngi s dng
hp php khng kim sat c.
Kim tra cc file lin quan n cu hnh mng v dch v nh /etc/inetd.conf;
b cc dch v khng cn thit; i vi nhng dch v khng cn thit chy di
quyn root th khng chy bng cc quyn yu hn.
Kim tra cc phin bn ca sendmail, /bin/mail, ftp; tham gia cc nhm tin v
bo mt c thng tin v l hng ca dch v s dng

Thc hin: Nhm 18

Trang 19

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

CHNG 2: TM HIU K THUT SCANNING NETWORK


2.1. Gii thiu v Scanning
Qut (Scanning) l mt bc tip theo trong tin trnh tn cng h thng. Giai on
ny gip chng ta xc nh c nhiu thng tin ca mc tiu cn tn cng. Chng
trc, bn tm hiu cc vn v Footprinting v Social Engineering, l cng vic
lin quan n con ngi. C ngha l chng ta tin hnh thu thp thng tin v t
chc m chng ta tn cng, nh v tr a l, thi quen sinh hot ca nhn vinn
phn ny, Scanning, chng ta s lm vic vi my mc. Tc l sau khi chng ta tm
c vi thng tin c lin quan n my tnh cn tn cng, cng on tip theo l thu
thp thng tin v my tnh . Nhng thng tin cn thu thp nh tn my (computer
name), a ch ip, cu hnh my tnh, h iu hnh, dch v ang chy, port ang
mNhng thng tin ny s gip cho hacker c k hoch tn cng hp l, cng nh
vic chn k thut tn cng no. Qut gip nh v h thng cn hot ng trn mng
hay khng. Mt hacker chn chnh s dng cch ny tm kim thng tin ca h
thng ch.

2.2. Phn loi Scanning


Sau khi cc giai on hot ng thm d ch ng v b ng ca h thng mc tiu
hon tt, chng ta tin hnh qut. Qut c s dng xc nh mt h thng c trn
mng hay khng v c ang sn sng hot ng. Cng c qut c s dng thu
thp thng tin v mt h thng nh a ch IP, h iu hnh, v cc dch v chy trn
cc my tnh mc tiu. Hnh sau lit k ba loi qut ch yu m chng ta nhm ti.

Hnh 13. Phn loi scanning

Thc hin: Nhm 18

Trang 20

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

2.2.1. Port Scanning


Port scanning l qu trnh xc nh cng TCP/IP m v c sn trn mt h thng.
Cng c Port scanning cho php mt hacker tm hiu v cc dch v c sn trn mt h
thng nht nh. Mi dch v hay ng dng my tnh c kt hp vi mt s cng
thng dng. V d, mt cng c qut l xc nh cng 80 m cho mt web sever
ang chy trn . Hacker cn phi bit r vi s cng thng dng.

2.2.2. Network Scanning


Network scanning l mt quy trnh xc nh my ch ang hot ng trn mng,
hoc tn cng chng hoc l nh gi an ninh mng. My ch c xc nh bi IP
c nhn ca chng. Cc cng c network-scanning c gng xc nh tt c cc my
ch trc tip hoc tr li trn mng v a ch IP tng ng ca chng.

2.2.3. Vulnerability scanning


Vulnerability scanning l qu trnh ch ng xc nh cc l hng ca h thng
my tnh trn mng. Thng thng, mt my qut l hng u tin xc nh cc h
iu hnh v s phin bn, bao gm cc gi dch v c th c ci t. Sau , my
qut l hng xc nh cc im yu, l hng trong h iu hnh.Trong giai on tn
cng sau , mt hacker c th khai thc nhng im yu t c quyn truy cp
vo h thng.
Mt h thng pht hin xm nhp (IDS) hay mt mng an ninh tinh vi chuyn
nghip vi cc cng c thch hp c th pht hin cc hot ng port-scanning. Cc
cng c d qut cng TCP/IP tm kim cc cng m v a ch IP, v l hng thng
c th b pht hin, v cc my qut phi tng tc vi h thng ch trn mng.

Thc hin: Nhm 18

Trang 21

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

2.3. Cc phng php Scanning

Hnh 14. Cc phng php Scanning


2.3.1. Kim tra h thng.
Qut ICMP
Bn cht ca qu trnh ny l gi mt gi ICMP Echo Request n my ch ang
mun tn cng
Vic qut ny rt hu ch nh v cc thit b hot ng hoc xc nh h thng
c tng la hay khng
Ping Sweep
Ping Sweep c s dng xc nh cc my ch cn sng t mt lot cc a
ch IP bng cch gi cc gi ICMP Echo Request n tt c cc IP . Nu mt my
ch cn sng n s tr li mt gi tin ICMP Reply.

2.3.2. Kim tra cc cng m


Kim tra cc cng ang m l bc th hai trong tin trnh qut. Port scanning l
phng php c s dng kim tra cc cng ang m. Qu trnh qut bao gm
vic thm d mi cng trn my ch xc nh cc cng ang m. Thng thng
Ports scanning c gi tr hn mt qu trnh qut ping v my ch v cc l hng trn
h thng.
Thc hin: Nhm 18

Trang 22

ti: Tm hiu v An ninh mng v k thut ScanningNetwork


thc hin qut port my khch phi thc hin thit lp kt ni vi my b tn
cng qua giao thc TCP s dng c ch bt tay 3 bc.

Hnh 15. C ch bt tay ba bc


1. My tnh A khi to mt kt ni n my b tn cng bng mt gi tin vi c
SYN
2. My b tn cng s tr li bng mt gi tin vi c SYN v ACK
3. Cui cng, my khch s gi li cho my ch mt gi tin ACK
Nu 3 bc trn c hon thnh m khng c bin chng th sau mt kt ni
TCP s c thit lp
Bi v TCP l mt giao thc hng kt ni, mt quy trnh thit lp kt ni
(three-way handshake), khi ng li mt kt ni khng thnh cng v kt thc mt
kt ni l mt phn ca giao thc. Nhng giao thc dng thng bo c gi l
Flags. TCP cha cc flasg nh ACK, RST, SYN, URG, PSH v FIN. Danh sch di
y xc nh cc chc nng ca cc c TCP:
SYN (Synchronize): Khi to kt ni gia cc my
ACK (acknowledge): Thit lp kt ni gia cc my.
PSH (Push): H thng chuyn tip d liu m.
URG (Urgent): D liu trong cc gi phi c s l nhanh chng.
FIN(Finish): Hon tt giao tip, khng truyn thm.
Thc hin: Nhm 18

Trang 23

ti: Tm hiu v An ninh mng v k thut ScanningNetwork


RST (Reset): Thit lp li kt ni.
+ Cc k thut qut :
XMAS: XMAS scans gi mt gi vi c FIN,URG, v PSH c thit lp.
Nu cng m, khng p li; nu ng mc tiu gi li gi RST/ACK. XMAS scan
ch lm vic trn h thng my ch theo RFC 793 ca TCP/IP v khng chng li
bt c version no ca Windows.
FIN: FIN scan tng t XMAS scan nhng gi gi d liu ch vi c FIN c
thit lp. FIN scan nhn tr li v c gii hn ging nh XMAS scan.
NULL: NULL scan cng tng t nh XMAS v FIN trong gii hn v tr li,
nhng n ch gi mt packet m khng c flag set.
IDLE: IDLE scan s dng a ch IP gi mo gi mt gi SYN n mc
tiu. Ph thuc vo tr li, cng c th c xc nh l m hoc ng. IDLE scans
xc nh phn ng qut cng bng cch theo di s th t IP header.
+ Cc bin php phng chng
Bin php phng chng l qu trnh hoc b cng c c s dng bi cc qun tr
vin an ninh mng pht hin v c th ngn chn port-scanning cc my ch trn
mng ca h. Danh sch cc bin php i ph cn c thc hin ngn chn mt
hacker thu thp thng tin t qu trnh qut cng:
Kin trc an ninh thch hp, chng hn nh thc hin cc IDS v tng la nn
c i chung.
Hacker chn chnh s dng cng c ca h thit lp kim tra vic Scanning,
thc hin cc bin php i ph. Khi tng la c t ra, cng c port-scanning
nn c chy cho cc my ch trn mng cho php tng la pht hin chnh
xc v dng cc hot ng ca port-scanning.
Tng la c th pht hin cc hot ng thm d c gi bi cc cng c
port-scanning. Cc tng la nn tin hnh ly trng thi kim tra (stateful
inspections). C ngha l n s kim tra khng ch cc tiu TCP m c d liu
ca gi tin xc nh liu c php i qua tng la.
Network IDS nn c s dng pht hin cc phng php d tm h iu
hnh c s dng bi mt s cng c hacker ph bin nh Nmap.
Ch c cc cng cn thit nn c gi trng thi m. Phn cn li s c
lc hoc b chn.
Thc hin: Nhm 18

Trang 24

ti: Tm hiu v An ninh mng v k thut ScanningNetwork


Cc nhn vin ca t chc s dng cc h thng cn c o to thch hp
nhn thc v an ninh mng. Cng nn bit chnh sch bo mt khc nhau m h
ang cn lm theo.

2.3.3. K thut War DiaLing


War-Dialing l qu trnh quay s modem tm mt kt ni modem ang m, kt
ni ny cung cp truy cp t xa vo mng, tn cng vo h thng ch. Thut ng
War dialing bt ngun t nhng ngy u ca Internet khi hu ht cc cng ty c
kt ni vi Internet thng qua kt ni dial-up modem. War dialing c xem nh l
mt phng php qut bi v n tm thy mt kt ni mng m c th c bo mt yu
hn so vi cc kt ni Internet chnh. Nhiu t chc thit lp truy cp t xa qua
modem, m by gi c nhng khng th loi b cc my ch truy cp t xa ny.
iu ny cho php tin tc d dng xm nhp vo mng vi c ch bo mt yu hn
nhiu. V d, nhiu h thng truy cp t xa s dng phng thc xc nhn PAP
(Password Authentication Protocol), gi mt khu dng clear text,hay hn na l
dng cng ngh VPN mi hn vi mt khu c.
War-dialing l cng c lm vic trn tin rng: cc cng ty khng kim sot
quay s ti cng cht ch nh tng la, v my tnh vi modem gn lin c mt
khp mi ni, ngay c khi nhng modem khng cn s dng. Nhiu my ch vn cn
c modem vi ng dy in thoi c kt ni nh l mt sao lu d phng trong
trng hp kt ni Internet chnh gp x c. Nhng kt ni modem c th c s
dng bi mt chng war-dialing truy cp t xa vo h thng v mng ni b.

Hnh 16. M hnh k thut War DiaLing


+ Cc bin php phng chng
Pht trin v thc hin cc chnh sch an ninh
Thc hin: Nhm 18

Trang 25

ti: Tm hiu v An ninh mng v k thut ScanningNetwork


S dng in thoi trong mt vng khc t h thng PBX ni b ca bn
Kim tra cc cu hnh tr li t ng trn modem ca bn
Tin hnh trinh st th cng mng ca bn
Ghi li tt c cc ln ng nhp thnh cng v tht bi.

2.3.4. Cng ngh Banner Grabing v Operating System Fingerprint


Banner Grabbing v ng nht h iu hnh cng c th nh ngha l
Fingerprinting TCP/IP stack l bc th 4 trong phng php qut ca CEH. Qu
trnh fingerprinting cho php hacker xc nh vng c bit d b tn thng ca mc
tiu trn mng. Banner grabbing l qu trnh to kt ni v c biu ng c gi tr
li bi ng dng. Nhiu server (mail, web, ftp) s tr li n mt kt ni telnet vi
tn v version ca software. Hacker c th tm thy nhiu mi lin h gia h iu
hnh v phn mm ng dng. V d, Microsoft Exchange e-mail server ch ci c
trn HH Windows.
OS Fingerprint l k thut xc nh thng tin h iu hnh chy trn host ch. C
hai phng thc thc hin OS Fingerprint nh sau:
Active stack fingerprinting l hnh thc ph bin nht ca fingerprinting. N bao
gm vic gi d liu n h thng xem cch h thng tr li. N da trn thc t l
cc nh cung cp h iu hnh thc hin cc TCP stack khc nhau, v khc nhau da
trn h iu hnh. Cc phn ng ny sau c so snh vi c s d liu xc nh
h iu hnh. Active stack fingerprinting b pht hin bi v n c gng nhiu ln
kt ni vi h thng mc tiu.
Passive stack fingerprinting th tng hnh hn v bao gm s kim tra lu lng
trn mng xc nh h iu hnh. N s dng k thut Sniffing thay v k thut
Scanning. Passive stack fingerprinting thng khng pht hin ra bi IDS hoc h
thng bo mt khc nhng t chnh xc hn Active fingerprinting.
+ Cc bin php phng chng
Thay i thng tin h iu hnh trong phn banner header ca webserver.
Vi Apache bn c th load module c tn l mod_headers ln, v chnh sa
cu hnh trong file httpd.conf
Vi IIS bn c th s dng cc tool nh IIS lockdown Tool, ServerMask. C
hai cng c ny u c chc nng thay i banner header ca server hoc kha hn
lun, khng hin th cho ngi dng.
Thc hin: Nhm 18

Trang 26

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

2.3.5. Qut l hng


Qut l hng l xc nh l hng v im yu ca mt h thng mng v mng
li xc nh xem h thng c th khai thc c nh th no.
Thc hin qut l hng s c cc kt qu :
Cu trc lin kt mng v cc l hng h iu hnh
Cc cng m v cc dch v ang chy
ng dng v cc li cu hnh cc dch v
ng dng v cc l hng dch v

2.3.6. Trin khai Proxy Server tn cng


Chun b my ch proxy l bc cui cng trong phng php qut CEH. Mt
proxy server l mt my tnh hot ng trung gian gia hacker v my tnh ch.
S dng mt proxy server c th cho php hacker tr thnh v danh trn mng.
Hacker trc tin kt ni ti my proxy server ri yu cu kt ni ti my ch thng
qua kt ni c sn n proxy. C bn, proxy yu cu truy cp n mc tiu m khng
phi l my tnh ca hacker. iu ny lm hacker lt web v danh hoc n trong
cuc tn cng.

2.4. Mt s k thut h tr tn cng


2.4.1. K thut HTTP TUNNELING
Mt phng php ph bin ca vng qua tng la hoc IDS l mt to mt ng
hm (nh SMTP) thng qua mt giao thc cho php (nh HTTP). Hu ht cc IDS v
tng la hot ng nh mt proxy gia my tnh ca khch hng v Internet, v ch
cho php truy cp vi nhng host c nh ngha l c php. Hu ht cc cng ty
cho php HTTP giao thng bi v n thng truy cp web lnh tnh. Tuy nhin, hacker
c th to ra mt ng hm bng giao thc HTTP truy cp vo mng bn trong
vi giao thc khng c php.
HTTP Tunneling khng hn l ch dnh cho hacker. Bn c th p dng n to
ra mt h thng kt ni hai chi nhnh an ton bng giao thc HTTP. Trong hnh 4.12
l mt v d v vic kt ni hai chi nhnh trao i d liu qua giao thc FTP, trong
khi giao thc ny b chn bi tng la. Bng cch ny, client c th kt ni v my
ch FTP ly d liu thng qua HTTP Tunneling.

Thc hin: Nhm 18

Trang 27

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

Hnh 17. Client kt ni n FTP thng qua HTTP TUNNELING


2.4.2. K thut gi mo IP
Mt hacker c th gi mo a ch IP khi qut my h thng hn ch thp
nht kh nng b pht hin. Khi nn nhn (Victim) gi tr li v a ch IP, n s
khng gi n a ch gi mo c. Mt nhc im ca gi mo IP l mt
phin TCP khng th hon thnh c, do khng th gi hi p ACK.
Source routing cho php k tn cng ch nh vic nh tuyn mt gi tin c
thng qua Internet. iu ny cng c th gim thiu c hi pht hin bng cch
b qua IDS v tng la. Source routing c ci t trong giao thc TCP/IP
vi hai hnh thc:
Loose Source routing (LSR): Routing khng chnh xc. Ngi gi gi mt
danh sch ip trong bao gm ip ca mnh.

Strict Source routing (SSR): Routing chnh xc. Ngi gi ch ra mt


phn ca ng dn chuyn gi tin. Gi tin tr li s i qua ng dn .
Source routing s dng trng a ch ca gi tin IP Header ln n 39-byte
tc l s c ti a 8 a ch ip c thm vo trng a ch. Khi my gi s
gi qua mt lot ip gi, trong s c ip tht ca k tn cng.

Thc hin: Nhm 18

Trang 28

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

CHNG 3: DEMO MT S V D V SCANNING


3.1. Kim tra h thng
Sau y em s dng phn mm Angry IP Scanner. kim tra cc my ch cn
hot ng hay khng.
Sau khi m phn mm Angry IP Scanner. Ta nhp dy a ch IP cn qut vo
IP Range

Hnh 18. Chn dy IP mun qut


Sau khi la chn c dy a ch mun qut, trn thanh cng c bn vo
TOOLS Port. chn port mun qut.

Hnh 19. Chn port mun qut


Sau khi chn port, nhn Start bt u qut.
Thc hin: Nhm 18

Trang 29

ti: Tm hiu v An ninh mng v k thut ScanningNetwork


Trong qu trnh qut my ch no c mu xanh l cy l nhng my ch ang
hot ng. Nhng my ch no c mu l khng hot ng hoc do b tng la
ngn chn.

Hnh 20. Kt qu qut mng


Sau khi qu trnh qut hon tt, chng ta c th kim tra cc my ch mu xanh
l cy bng cc ng dng h tr ca phn mm nh: ping, share forder, trace route,
telnet

Hnh 21. Kim tra my ch hot ng

3.2. Kim tra cc cng m


phn ny em s s dng phm mm NMAP qut cc cng m.
u tin ta s nhp tn my ch cn kim tra vo mc Target.
Thc hin: Nhm 18

Trang 30

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

Hnh 22. Nhp tn my ch cn kim tra.


Tip theo ta vo Profile Edit Selecte Profile c th thit lp cc cu hnh
cn qut.

Hnh 23. Thit lp cu hnh cn qut


Sau khi cu hnh xong nhn Scan tin hnh qut
Sau khi qut xong ta c th vo cc mc nh ports/host, Topology, Host
Details, Scan xem kt qu.

Thc hin: Nhm 18

Trang 31

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

Hnh 24. Xem kt qu qu trnh qut.


3.3. Qut l hng.
S dng phn mm GFI LANguard kim tra cc l hng ca h thng.
u tin ta la chn 1 trong cc phng thc qut nh : full scan, Quick scan,
Lauch a Custom scan. Sau tin hnh chn my ch cn qut.

Hnh 25. La chn phng thc qut


Trong qu trnh qut my s thng bo cc kt qu sau:
- Cu trc lin kt mng v cc l hng h iu hnh
- Cc cng m v cc dch v ang chy
- ng dng v cc li cu hnh cc dch v
Thc hin: Nhm 18

Trang 32

ti: Tm hiu v An ninh mng v k thut ScanningNetwork


- ng dng v cc l hng dch v

Hnh 26. Kt qu qu trnh qut l hng


Sau khi qut xong, ta c th vo phn Analyze Results Fiterring xem kt
qu chi tit khc nh : cc thng tin ca my , tn user, tn h iu hnh.

3.4. Mt s loi khc.


Ngoi 3 cch qut c trng ca scanning cn c 1 s cng c h tr cho hacker
nh :

3.4.1. Gi mo IP
S dng phn mm Hide My IP

Hnh 27. phn mm Hide My IP

Thc hin: Nhm 18

Trang 33

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

3.4.2. Proxy server


S dng phm mm SocksChain

Hnh 28. Phm mm thay i Proxy

Thc hin: Nhm 18

Trang 34

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

KT LUN
Kt qu t c
Nm c tnh hnh an ninh mng, cc khi nim v mt s kin thc c bn v
an ninh mng
Tm hiu c khi nim, phn loi, mc ch, pht hin v cch phng chng
Scanning.
Hn ch
Do iu kin thc hnh nn vn cn mt s k thut Scanning Network cha
demo thc t c.
Hng pht trin.
Tip tc tm hiu k thut Scanning Network v tt c cc k thut cn li trong
b CEH ny c th nm r h thng mng ca mnh hn t a ra cc bin php
phng chng hacker mt cch hiu qu cho h thng.

Thc hin: Nhm 18

Trang 35

ti: Tm hiu v An ninh mng v k thut ScanningNetwork

TI LIU THAM KHO


A. Ti liu:
[1] Bi ging An Ninh Mng. Trng C CNTT Hu Ngh Vit Hn
[2] CEH - Certified Ethical Hacker version 7
B. Ti liu internet:
[3] http://www.hvaonline.net/

Thc hin: Nhm 18

Trang 36